3.6 KiB
Auth And Company Optimization Implementation Plan
For agentic workers: REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (
- [ ]) syntax for tracking.
Goal: Replace the remaining Shiro authorization layer with project-owned Redis token authentication and add company CRUD APIs.
Architecture: Keep the existing UUID token, Redis session storage, and CompanyContext tenant injection. Add project-owned @RequireAuth and @RequireRole annotations plus a Spring MVC AuthInterceptor, then remove Shiro config/classes/dependencies. Add CompanyService and CompanyController for sys_company management.
Tech Stack: Java 21, Spring Boot 3.1.5, Spring MVC HandlerInterceptor, RedisTemplate, MyBatis-Plus, JUnit 5, Mockito, AssertJ.
Task 1: Replace Shiro With Custom Auth Interceptor
Files:
-
Create:
src/main/java/com/label/annotation/RequireAuth.java -
Create:
src/main/java/com/label/annotation/RequireRole.java -
Create:
src/main/java/com/label/interceptor/AuthInterceptor.java -
Create:
src/main/java/com/label/common/auth/TokenPrincipal.java -
Create:
src/main/java/com/label/common/context/UserContext.java -
Modify:
src/main/java/com/label/config/ShiroConfig.java -
Modify:
src/main/java/com/label/common/shiro/TokenFilter.java -
Modify:
src/main/java/com/label/common/shiro/BearerToken.java -
Modify:
src/main/java/com/label/common/shiro/UserRealm.java -
Modify:
src/main/java/com/label/controller/*.java -
Modify:
src/main/java/com/label/service/*.java -
Modify:
pom.xml -
Test:
src/test/java/com/label/unit/AuthInterceptorTest.java -
Write failing tests for token loading, TTL refresh, role hierarchy, and context cleanup.
-
Implement annotations, principal, context, and interceptor.
-
Register the interceptor via Spring MVC config.
-
Replace controller
@RequiresRolesusage with@RequireRole. -
Remove Shiro-only classes, tests, dependencies, and exception handling.
-
Run
mvn -q "-Dtest=AuthInterceptorTest,OpenApiAnnotationTest" testandmvn -q -DskipTests compile.
Task 2: Add Company Management
Files:
-
Create:
src/main/java/com/label/service/CompanyService.java -
Create:
src/main/java/com/label/controller/CompanyController.java -
Modify:
src/main/java/com/label/mapper/SysUserMapper.java -
Test:
src/test/java/com/label/unit/CompanyServiceTest.java -
Test:
src/test/java/com/label/unit/OpenApiAnnotationTest.java -
Write failing tests for create/list/update/status/delete behavior.
-
Implement service validation and duplicate checks.
-
Implement admin-only controller endpoints under
/api/companies. -
Run
mvn -q "-Dtest=CompanyServiceTest,OpenApiAnnotationTest" testandmvn -q -DskipTests compile.
Task 3: Configuration And Verification
Files:
-
Modify:
src/main/resources/application.yml -
Modify:
src/test/java/com/label/unit/ApplicationConfigTest.java -
Rename
shiro.auth.*config toauth.*. -
Update safe defaults and type-aliases package.
-
Run targeted unit tests and compile.
-
Run
mvn clean testonce and record any external environment blockers.
Verification Notes
mvn -q "-Dtest=LabelBackendApplicationTests,ApplicationConfigTest,AuthInterceptorTest,CompanyServiceTest,OpenApiAnnotationTest" testpassed.mvn -q -DskipTests compilepassed.mvn clean testcompiled main/test sources and passed unit tests, then failed only because 10 Testcontainers integration tests could not find a valid Docker environment.