matevip · matevip · Oct 19, 2020 · Oct 19, 2020 · Oct 19, 2020 · Oct 19, 2020
diff --git a/doc/sql/matex_schema.sql b/doc/sql/matex_schema.sql
diff --git a/...ecurity/src/main/java/vip/mate/core/security/handle/MateAuthenticationSuccessHandler.java b/...ecurity/src/main/java/vip/mate/core/security/handle/MateAuthenticationSuccessHandler.java
@@ -1,7 +1,6 @@
 package vip.mate.core.security.handle;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import lombok.AllArgsConstructor;
 import lombok.NonNull;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -14,7 +13,6 @@
 import org.springframework.security.oauth2.provider.*;
 import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
-import org.springframework.stereotype.Component;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

diff --git a/mate-platform/mate-system/src/main/java/vip/mate/system/aspect/PreviewAspect.java b/mate-platform/mate-system/src/main/java/vip/mate/system/aspect/PreviewAspect.java
@@ -8,6 +8,7 @@
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.HttpMethod;
 import org.springframework.stereotype.Component;
+import org.springframework.util.AntPathMatcher;
 import vip.mate.core.common.exception.PreviewException;
 import vip.mate.core.common.util.RequestHolder;
 import vip.mate.core.common.util.TraceUtil;
@@ -24,7 +25,9 @@
 public class PreviewAspect {
 
     @Value("${mate.preview.enable}")
-    private boolean isPreview = false;
+    private final boolean isPreview = false;
+
+    private final AntPathMatcher antPathMatcher = new AntPathMatcher();
 
     @Around(
             "execution(static vip.mate.core.common.api.Result *(..)) || " +
@@ -35,7 +38,7 @@ public Object aroundApi(ProceedingJoinPoint point) throws Throwable {
         //　获取request
         HttpServletRequest request = RequestHolder.getHttpServletRequest();
         if (StringUtils.equalsIgnoreCase(request.getMethod(), HttpMethod.POST.name()) && isPreview
-        && !(StringUtils.equalsIgnoreCase(request.getRequestURI(), "/provider/log/save"))) {
+        && !(antPathMatcher.match(request.getRequestURI(), "/provider/log/set"))) {
             log.error("演示环境不能操作！");
             throw new PreviewException("演示环境不能操作！");
         }

diff --git a/mate-uaa/src/main/java/vip/mate/uaa/config/SecurityConfig.java b/mate-uaa/src/main/java/vip/mate/uaa/config/SecurityConfig.java
@@ -37,6 +37,8 @@
 import vip.mate.uaa.sms.SmsCodeAuthenticationSecurityConfig;
 import vip.mate.uaa.social.SocialAuthenticationSecurityConfig;
 
+import javax.annotation.Resource;
+
 /**
  * 安全配置中心
  *
@@ -46,76 +48,77 @@
 @EnableWebSecurity
 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
-    @Autowired
-    private IgnoreUrlPropsConfig ignoreUrlPropsConfig;
+	@Autowired
+	private IgnoreUrlPropsConfig ignoreUrlPropsConfig;
 
-    @Bean
-    public PasswordEncoder passwordEncoder() {
-        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
-    }
+	@Bean
+	public PasswordEncoder passwordEncoder() {
+		return PasswordEncoderFactories.createDelegatingPasswordEncoder();
+	}
 
-    @Autowired
-    private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;
+	@Resource
+	private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;
 
-    @Autowired
-    private SocialAuthenticationSecurityConfig socialAuthenticationSecurityConfig;
+	@Resource
+	private SocialAuthenticationSecurityConfig socialAuthenticationSecurityConfig;
 
-    /**
-     * 必须要定义，否则不支持grant_type=password模式
-     * @return
-     */
-    @Bean
-    @Override
-    @SneakyThrows
-    public AuthenticationManager authenticationManagerBean() {
-        return super.authenticationManagerBean();
-    }
+	/**
+	 * 必须要定义，否则不支持grant_type=password模式
+	 *
+	 * @return AuthenticationManager
+	 */
+	@Bean
+	@Override
+	@SneakyThrows
+	public AuthenticationManager authenticationManagerBean() {
+		return super.authenticationManagerBean();
+	}
 
-    @Bean
-    public AuthenticationSuccessHandler mateAuthenticationSuccessHandler() {
-        return new MateAuthenticationSuccessHandler();
-    }
+	@Bean
+	public AuthenticationSuccessHandler mateAuthenticationSuccessHandler() {
+		return new MateAuthenticationSuccessHandler();
+	}
 
-    @Bean
-    public AuthenticationFailureHandler mateAuthenticationFailureHandler() {
-        return new MateAuthenticationFailureHandler();
-    }
+	@Bean
+	public AuthenticationFailureHandler mateAuthenticationFailureHandler() {
+		return new MateAuthenticationFailureHandler();
+	}
 
 
-    @Override
-    @Bean
-    public UserDetailsService userDetailsService() {
-        return new UserDetailsServiceImpl();
-    }
+	@Override
+	@Bean
+	public UserDetailsService userDetailsService() {
+		return new UserDetailsServiceImpl();
+	}
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config
-                = http.requestMatchers().anyRequest()
-                .and()
-                .apply(smsCodeAuthenticationSecurityConfig)
-                .and()
-                .apply(socialAuthenticationSecurityConfig)
-                .and()
-                .authorizeRequests();
-        ignoreUrlPropsConfig.getUrls().forEach(e -> {
-            config.antMatchers(e).permitAll();
-        });
-        config
-                .antMatchers("/auth/**").permitAll()
-                .antMatchers("/oauth/**").permitAll()
-                .antMatchers("/actuator/**").permitAll()
-                .antMatchers("/v2/api-docs").permitAll()
-                .antMatchers("/v2/api-docs-ext").permitAll()
-                .anyRequest().authenticated()
-                .and()
-                .csrf().disable();
-    }
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config
+				= http.requestMatchers().anyRequest()
+				.and()
+				.apply(smsCodeAuthenticationSecurityConfig)
+				.and()
+				.apply(socialAuthenticationSecurityConfig)
+				.and()
+				.authorizeRequests();
+		ignoreUrlPropsConfig.getUrls().forEach(e -> {
+			config.antMatchers(e).permitAll();
+		});
+		config
+				.antMatchers("/auth/**").permitAll()
+				.antMatchers("/oauth/**").permitAll()
+				.antMatchers("/actuator/**").permitAll()
+				.antMatchers("/v2/api-docs").permitAll()
+				.antMatchers("/v2/api-docs-ext").permitAll()
+				.anyRequest().authenticated()
+				.and()
+				.csrf().disable();
+	}
 
-    @Override
-    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.
-                userDetailsService(userDetailsService())
-                .passwordEncoder(passwordEncoder());
-    }
+	@Override
+	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+		auth.
+				userDetailsService(userDetailsService())
+				.passwordEncoder(passwordEncoder());
+	}
 }
diff --git a/mate-uaa/src/main/java/vip/mate/uaa/controller/AuthController.java b/mate-uaa/src/main/java/vip/mate/uaa/controller/AuthController.java
@@ -137,7 +137,7 @@ public Map<String, String> loginType() {
      *
      * @param oauthType 第三方登录类型
      * @param response  response
-     * @throws IOException
+     * @throws IOException IO异常
      */
     @Log(value = "第三方登录", exception = "第三方登录请求异常")
     @ApiOperation(value = "第三方登录", notes = "第三方登录")
@@ -152,7 +152,6 @@ public void login(@PathVariable String oauthType, HttpServletResponse response)
      *
      * @param oauthType 第三方登录类型
      * @param callback  携带返回的信息
-     * @return 登录成功后的信息
      */
     @Log(value = "第三方登录回调", exception = "第三方登录回调请求异常")
     @ApiOperation(value = "第三方登录回调", notes = "第三方登录回调")

diff --git a/mate-uaa/src/main/java/vip/mate/uaa/sms/SmsCodeAuthenticationFilter.java b/mate-uaa/src/main/java/vip/mate/uaa/sms/SmsCodeAuthenticationFilter.java
@@ -12,62 +12,68 @@
 import javax.servlet.http.HttpServletResponse;
 import java.util.Objects;
 
+/**
+ * 短信验证码验证过滤器
+ *
+ * @author pangu
+ */
 public class SmsCodeAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 
-    /**
-     * 请求中的参数
-     */
-    private String mobileParameter = Oauth2Constant.DEFAULT_PARAMETER_NAME_MOBILE;
+	/**
+	 * 请求中的参数
+	 */
+	private String mobileParameter = Oauth2Constant.DEFAULT_PARAMETER_NAME_MOBILE;
 
-    private boolean postOnly = true;
+	private boolean postOnly = true;
 
-    public SmsCodeAuthenticationFilter() {
-        super(new AntPathRequestMatcher(Oauth2Constant.OAUTH_MOBILE, "POST"));
-    }
+	public SmsCodeAuthenticationFilter() {
+		super(new AntPathRequestMatcher(Oauth2Constant.OAUTH_MOBILE, "POST"));
+	}
 
-    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
-        if (postOnly && !request.getMethod().equals("POST")) {
-            throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
-        }
+	@Override
+	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
+		if (postOnly && !request.getMethod().equals("POST")) {
+			throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
+		}
 
-        // 获取请求中的参数值
-        String mobile = obtainMobile(request);
+		// 获取请求中的参数值
+		String mobile = obtainMobile(request);
 
-        if (Objects.isNull(mobile)) {
-            mobile = "";
-        }
+		if (Objects.isNull(mobile)) {
+			mobile = "";
+		}
 
-        mobile = mobile.trim();
+		mobile = mobile.trim();
 
-        SmsCodeAuthenticationToken authRequest = new SmsCodeAuthenticationToken(mobile);
+		SmsCodeAuthenticationToken authRequest = new SmsCodeAuthenticationToken(mobile);
 
-        // Allow subclasses to set the "details" property
-        setDetails(request, authRequest);
+		// Allow subclasses to set the "details" property
+		setDetails(request, authRequest);
 
-        return this.getAuthenticationManager().authenticate(authRequest);
-    }
+		return this.getAuthenticationManager().authenticate(authRequest);
+	}
 
-    /**
-     * 获取手机号
-     */
-    protected String obtainMobile(HttpServletRequest request) {
-        return request.getParameter(mobileParameter);
-    }
+	/**
+	 * 获取手机号
+	 */
+	protected String obtainMobile(HttpServletRequest request) {
+		return request.getParameter(mobileParameter);
+	}
 
-    protected void setDetails(HttpServletRequest request, SmsCodeAuthenticationToken authRequest) {
-        authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
-    }
+	protected void setDetails(HttpServletRequest request, SmsCodeAuthenticationToken authRequest) {
+		authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
+	}
 
-    public void setMobileParameter(String mobileParameter) {
-        Assert.hasText(mobileParameter, "Mobile parameter must not be empty or null");
-        this.mobileParameter = mobileParameter;
-    }
+	public void setMobileParameter(String mobileParameter) {
+		Assert.hasText(mobileParameter, "Mobile parameter must not be empty or null");
+		this.mobileParameter = mobileParameter;
+	}
 
-    public void setPostOnly(boolean postOnly) {
-        this.postOnly = postOnly;
-    }
+	public void setPostOnly(boolean postOnly) {
+		this.postOnly = postOnly;
+	}
 
-    public final String getMobileParameter() {
-        return mobileParameter;
-    }
+	public final String getMobileParameter() {
+		return mobileParameter;
+	}
 }
diff --git a/mate-uaa/src/main/java/vip/mate/uaa/sms/SmsCodeAuthenticationProvider.java b/mate-uaa/src/main/java/vip/mate/uaa/sms/SmsCodeAuthenticationProvider.java
@@ -11,34 +11,39 @@
 
 import java.util.Objects;
 
+/**
+ * 短信验证码验证提供者
+ *
+ * @author pangu
+ */
 @AllArgsConstructor
 public class SmsCodeAuthenticationProvider implements AuthenticationProvider {
 
-    private final MateUserDetailsService userDetailsService;
+	private final MateUserDetailsService userDetailsService;
 
-    @Override
-    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
-        SmsCodeAuthenticationToken authenticationToken = (SmsCodeAuthenticationToken) authentication;
+	@Override
+	public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+		SmsCodeAuthenticationToken authenticationToken = (SmsCodeAuthenticationToken) authentication;
 
-        /**
-         * 调用 {@link UserDetailsService}
-         */
-        UserDetails user = userDetailsService.loadUserByMobile((String)authenticationToken.getPrincipal());
+		/**
+		 * 调用 {@link UserDetailsService}
+		 */
+		UserDetails user = userDetailsService.loadUserByMobile((String) authenticationToken.getPrincipal());
 
-        if (Objects.isNull(user)) {
-            throw new InternalAuthenticationServiceException("手机号或验证码错误");
-        }
+		if (Objects.isNull(user)) {
+			throw new InternalAuthenticationServiceException("手机号或验证码错误");
+		}
 
-        SmsCodeAuthenticationToken authenticationResult = new SmsCodeAuthenticationToken(user, user.getAuthorities());
+		SmsCodeAuthenticationToken authenticationResult = new SmsCodeAuthenticationToken(user, user.getAuthorities());
 
-        authenticationResult.setDetails(authenticationToken.getDetails());
+		authenticationResult.setDetails(authenticationToken.getDetails());
 
-        return authenticationResult;
+		return authenticationResult;
 
-    }
+	}
 
-    @Override
-    public boolean supports(Class<?> authentication) {
-        return SmsCodeAuthenticationToken.class.isAssignableFrom(authentication);
-    }
+	@Override
+	public boolean supports(Class<?> authentication) {
+		return SmsCodeAuthenticationToken.class.isAssignableFrom(authentication);
+	}
 }