Server:支持 String 类型的 visitorId

Author: TommyLemon

APIJSON-Java-Server/APIJSONDemo/src/main/java/apijson/demo/server/DemoObjectParser.java

@@ -57,7 +57,7 @@ public DemoObjectParser setMethod(RequestMethod method) {
 	}
 
 	@Override
-	public DemoObjectParser setParser(Parser parser) {
+	public DemoObjectParser setParser(Parser<?> parser) {
 		super.setParser(parser);
 		return this;
 	}

APIJSON-Java-Server/APIJSONDemo/src/main/java/apijson/demo/server/DemoParser.java

@@ -22,14 +22,12 @@
 import zuo.biao.apijson.server.AbstractParser;
 import zuo.biao.apijson.server.JSONRequest;
 import zuo.biao.apijson.server.SQLConfig;
-import zuo.biao.apijson.server.SQLExecutor;
-import zuo.biao.apijson.server.Verifier;
 
 
 /**请求解析器
  * @author Lemon
  */
-public class DemoParser extends AbstractParser {
+public class DemoParser extends AbstractParser<Long> {
 
 
 	public DemoParser() {
@@ -46,23 +44,23 @@ public DemoParser(RequestMethod method, boolean noVerify) {
 	public HttpSession getSession() {
 		return session;
 	}
-	public AbstractParser setSession(HttpSession session) {
+	public DemoParser setSession(HttpSession session) {
 		this.session = session;
 		setVisitor(DemoVerifier.getVisitor(session));
 		return this;
 	}
 
 
 	@Override
-	public Verifier createVerifier() {
+	public DemoVerifier createVerifier() {
 		return new DemoVerifier();
 	}
 	@Override
-	public SQLConfig createSQLConfig() {
+	public DemoSQLConfig createSQLConfig() {
 		return new DemoSQLConfig();
 	}
 	@Override
-	public SQLExecutor createSQLExecutor() {
+	public DemoSQLExecutor createSQLExecutor() {
 		return new DemoSQLExecutor();
 	}
 

APIJSON-Java-Server/APIJSONDemo/src/main/java/apijson/demo/server/model/User.java

@@ -29,7 +29,7 @@
 		POST = {UNKNOWN, ADMIN},
 		DELETE = {ADMIN}
 		)
-public class User extends BaseModel implements Visitor {
+public class User extends BaseModel implements Visitor<Long> {
 	private static final long serialVersionUID = 1L;
 
 	public static final int SEX_MAIL = 0;

APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractObjectParser.java

@@ -52,8 +52,8 @@ public abstract class AbstractObjectParser implements ObjectParser {
 	private static final String TAG = "ObjectParser";
 
 	@NotNull
-	protected Parser parser;
-	public AbstractObjectParser setParser(Parser parser) {
+	protected Parser<?> parser;
+	public AbstractObjectParser setParser(Parser<?> parser) {
 		this.parser = parser;
 		return this;
 	}

APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractParser.java

@@ -47,7 +47,7 @@
 /**parser for parsing request to JSONObject
  * @author Lemon
  */
-public abstract class AbstractParser implements Parser, SQLCreator {
+public abstract class AbstractParser<T> implements Parser<T>, SQLCreator {
 	protected static final String TAG = "AbstractParser";
 
 
@@ -76,28 +76,28 @@ public AbstractParser(RequestMethod method, boolean noVerify) {
 	}
 
 	@NotNull
-	protected Visitor visitor;
+	protected Visitor<T> visitor;
 	@NotNull
 	@Override
-	public Visitor getVisitor() {
+	public Visitor<T> getVisitor() {
 		if (visitor == null) {
-			visitor = new Visitor() {
+			visitor = new Visitor<T>() {
 
 				@Override
-				public Long getId() {
-					return 0L;
+				public T getId() {
+					return null;
 				}
 
 				@Override
-				public List<Long> getContactIdList() {
+				public List<T> getContactIdList() {
 					return null;
 				}
 			};
 		}
 		return visitor;
 	}
 	@Override
-	public AbstractParser setVisitor(@NotNull Visitor visitor) {
+	public AbstractParser<T> setVisitor(@NotNull Visitor<T> visitor) {
 		this.visitor = visitor;
 		return this;
 	}
@@ -110,7 +110,7 @@ public RequestMethod getMethod() {
 	}
 	@NotNull
 	@Override
-	public AbstractParser setMethod(RequestMethod method) {
+	public AbstractParser<T> setMethod(RequestMethod method) {
 		this.requestMethod = method == null ? GET : method;
 		return this;
 	}
@@ -121,25 +121,25 @@ public JSONObject getRequest() {
 		return requestObject;
 	}
 	@Override
-	public AbstractParser setRequest(JSONObject request) {
+	public AbstractParser<T> setRequest(JSONObject request) {
 		this.requestObject = request;
 		return this;
 	}
 
 
-	protected Verifier verifier;
+	protected Verifier<T> verifier;
 	protected RequestRole globleRole;
-	public AbstractParser setGlobleRole(RequestRole globleRole) {
+	public AbstractParser<T> setGlobleRole(RequestRole globleRole) {
 		this.globleRole = globleRole;
 		return this;
 	}
 	protected String globleDatabase;
-	public AbstractParser setGlobleDatabase(String globleDatabase) {
+	public AbstractParser<T> setGlobleDatabase(String globleDatabase) {
 		this.globleDatabase = globleDatabase;
 		return this;
 	}
 	protected boolean globleFormat;
-	public AbstractParser setGlobleFormat(Boolean globleFormat) {
+	public AbstractParser<T> setGlobleFormat(Boolean globleFormat) {
 		this.globleFormat = globleFormat;
 		return this;
 	}
@@ -149,7 +149,7 @@ public boolean isNoVerify() {
 		return noVerifyLogin && noVerifyRole && noVerifyContent;
 	}
 	@Override
-	public AbstractParser setNoVerify(boolean noVerify) {
+	public AbstractParser<T> setNoVerify(boolean noVerify) {
 		setNoVerifyLogin(noVerify);
 		setNoVerifyRole(noVerify);
 		setNoVerifyContent(noVerify);
@@ -162,7 +162,7 @@ public boolean isNoVerifyLogin() {
 		return noVerifyLogin;
 	}
 	@Override
-	public AbstractParser setNoVerifyLogin(boolean noVerifyLogin) {
+	public AbstractParser<T> setNoVerifyLogin(boolean noVerifyLogin) {
 		this.noVerifyLogin = noVerifyLogin;
 		return this;
 	}
@@ -172,7 +172,7 @@ public boolean isNoVerifyRole() {
 		return noVerifyRole;
 	}
 	@Override
-	public AbstractParser setNoVerifyRole(boolean noVerifyRole) {
+	public AbstractParser<T> setNoVerifyRole(boolean noVerifyRole) {
 		this.noVerifyRole = noVerifyRole;
 		return this;
 	}
@@ -182,7 +182,7 @@ public boolean isNoVerifyContent() {
 		return noVerifyContent;
 	}
 	@Override
-	public AbstractParser setNoVerifyContent(boolean noVerifyContent) {
+	public AbstractParser<T> setNoVerifyContent(boolean noVerifyContent) {
 		this.noVerifyContent = noVerifyContent;
 		return this;
 	}
@@ -1123,7 +1123,7 @@ public synchronized JSONObject executeSQL(SQLConfig config) throws Exception {
 				if (globleRole != null) {
 					config.setRole(globleRole);
 				} else {
-					config.setRole(getVisitor().getId() <= 0 ? RequestRole.UNKNOWN : RequestRole.LOGIN);
+					config.setRole(getVisitor().getId() == null ? RequestRole.UNKNOWN : RequestRole.LOGIN);
 				}
 			}
 			verifier.verify(config);

APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractVerifier.java

@@ -55,8 +55,9 @@
 
 /**权限验证
  * @author Lemon
+ * @param <T> id 与 userId 的类型，一般为 Long
  */
-public abstract class AbstractVerifier implements Verifier {
+public abstract class AbstractVerifier<T> implements Verifier<T> {
 	private static final String TAG = "AbstractVerifier";
 
 
@@ -101,17 +102,23 @@ public static HashMap<RequestMethod, RequestRole[]> getAccessMap(MethodAccess ac
 
 
 	@NotNull
-	protected Visitor visitor;
-	protected long visitorId;
+	protected Visitor<T> visitor;
+	protected Object visitorId;
 	@NotNull
 	@Override
-	public Visitor getVisitor() {
+	public Visitor<T> getVisitor() {
 		return visitor;
 	}
 	@Override
-	public AbstractVerifier setVisitor(Visitor visitor) {
+	public AbstractVerifier<T> setVisitor(Visitor<T> visitor) {
 		this.visitor = visitor;
-		this.visitorId = visitor == null ? 0 : value(visitor.getId());
+		this.visitorId = visitor == null ? null : visitor.getId();
+
+		//导致内部调用且放行校验(noVerifyLogin, noVerifyRole)也抛异常
+		//		if (visitorId == null) {
+		//			throw new NullPointerException(TAG + ".setVisitor visitorId == null !!! 可能导致权限校验失效，引发安全问题！");
+		//		}
+
 		return this;
 	}
 
@@ -132,21 +139,20 @@ public boolean verify(SQLConfig config) throws Exception {
 			role = RequestRole.UNKNOWN;
 		}
 
-		//TODO 暂时去掉，方便测试
 		if (role != RequestRole.UNKNOWN) {//未登录的角色
 			verifyLogin();
 		}
 
 		RequestMethod method = config.getMethod();
-		//验证允许的角色
-		verifyRole(table, method, role);
+
+		verifyRole(table, method, role);//验证允许的角色
 
 
 		//验证角色，假定真实强制匹配<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
 
 		String visitorIdkey = getVisitorIdKey(config.getTable());
 
-		Number requestId;
+		Object requestId;
 		switch (role) {
 		case LOGIN://verifyRole通过就行
 			break;
@@ -224,16 +230,16 @@ public boolean verify(SQLConfig config) throws Exception {
 				}
 			}
 			else {
-				requestId = (Number) config.getWhere(visitorIdkey, true);//JSON里数值不能保证是Long，可能是Integer
-				if (requestId != null && requestId.longValue() != visitorId) {
+				requestId = config.getWhere(visitorIdkey, true);//JSON里数值不能保证是Long，可能是Integer
+				if (requestId != null && StringUtil.getString(requestId).equals(StringUtil.getString(visitorId)) == false) {
 					throw new IllegalAccessException(visitorIdkey + " = " + requestId + " 的 " + table
 							+ " 不允许 " + role.name() + " 用户的 " + method.name() + " 请求！");
 				}
 
 				config.putWhere(visitorIdkey, visitorId, true);
 			}
 			break;
-		case ADMIN://这里不好做，在特定接口内部判断？ TODO  /get/admin + 固定秘钥  Parser#noVerify，之后全局跳过验证
+		case ADMIN://这里不好做，在特定接口内部判。 可以是  /get/admin + 固定秘钥  Parser#noVerify，之后全局跳过验证
 			verifyAdmin();
 			break;
 		default://unknown，verifyRole通过就行
@@ -284,14 +290,29 @@ public void verifyRole(String table, RequestMethod method, RequestRole role) thr
 	@Override
 	public void verifyLogin() throws Exception {
 		//未登录没有权限操作
-		if (visitorId <= 0) {
+		if (visitorId == null) {
 			throw new NotLoggedInException("未登录，请登录后再操作！");
 		}
+		
+		if (visitorId instanceof Number) {
+			if (((Number) visitorId).longValue() <= 0) {
+				throw new NotLoggedInException("未登录，请登录后再操作！");
+			}
+		} 
+		else if (visitorId instanceof String) {
+			if (StringUtil.isEmpty(visitorId, true)) {
+				throw new NotLoggedInException("未登录，请登录后再操作！");
+			}
+		}
+		else {
+			throw new UnsupportedDataTypeException("visitorId 只能是 Long 或 String 类型！");
+		}
+
 	}
 
 	@Override
 	public void verifyAdmin() throws Exception {
-		throw new UnsupportedOperationException("不支持 ADMIN 角色！");
+		throw new UnsupportedOperationException("不支持 ADMIN 角色！如果要支持就在子类重写这个方法来校验 ADMIN 角色，不通过则 throw IllegalAccessException!");
 	}
 
 
@@ -348,8 +369,5 @@ public JSONObject removeAccessInfo(JSONObject requestObject) {
 		return requestObject;
 	}
 
-	public static long value(Long v) {
-		return v == null ? 0 : v;
-	}
 
 }

APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/Parser.java

@@ -23,38 +23,38 @@
 /**解析器
  * @author Lemon
  */
-public interface Parser {
+public interface Parser<T> {
 
 	int MAX_QUERY_COUNT = 100;
 	int MAX_UPDATE_COUNT = 10;
 
 
 	@NotNull
-	Visitor getVisitor();
-	Parser setVisitor(@NotNull Visitor visitor);
+	Visitor<T> getVisitor();
+	Parser<T> setVisitor(@NotNull Visitor<T> visitor);
 
 	@NotNull
 	RequestMethod getMethod();
-	Parser setMethod(@NotNull RequestMethod method);
+	Parser<T> setMethod(@NotNull RequestMethod method);
 
 	JSONObject getRequest();
-	Parser setRequest(JSONObject request);
+	Parser<T> setRequest(JSONObject request);
 
 	boolean isNoVerify();
-	Parser setNoVerify(boolean noVerify);
+	Parser<T> setNoVerify(boolean noVerify);
 
 	boolean isNoVerifyLogin();
-	Parser setNoVerifyLogin(boolean noVerifyLogin);
+	Parser<T> setNoVerifyLogin(boolean noVerifyLogin);
 
 	boolean isNoVerifyRole();
-	Parser setNoVerifyRole(boolean noVerifyRole);
+	Parser<T> setNoVerifyRole(boolean noVerifyRole);
 
 	boolean isNoVerifyContent();
-	Parser setNoVerifyContent(boolean noVerifyContent);
+	Parser<T> setNoVerifyContent(boolean noVerifyContent);
 
 
 	@NotNull
-	Verifier createVerifier();
+	Verifier<T> createVerifier();
 
 	@NotNull
 	SQLConfig createSQLConfig();