#359 #357 add @RequiresPermissions to Controllers

Author: he7g

pom.xml

@@ -54,6 +54,8 @@
 		<spring.data.commons.version>1.12.1.RELEASE</spring.data.commons.version>
 		<druid.version>0.2.9</druid.version>
 
+        <shiro.version>1.3.2</shiro.version>
+
 		<lombok.version>1.16.6</lombok.version>
 		<gson.version>2.5</gson.version>
 		<fastjson.version>1.2.29</fastjson.version>
@@ -378,6 +380,29 @@
 			</dependency>
 			<!-- DB end -->
 
+            <!-- Shiro begin -->
+            <dependency>
+                <groupId>org.apache.shiro</groupId>
+                <artifactId>shiro-core</artifactId>
+                <version>${shiro.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.shiro</groupId>
+                <artifactId>shiro-spring</artifactId>
+                <version>${shiro.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.shiro</groupId>
+                <artifactId>shiro-web</artifactId>
+                <version>${shiro.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.apache.shiro</groupId>
+                <artifactId>shiro-cas</artifactId>
+                <version>${shiro.version}</version>
+            </dependency>
+            <!-- Shiro end -->
+
 			<!-- Swagger begin -->
 			<dependency>
 				<groupId>io.springfox</groupId>

saturn-console-api/pom.xml

@@ -172,6 +172,25 @@
 		</dependency>
 		<!-- DB end -->
 
+        <!-- Shiro begin -->
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-spring</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.shiro</groupId>
+            <artifactId>shiro-cas</artifactId>
+        </dependency>
+        <!-- Shiro end -->
+
 		<!-- utils begin -->
 		<dependency>
 			<groupId>com.google.guava</groupId>

saturn-console-api/src/main/java/com/vip/saturn/job/console/controller/gui/DashboardController.java

@@ -19,17 +19,16 @@
 import com.vip.saturn.job.console.exception.SaturnJobConsoleGUIException;
 import com.vip.saturn.job.console.mybatis.entity.SaturnStatistics;
 import com.vip.saturn.job.console.service.DashboardService;
+import com.vip.saturn.job.console.utils.Permissions;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
-import java.util.Collection;
-import java.util.Map;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.Collection;
+import java.util.Map;
 
 @RequestMapping("/console/dashboard")
 public class DashboardController extends AbstractGUIController {
@@ -137,8 +136,8 @@ public SuccessResponseEntity top10LoadJob(@RequestParam(required = false) String
 
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@GetMapping(value = "/top10FailDomain")
-	public SuccessResponseEntity top10FailDomain(
-			@RequestParam(required = false) String zkClusterKey) throws SaturnJobConsoleException {
+	public SuccessResponseEntity top10FailDomain(@RequestParam(required = false) String zkClusterKey)
+			throws SaturnJobConsoleException {
 		if (StringUtils.isNotBlank(zkClusterKey)) {
 			ZkCluster zkCluster = checkAndGetZkCluster(zkClusterKey);
 			SaturnStatistics ss = dashboardService.top10FailureDomain(zkCluster.getZkAddr());
@@ -149,8 +148,8 @@ public SuccessResponseEntity top10FailDomain(
 
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@GetMapping(value = "/top10UnstableDomain")
-	public SuccessResponseEntity top10UnstableDomain(
-			@RequestParam(required = false) String zkClusterKey) throws SaturnJobConsoleException {
+	public SuccessResponseEntity top10UnstableDomain(@RequestParam(required = false) String zkClusterKey)
+			throws SaturnJobConsoleException {
 		if (StringUtils.isNotBlank(zkClusterKey)) {
 			ZkCluster zkCluster = checkAndGetZkCluster(zkClusterKey);
 			SaturnStatistics ss = dashboardService.top10UnstableDomain(zkCluster.getZkAddr());
@@ -161,8 +160,8 @@ public SuccessResponseEntity top10UnstableDomain(
 
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@GetMapping(value = "/top10LoadExecutor")
-	public SuccessResponseEntity top10LoadExecutor(
-			@RequestParam(required = false) String zkClusterKey) throws SaturnJobConsoleException {
+	public SuccessResponseEntity top10LoadExecutor(@RequestParam(required = false) String zkClusterKey)
+			throws SaturnJobConsoleException {
 		if (StringUtils.isNotBlank(zkClusterKey)) {
 			ZkCluster zkCluster = checkAndGetZkCluster(zkClusterKey);
 			SaturnStatistics ss = dashboardService.top10LoadExecutor(zkCluster.getZkAddr());
@@ -195,8 +194,8 @@ public SuccessResponseEntity loadDomainRank(@RequestParam(required = false) Stri
 
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@GetMapping(value = "/jobRank")
-	public SuccessResponseEntity loadJobRank(
-			@RequestParam(required = false) String zkClusterKey) throws SaturnJobConsoleException {
+	public SuccessResponseEntity loadJobRank(@RequestParam(required = false) String zkClusterKey)
+			throws SaturnJobConsoleException {
 		if (StringUtils.isNotBlank(zkClusterKey)) {
 			ZkCluster zkCluster = checkAndGetZkCluster(zkClusterKey);
 			return new SuccessResponseEntity(dashboardService.loadJobRankDistribution(zkCluster.getZkAddr()));
@@ -217,8 +216,8 @@ public SuccessResponseEntity versionDomainNumber(@RequestParam(required = false)
 
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@GetMapping(value = "/executorVersionNumber")
-	public SuccessResponseEntity versionExecutorNumber(
-			@RequestParam(required = false) String zkClusterKey) throws SaturnJobConsoleException {
+	public SuccessResponseEntity versionExecutorNumber(@RequestParam(required = false) String zkClusterKey)
+			throws SaturnJobConsoleException {
 		if (StringUtils.isNotBlank(zkClusterKey)) {
 			ZkCluster zkCluster = checkAndGetZkCluster(zkClusterKey);
 			return new SuccessResponseEntity(dashboardService.versionExecutorNumber(zkCluster.getZkAddr()));
@@ -228,6 +227,7 @@ public SuccessResponseEntity versionExecutorNumber(
 
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@Audit
+	@RequiresPermissions(Permissions.dashboardCleanShardingCount)
 	@PostMapping(value = "/namespaces/{namespace:.+}/shardingCount/clean")
 	public SuccessResponseEntity cleanShardingCount(@PathVariable String namespace) throws SaturnJobConsoleException {
 		dashboardService.cleanShardingCount(namespace);
@@ -236,16 +236,17 @@ public SuccessResponseEntity cleanShardingCount(@PathVariable String namespace)
 
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@Audit
+	@RequiresPermissions(Permissions.dashboardCleanOneJobAnalyse)
 	@PostMapping(value = "/namespaces/{namespace:.+}/jobs/{jobName}/jobAnalyse/clean")
 	public SuccessResponseEntity cleanJobAnalyse(@AuditParam("namespace") @PathVariable String namespace,
-			@AuditParam("jobName") @PathVariable String jobName)
-			throws SaturnJobConsoleException {
+			@AuditParam("jobName") @PathVariable String jobName) throws SaturnJobConsoleException {
 		dashboardService.cleanOneJobAnalyse(namespace, jobName);
 		return new SuccessResponseEntity();
 	}
 
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@Audit
+	@RequiresPermissions(Permissions.dashboardCleanAllJobAnalyse)
 	@PostMapping(value = "/namespaces/{namespace:.+}/jobAnalyse/clean")
 	public SuccessResponseEntity cleanJobsAnalyse(@AuditParam("namespace") @PathVariable String namespace)
 			throws SaturnJobConsoleException {
@@ -255,10 +256,10 @@ public SuccessResponseEntity cleanJobsAnalyse(@AuditParam("namespace") @PathVari
 
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@Audit
+	@RequiresPermissions(Permissions.dashboardCleanOneJobExecutorCount)
 	@PostMapping(value = "/namespaces/{namespace:.+}/jobs/{jobName}/jobExecutorCount/clean")
 	public SuccessResponseEntity cleanJobExecutorCount(@AuditParam("namespace") @PathVariable String namespace,
-			@AuditParam("jobName") @PathVariable String jobName)
-			throws SaturnJobConsoleException {
+			@AuditParam("jobName") @PathVariable String jobName) throws SaturnJobConsoleException {
 		dashboardService.cleanOneJobExecutorCount(namespace, jobName);
 		return new SuccessResponseEntity();
 	}

saturn-console-api/src/main/java/com/vip/saturn/job/console/controller/gui/ExecutorOverviewController.java

@@ -10,19 +10,17 @@
 import com.vip.saturn.job.console.exception.SaturnJobConsoleException;
 import com.vip.saturn.job.console.exception.SaturnJobConsoleGUIException;
 import com.vip.saturn.job.console.service.ExecutorService;
+import com.vip.saturn.job.console.utils.Permissions;
 import io.swagger.annotations.ApiResponse;
 import io.swagger.annotations.ApiResponses;
-import java.util.List;
-import javax.annotation.Resource;
-import javax.servlet.http.HttpServletRequest;
+import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.web.bind.annotation.DeleteMapping;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PathVariable;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.*;
+
+import javax.annotation.Resource;
+import javax.servlet.http.HttpServletRequest;
+import java.util.List;
 
 /**
  * Executor overview related operations.
@@ -46,9 +44,8 @@ public class ExecutorOverviewController extends AbstractGUIController {
 	 */
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@GetMapping
-	public SuccessResponseEntity getExecutors(final HttpServletRequest request,
-			@PathVariable String namespace, @RequestParam(required = false) String status)
-			throws SaturnJobConsoleException {
+	public SuccessResponseEntity getExecutors(final HttpServletRequest request, @PathVariable String namespace,
+			@RequestParam(required = false) String status) throws SaturnJobConsoleException {
 		if ("online".equalsIgnoreCase(status)) {
 			return new SuccessResponseEntity(executorService.getExecutors(namespace, ServerStatus.ONLINE));
 		}
@@ -61,8 +58,8 @@ public SuccessResponseEntity getExecutors(final HttpServletRequest request,
 	 */
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@GetMapping(value = "/{executorName}/allocation")
-	public SuccessResponseEntity getExecutorAllocation(final HttpServletRequest request,
-			@PathVariable String namespace, @PathVariable String executorName) throws SaturnJobConsoleException {
+	public SuccessResponseEntity getExecutorAllocation(final HttpServletRequest request, @PathVariable String namespace,
+			@PathVariable String executorName) throws SaturnJobConsoleException {
 		return new SuccessResponseEntity(executorService.getExecutorAllocation(namespace, executorName));
 	}
 
@@ -71,10 +68,10 @@ public SuccessResponseEntity getExecutorAllocation(final HttpServletRequest requ
 	 */
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@Audit
+	@RequiresPermissions(Permissions.executorShardAllAtOnce)
 	@PostMapping(value = "/shardAll")
 	public SuccessResponseEntity shardAll(final HttpServletRequest request,
-			@AuditParam("namespace") @PathVariable String namespace)
-			throws SaturnJobConsoleException {
+			@AuditParam("namespace") @PathVariable String namespace) throws SaturnJobConsoleException {
 		executorService.shardAll(namespace);
 		return new SuccessResponseEntity();
 	}
@@ -84,12 +81,12 @@ public SuccessResponseEntity shardAll(final HttpServletRequest request,
 	 */
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@Audit
+	@RequiresPermissions(Permissions.executorExtractOrRecoverTraffic)
 	@PostMapping(value = "/{executorName}/traffic")
 	public SuccessResponseEntity extractOrRecoverTraffic(final HttpServletRequest request,
 			@AuditParam("namespace") @PathVariable String namespace,
 			@AuditParam("executorName") @PathVariable String executorName,
-			@AuditParam("operation") @RequestParam String operation)
-			throws SaturnJobConsoleException {
+			@AuditParam("operation") @RequestParam String operation) throws SaturnJobConsoleException {
 		extractOrRecoverTraffic(namespace, executorName, operation);
 		return new SuccessResponseEntity();
 	}
@@ -99,12 +96,12 @@ public SuccessResponseEntity extractOrRecoverTraffic(final HttpServletRequest re
 	 */
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@Audit
+	@RequiresPermissions(Permissions.executorBatchExtractOrRecoverTraffic)
 	@PostMapping(value = "/traffic")
 	public SuccessResponseEntity batchExtractOrRecoverTraffic(final HttpServletRequest request,
 			@AuditParam("namespace") @PathVariable String namespace,
 			@AuditParam("executorNames") @RequestParam List<String> executorNames,
-			@AuditParam("operation") @RequestParam String operation)
-			throws SaturnJobConsoleException {
+			@AuditParam("operation") @RequestParam String operation) throws SaturnJobConsoleException {
 		List<String> success2ExtractOrRecoverTrafficExecutors = Lists.newArrayList();
 		List<String> fail2ExtractOrRecoverTrafficExecutors = Lists.newArrayList();
 		for (String executorName : executorNames) {
@@ -120,8 +117,7 @@ public SuccessResponseEntity batchExtractOrRecoverTraffic(final HttpServletReque
 		if (!fail2ExtractOrRecoverTrafficExecutors.isEmpty()) {
 			StringBuilder message = new StringBuilder();
 			message.append("操作成功的executor:" + success2ExtractOrRecoverTrafficExecutors.toString()).append("，")
-					.append("操作失败的executor:")
-					.append(fail2ExtractOrRecoverTrafficExecutors.toString());
+					.append("操作失败的executor:").append(fail2ExtractOrRecoverTrafficExecutors.toString());
 			throw new SaturnJobConsoleGUIException(message.toString());
 		}
 
@@ -144,11 +140,11 @@ private void extractOrRecoverTraffic(String namespace, String executorName, Stri
 	 */
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@Audit
+	@RequiresPermissions(Permissions.executorRemove)
 	@DeleteMapping(value = "/{executorName}")
 	public SuccessResponseEntity removeExecutor(final HttpServletRequest request,
 			@AuditParam("namespace") @PathVariable String namespace,
-			@AuditParam("executorName") @PathVariable String executorName)
-			throws SaturnJobConsoleException {
+			@AuditParam("executorName") @PathVariable String executorName) throws SaturnJobConsoleException {
 		// check executor is existed and online.
 		checkExecutorStatus(namespace, executorName, ServerStatus.OFFLINE, "Executor在线，不能移除");
 		executorService.removeExecutor(namespace, executorName);
@@ -160,11 +156,11 @@ public SuccessResponseEntity removeExecutor(final HttpServletRequest request,
 	 */
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@Audit
+	@RequiresPermissions(Permissions.executorBatchRemove)
 	@DeleteMapping
 	public SuccessResponseEntity batchRemoveExecutors(final HttpServletRequest request,
 			@AuditParam("namespace") @PathVariable String namespace,
-			@AuditParam("executorNames") @RequestParam List<String> executorNames)
-			throws SaturnJobConsoleException {
+			@AuditParam("executorNames") @RequestParam List<String> executorNames) throws SaturnJobConsoleException {
 		// check executor is existed and online.
 		List<String> success2RemoveExecutors = Lists.newArrayList();
 		List<String> fail2RemoveExecutors = Lists.newArrayList();
@@ -204,11 +200,11 @@ private void checkExecutorStatus(String namespace, String executorName, ServerSt
 	 */
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@Audit
+	@RequiresPermissions(Permissions.executorDump)
 	@PostMapping(value = "/{executorName}/dump")
 	public SuccessResponseEntity dump(final HttpServletRequest request,
 			@AuditParam("namespace") @PathVariable String namespace,
-			@AuditParam("executorName") @PathVariable String executorName)
-			throws SaturnJobConsoleException {
+			@AuditParam("executorName") @PathVariable String executorName) throws SaturnJobConsoleException {
 		// check executor is existed and online.
 		checkExecutorStatus(namespace, executorName, ServerStatus.ONLINE, "Executor必须在线才可以dump");
 		executorService.dump(namespace, executorName);
@@ -220,11 +216,11 @@ public SuccessResponseEntity dump(final HttpServletRequest request,
 	 */
 	@ApiResponses(value = {@ApiResponse(code = 200, message = "Success/Fail", response = RequestResult.class)})
 	@Audit
+	@RequiresPermissions(Permissions.executorRestart)
 	@PostMapping(value = "/{executorName}/restart")
 	public SuccessResponseEntity restart(final HttpServletRequest request,
-									  @AuditParam("namespace") @PathVariable String namespace,
-									  @AuditParam("executorName") @PathVariable String executorName)
-			throws SaturnJobConsoleException {
+			@AuditParam("namespace") @PathVariable String namespace,
+			@AuditParam("executorName") @PathVariable String executorName) throws SaturnJobConsoleException {
 		// check executor is existed and online.
 		checkExecutorStatus(namespace, executorName, ServerStatus.ONLINE, "Executor必须在线才可以重启");
 		executorService.restart(namespace, executorName);