whfh/label_backend
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
999856e11004fc22c0899c2d26a886de363746d5
label_backend/docs/superpowers/plans/2026-04-14-auth-company-optimization.md
wh a30b648d30 去掉shiro框架
2026-04-14 16:33:34 +08:00

67 lines
3.6 KiB
Markdown
Raw Blame History

# Auth And Company Optimization Implementation Plan
> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
**Goal:** Replace the remaining Shiro authorization layer with project-owned Redis token authentication and add company CRUD APIs.
**Architecture:** Keep the existing UUID token, Redis session storage, and `CompanyContext` tenant injection. Add project-owned `@RequireAuth` and `@RequireRole` annotations plus a Spring MVC `AuthInterceptor`, then remove Shiro config/classes/dependencies. Add `CompanyService` and `CompanyController` for `sys_company` management.
**Tech Stack:** Java 21, Spring Boot 3.1.5, Spring MVC HandlerInterceptor, RedisTemplate, MyBatis-Plus, JUnit 5, Mockito, AssertJ.
---
### Task 1: Replace Shiro With Custom Auth Interceptor
**Files:**
- Create: `src/main/java/com/label/annotation/RequireAuth.java`
- Create: `src/main/java/com/label/annotation/RequireRole.java`
- Create: `src/main/java/com/label/interceptor/AuthInterceptor.java`
- Create: `src/main/java/com/label/common/auth/TokenPrincipal.java`
- Create: `src/main/java/com/label/common/context/UserContext.java`
- Modify: `src/main/java/com/label/config/ShiroConfig.java`
- Modify: `src/main/java/com/label/common/shiro/TokenFilter.java`
- Modify: `src/main/java/com/label/common/shiro/BearerToken.java`
- Modify: `src/main/java/com/label/common/shiro/UserRealm.java`
- Modify: `src/main/java/com/label/controller/*.java`
- Modify: `src/main/java/com/label/service/*.java`
- Modify: `pom.xml`
- Test: `src/test/java/com/label/unit/AuthInterceptorTest.java`
- [x] Write failing tests for token loading, TTL refresh, role hierarchy, and context cleanup.
- [x] Implement annotations, principal, context, and interceptor.
- [x] Register the interceptor via Spring MVC config.
- [x] Replace controller `@RequiresRoles` usage with `@RequireRole`.
- [x] Remove Shiro-only classes, tests, dependencies, and exception handling.
- [x] Run `mvn -q "-Dtest=AuthInterceptorTest,OpenApiAnnotationTest" test` and `mvn -q -DskipTests compile`.
### Task 2: Add Company Management
**Files:**
- Create: `src/main/java/com/label/service/CompanyService.java`
- Create: `src/main/java/com/label/controller/CompanyController.java`
- Modify: `src/main/java/com/label/mapper/SysUserMapper.java`
- Test: `src/test/java/com/label/unit/CompanyServiceTest.java`
- Test: `src/test/java/com/label/unit/OpenApiAnnotationTest.java`
- [x] Write failing tests for create/list/update/status/delete behavior.
- [x] Implement service validation and duplicate checks.
- [x] Implement admin-only controller endpoints under `/api/companies`.
- [x] Run `mvn -q "-Dtest=CompanyServiceTest,OpenApiAnnotationTest" test` and `mvn -q -DskipTests compile`.
### Task 3: Configuration And Verification
**Files:**
- Modify: `src/main/resources/application.yml`
- Modify: `src/test/java/com/label/unit/ApplicationConfigTest.java`
- [x] Rename `shiro.auth.*` config to `auth.*`.
- [x] Update safe defaults and type-aliases package.
- [x] Run targeted unit tests and compile.
- [x] Run `mvn clean test` once and record any external environment blockers.
### Verification Notes
- `mvn -q "-Dtest=LabelBackendApplicationTests,ApplicationConfigTest,AuthInterceptorTest,CompanyServiceTest,OpenApiAnnotationTest" test` passed.
- `mvn -q -DskipTests compile` passed.
- `mvn clean test` compiled main/test sources and passed unit tests, then failed only because 10 Testcontainers integration tests could not find a valid Docker environment.
Reference in New Issue View Git Blame Copy Permalink