optimize: authorization (#619)

* optimize: authorization

* optimize: login fail response.

api/src/main/java/run/ikaros/api/constant/SecurityConst.java

@@ -62,6 +62,8 @@ interface Target {
             String API_CORE_EPISODES = "/api/" + CORE_VERSION + "/episodes/**";
             String API_CORE_AUTHORITY = "/api/" + CORE_VERSION + "/authority/**";
             String API_CORE_AUTHORITIES = "/api/" + CORE_VERSION + "/authorities/**";
+            String API_CORE_COLLECTION = "/api/" + CORE_VERSION + "/collection/**";
+            String API_CORE_COLLECTIONS = "/api/" + CORE_VERSION + "/collections/**";
             String APIS_CUSTOM = "/apis/**";
             String MENU_DASHBOARD = "/dashboard/**";
             String MENU_ATTACHMENTS = "/attachments/**";

api/src/main/java/run/ikaros/api/infra/exception/security/UserAuthenticationException.java

@@ -0,0 +1,13 @@
+package run.ikaros.api.infra.exception.security;
+
+import org.springframework.security.core.AuthenticationException;
+
+public class UserAuthenticationException extends AuthenticationException {
+    public UserAuthenticationException(String msg) {
+        super(msg);
+    }
+
+    public UserAuthenticationException(String msg, Throwable cause) {
+        super(msg, cause);
+    }
+}

server/src/main/java/run/ikaros/server/config/GlobalExceptionHandlerConfig.java

@@ -33,8 +33,6 @@ public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
             //     "Data not found for Url: " + exchange.getRequest().getURI())))
             .onErrorResume(NotFoundException.class,
                 e1 -> writeResponse(exchange.getResponse(), e1, HttpStatus.NOT_FOUND))
-            .onErrorResume(RuntimeException.class,
-                e2 -> writeResponse(exchange.getResponse(), e2, HttpStatus.BAD_REQUEST))
             .onErrorResume(AuthenticationException.class,
                 e3 -> writeResponse(exchange.getResponse(), e3, HttpStatus.FORBIDDEN))
             .onErrorResume(PluginRuntimeException.class,
@@ -46,7 +44,9 @@ public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
                     .onErrorResume(Exception.class,
                         e -> writeResponse(exchange.getResponse(), e,
                             HttpStatus.INTERNAL_SERVER_ERROR)
-                    ));
+                    ))
+            .onErrorResume(RuntimeException.class,
+                e2 -> writeResponse(exchange.getResponse(), e2, HttpStatus.BAD_REQUEST));
     }
 
     private static Mono<Void> writeResponse(ServerHttpResponse response,

server/src/main/java/run/ikaros/server/security/authentication/jwt/JwtReactiveAuthenticationManager.java

@@ -1,14 +1,14 @@
 package run.ikaros.server.security.authentication.jwt;
 
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.ReactiveAuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.stereotype.Component;
 import reactor.core.publisher.Mono;
+import run.ikaros.api.infra.exception.security.UserAuthenticationException;
 import run.ikaros.api.infra.exception.user.UserNotFoundException;
 
 @Slf4j
@@ -32,7 +32,8 @@ public Mono<Authentication> authenticate(Authentication authentication) {
                 new UserNotFoundException("User for username[" + username + "] not found, "
                     + "may be disabled or not exists。")))
             .filter(userDetails -> passwordEncoder.matches(password, userDetails.getPassword()))
-            .switchIfEmpty(Mono.error(new BadCredentialsException("Invalid Credentials")))
+            .switchIfEmpty(Mono.error(new UserAuthenticationException("Authorization fail, "
+                + "invalid username or password.")))
             .map(userDetails -> new UsernamePasswordAuthenticationToken(userDetails, password,
                 userDetails.getAuthorities()));
     }

server/src/main/java/run/ikaros/server/security/authorization/RequestAuthorizationManager.java

@@ -87,13 +87,15 @@ public Mono<AuthorizationDecision> check(Mono<Authentication> authentication,
 
                     if (target.contains("/**")) {
                         String apiPrefix = target.substring(0, target.lastIndexOf("/**"));
-                        if (!granted && !path.contains(apiPrefix)) {
+                        if (!granted && path.contains(apiPrefix)) {
+                            granted = true;
                             continue;
                         }
 
 
                     } else {
-                        if (!granted && !path.contains(target)) {
+                        if (!granted && path.equalsIgnoreCase(target)) {
+                            granted = true;
                             continue;
                         }
                     }