From f41e29ab3a28678df873b7d7d0756374968d063e Mon Sep 17 00:00:00 2001 From: PengShuaixin Date: Wed, 14 Apr 2021 12:29:59 +0800 Subject: [PATCH 1/5] =?UTF-8?q?=E5=BA=94=E7=94=A8=E4=B8=8B=E7=BA=BF?= =?UTF-8?q?=E5=8A=9F=E8=83=BD=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../kafka/manager/bpm/order/impl/DeleteAppOrder.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/kafka-manager-extends/kafka-manager-bpm/src/main/java/com/xiaojukeji/kafka/manager/bpm/order/impl/DeleteAppOrder.java b/kafka-manager-extends/kafka-manager-bpm/src/main/java/com/xiaojukeji/kafka/manager/bpm/order/impl/DeleteAppOrder.java index 44aa9a0e..92173945 100644 --- a/kafka-manager-extends/kafka-manager-bpm/src/main/java/com/xiaojukeji/kafka/manager/bpm/order/impl/DeleteAppOrder.java +++ b/kafka-manager-extends/kafka-manager-bpm/src/main/java/com/xiaojukeji/kafka/manager/bpm/order/impl/DeleteAppOrder.java @@ -23,6 +23,7 @@ import org.springframework.stereotype.Component; import java.util.Date; import java.util.List; +import java.util.stream.Collectors; /** * @author zhongyuankai @@ -94,7 +95,11 @@ public class DeleteAppOrder extends AbstractAppOrder { } // 判断app是否对topic有权限 List authorityList = authorityService.getAuthority(orderAppExtension.getAppId()); - if (!ValidateUtils.isEmptyList(authorityList)) { + // 过滤权限列表中access=0的 + List newAuthorityList = authorityList.stream() + .filter(authorityDO -> authorityDO.getAccess() != 0) + .collect(Collectors.toList()); + if (!ValidateUtils.isEmptyList(newAuthorityList)) { return ResultStatus.OPERATION_FORBIDDEN; } if (appService.deleteApp(appDO, userName) > 0) { From e6dd1119be974470324138372eb37b59e19e41ff Mon Sep 17 00:00:00 2001 From: zengqiao Date: Wed, 14 Apr 2021 19:40:19 +0800 Subject: [PATCH 2/5] =?UTF-8?q?=E9=80=9A=E8=BF=87=E8=8E=B7=E5=8F=96?= =?UTF-8?q?=E7=B1=BB=E7=9A=84RequestMapping=E6=B3=A8=E8=A7=A3=E6=9D=A5?= =?UTF-8?q?=E5=88=A4=E6=96=AD=E5=BD=93=E5=89=8D=E8=AF=B7=E6=B1=82=E6=98=AF?= =?UTF-8?q?=E5=90=A6=E9=9C=80=E8=A6=81=E7=99=BB=E5=BD=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../manager/common/constant/ApiPrefix.java | 2 -- .../kafka/manager/account/LoginService.java | 2 +- .../account/impl/LoginServiceImpl.java | 15 ++++---- .../web/inteceptor/PermissionInterceptor.java | 34 ++++++++++++++++++- 4 files changed, 40 insertions(+), 13 deletions(-) diff --git a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/constant/ApiPrefix.java b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/constant/ApiPrefix.java index f193f39d..b90918eb 100644 --- a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/constant/ApiPrefix.java +++ b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/constant/ApiPrefix.java @@ -11,8 +11,6 @@ public class ApiPrefix { // login public static final String API_V1_SSO_PREFIX = API_V1_PREFIX + "sso/"; - public static final String API_V1_SSO_LOGIN = API_V1_SSO_PREFIX + "login"; - public static final String API_V1_SSO_LOGOUT = API_V1_SSO_PREFIX + "logout"; // console public static final String API_V1_NORMAL_PREFIX = API_V1_PREFIX + "normal/"; diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/LoginService.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/LoginService.java index 98e8bab1..707d4908 100644 --- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/LoginService.java +++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/LoginService.java @@ -16,5 +16,5 @@ public interface LoginService { void logout(HttpServletRequest request, HttpServletResponse response, Boolean needJump2LoginPage); - boolean checkLogin(HttpServletRequest request, HttpServletResponse response); + boolean checkLogin(HttpServletRequest request, HttpServletResponse response, String classRequestMappingValue); } \ No newline at end of file diff --git a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java index e0919f54..7c82053f 100644 --- a/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java +++ b/kafka-manager-extends/kafka-manager-account/src/main/java/com/xiaojukeji/kafka/manager/account/impl/LoginServiceImpl.java @@ -63,19 +63,16 @@ public class LoginServiceImpl implements LoginService { } @Override - public boolean checkLogin(HttpServletRequest request, HttpServletResponse response) { - String uri = request.getRequestURI(); - if (uri.contains("..") || uri.contains("./") || uri.contains("///")) { - LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal, contains .. or ./ or ///||uri={}", uri); + public boolean checkLogin(HttpServletRequest request, HttpServletResponse response, String classRequestMappingValue) { + if (ValidateUtils.isNull(classRequestMappingValue)) { + LOGGER.error("class=LoginServiceImpl||method=checkLogin||msg=uri illegal||uri={}", request.getRequestURI()); singleSignOn.setRedirectToLoginPage(response); return false; } - uri = uri.replaceAll("//", "/"); - if (uri.equals(ApiPrefix.API_V1_SSO_LOGIN) - || uri.equals(ApiPrefix.API_V1_SSO_LOGOUT) - || uri.startsWith(ApiPrefix.API_V1_THIRD_PART_PREFIX) - || uri.startsWith(ApiPrefix.GATEWAY_API_V1_PREFIX)) { + if (classRequestMappingValue.equals(ApiPrefix.API_V1_SSO_PREFIX) + || classRequestMappingValue.equals(ApiPrefix.API_V1_THIRD_PART_PREFIX) + || classRequestMappingValue.equals(ApiPrefix.GATEWAY_API_V1_PREFIX)) { // 白名单接口直接true return true; } diff --git a/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/inteceptor/PermissionInterceptor.java b/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/inteceptor/PermissionInterceptor.java index 6286cace..bf4b88d8 100644 --- a/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/inteceptor/PermissionInterceptor.java +++ b/kafka-manager-web/src/main/java/com/xiaojukeji/kafka/manager/web/inteceptor/PermissionInterceptor.java @@ -1,8 +1,13 @@ package com.xiaojukeji.kafka.manager.web.inteceptor; import com.xiaojukeji.kafka.manager.account.LoginService; +import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.HandlerInterceptor; import javax.servlet.http.HttpServletRequest; @@ -15,6 +20,8 @@ import javax.servlet.http.HttpServletResponse; */ @Component public class PermissionInterceptor implements HandlerInterceptor { + private static final Logger LOGGER = LoggerFactory.getLogger(PermissionInterceptor.class); + @Autowired private LoginService loginService; @@ -28,6 +35,31 @@ public class PermissionInterceptor implements HandlerInterceptor { public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - return loginService.checkLogin(request, response); + + String classRequestMappingValue = null; + try { + classRequestMappingValue = getClassRequestMappingValue(handler); + } catch (Exception e) { + LOGGER.error("class=PermissionInterceptor||method=preHandle||uri={}||msg=parse class request-mapping failed", request.getRequestURI(), e); + } + return loginService.checkLogin(request, response, classRequestMappingValue); + } + + private String getClassRequestMappingValue(Object handler) { + RequestMapping classRM = null; + if(handler instanceof HandlerMethod) { + HandlerMethod hm = (HandlerMethod)handler; + classRM = hm.getMethod().getDeclaringClass().getAnnotation(RequestMapping.class); + } else if(handler instanceof org.springframework.web.servlet.mvc.Controller) { + org.springframework.web.servlet.mvc.Controller hm = (org.springframework.web.servlet.mvc.Controller)handler; + Class hmClass = hm.getClass(); + classRM = hmClass.getAnnotation(RequestMapping.class); + } else { + classRM = handler.getClass().getAnnotation(RequestMapping.class); + } + if (ValidateUtils.isNull(classRM) || classRM.value().length < 0) { + return null; + } + return classRM.value()[0]; } } From 22a513ba220c5ca7e09af91ad2c85dfe07bc1579 Mon Sep 17 00:00:00 2001 From: shirenchuang Date: Tue, 6 Apr 2021 12:09:52 +0800 Subject: [PATCH 3/5] =?UTF-8?q?=E5=8D=87=E7=BA=A7mysql=E9=A9=B1=E5=8A=A8?= =?UTF-8?q?=EF=BC=9B=E6=94=AF=E6=8C=81Mysql=208.0+?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kafka-manager-web/src/main/resources/application.yml | 2 +- pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/kafka-manager-web/src/main/resources/application.yml b/kafka-manager-web/src/main/resources/application.yml index 1c6614e2..58ad509f 100644 --- a/kafka-manager-web/src/main/resources/application.yml +++ b/kafka-manager-web/src/main/resources/application.yml @@ -14,7 +14,7 @@ spring: jdbc-url: jdbc:mysql://127.0.0.1:3306/logi_kafka_manager?characterEncoding=UTF-8&useSSL=false&serverTimezone=GMT%2B8 username: admin password: admin - driver-class-name: com.mysql.jdbc.Driver + driver-class-name: com.mysql.cj.jdbc.Driver main: allow-bean-definition-overriding: true diff --git a/pom.xml b/pom.xml index d4165a85..6c9d117f 100644 --- a/pom.xml +++ b/pom.xml @@ -180,7 +180,7 @@ mysql mysql-connector-java - 5.1.41 + 8.0.11 From 357c496aadd1b6c620a91a4359fc85c63b5b2011 Mon Sep 17 00:00:00 2001 From: shirenchuang Date: Mon, 19 Apr 2021 10:17:29 +0800 Subject: [PATCH 4/5] =?UTF-8?q?=E4=B8=8B=E7=BA=BF=E5=BA=94=E7=94=A8?= =?UTF-8?q?=E7=9A=84=E6=97=B6=E5=80=99=20=E5=88=A4=E6=96=AD=E5=85=88?= =?UTF-8?q?=E4=B8=8B=E7=BA=BFtopic?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../xiaojukeji/kafka/manager/common/entity/ResultStatus.java | 3 +++ .../kafka/manager/bpm/order/impl/DeleteAppOrder.java | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/ResultStatus.java b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/ResultStatus.java index 454a687f..0f8aebd6 100644 --- a/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/ResultStatus.java +++ b/kafka-manager-common/src/main/java/com/xiaojukeji/kafka/manager/common/entity/ResultStatus.java @@ -25,6 +25,9 @@ public enum ResultStatus { CHANGE_ZOOKEEPER_FORBIDDEN(1405, "change zookeeper forbidden"), + APP_OFFLINE_FORBIDDEN(1406, "先下线topic,才能下线应用~"), + + TOPIC_OPERATION_PARAM_NULL_POINTER(1450, "参数错误"), TOPIC_OPERATION_PARTITION_NUM_ILLEGAL(1451, "分区数错误"), TOPIC_OPERATION_BROKER_NUM_NOT_ENOUGH(1452, "Broker数不足错误"), diff --git a/kafka-manager-extends/kafka-manager-bpm/src/main/java/com/xiaojukeji/kafka/manager/bpm/order/impl/DeleteAppOrder.java b/kafka-manager-extends/kafka-manager-bpm/src/main/java/com/xiaojukeji/kafka/manager/bpm/order/impl/DeleteAppOrder.java index 44aa9a0e..6127abc2 100644 --- a/kafka-manager-extends/kafka-manager-bpm/src/main/java/com/xiaojukeji/kafka/manager/bpm/order/impl/DeleteAppOrder.java +++ b/kafka-manager-extends/kafka-manager-bpm/src/main/java/com/xiaojukeji/kafka/manager/bpm/order/impl/DeleteAppOrder.java @@ -95,7 +95,7 @@ public class DeleteAppOrder extends AbstractAppOrder { // 判断app是否对topic有权限 List authorityList = authorityService.getAuthority(orderAppExtension.getAppId()); if (!ValidateUtils.isEmptyList(authorityList)) { - return ResultStatus.OPERATION_FORBIDDEN; + return ResultStatus.APP_OFFLINE_FORBIDDEN; } if (appService.deleteApp(appDO, userName) > 0) { return ResultStatus.SUCCESS; From ad4e39c0888ecced58035eadac7fb8b9d507ecfe Mon Sep 17 00:00:00 2001 From: PengShuaixin Date: Tue, 20 Apr 2021 11:22:11 +0800 Subject: [PATCH 5/5] =?UTF-8?q?=E5=BA=94=E7=94=A8=E4=B8=8B=E7=BA=BF?= =?UTF-8?q?=E5=8A=9F=E8=83=BD=E6=9D=83=E9=99=90=E5=88=97=E8=A1=A8=E8=8E=B7?= =?UTF-8?q?=E5=8F=96=E4=BC=98=E5=8C=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../gateway/impl/AuthorityServiceImpl.java | 21 ++++++++++++------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/gateway/impl/AuthorityServiceImpl.java b/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/gateway/impl/AuthorityServiceImpl.java index 4f804107..876966f7 100644 --- a/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/gateway/impl/AuthorityServiceImpl.java +++ b/kafka-manager-core/src/main/java/com/xiaojukeji/kafka/manager/service/service/gateway/impl/AuthorityServiceImpl.java @@ -4,13 +4,14 @@ import com.alibaba.fastjson.JSONObject; import com.xiaojukeji.kafka.manager.common.bizenum.ModuleEnum; import com.xiaojukeji.kafka.manager.common.bizenum.OperateEnum; import com.xiaojukeji.kafka.manager.common.bizenum.OperationStatusEnum; +import com.xiaojukeji.kafka.manager.common.bizenum.TopicAuthorityEnum; +import com.xiaojukeji.kafka.manager.common.entity.ResultStatus; +import com.xiaojukeji.kafka.manager.common.entity.ao.gateway.TopicQuota; import com.xiaojukeji.kafka.manager.common.entity.pojo.OperateRecordDO; import com.xiaojukeji.kafka.manager.common.entity.pojo.gateway.AuthorityDO; import com.xiaojukeji.kafka.manager.common.entity.pojo.gateway.KafkaAclDO; -import com.xiaojukeji.kafka.manager.dao.gateway.AuthorityDao; -import com.xiaojukeji.kafka.manager.common.entity.ao.gateway.TopicQuota; -import com.xiaojukeji.kafka.manager.common.entity.ResultStatus; import com.xiaojukeji.kafka.manager.common.utils.ValidateUtils; +import com.xiaojukeji.kafka.manager.dao.gateway.AuthorityDao; import com.xiaojukeji.kafka.manager.dao.gateway.KafkaAclDao; import com.xiaojukeji.kafka.manager.service.service.OperateRecordService; import com.xiaojukeji.kafka.manager.service.service.gateway.AuthorityService; @@ -20,10 +21,8 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.Map; +import java.util.*; +import java.util.stream.Collectors; /** * @author zhongyuankai @@ -163,8 +162,14 @@ public class AuthorityServiceImpl implements AuthorityService { } if (ValidateUtils.isEmptyList(doList)) { return new ArrayList<>(); + } else { + assert doList != null; + // 过滤权限列表中access=0的 + List newList = doList.stream() + .filter(authorityDO -> !TopicAuthorityEnum.DENY.getCode().equals(authorityDO.getAccess())) + .collect(Collectors.toList()); + return newList; } - return doList; } @Override