whfh/label_backend
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b0e2b3c81ad76c4dd820360502d6412604f102b3
label_backend/docs/superpowers/plans/2026-04-14-auth-company-optimization.md
wh a30b648d30 去掉shiro框架
2026-04-14 16:33:34 +08:00

3.6 KiB
Raw Blame History

Auth And Company Optimization Implementation Plan

For agentic workers: REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (- [ ]) syntax for tracking.

Goal: Replace the remaining Shiro authorization layer with project-owned Redis token authentication and add company CRUD APIs.

Architecture: Keep the existing UUID token, Redis session storage, and CompanyContext tenant injection. Add project-owned @RequireAuth and @RequireRole annotations plus a Spring MVC AuthInterceptor, then remove Shiro config/classes/dependencies. Add CompanyService and CompanyController for sys_company management.

Tech Stack: Java 21, Spring Boot 3.1.5, Spring MVC HandlerInterceptor, RedisTemplate, MyBatis-Plus, JUnit 5, Mockito, AssertJ.

Task 1: Replace Shiro With Custom Auth Interceptor

Files:

  • Create: src/main/java/com/label/annotation/RequireAuth.java

  • Create: src/main/java/com/label/annotation/RequireRole.java

  • Create: src/main/java/com/label/interceptor/AuthInterceptor.java

  • Create: src/main/java/com/label/common/auth/TokenPrincipal.java

  • Create: src/main/java/com/label/common/context/UserContext.java

  • Modify: src/main/java/com/label/config/ShiroConfig.java

  • Modify: src/main/java/com/label/common/shiro/TokenFilter.java

  • Modify: src/main/java/com/label/common/shiro/BearerToken.java

  • Modify: src/main/java/com/label/common/shiro/UserRealm.java

  • Modify: src/main/java/com/label/controller/*.java

  • Modify: src/main/java/com/label/service/*.java

  • Modify: pom.xml

  • Test: src/test/java/com/label/unit/AuthInterceptorTest.java

  • Write failing tests for token loading, TTL refresh, role hierarchy, and context cleanup.

  • Implement annotations, principal, context, and interceptor.

  • Register the interceptor via Spring MVC config.

  • Replace controller @RequiresRoles usage with @RequireRole.

  • Remove Shiro-only classes, tests, dependencies, and exception handling.

  • Run mvn -q "-Dtest=AuthInterceptorTest,OpenApiAnnotationTest" test and mvn -q -DskipTests compile.

Task 2: Add Company Management

Files:

  • Create: src/main/java/com/label/service/CompanyService.java

  • Create: src/main/java/com/label/controller/CompanyController.java

  • Modify: src/main/java/com/label/mapper/SysUserMapper.java

  • Test: src/test/java/com/label/unit/CompanyServiceTest.java

  • Test: src/test/java/com/label/unit/OpenApiAnnotationTest.java

  • Write failing tests for create/list/update/status/delete behavior.

  • Implement service validation and duplicate checks.

  • Implement admin-only controller endpoints under /api/companies.

  • Run mvn -q "-Dtest=CompanyServiceTest,OpenApiAnnotationTest" test and mvn -q -DskipTests compile.

Task 3: Configuration And Verification

Files:

  • Modify: src/main/resources/application.yml

  • Modify: src/test/java/com/label/unit/ApplicationConfigTest.java

  • Rename shiro.auth.* config to auth.*.

  • Update safe defaults and type-aliases package.

  • Run targeted unit tests and compile.

  • Run mvn clean test once and record any external environment blockers.

Verification Notes

  • mvn -q "-Dtest=LabelBackendApplicationTests,ApplicationConfigTest,AuthInterceptorTest,CompanyServiceTest,OpenApiAnnotationTest" test passed.
  • mvn -q -DskipTests compile passed.
  • mvn clean test compiled main/test sources and passed unit tests, then failed only because 10 Testcontainers integration tests could not find a valid Docker environment.