shijie
4 years ago
parent
b03afbf971
commit
2a143a4bd3
49 changed files with 1929 additions and 130 deletions
@ -0,0 +1,17 @@ |
||||
package com.daqing.financial.hrauth.dao; |
||||
|
||||
import com.baomidou.mybatisplus.core.mapper.BaseMapper; |
||||
import com.daqing.framework.domain.hrms.EmployeeRoleEntity; |
||||
import org.apache.ibatis.annotations.Mapper; |
||||
|
||||
/** |
||||
* |
||||
* |
||||
* @author gongsj |
||||
* @email gongsj@gmail.com |
||||
* @date 2020-09-14 09:35:05 |
||||
*/ |
||||
@Mapper |
||||
public interface AuthEmployeeRoleDao extends BaseMapper<EmployeeRoleEntity> { |
||||
|
||||
} |
||||
@ -0,0 +1,20 @@ |
||||
package com.daqing.financial.hrauth.dao; |
||||
|
||||
import com.baomidou.mybatisplus.core.mapper.BaseMapper; |
||||
import com.daqing.framework.domain.hrms.PermissionEntity; |
||||
import com.daqing.framework.domain.hrms.RolePermissionEntity; |
||||
import org.apache.ibatis.annotations.Mapper; |
||||
|
||||
import java.util.List; |
||||
|
||||
/** |
||||
* 记录菜单权限 |
||||
* |
||||
* @author gongsj |
||||
* @email gongsj@gmail.com |
||||
* @date 2020-09-07 16:26:04 |
||||
*/ |
||||
@Mapper |
||||
public interface AuthPermissionDao extends BaseMapper<PermissionEntity> { |
||||
List<RolePermissionEntity> selectRolePermiByPermiId(Long permissionId); |
||||
} |
||||
@ -0,0 +1,17 @@ |
||||
package com.daqing.financial.hrauth.dao; |
||||
|
||||
import com.baomidou.mybatisplus.core.mapper.BaseMapper; |
||||
import com.daqing.framework.domain.hrms.RoleEntity; |
||||
import org.apache.ibatis.annotations.Mapper; |
||||
|
||||
/** |
||||
* 员工角色表 |
||||
* |
||||
* @author gongsj |
||||
* @email gongsj@gmail.com |
||||
* @date 2020-09-07 16:26:04 |
||||
*/ |
||||
@Mapper |
||||
public interface AuthRoleDao extends BaseMapper<RoleEntity> { |
||||
|
||||
} |
||||
@ -0,0 +1,48 @@ |
||||
package com.daqing.financial.hrauth.enums; |
||||
|
||||
import java.util.HashMap; |
||||
import java.util.Map; |
||||
|
||||
/** |
||||
* <p> 全局常用变量 </p> |
||||
* |
||||
* @description : |
||||
* @author : zhengqing |
||||
* @date : 2019/10/12 14:47 |
||||
*/ |
||||
public class Constants { |
||||
|
||||
/** |
||||
* 接口url |
||||
*/ |
||||
public static Map<String,String> URL_MAPPING_MAP = new HashMap<>(); |
||||
|
||||
/** |
||||
* 获取项目根目录 |
||||
*/ |
||||
public static String PROJECT_ROOT_DIRECTORY = System.getProperty("user.dir"); |
||||
|
||||
/** |
||||
* 密码加密相关 |
||||
*/ |
||||
public static String SALT = "zhengqing"; |
||||
public static final int HASH_ITERATIONS = 1; |
||||
|
||||
/** |
||||
* 请求头 - token |
||||
*/ |
||||
public static final String REQUEST_HEADER = "X-Token"; |
||||
|
||||
/** |
||||
* 请求头类型: |
||||
* application/x-www-form-urlencoded : form表单格式 |
||||
* application/json : json格式 |
||||
*/ |
||||
public static final String REQUEST_HEADERS_CONTENT_TYPE = "application/json"; |
||||
|
||||
/** |
||||
* 未登录者角色 |
||||
*/ |
||||
public static final String ROLE_LOGIN = "role_login"; |
||||
|
||||
} |
||||
@ -0,0 +1,76 @@ |
||||
package com.daqing.financial.hrauth.filter; |
||||
|
||||
import com.alibaba.fastjson.JSONObject; |
||||
import com.daqing.financial.hrauth.enums.Constants; |
||||
import com.daqing.financial.hrauth.handle.AdminAuthenticationFailureHandler; |
||||
import com.daqing.financial.hrauth.handle.AdminAuthenticationSuccessHandler; |
||||
import com.daqing.financial.hrauth.handle.CusAuthenticationManager; |
||||
import com.daqing.financial.hrauth.handle.MyAuthenticationToken; |
||||
import com.daqing.financial.hrauth.util.MultiReadHttpServletRequest; |
||||
import com.daqing.framework.domain.hrms.request.LoginRequest; |
||||
import lombok.extern.slf4j.Slf4j; |
||||
import org.springframework.security.authentication.AuthenticationServiceException; |
||||
import org.springframework.security.core.Authentication; |
||||
import org.springframework.security.core.AuthenticationException; |
||||
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter; |
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher; |
||||
import org.springframework.stereotype.Component; |
||||
|
||||
import javax.servlet.http.HttpServletRequest; |
||||
import javax.servlet.http.HttpServletResponse; |
||||
import java.util.HashMap; |
||||
import java.util.Map; |
||||
|
||||
/** |
||||
* <p> 自定义用户密码校验过滤器 </p> |
||||
* |
||||
* @author : zhengqing |
||||
* @description : |
||||
* @date : 2019/10/12 15:32 |
||||
*/ |
||||
@Slf4j |
||||
@Component |
||||
public class AdminAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter { |
||||
|
||||
/** |
||||
* @param authenticationManager: 认证管理器 |
||||
* @param adminAuthenticationSuccessHandler: 认证成功处理 |
||||
* @param adminAuthenticationFailureHandler: 认证失败处理 |
||||
*/ |
||||
public AdminAuthenticationProcessingFilter(CusAuthenticationManager authenticationManager, AdminAuthenticationSuccessHandler adminAuthenticationSuccessHandler, AdminAuthenticationFailureHandler adminAuthenticationFailureHandler) { |
||||
super(new AntPathRequestMatcher("/hrms/auth/userlogin/login", "POST")); |
||||
this.setAuthenticationManager(authenticationManager); |
||||
this.setAuthenticationSuccessHandler(adminAuthenticationSuccessHandler); |
||||
this.setAuthenticationFailureHandler(adminAuthenticationFailureHandler); |
||||
} |
||||
|
||||
@Override |
||||
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { |
||||
if (request.getContentType() == null || !request.getContentType().contains(Constants.REQUEST_HEADERS_CONTENT_TYPE)) { |
||||
throw new AuthenticationServiceException("请求头类型不支持: " + request.getContentType()); |
||||
} |
||||
|
||||
//UsernamePasswordAuthenticationToken authRequest;
|
||||
MyAuthenticationToken authRequest; |
||||
try { |
||||
MultiReadHttpServletRequest wrappedRequest = new MultiReadHttpServletRequest(request); |
||||
// 将前端传递的数据转换成jsonBean数据格式
|
||||
LoginRequest user = JSONObject.parseObject(wrappedRequest.getBodyJsonStrByJson(wrappedRequest), LoginRequest.class); |
||||
Integer tenDayEffective = user.getTenDayEffective(); |
||||
Integer type = user.getType(); |
||||
String userName = user.getPhone(); |
||||
Map<String,Object> map=new HashMap<>(); |
||||
map.put("tenDayEffective",tenDayEffective); |
||||
map.put("type",type); |
||||
map.put("userName",userName); |
||||
// 将前端传递的数据转换成jsonBean数据格式
|
||||
//UserEntity user = JSONObject.parseObject(wrappedRequest.getBodyJsonStrByJson(wrappedRequest), UserEntity.class);
|
||||
authRequest = new MyAuthenticationToken(userName, user.getPassword(),null, map); |
||||
authRequest.setDetails(authenticationDetailsSource.buildDetails(wrappedRequest)); |
||||
} catch (Exception e) { |
||||
throw new AuthenticationServiceException(e.getMessage()); |
||||
} |
||||
return this.getAuthenticationManager().authenticate(authRequest); |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,124 @@ |
||||
package com.daqing.financial.hrauth.filter; |
||||
|
||||
import com.daqing.financial.hrauth.enums.Constants; |
||||
import com.daqing.financial.hrauth.handle.SecurityUser; |
||||
import com.daqing.financial.hrauth.service.impl.UserDetailsServiceImpl; |
||||
import com.daqing.financial.hrauth.util.MultiReadHttpServletRequest; |
||||
import com.daqing.financial.hrauth.util.MultiReadHttpServletResponse; |
||||
import lombok.extern.slf4j.Slf4j; |
||||
import org.apache.commons.lang3.StringUtils; |
||||
import org.springframework.security.access.AccessDeniedException; |
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; |
||||
import org.springframework.security.core.context.SecurityContextHolder; |
||||
import org.springframework.stereotype.Component; |
||||
import org.springframework.util.StopWatch; |
||||
import org.springframework.web.filter.OncePerRequestFilter; |
||||
|
||||
import javax.servlet.FilterChain; |
||||
import javax.servlet.ServletException; |
||||
import javax.servlet.http.HttpServletRequest; |
||||
import javax.servlet.http.HttpServletResponse; |
||||
import java.io.IOException; |
||||
import java.io.UnsupportedEncodingException; |
||||
|
||||
/** |
||||
* <p> 访问鉴权 - 每次访问接口都会经过此 </p> |
||||
* |
||||
* @description : |
||||
* @author : zhengqing |
||||
* @date : 2019/10/12 16:17 |
||||
*/ |
||||
@Slf4j |
||||
@Component |
||||
public class MyAuthenticationFilter extends OncePerRequestFilter { |
||||
|
||||
private final UserDetailsServiceImpl userDetailsService; |
||||
|
||||
protected MyAuthenticationFilter(UserDetailsServiceImpl userDetailsService) { |
||||
this.userDetailsService = userDetailsService; |
||||
} |
||||
|
||||
@Override |
||||
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { |
||||
System.out.println("请求头类型: " + request.getContentType()); |
||||
String token = request.getHeader("token"); |
||||
if ((request.getContentType() == null && request.getContentLength() > 0) || (request.getContentType() != null && !request.getContentType().contains(Constants.REQUEST_HEADERS_CONTENT_TYPE))) { |
||||
filterChain.doFilter(request, response); |
||||
return; |
||||
} |
||||
|
||||
MultiReadHttpServletRequest wrappedRequest = new MultiReadHttpServletRequest(request); |
||||
MultiReadHttpServletResponse wrappedResponse = new MultiReadHttpServletResponse(response); |
||||
StopWatch stopWatch = new StopWatch(); |
||||
try { |
||||
stopWatch.start(); |
||||
// 记录请求的消息体
|
||||
logRequestBody(wrappedRequest); |
||||
|
||||
// SecurityContext context = SecurityContextHolder.getContext();
|
||||
// if (context.getAuthentication() != null && context.getAuthentication().isAuthenticated()) {
|
||||
// filterChain.doFilter(wrappedRequest, wrappedResponse);
|
||||
// return;
|
||||
// }
|
||||
|
||||
// String token = "123";
|
||||
// 前后端分离情况下,前端登录后将token储存在cookie中,每次访问接口时通过token去拿用户权限
|
||||
//String token = wrappedRequest.getHeader(Constants.REQUEST_HEADER);
|
||||
log.debug("后台检查令牌:{}", token); |
||||
if (StringUtils.isNotBlank(token)) { |
||||
// 检查token
|
||||
SecurityUser securityUser = userDetailsService.getUserByToken(token); |
||||
if (securityUser == null || securityUser.getCurrentUserInfo() == null) { |
||||
throw new AccessDeniedException("TOKEN已过期,请重新登录!"); |
||||
} |
||||
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(securityUser, null, securityUser.getAuthorities()); |
||||
// 全局注入角色权限信息和登录用户基本信息
|
||||
SecurityContextHolder.getContext().setAuthentication(authentication); |
||||
} |
||||
/* else { |
||||
throw new AccessDeniedException("TOKEN不存在,请重新登录!"); |
||||
}*/ |
||||
filterChain.doFilter(wrappedRequest, wrappedResponse); |
||||
} finally { |
||||
stopWatch.stop(); |
||||
long usedTimes = stopWatch.getTotalTimeMillis(); |
||||
// 记录响应的消息体
|
||||
logResponseBody(wrappedRequest, wrappedResponse, usedTimes); |
||||
} |
||||
|
||||
} |
||||
|
||||
private String logRequestBody(MultiReadHttpServletRequest request) { |
||||
MultiReadHttpServletRequest wrapper = request; |
||||
if (wrapper != null) { |
||||
try { |
||||
String bodyJson = wrapper.getBodyJsonStrByJson(request); |
||||
String url = wrapper.getRequestURI().replace("//", "/"); |
||||
System.out.println("-------------------------------- 请求url: " + url + " --------------------------------"); |
||||
Constants.URL_MAPPING_MAP.put(url, url); |
||||
log.info("`{}` 接收到的参数: {}",url , bodyJson); |
||||
return bodyJson; |
||||
} catch (Exception e) { |
||||
e.printStackTrace(); |
||||
} |
||||
} |
||||
return null; |
||||
} |
||||
|
||||
private void logResponseBody(MultiReadHttpServletRequest request, MultiReadHttpServletResponse response, long useTime) { |
||||
MultiReadHttpServletResponse wrapper = response; |
||||
if (wrapper != null) { |
||||
byte[] buf = wrapper.getBody(); |
||||
if (buf.length > 0) { |
||||
String payload; |
||||
try { |
||||
payload = new String(buf, 0, buf.length, wrapper.getCharacterEncoding()); |
||||
} catch (UnsupportedEncodingException ex) { |
||||
payload = "[unknown]"; |
||||
} |
||||
log.info("`{}` 耗时:{}ms 返回的参数: {}", Constants.URL_MAPPING_MAP.get(request.getRequestURI()), useTime, payload); |
||||
} |
||||
} |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,30 @@ |
||||
package com.daqing.financial.hrauth.handle; |
||||
|
||||
import com.daqing.financial.hrauth.model.ApiResult; |
||||
import com.daqing.financial.hrauth.util.ResponseUtils; |
||||
import lombok.extern.slf4j.Slf4j; |
||||
import org.springframework.security.core.AuthenticationException; |
||||
import org.springframework.security.web.AuthenticationEntryPoint; |
||||
import org.springframework.stereotype.Component; |
||||
|
||||
import javax.servlet.http.HttpServletRequest; |
||||
import javax.servlet.http.HttpServletResponse; |
||||
|
||||
/** |
||||
* <p> 认证权限入口 - 未登录的情况下访问所有接口都会拦截到此 </p> |
||||
* |
||||
* @description : 前后端分离情况下返回json格式数据 |
||||
* @author : zhengqing |
||||
* @date : 2019/10/11 17:32 |
||||
*/ |
||||
@Slf4j |
||||
@Component |
||||
public class AdminAuthenticationEntryPoint implements AuthenticationEntryPoint { |
||||
|
||||
@Override |
||||
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) { |
||||
log.error(e.getMessage()); |
||||
ResponseUtils.out(response, ApiResult.fail("请先登录哦~~")); |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,48 @@ |
||||
package com.daqing.financial.hrauth.handle; |
||||
|
||||
import com.daqing.financial.hrauth.model.ApiResult; |
||||
import com.daqing.financial.hrauth.util.ResponseUtils; |
||||
import lombok.extern.slf4j.Slf4j; |
||||
import org.springframework.security.authentication.*; |
||||
import org.springframework.security.core.AuthenticationException; |
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException; |
||||
import org.springframework.security.web.authentication.AuthenticationFailureHandler; |
||||
import org.springframework.stereotype.Component; |
||||
|
||||
import javax.servlet.ServletException; |
||||
import javax.servlet.http.HttpServletRequest; |
||||
import javax.servlet.http.HttpServletResponse; |
||||
import java.io.IOException; |
||||
|
||||
/** |
||||
* <p> 认证失败处理 - 前后端分离情况下返回json数据格式 </p> |
||||
* |
||||
* @description : |
||||
* @author : zhengqing |
||||
* @date : 2019/10/12 15:33 |
||||
*/ |
||||
@Slf4j |
||||
@Component |
||||
public class AdminAuthenticationFailureHandler implements AuthenticationFailureHandler { |
||||
|
||||
@Override |
||||
public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException { |
||||
ApiResult result; |
||||
if (e instanceof UsernameNotFoundException || e instanceof BadCredentialsException) { |
||||
result = ApiResult.fail(e.getMessage()); |
||||
} else if (e instanceof LockedException) { |
||||
result = ApiResult.fail("账户被锁定,请联系管理员!"); |
||||
} else if (e instanceof CredentialsExpiredException) { |
||||
result = ApiResult.fail("证书过期,请联系管理员!"); |
||||
} else if (e instanceof AccountExpiredException) { |
||||
result = ApiResult.fail("账户过期,请联系管理员!"); |
||||
} else if (e instanceof DisabledException) { |
||||
result = ApiResult.fail("账户被禁用,请联系管理员!"); |
||||
} else { |
||||
log.error("登录失败:", e); |
||||
result = ApiResult.fail("登录失败!"); |
||||
} |
||||
ResponseUtils.out(response, result); |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,80 @@ |
||||
package com.daqing.financial.hrauth.handle; |
||||
|
||||
import com.daqing.financial.hrauth.dao.UserLoginDao; |
||||
import com.daqing.financial.hrauth.service.UserLoginService; |
||||
import com.daqing.financial.hrauth.service.impl.UserDetailsServiceImpl; |
||||
import com.daqing.framework.domain.hrms.request.LoginRequest; |
||||
import com.daqing.framework.domain.hrms.response.LoginResponse; |
||||
import com.daqing.framework.model.response.ResponseResult; |
||||
import lombok.SneakyThrows; |
||||
import org.apache.commons.collections4.MapUtils; |
||||
import org.springframework.beans.factory.annotation.Autowired; |
||||
import org.springframework.security.authentication.AuthenticationProvider; |
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; |
||||
import org.springframework.security.core.Authentication; |
||||
import org.springframework.security.core.AuthenticationException; |
||||
import org.springframework.stereotype.Component; |
||||
|
||||
import javax.annotation.Resource; |
||||
|
||||
/** |
||||
* <p> 自定义认证处理 </p> |
||||
* |
||||
* @description : |
||||
* @author : zhengqing |
||||
* @date : 2019/10/12 14:49 |
||||
*/ |
||||
@Component |
||||
public class AdminAuthenticationProvider implements AuthenticationProvider { |
||||
|
||||
@Autowired |
||||
UserDetailsServiceImpl userDetailsService; |
||||
@Resource |
||||
private UserLoginDao userMapper; |
||||
@Autowired |
||||
UserLoginService userLoginService; |
||||
|
||||
@SneakyThrows |
||||
@Override |
||||
public Authentication authenticate(Authentication authentication) throws AuthenticationException { |
||||
MyAuthenticationToken authRequest=(MyAuthenticationToken)authentication; |
||||
String tenDayEffective= MapUtils.getString(authRequest.getParam(),"tenDayEffective","1"); |
||||
String type= MapUtils.getString(authRequest.getParam(),"type","1"); |
||||
String userName = MapUtils.getString(authRequest.getParam(),"userName",null); |
||||
// 获取前端表单中输入后返回的用户名、密码
|
||||
//String userName = (String) authentication.getPrincipal();
|
||||
String password = (String) authentication.getCredentials(); |
||||
|
||||
LoginRequest loginRequest = new LoginRequest(); |
||||
loginRequest.setPhone(userName); |
||||
loginRequest.setPassword(password); |
||||
loginRequest.setTenDayEffective(Integer.parseInt(tenDayEffective)); |
||||
loginRequest.setType(Integer.parseInt(type)); |
||||
ResponseResult login = userLoginService.login(loginRequest); |
||||
LoginResponse data = (LoginResponse) login.getData(); |
||||
|
||||
SecurityUser userInfo = (SecurityUser) userDetailsService.loadUserByUsername(userName); |
||||
|
||||
/* boolean isValid = PasswordUtils.isValidPassword(password, userInfo.getPassword(), userInfo.getCurrentUserInfo().getSalt()); |
||||
// 验证密码
|
||||
if (!isValid) { |
||||
throw new BadCredentialsException("密码错误!"); |
||||
} |
||||
|
||||
// 前后端分离情况下 处理逻辑...
|
||||
// 更新登录令牌 - 之后访问系统其它接口直接通过token认证用户权限...
|
||||
String token = PasswordUtils.encodePassword(System.currentTimeMillis() + userInfo.getCurrentUserInfo().getSalt(), userInfo.getCurrentUserInfo().getSalt()); |
||||
UserEntity user = userMapper.selectById(userInfo.getCurrentUserInfo().getId()); |
||||
user.setToken(token); |
||||
userMapper.updateById(user); |
||||
userInfo.getCurrentUserInfo().setToken(token);*/ |
||||
|
||||
userInfo.getCurrentUserInfo().setToken(data.getToken()); |
||||
return new UsernamePasswordAuthenticationToken(userInfo, password, userInfo.getAuthorities()); |
||||
} |
||||
|
||||
@Override |
||||
public boolean supports(Class<?> aClass) { |
||||
return true; |
||||
} |
||||
} |
||||
@ -0,0 +1,34 @@ |
||||
package com.daqing.financial.hrauth.handle; |
||||
|
||||
import com.daqing.financial.hrauth.model.ApiResult; |
||||
import com.daqing.financial.hrauth.util.ResponseUtils; |
||||
import com.daqing.framework.domain.hrms.UserEntity; |
||||
import org.springframework.security.core.Authentication; |
||||
import org.springframework.security.web.authentication.AuthenticationSuccessHandler; |
||||
import org.springframework.stereotype.Component; |
||||
|
||||
import javax.servlet.ServletException; |
||||
import javax.servlet.http.HttpServletRequest; |
||||
import javax.servlet.http.HttpServletResponse; |
||||
import java.io.IOException; |
||||
|
||||
/** |
||||
* <p> 认证成功处理 </p> |
||||
* |
||||
* @description : |
||||
* @author : zhengqing |
||||
* @date : 2019/10/12 15:31 |
||||
*/ |
||||
@Component |
||||
public class AdminAuthenticationSuccessHandler implements AuthenticationSuccessHandler { |
||||
|
||||
@Override |
||||
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse response, Authentication auth) throws IOException, ServletException { |
||||
UserEntity user = new UserEntity(); |
||||
SecurityUser securityUser = ((SecurityUser) auth.getPrincipal()); |
||||
user.setAccount(securityUser.getCurrentUserInfo().getAccount()); |
||||
user.setToken(securityUser.getCurrentUserInfo().getToken()); |
||||
ResponseUtils.out(response, ApiResult.ok("登录成功!", user)); |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,36 @@ |
||||
package com.daqing.financial.hrauth.handle; |
||||
|
||||
import org.springframework.security.authentication.AuthenticationManager; |
||||
import org.springframework.security.authentication.ProviderNotFoundException; |
||||
import org.springframework.security.core.Authentication; |
||||
import org.springframework.security.core.AuthenticationException; |
||||
import org.springframework.stereotype.Component; |
||||
|
||||
import java.util.Objects; |
||||
|
||||
/** |
||||
* <p> 自定义认证管理器 </p> |
||||
* |
||||
* @author : zhengqing |
||||
* @description : |
||||
* @date : 2019/10/12 14:49 |
||||
*/ |
||||
@Component |
||||
public class CusAuthenticationManager implements AuthenticationManager { |
||||
|
||||
private final AdminAuthenticationProvider adminAuthenticationProvider; |
||||
|
||||
public CusAuthenticationManager(AdminAuthenticationProvider adminAuthenticationProvider) { |
||||
this.adminAuthenticationProvider = adminAuthenticationProvider; |
||||
} |
||||
|
||||
@Override |
||||
public Authentication authenticate(Authentication authentication) throws AuthenticationException { |
||||
Authentication result = adminAuthenticationProvider.authenticate(authentication); |
||||
if (Objects.nonNull(result)) { |
||||
return result; |
||||
} |
||||
throw new ProviderNotFoundException("Authentication failed!"); |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,58 @@ |
||||
package com.daqing.financial.hrauth.handle; |
||||
|
||||
import org.springframework.security.authentication.AbstractAuthenticationToken; |
||||
import org.springframework.security.core.GrantedAuthority; |
||||
|
||||
import java.util.Collection; |
||||
import java.util.Map; |
||||
|
||||
public class MyAuthenticationToken extends AbstractAuthenticationToken { |
||||
private static final long serialVersionUID = 420L; |
||||
private final Object principal; |
||||
private Object credentials; |
||||
|
||||
/** |
||||
* 参数map |
||||
*/ |
||||
private Map<String,Object> map; |
||||
|
||||
public MyAuthenticationToken(Object principal, Object credentials) { |
||||
super((Collection)null); |
||||
this.principal = principal; |
||||
this.credentials = credentials; |
||||
this.setAuthenticated(false); |
||||
} |
||||
|
||||
public MyAuthenticationToken(Object principal, Object credentials, Collection<? extends GrantedAuthority> authorities, Map<String,Object> map){ |
||||
super(authorities); |
||||
this.principal = principal; |
||||
this.credentials = credentials; |
||||
super.setAuthenticated(true); |
||||
this.map=map; |
||||
} |
||||
|
||||
public Object getCredentials() { |
||||
return this.credentials; |
||||
} |
||||
|
||||
public Object getPrincipal() { |
||||
return this.principal; |
||||
} |
||||
|
||||
public Map<String,Object> getParam(){ |
||||
return map; |
||||
} |
||||
|
||||
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException { |
||||
if (isAuthenticated) { |
||||
throw new IllegalArgumentException("Cannot set this token to trusted - use constructor which takes a GrantedAuthority list instead"); |
||||
} else { |
||||
super.setAuthenticated(false); |
||||
} |
||||
} |
||||
|
||||
public void eraseCredentials() { |
||||
super.eraseCredentials(); |
||||
this.credentials = null; |
||||
} |
||||
} |
||||
@ -0,0 +1,98 @@ |
||||
package com.daqing.financial.hrauth.handle; |
||||
|
||||
import com.daqing.framework.domain.hrms.RoleEntity; |
||||
import com.daqing.framework.domain.hrms.UserEntity; |
||||
import lombok.Data; |
||||
import lombok.extern.slf4j.Slf4j; |
||||
import org.springframework.security.core.GrantedAuthority; |
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority; |
||||
import org.springframework.security.core.userdetails.UserDetails; |
||||
import org.springframework.util.CollectionUtils; |
||||
|
||||
import java.util.ArrayList; |
||||
import java.util.Collection; |
||||
import java.util.List; |
||||
|
||||
/** |
||||
* <p> 安全认证用户详情 </p> |
||||
* |
||||
* @author : zhengqing |
||||
* @description : |
||||
* @date : 2019/10/14 17:46 |
||||
*/ |
||||
@Data |
||||
@Slf4j |
||||
public class SecurityUser implements UserDetails { |
||||
/** |
||||
* 当前登录用户 |
||||
*/ |
||||
private transient UserEntity currentUserInfo; |
||||
/** |
||||
* 角色 |
||||
*/ |
||||
private transient List<RoleEntity> roleList; |
||||
|
||||
public SecurityUser() { } |
||||
|
||||
public SecurityUser(UserEntity user) { |
||||
if (user != null) { |
||||
this.currentUserInfo = user; |
||||
} |
||||
} |
||||
|
||||
public SecurityUser(UserEntity user, List<RoleEntity> roleList) { |
||||
if (user != null) { |
||||
this.currentUserInfo = user; |
||||
this.roleList = roleList; |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* 获取当前用户所具有的角色 |
||||
* |
||||
* @return |
||||
*/ |
||||
@Override |
||||
public Collection<? extends GrantedAuthority> getAuthorities() { |
||||
Collection<GrantedAuthority> authorities = new ArrayList<>(); |
||||
if (!CollectionUtils.isEmpty(this.roleList)) { |
||||
for (RoleEntity role : this.roleList) { |
||||
SimpleGrantedAuthority authority = new SimpleGrantedAuthority("user_role"); |
||||
authorities.add(authority); |
||||
} |
||||
} |
||||
// SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ADMIN");
|
||||
// authorities.add(authority);
|
||||
return authorities; |
||||
} |
||||
|
||||
@Override |
||||
public String getPassword() { |
||||
return currentUserInfo.getPassword(); |
||||
} |
||||
|
||||
@Override |
||||
public String getUsername() { |
||||
return currentUserInfo.getAccount(); |
||||
} |
||||
|
||||
@Override |
||||
public boolean isAccountNonExpired() { |
||||
return true; |
||||
} |
||||
|
||||
@Override |
||||
public boolean isAccountNonLocked() { |
||||
return true; |
||||
} |
||||
|
||||
@Override |
||||
public boolean isCredentialsNonExpired() { |
||||
return true; |
||||
} |
||||
|
||||
@Override |
||||
public boolean isEnabled() { |
||||
return true; |
||||
} |
||||
} |
||||
@ -0,0 +1,67 @@ |
||||
package com.daqing.financial.hrauth.handle; |
||||
|
||||
import com.daqing.financial.hrauth.enums.Constants; |
||||
import org.springframework.security.access.AccessDecisionManager; |
||||
import org.springframework.security.access.AccessDeniedException; |
||||
import org.springframework.security.access.ConfigAttribute; |
||||
import org.springframework.security.authentication.AnonymousAuthenticationToken; |
||||
import org.springframework.security.authentication.BadCredentialsException; |
||||
import org.springframework.security.core.Authentication; |
||||
import org.springframework.security.core.AuthenticationException; |
||||
import org.springframework.security.core.GrantedAuthority; |
||||
import org.springframework.stereotype.Component; |
||||
|
||||
import java.util.Collection; |
||||
|
||||
/** |
||||
* <p> 对访问url进行权限认证处理 </p> |
||||
* |
||||
* @author : zhengqing |
||||
* @description : |
||||
* @date : 2019/10/15 14:21 |
||||
*/ |
||||
@Component |
||||
public class UrlAccessDecisionManager implements AccessDecisionManager { |
||||
|
||||
/** |
||||
* @param authentication: 当前登录用户的角色信息 |
||||
* @param object: 请求url信息 |
||||
* @param collection: `UrlFilterInvocationSecurityMetadataSource`中的getAttributes方法传来的,表示当前请求需要的角色(可能有多个) |
||||
* @return: void |
||||
*/ |
||||
@Override |
||||
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> collection) throws AccessDeniedException, AuthenticationException { |
||||
// 遍历角色
|
||||
for (ConfigAttribute ca : collection) { |
||||
// ① 当前url请求需要的权限
|
||||
String needRole = ca.getAttribute(); |
||||
if (Constants.ROLE_LOGIN.equals(needRole)) { |
||||
if (authentication instanceof AnonymousAuthenticationToken) { |
||||
throw new BadCredentialsException("未登录!"); |
||||
} else { |
||||
throw new AccessDeniedException("未授权该url!"); |
||||
} |
||||
} |
||||
|
||||
// ② 当前用户所具有的角色
|
||||
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); |
||||
for (GrantedAuthority authority : authorities) { |
||||
// 只要包含其中一个角色即可访问
|
||||
if (authority.getAuthority().equals(needRole)) { |
||||
return; |
||||
} |
||||
} |
||||
} |
||||
throw new AccessDeniedException("请联系管理员分配权限!"); |
||||
} |
||||
|
||||
@Override |
||||
public boolean supports(ConfigAttribute configAttribute) { |
||||
return true; |
||||
} |
||||
|
||||
@Override |
||||
public boolean supports(Class<?> aClass) { |
||||
return true; |
||||
} |
||||
} |
||||
@ -0,0 +1,28 @@ |
||||
package com.daqing.financial.hrauth.handle; |
||||
|
||||
import com.daqing.financial.hrauth.model.ApiResult; |
||||
import com.daqing.financial.hrauth.util.ResponseUtils; |
||||
import org.springframework.security.access.AccessDeniedException; |
||||
import org.springframework.security.web.access.AccessDeniedHandler; |
||||
import org.springframework.stereotype.Component; |
||||
|
||||
import javax.servlet.ServletException; |
||||
import javax.servlet.http.HttpServletRequest; |
||||
import javax.servlet.http.HttpServletResponse; |
||||
import java.io.IOException; |
||||
|
||||
|
||||
/** |
||||
* <p> 认证url权限 - 登录后访问接口无权限 - 自定义403无权限响应内容 </p> |
||||
* |
||||
* @description : 登录过后的权限处理 【注:要和未登录时的权限处理区分开哦~】 |
||||
* @author : zhengqing |
||||
* @date : 2019/10/14 18:52 |
||||
*/ |
||||
@Component |
||||
public class UrlAccessDeniedHandler implements AccessDeniedHandler { |
||||
@Override |
||||
public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException, ServletException { |
||||
ResponseUtils.out(response, ApiResult.fail(403, e.getMessage())); |
||||
} |
||||
} |
||||
@ -0,0 +1,116 @@ |
||||
package com.daqing.financial.hrauth.handle; |
||||
|
||||
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; |
||||
import com.daqing.financial.hrauth.dao.AuthPermissionDao; |
||||
import com.daqing.financial.hrauth.dao.AuthRoleDao; |
||||
import com.daqing.financial.hrauth.dao.RolePermissionMapper; |
||||
import com.daqing.financial.hrauth.enums.Constants; |
||||
import com.daqing.framework.domain.hrms.PermissionEntity; |
||||
import com.daqing.framework.domain.hrms.RoleEntity; |
||||
import com.daqing.framework.domain.hrms.RolePermissionEntity; |
||||
import org.springframework.security.access.ConfigAttribute; |
||||
import org.springframework.security.access.SecurityConfig; |
||||
import org.springframework.security.core.context.SecurityContextHolder; |
||||
import org.springframework.security.web.FilterInvocation; |
||||
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource; |
||||
import org.springframework.stereotype.Component; |
||||
|
||||
import javax.annotation.Resource; |
||||
import java.util.Collection; |
||||
import java.util.LinkedList; |
||||
import java.util.List; |
||||
|
||||
/** |
||||
* <p> 获取访问该url所需要的用户角色权限信息 </p> |
||||
* |
||||
* @author : zhengqing |
||||
* @description : 执行完之后到 `UrlAccessDecisionManager` 中认证权限 |
||||
* @date : 2019/10/15 14:36 |
||||
*/ |
||||
@Component |
||||
public class UrlFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource { |
||||
|
||||
@Resource |
||||
AuthPermissionDao permissionMapper; |
||||
@Resource |
||||
RolePermissionMapper rolePermissionMapper; |
||||
@Resource |
||||
AuthRoleDao roleMapper; |
||||
|
||||
|
||||
/*** |
||||
* 返回该url所需要的用户权限信息 |
||||
* |
||||
* @param object: 储存请求url信息 |
||||
* @return: null:标识不需要任何权限都可以访问 |
||||
*/ |
||||
@Override |
||||
public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException { |
||||
// 获取当前请求url
|
||||
String beforeRequestUrl = ((FilterInvocation) object).getRequestUrl(); |
||||
String requestUrl = null; |
||||
boolean status = beforeRequestUrl.contains("?"); |
||||
if(status){ |
||||
requestUrl = beforeRequestUrl.substring(0, beforeRequestUrl.indexOf("?")); |
||||
}else{ |
||||
requestUrl = beforeRequestUrl; |
||||
} |
||||
|
||||
// TODO 忽略url请放在此处进行过滤放行
|
||||
if ("/login".equals(requestUrl) || requestUrl.contains("logout") || "/error".equals(requestUrl)) { |
||||
return null; |
||||
} |
||||
|
||||
// 数据库中所有url
|
||||
List<PermissionEntity> permissionList = permissionMapper.selectList(null); |
||||
for (PermissionEntity permission : permissionList) { |
||||
// 获取该url所对应的权限
|
||||
if (requestUrl.equals(permission.getUrl())) { |
||||
List<RolePermissionEntity> permissionEntityList = rolePermissionMapper.selectList(new QueryWrapper<RolePermissionEntity>().eq("permission_id",permission.getId())); |
||||
|
||||
SecurityUser userRole = (SecurityUser) SecurityContextHolder.getContext().getAuthentication().getPrincipal();//获取spring security封装的当前用户信息对象
|
||||
List<RoleEntity> list = userRole.getRoleList(); |
||||
|
||||
List<String> roles = new LinkedList<>(); |
||||
int isPermission = 0;//标识是否有权限,有的话跳出循环
|
||||
for(int i = 0; i < permissionEntityList.size(); i ++){ |
||||
if(isPermission > 0){ |
||||
break; |
||||
} |
||||
for(int j = 0; j < list.size(); j ++){ |
||||
if(permissionEntityList.get(i).getRoleId() == list.get(j).getId()){ |
||||
isPermission ++; |
||||
break; |
||||
} |
||||
} |
||||
} |
||||
if(isPermission > 0){ |
||||
return SecurityConfig.createList(roles.toArray(new String[roles.size()])); |
||||
}else { |
||||
return SecurityConfig.createList(Constants.ROLE_LOGIN); |
||||
} |
||||
|
||||
/* List<String> roles = new LinkedList<>(); |
||||
if (!CollectionUtils.isEmpty(permissionEntityList)){ |
||||
Integer roleId = permissionEntityList.get(0).getRoleId().intValue(); |
||||
RoleEntity role = roleMapper.selectById(roleId); |
||||
roles.add(role.getCode()); |
||||
} |
||||
// 保存该url对应角色权限信息
|
||||
return SecurityConfig.createList(roles.toArray(new String[roles.size()]));*/ |
||||
} |
||||
} |
||||
// 如果数据中没有找到相应url资源则为非法访问,要求用户登录再进行操作
|
||||
return SecurityConfig.createList(Constants.ROLE_LOGIN); |
||||
} |
||||
|
||||
@Override |
||||
public Collection<ConfigAttribute> getAllConfigAttributes() { |
||||
return null; |
||||
} |
||||
|
||||
@Override |
||||
public boolean supports(Class<?> aClass) { |
||||
return FilterInvocation.class.isAssignableFrom(aClass); |
||||
} |
||||
} |
||||
@ -0,0 +1,142 @@ |
||||
package com.daqing.financial.hrauth.model; |
||||
|
||||
import io.swagger.annotations.ApiModel; |
||||
import io.swagger.annotations.ApiModelProperty; |
||||
|
||||
/** |
||||
* <p> API返回参数 </p> |
||||
* |
||||
* @description : |
||||
* @author : zhengqing |
||||
* @date : 2019/7/20 11:09 |
||||
*/ |
||||
@ApiModel(value = "API返回参数") |
||||
public class ApiResult { |
||||
/** |
||||
* 消息内容 |
||||
*/ |
||||
@ApiModelProperty(value = "响应消息", required = false) |
||||
private String message; |
||||
|
||||
/** |
||||
* 成功或有效为1,失败或无效为0,token过期 |
||||
*/ |
||||
@ApiModelProperty(value = "响应码", required = true) |
||||
private Integer code; |
||||
|
||||
/** |
||||
* 响应中的数据 |
||||
*/ |
||||
@ApiModelProperty(value = "响应数据", required = false) |
||||
private Object data; |
||||
|
||||
public static ApiResult expired(String message) { |
||||
return new ApiResult(-1, message, null); |
||||
} |
||||
|
||||
public static ApiResult fail(String message) { |
||||
return new ApiResult(ResultCode.FAILURE.getCode(), message, null); |
||||
} |
||||
|
||||
/*** |
||||
* 自定义错误返回码 |
||||
* |
||||
* @param code |
||||
* @param message: |
||||
* @return: com.zhengqing.modules.common.dto.output.ApiResult |
||||
*/ |
||||
public static ApiResult fail(Integer code, String message) { |
||||
return new ApiResult(code, message, null); |
||||
} |
||||
|
||||
public static ApiResult ok(String message) { |
||||
return new ApiResult(ResultCode.SUCCESS.getCode(), message, null); |
||||
} |
||||
|
||||
public static ApiResult ok() { |
||||
return new ApiResult(ResultCode.SUCCESS.getCode(), "OK", null); |
||||
} |
||||
|
||||
public static ApiResult build(Integer code, String msg, Object data) { |
||||
return new ApiResult(ResultCode.SUCCESS.getCode(), msg, data); |
||||
} |
||||
|
||||
public static ApiResult ok(String message, Object data) { |
||||
return new ApiResult(ResultCode.SUCCESS.getCode(), message, data); |
||||
} |
||||
|
||||
/** |
||||
* 自定义返回码 |
||||
*/ |
||||
public static ApiResult ok(Integer code, String message) { |
||||
return new ApiResult(code, message); |
||||
} |
||||
|
||||
/** |
||||
* 自定义 |
||||
* |
||||
* @param code:验证码 |
||||
* @param message:返回消息内容 |
||||
* @param data:返回数据 |
||||
* @return: com.zhengqing.modules.common.dto.output.ApiResult |
||||
*/ |
||||
public static ApiResult ok(Integer code, String message, Object data) { |
||||
return new ApiResult(code, message, data); |
||||
} |
||||
|
||||
public ApiResult() { } |
||||
|
||||
public static ApiResult build(Integer code, String msg) { |
||||
return new ApiResult(code, msg, null); |
||||
} |
||||
|
||||
public ApiResult(Integer code, String msg, Object data) { |
||||
this.code = code; |
||||
this.message = msg; |
||||
this.data = data; |
||||
} |
||||
|
||||
public ApiResult(Object data) { |
||||
this.code = ResultCode.SUCCESS.getCode(); |
||||
this.message = "OK"; |
||||
this.data = data; |
||||
} |
||||
|
||||
public ApiResult(String message) { |
||||
this(ResultCode.SUCCESS.getCode(), message, null); |
||||
} |
||||
|
||||
public ApiResult(String message, Integer code) { |
||||
this.message = message; |
||||
this.code = code; |
||||
} |
||||
|
||||
public ApiResult(Integer code, String message) { |
||||
this.code = code; |
||||
this.message = message; |
||||
} |
||||
|
||||
public String getMessage() { |
||||
return message; |
||||
} |
||||
|
||||
public void setMessage(String message) { |
||||
this.message = message; |
||||
} |
||||
|
||||
public Integer getCode() { |
||||
return code; |
||||
} |
||||
|
||||
public void setCode(Integer code) { |
||||
this.code = code; |
||||
} |
||||
|
||||
public Object getData() { |
||||
return data; |
||||
} |
||||
|
||||
public void setData(Object data) { |
||||
this.data = data; |
||||
} |
||||
} |
||||
@ -0,0 +1,42 @@ |
||||
package com.daqing.financial.hrauth.model; |
||||
|
||||
|
||||
/** |
||||
* <p> 响应码枚举 - 可参考HTTP状态码的语义 </p> |
||||
* |
||||
* @description : |
||||
* @author : zhengqing |
||||
* @date : 2019/8/22 11:09 |
||||
*/ |
||||
public enum ResultCode { |
||||
SUCCESS( 10000, "SUCCESS" ),//成功
|
||||
FAILURE( 400, "FAILURE" ),//失败
|
||||
UNAUTHORIZED( 401, "未认证或Token失效" ),//未认证(签名错误、token错误)
|
||||
USER_UNAUTHORIZED( 402, "用户名或密码不正确" ),//未通过认证
|
||||
NOT_FOUND( 404, "接口不存在" ),//接口不存在
|
||||
INTERNAL_SERVER_ERROR( 500, "服务器内部错误" );//服务器内部错误
|
||||
|
||||
private int code; |
||||
private String desc; |
||||
|
||||
ResultCode(int code, String desc) { |
||||
this.code = code; |
||||
this.desc = desc; |
||||
} |
||||
|
||||
public int getCode() { |
||||
return code; |
||||
} |
||||
|
||||
public void setCode(int code) { |
||||
this.code = code; |
||||
} |
||||
|
||||
public String getDesc() { |
||||
return desc; |
||||
} |
||||
|
||||
public void setDesc(String desc) { |
||||
this.desc = desc; |
||||
} |
||||
} |
||||
@ -0,0 +1,103 @@ |
||||
package com.daqing.financial.hrauth.service.impl; |
||||
|
||||
import com.alibaba.fastjson.JSON; |
||||
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; |
||||
import com.daqing.financial.hrauth.dao.AuthEmployeeRoleDao; |
||||
import com.daqing.financial.hrauth.dao.AuthRoleDao; |
||||
import com.daqing.financial.hrauth.dao.UserLoginDao; |
||||
import com.daqing.financial.hrauth.handle.SecurityUser; |
||||
import com.daqing.framework.domain.hrms.EmployeeRoleEntity; |
||||
import com.daqing.framework.domain.hrms.RoleEntity; |
||||
import com.daqing.framework.domain.hrms.UserEntity; |
||||
import com.daqing.framework.util.RedisUtil; |
||||
import org.springframework.beans.factory.annotation.Autowired; |
||||
import org.springframework.security.core.userdetails.UserDetails; |
||||
import org.springframework.security.core.userdetails.UserDetailsService; |
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException; |
||||
import org.springframework.stereotype.Service; |
||||
import org.springframework.util.CollectionUtils; |
||||
import org.springframework.web.context.request.RequestContextHolder; |
||||
import org.springframework.web.context.request.ServletRequestAttributes; |
||||
|
||||
import javax.annotation.Resource; |
||||
import javax.servlet.http.HttpServletRequest; |
||||
import java.util.LinkedList; |
||||
import java.util.List; |
||||
|
||||
/** |
||||
* <p> 自定义userDetailsService - 认证用户详情 </p> |
||||
* |
||||
* @author : zhengqing |
||||
* @description : |
||||
* @date : 2019/10/14 17:46 |
||||
*/ |
||||
@Service("userDetailsService") |
||||
public class UserDetailsServiceImpl implements UserDetailsService { |
||||
|
||||
@Resource |
||||
private UserLoginDao userMapper; |
||||
@Resource |
||||
private AuthRoleDao roleMapper; |
||||
@Resource |
||||
private AuthEmployeeRoleDao userRoleMapper; |
||||
|
||||
/*** |
||||
* 根据账号获取用户信息 |
||||
* @param username: |
||||
* @return: org.springframework.security.core.userdetails.UserDetails |
||||
*/ |
||||
@Override |
||||
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { |
||||
// 从数据库中取出用户信息
|
||||
List<UserEntity> userList = userMapper.selectList(new QueryWrapper<UserEntity>().eq("phone_account", username)); |
||||
UserEntity user; |
||||
// 判断用户是否存在
|
||||
if (!CollectionUtils.isEmpty(userList)) { |
||||
user = userList.get(0); |
||||
} else { |
||||
throw new UsernameNotFoundException("用户名不存在或已禁用!"); |
||||
} |
||||
// 返回UserDetails实现类
|
||||
return new SecurityUser(user, getUserRoles(user.getId().intValue())); |
||||
} |
||||
|
||||
/*** |
||||
* 根据token获取用户权限与基本信息 |
||||
* |
||||
* @param token: |
||||
* @return: com.zhengqing.config.security.dto.SecurityUser |
||||
*/ |
||||
public SecurityUser getUserByToken(String token) { |
||||
UserEntity user = null; |
||||
|
||||
String userId = RedisUtil.get("dq:token:"+token); |
||||
String userEntityStr = RedisUtil.get("dq:userId:"+userId); |
||||
UserEntity systemUser = JSON.parseObject(userEntityStr,UserEntity.class); |
||||
if(systemUser != null){ |
||||
user = systemUser; |
||||
} |
||||
|
||||
/* List<UserEntity> loginList = userMapper.selectList(new QueryWrapper<UserEntity>().eq("token", token)); |
||||
if (!CollectionUtils.isEmpty(loginList)) { |
||||
user = loginList.get(0); |
||||
}*/ |
||||
return user != null ? new SecurityUser(user, getUserRoles(user.getId().intValue())) : null; |
||||
} |
||||
|
||||
/** |
||||
* 根据用户id获取角色权限信息 |
||||
* |
||||
* @param userId |
||||
* @return |
||||
*/ |
||||
private List<RoleEntity> getUserRoles(Integer userId) { |
||||
List<EmployeeRoleEntity> userRoles = userRoleMapper.selectList(new QueryWrapper<EmployeeRoleEntity>().eq("user_id", userId)); |
||||
List<RoleEntity> roleList = new LinkedList<>(); |
||||
for (EmployeeRoleEntity userRole : userRoles) { |
||||
RoleEntity role = roleMapper.selectById(userRole.getRoleId()); |
||||
roleList.add(role); |
||||
} |
||||
return roleList; |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,164 @@ |
||||
package com.daqing.financial.hrauth.util; |
||||
|
||||
import com.alibaba.fastjson.JSONObject; |
||||
import lombok.extern.slf4j.Slf4j; |
||||
|
||||
import javax.servlet.ReadListener; |
||||
import javax.servlet.ServletInputStream; |
||||
import javax.servlet.ServletRequest; |
||||
import javax.servlet.http.HttpServletRequest; |
||||
import javax.servlet.http.HttpServletRequestWrapper; |
||||
import java.io.*; |
||||
import java.nio.charset.Charset; |
||||
import java.util.Enumeration; |
||||
import java.util.HashMap; |
||||
import java.util.Map; |
||||
|
||||
/** |
||||
* <p> 多次读写BODY用HTTP REQUEST - 解决流只能读一次问题 </p> |
||||
* |
||||
* @author : zhengqing |
||||
* @description : |
||||
* @date : 2019/10/12 15:42 |
||||
*/ |
||||
@Slf4j |
||||
public class MultiReadHttpServletRequest extends HttpServletRequestWrapper { |
||||
|
||||
private final byte[] body; |
||||
|
||||
public MultiReadHttpServletRequest(HttpServletRequest request) throws IOException { |
||||
super(request); |
||||
body = getBodyString(request).getBytes(Charset.forName("UTF-8")); |
||||
} |
||||
|
||||
@Override |
||||
public BufferedReader getReader() throws IOException { |
||||
return new BufferedReader(new InputStreamReader(getInputStream())); |
||||
} |
||||
|
||||
@Override |
||||
public ServletInputStream getInputStream() throws IOException { |
||||
|
||||
final ByteArrayInputStream bais = new ByteArrayInputStream(body); |
||||
|
||||
return new ServletInputStream() { |
||||
|
||||
@Override |
||||
public int read() throws IOException { |
||||
return bais.read(); |
||||
} |
||||
|
||||
@Override |
||||
public boolean isFinished() { |
||||
return false; |
||||
} |
||||
|
||||
@Override |
||||
public boolean isReady() { |
||||
return false; |
||||
} |
||||
|
||||
@Override |
||||
public void setReadListener(ReadListener readListener) { |
||||
|
||||
} |
||||
}; |
||||
} |
||||
|
||||
/** |
||||
* 获取请求Body |
||||
* |
||||
* @param request |
||||
* @return |
||||
*/ |
||||
private String getBodyString(ServletRequest request) { |
||||
StringBuilder sb = new StringBuilder(); |
||||
InputStream inputStream = null; |
||||
BufferedReader reader = null; |
||||
try { |
||||
inputStream = request.getInputStream(); |
||||
reader = new BufferedReader(new InputStreamReader(inputStream, Charset.forName("UTF-8"))); |
||||
String line = ""; |
||||
while ((line = reader.readLine()) != null) { |
||||
sb.append(line); |
||||
} |
||||
} catch (IOException e) { |
||||
e.printStackTrace(); |
||||
} finally { |
||||
if (inputStream != null) { |
||||
try { |
||||
inputStream.close(); |
||||
} catch (IOException e) { |
||||
e.printStackTrace(); |
||||
} |
||||
} |
||||
if (reader != null) { |
||||
try { |
||||
reader.close(); |
||||
} catch (IOException e) { |
||||
e.printStackTrace(); |
||||
} |
||||
} |
||||
} |
||||
return sb.toString(); |
||||
} |
||||
|
||||
/** |
||||
* 将前端请求的表单数据转换成json字符串 - 前后端一体的情况下使用 |
||||
* @param request: |
||||
* @return: java.lang.String |
||||
*/ |
||||
public String getBodyJsonStrByForm(ServletRequest request){ |
||||
Map<String, Object> bodyMap = new HashMap<>(16); |
||||
try { |
||||
// 参数定义
|
||||
String paraName = null; |
||||
// 获取请求参数并转换
|
||||
Enumeration<String> e = request.getParameterNames(); |
||||
while (e.hasMoreElements()) { |
||||
paraName = e.nextElement(); |
||||
bodyMap.put(paraName, request.getParameter(paraName)); |
||||
} |
||||
} catch(Exception e) { |
||||
log.error("请求参数转换错误!",e); |
||||
} |
||||
// json对象转json字符串 转javabean
|
||||
// SecurityUser user = JSONObject.parseObject(JSONObject.toJSONString(bodyMap), SecurityUser.class);
|
||||
// json对象转json字符串
|
||||
return JSONObject.toJSONString(bodyMap); |
||||
} |
||||
|
||||
/** |
||||
* 将前端传递的json数据转换成json字符串 - 前后端分离的情况下使用 |
||||
* @param request: |
||||
* @return: java.lang.String |
||||
*/ |
||||
public String getBodyJsonStrByJson(ServletRequest request){ |
||||
// StringBuilder requestStrBuilder = new StringBuilder();
|
||||
// try {
|
||||
// BufferedReader streamReader = new MultiReadHttpServletRequest(request).getReader();
|
||||
// String inputStr;
|
||||
// while ((inputStr = streamReader.readLine()) != null) {
|
||||
// requestStrBuilder.append(inputStr);
|
||||
// }
|
||||
// // 将json字符串转化为jsonbean对象
|
||||
//// User user = JSON.parseObject(requestStrBuilder.toString(), User.class);
|
||||
// } catch (IOException e) {
|
||||
// e.printStackTrace();
|
||||
// }
|
||||
// return requestStrBuilder.toString();
|
||||
StringBuffer json = new StringBuffer(); |
||||
String line = null; |
||||
try { |
||||
BufferedReader reader = request.getReader(); |
||||
while((line = reader.readLine()) != null) { |
||||
json.append(line); |
||||
} |
||||
} |
||||
catch(Exception e) { |
||||
log.error("请求参数转换错误!",e); |
||||
} |
||||
return json.toString(); |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,81 @@ |
||||
package com.daqing.financial.hrauth.util; |
||||
|
||||
import lombok.AllArgsConstructor; |
||||
import lombok.Data; |
||||
|
||||
import javax.servlet.ServletOutputStream; |
||||
import javax.servlet.WriteListener; |
||||
import javax.servlet.http.HttpServletResponse; |
||||
import javax.servlet.http.HttpServletResponseWrapper; |
||||
import java.io.ByteArrayOutputStream; |
||||
import java.io.IOException; |
||||
import java.io.OutputStreamWriter; |
||||
import java.io.PrintWriter; |
||||
|
||||
/** |
||||
* <p> 多次读写BODY用HTTP RESPONSE - 解决流只能读一次问题 </p> |
||||
* |
||||
* @author : zhengqing |
||||
* @description : |
||||
* @date : 2019/10/12 15:42 |
||||
*/ |
||||
public class MultiReadHttpServletResponse extends HttpServletResponseWrapper { |
||||
|
||||
private ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(); |
||||
private HttpServletResponse response; |
||||
|
||||
public MultiReadHttpServletResponse(HttpServletResponse response) { |
||||
super(response); |
||||
response.setCharacterEncoding("UTF-8"); |
||||
response.setContentType("application/json"); |
||||
this.response = response; |
||||
} |
||||
|
||||
public byte[] getBody() { |
||||
return byteArrayOutputStream.toByteArray(); |
||||
} |
||||
|
||||
@Override |
||||
public ServletOutputStream getOutputStream() { |
||||
return new ServletOutputStreamWrapper(this.byteArrayOutputStream, this.response); |
||||
} |
||||
|
||||
@Override |
||||
public PrintWriter getWriter() throws IOException { |
||||
return new PrintWriter(new OutputStreamWriter(getOutputStream(), this.response.getCharacterEncoding())); |
||||
} |
||||
|
||||
|
||||
@Data |
||||
@AllArgsConstructor |
||||
private static class ServletOutputStreamWrapper extends ServletOutputStream { |
||||
|
||||
private ByteArrayOutputStream outputStream; |
||||
private HttpServletResponse response; |
||||
|
||||
@Override |
||||
public boolean isReady() { |
||||
return true; |
||||
} |
||||
|
||||
@Override |
||||
public void setWriteListener(WriteListener listener) { |
||||
|
||||
} |
||||
|
||||
@Override |
||||
public void write(int b) throws IOException { |
||||
this.outputStream.write(b); |
||||
} |
||||
|
||||
@Override |
||||
public void flush() throws IOException { |
||||
if (!this.response.isCommitted()) { |
||||
byte[] body = this.outputStream.toByteArray(); |
||||
ServletOutputStream outputStream = this.response.getOutputStream(); |
||||
outputStream.write(body); |
||||
outputStream.flush(); |
||||
} |
||||
} |
||||
} |
||||
} |
||||
@ -0,0 +1,64 @@ |
||||
package com.daqing.financial.hrauth.util; |
||||
|
||||
import com.daqing.financial.hrauth.enums.Constants; |
||||
import lombok.extern.slf4j.Slf4j; |
||||
import org.springframework.security.crypto.codec.Hex; |
||||
|
||||
import java.security.MessageDigest; |
||||
|
||||
/** |
||||
* <p> 加密工具 </p> |
||||
* |
||||
* @description: |
||||
* @author: zhengqing |
||||
* @date: 2019/10/13 0013 15:25 |
||||
*/ |
||||
@Slf4j |
||||
public class PasswordUtils { |
||||
|
||||
/** |
||||
* 校验密码是否一致 |
||||
* |
||||
* @param password: 前端传过来的密码 |
||||
* @param hashedPassword:数据库中储存加密过后的密码 |
||||
* @param salt:盐值 |
||||
* @return |
||||
*/ |
||||
public static boolean isValidPassword(String password, String hashedPassword, String salt) { |
||||
return hashedPassword.equalsIgnoreCase(encodePassword(password, salt)); |
||||
} |
||||
|
||||
/** |
||||
* 通过SHA1对密码进行编码 |
||||
* |
||||
* @param password:密码 |
||||
* @param salt:盐值 |
||||
* @return |
||||
*/ |
||||
public static String encodePassword(String password, String salt) { |
||||
String encodedPassword; |
||||
try { |
||||
MessageDigest digest = MessageDigest.getInstance("SHA-1"); |
||||
if (salt != null) { |
||||
digest.reset(); |
||||
digest.update(salt.getBytes()); |
||||
} |
||||
byte[] hashed = digest.digest(password.getBytes()); |
||||
int iterations = Constants.HASH_ITERATIONS - 1; |
||||
for (int i = 0; i < iterations; ++i) { |
||||
digest.reset(); |
||||
hashed = digest.digest(hashed); |
||||
} |
||||
encodedPassword = new String(Hex.encode(hashed)); |
||||
} catch (Exception e) { |
||||
log.error("验证密码异常:", e); |
||||
return null; |
||||
} |
||||
System.out.println("生成的密文:"+encodedPassword); |
||||
return encodedPassword; |
||||
} |
||||
|
||||
public static void main(String[] args) { |
||||
System.out.println(encodePassword("1111Aa","zhengqing")); |
||||
} |
||||
} |
||||
@ -0,0 +1,68 @@ |
||||
package com.daqing.financial.hrauth.util; |
||||
|
||||
import com.alibaba.fastjson.JSON; |
||||
import com.alibaba.fastjson.JSONObject; |
||||
import com.daqing.financial.hrauth.model.ApiResult; |
||||
import lombok.extern.slf4j.Slf4j; |
||||
|
||||
import javax.servlet.ServletResponse; |
||||
import javax.servlet.http.HttpServletResponse; |
||||
import java.io.IOException; |
||||
import java.io.PrintWriter; |
||||
|
||||
/** |
||||
* <p> 使用response输出JSON </p> |
||||
* |
||||
* @description : |
||||
* @author : zhengqing |
||||
* @date : 2019/10/11 17:27 |
||||
*/ |
||||
@Slf4j |
||||
public class ResponseUtils { |
||||
|
||||
/** |
||||
* 使用response输出JSON |
||||
* |
||||
* @param response |
||||
* @param result |
||||
*/ |
||||
public static void out(ServletResponse response, ApiResult result) { |
||||
PrintWriter out = null; |
||||
try { |
||||
response.setCharacterEncoding("UTF-8"); |
||||
response.setContentType("application/json"); |
||||
out = response.getWriter(); |
||||
out.println(JSON.toJSONString(result)); |
||||
} catch (Exception e) { |
||||
log.error(e + "输出JSON出错"); |
||||
} finally { |
||||
if (out != null) { |
||||
out.flush(); |
||||
out.close(); |
||||
} |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* 响应内容 |
||||
* @param httpServletResponse |
||||
* @param msg |
||||
* @param status |
||||
*/ |
||||
public static void getResponse(HttpServletResponse httpServletResponse, String msg, Integer status){ |
||||
PrintWriter writer = null; |
||||
httpServletResponse.setCharacterEncoding("UTF-8"); |
||||
httpServletResponse.setContentType("application/json; charset=utf-8"); |
||||
try { |
||||
writer = httpServletResponse.getWriter(); |
||||
writer.print(JSONObject.toJSONString(new ApiResult(status,msg,null))); |
||||
} catch (IOException e) { |
||||
log.error("响应报错", e.getMessage()); |
||||
} finally { |
||||
if (writer != null){ |
||||
writer.close(); |
||||
} |
||||
} |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,14 @@ |
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> |
||||
|
||||
<mapper namespace="com.daqing.financial.hrauth.dao.AuthEmployeeRoleDao"> |
||||
|
||||
<!-- 可根据自己的需求,是否要使用 --> |
||||
<resultMap type="com.daqing.framework.domain.hrms.EmployeeRoleEntity" id="employeeRoleMap"> |
||||
<result property="id" column="id"/> |
||||
<result property="userId" column="user_id"/> |
||||
<result property="roleId" column="role_id"/> |
||||
</resultMap> |
||||
|
||||
|
||||
</mapper> |
||||
@ -0,0 +1,27 @@ |
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> |
||||
|
||||
<mapper namespace="com.daqing.financial.hrauth.dao.AuthPermissionDao"> |
||||
|
||||
<!-- 可根据自己的需求,是否要使用 --> |
||||
<resultMap type="com.daqing.framework.domain.hrms.PermissionEntity" id="permissionMap"> |
||||
<result property="id" column="id"/> |
||||
<result property="code" column="code"/> |
||||
<result property="name" column="name"/> |
||||
<result property="url" column="url"/> |
||||
<result property="parentId" column="parent_id"/> |
||||
<result property="level" column="level"/> |
||||
<result property="menuOrNot" column="menu_or_not"/> |
||||
<result property="status" column="status"/> |
||||
<result property="sort" column="sort"/> |
||||
<result property="icon" column="icon"/> |
||||
<result property="createTime" column="create_time"/> |
||||
<result property="motifyTime" column="motify_time"/> |
||||
</resultMap> |
||||
|
||||
<select id="selectRolePermiByPermiId" parameterType="long" |
||||
resultType="com.daqing.framework.domain.hrms.RolePermissionEntity"> |
||||
select id, role_id, permission_id from hrms_role_permission |
||||
WHERE permission_id=#{permissionId} |
||||
</select> |
||||
</mapper> |
||||
@ -0,0 +1,16 @@ |
||||
<?xml version="1.0" encoding="UTF-8"?> |
||||
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> |
||||
|
||||
<mapper namespace="com.daqing.financial.hrauth.dao.AuthRoleDao"> |
||||
|
||||
<!-- 可根据自己的需求,是否要使用 --> |
||||
<resultMap type="com.daqing.framework.domain.hrms.RoleEntity" id="roleMap"> |
||||
<result property="id" column="id"/> |
||||
<result property="name" column="name"/> |
||||
<result property="description" column="description"/> |
||||
<result property="createTime" column="create_time"/> |
||||
<result property="motifyTime" column="motify_time"/> |
||||
</resultMap> |
||||
|
||||
|
||||
</mapper> |
||||
Loading…
Reference in new issue