diff --git a/api-gateway/src/main/java/com/jmsoftware/maf/apigateway/security/impl/RbacReactiveAuthorizationManagerImpl.java b/api-gateway/src/main/java/com/jmsoftware/maf/apigateway/security/impl/RbacReactiveAuthorizationManagerImpl.java index b2ac93b7..18204a52 100644 --- a/api-gateway/src/main/java/com/jmsoftware/maf/apigateway/security/impl/RbacReactiveAuthorizationManagerImpl.java +++ b/api-gateway/src/main/java/com/jmsoftware/maf/apigateway/security/impl/RbacReactiveAuthorizationManagerImpl.java @@ -1,10 +1,8 @@ package com.jmsoftware.maf.apigateway.security.impl; import cn.hutool.core.util.StrUtil; -import cn.hutool.json.JSONUtil; import com.google.common.collect.Lists; import com.jmsoftware.maf.apigateway.remoteapi.AuthCenterRemoteApi; -import com.jmsoftware.maf.common.bean.ResponseBodyBean; import com.jmsoftware.maf.common.domain.authcenter.permission.GetPermissionListByRoleIdListPayload; import com.jmsoftware.maf.common.domain.authcenter.permission.GetPermissionListByRoleIdListResponse; import com.jmsoftware.maf.common.domain.authcenter.permission.PermissionType; @@ -22,11 +20,9 @@ import org.springframework.security.web.server.authorization.AuthorizationContext; import org.springframework.stereotype.Component; import org.springframework.util.AntPathMatcher; -import org.springframework.web.reactive.function.client.WebClient; import reactor.core.publisher.Flux; import reactor.core.publisher.Mono; -import javax.annotation.Resource; import java.util.List; import java.util.Objects; import java.util.stream.Collectors; @@ -112,6 +108,10 @@ public Mono check(Mono authentication, Au if (checkRestfulAccess(buttonPermission, request)) { log.info("Authorization success! Resource [{}] {} is accessible for user(username: {})", request.getMethod(), request.getURI(), userPrincipal.getUsername()); + request + .mutate() + .headers(httpHeaders -> httpHeaders.set("X-Username", userPrincipal.getUsername())) + .build(); return new AuthorizationDecision(true); } } diff --git a/auth-center/src/main/java/com/jmsoftware/maf/authcenter/user/service/impl/UserServiceImpl.java b/auth-center/src/main/java/com/jmsoftware/maf/authcenter/user/service/impl/UserServiceImpl.java index 30d5f021..35f2215d 100644 --- a/auth-center/src/main/java/com/jmsoftware/maf/authcenter/user/service/impl/UserServiceImpl.java +++ b/auth-center/src/main/java/com/jmsoftware/maf/authcenter/user/service/impl/UserServiceImpl.java @@ -21,6 +21,8 @@ import org.springframework.http.HttpStatus; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.stereotype.Service; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; import javax.servlet.http.HttpServletRequest; import javax.validation.Valid; @@ -101,6 +103,9 @@ public boolean logout(HttpServletRequest request) throws SecurityException { @Override public String getUserStatus(@Valid @NotNull GetUserStatusPayload payload) { + final ServletRequestAttributes servletRequestAttributes = + (ServletRequestAttributes) RequestContextHolder.currentRequestAttributes(); + log.info("getHeader: {}", servletRequestAttributes.getRequest().getHeader("X-Username")); return UserStatus.ofValue(payload.getStatus()).getDescription(); } }