提交 6fa0008b 编写于 作者: sq3536's avatar sq3536

uaa接入cloud完成

上级 4546f370
......@@ -103,6 +103,11 @@
</exclusions>
</dependency>
<dependency>
<groupId>org.reflections</groupId>
<artifactId>reflections</artifactId>
</dependency>
</dependencies>
</project>
\ No newline at end of file
......@@ -14,7 +14,7 @@ import org.springframework.util.ObjectUtils;
import java.io.Serializable;
import java.util.*;
public class EntityBase implements Serializable {
public class EntityBase implements IEntity,Serializable {
@JsonIgnore
@JSONField(serialize = false)
......
package cn.ibizlab.util.domain;
public interface IEntity {
Object get(String field);
void set(String field, Object value);
}
......@@ -97,7 +97,7 @@ public class BeanCache {
}
public static <T> BeanSchema from(Class<T> clazz){
String className=clazz.getName();
String className=clazz.getSimpleName();
if(className.indexOf("_$")>0) {
className=className.substring(0, className.lastIndexOf("_$"));
}
......
......@@ -16,6 +16,8 @@ import org.springframework.cache.annotation.CacheEvict;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.context.annotation.Lazy;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Service;
import org.springframework.util.DigestUtils;
import org.springframework.util.ObjectUtils;
......@@ -28,6 +30,7 @@ import java.io.IOException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.*;
import java.util.stream.Collectors;
@Slf4j
@Service("CloudUserService")
......@@ -63,7 +66,7 @@ public class CloudUserService extends IBZUAAUserService {
private TypeReference<Collection<UAAGrantedAuthority>> UAAGrantedAuthorityListType = new TypeReference<Collection<UAAGrantedAuthority>>(){};
@Override
@Cacheable( value="ibzuaa_users", key = "#root.target.systemId+':'+#p0")
@Cacheable( value="ibzuaa_users", key = "#root.target.systemId+':getByUsername:'+#p0")
public AuthenticationUser loadUserByUsername(String username) {
Object obj = redisTemplate.opsForValue().get("ibiz-cloud-uaa-user-" + username);
if (obj == null) {
......@@ -93,7 +96,7 @@ public class CloudUserService extends IBZUAAUserService {
srforgid = null;
}
Collection<UAAGrantedAuthority> authorities = null;
Collection authorities = null;
if (StringUtils.hasLength(srfsystemid)
&& StringUtils.hasLength(srfdcid) && StringUtils.hasLength(srfdcsystemid) && StringUtils.hasLength(srfuserid)) {
......@@ -166,12 +169,9 @@ public class CloudUserService extends IBZUAAUserService {
authorities = this.getGrantedAuthorities(strDCSystemId, dcEmployee.getUsername(), authToken);
if(!ObjectUtils.isEmpty(authorities)) {
if(dcEmployee.getSuperuser() == 1){
UAARoleAuthority admin=new UAARoleAuthority();
admin.setRoleTag("SUPERADMIN");
authorities.add(admin);
authorities.add( "ROLE_SUPERADMIN");
}
dcEmployee.setAuthorities((Collection) authorities);
JSONObject permission =new JSONObject();
Map permission =new HashMap();
permission.put("authorities",authorities);
dcEmployee.setPermissionList(permission);
}
......@@ -188,13 +188,13 @@ public class CloudUserService extends IBZUAAUserService {
}
protected Collection<UAAGrantedAuthority> getGrantedAuthorities(String strDCSystemId, String strUAAUserName, String strToken){
protected Collection getGrantedAuthorities(String strDCSystemId, String strUAAUserName, String strToken){
String strCacheCat = String.format("ibiz-cloud-uaa-cat-%1$s--%2$s", strUAAUserName, DigestUtils.md5DigestAsHex(strToken.getBytes(StandardCharsets.UTF_8)));;
String strCacheTag = String.format("authorities-%1$s", strDCSystemId);
Object obj = this.redisTemplate.opsForHash().get(strCacheCat, strCacheTag);
if(!ObjectUtils.isEmpty(obj)) {
try {
Map<String,UAAGrantedAuthority> rt=new LinkedHashMap<>();
Map<String,Object> rt=new LinkedHashMap<>();
Collection<UAAGrantedAuthority> tmp = objectMapper.readValue(objectMapper.writeValueAsString(obj), this.UAAGrantedAuthorityListType);
if(!ObjectUtils.isEmpty(tmp))
{
......@@ -205,14 +205,30 @@ public class CloudUserService extends IBZUAAUserService {
deAuth.setEntityCode(BeanCache.get(deAuth.getEntity()).getCodeName());
if(ObjectUtils.isEmpty(deAuth.getEntityCode()))
return;
deAuth.getAuthorities().forEach(auth->{
if(auth.endsWith("-custom"))
{
UAACustomAuthority customAuthority=new UAACustomAuthority();
customAuthority.setSystemid(deAuth.getSystemid());
customAuthority.setEntity(deAuth.getEntity());
customAuthority.setEntityCode(deAuth.getEntityCode());
customAuthority.setBscope(deAuth.getBscope());
customAuthority.setAuthority(DigestUtils.md5DigestAsHex((auth+deAuth.getBscope()).getBytes()));
rt.put(customAuthority.getAuthority(),customAuthority);
}
else
{
rt.put(auth,auth);
}
});
}
else
{
rt.put(item.getAuthority(),item);
rt.put(item.getAuthority(),item.getAuthority());
}
});
return rt.values();
return rt.values().stream().collect(Collectors.toList());
}
} catch (IOException e) {
......@@ -246,7 +262,7 @@ public class CloudUserService extends IBZUAAUserService {
}
@Override
@CacheEvict( value="ibzuaa_users", key = "#root.target.systemId+':'+#p0")
@CacheEvict( value="ibzuaa_users", key = "'glob:*getByUsername:'+#p0")
public void resetByUsername(String username) {
}
}
......@@ -2,6 +2,7 @@ package cn.ibizlab.util.service;
import cn.ibizlab.util.domain.EntityBase;
import cn.ibizlab.util.domain.IBZConfig;
import cn.ibizlab.util.domain.IEntity;
import cn.ibizlab.util.errors.BadRequestAlertException;
import cn.ibizlab.util.helper.BeanCache;
import cn.ibizlab.util.helper.DataObject;
......@@ -12,6 +13,7 @@ import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.service.IService;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import lombok.extern.slf4j.Slf4j;
import org.reflections.Reflections;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cache.annotation.CacheEvict;
import org.springframework.cache.annotation.Cacheable;
......@@ -21,6 +23,7 @@ import org.springframework.util.StringUtils;
import javax.annotation.PostConstruct;
import java.util.ServiceLoader;
import java.util.Set;
@Slf4j
@Service
......@@ -28,10 +31,11 @@ public class IBZConfigService extends ServiceImpl<IBZConfigMapper, IBZConfig> im
@PostConstruct
public void init() {
ServiceLoader<EntityBase> loader = ServiceLoader.load(EntityBase.class);
for (EntityBase entityBase : loader){
BeanCache.register(entityBase.getClass());
}
Reflections reflections = new Reflections();
Set<Class<? extends EntityBase>> subClazzs = reflections.getSubTypesOf(EntityBase.class);
subClazzs.forEach(entity->{
BeanCache.register(entity);
});
}
@Value("${ibiz.systemid:ibznotify}")
......
......@@ -49,7 +49,7 @@ public class IBZUSERServiceImpl extends ServiceImpl<IBZUSERMapper, IBZUSER> impl
@Override
@Cacheable( value="ibzuaa_users", key = "#root.target.systemId+':'+#p0")
@Cacheable( value="ibzuaa_users", key = "#root.target.systemId+':getByUsername:'+#p0")
public AuthenticationUser loadUserByUsername(String username) {
if(StringUtils.isEmpty(username)) {
throw new UsernameNotFoundException("用户名为空");
......@@ -103,7 +103,7 @@ public class IBZUSERServiceImpl extends ServiceImpl<IBZUSERMapper, IBZUSER> impl
}
@CacheEvict( value="sys_users", key = "#root.target.systemId+':'+#p0")
@CacheEvict( value="ibzuaa_users", key = "'glob:*getByUsername:'+#p0")
public void resetByUsername(String username) {
}
......
......@@ -66,7 +66,9 @@
<flowable-modeler.version>6.4.2</flowable-modeler.version>
<!-- JBPM+Drools -->
<drools-version>7.23.0.Final</drools-version>
<drools.version>7.23.0.Final</drools.version>
<reflections.version>0.10.2</reflections.version>
<maven-jar-plugin.version>3.1.1</maven-jar-plugin.version>
......@@ -248,34 +250,34 @@
<dependency>
<groupId>org.jbpm</groupId>
<artifactId>jbpm-flow-builder</artifactId>
<version>${drools-version}</version>
<version>${drools.version}</version>
</dependency>
<dependency>
<groupId>org.jbpm</groupId>
<artifactId>jbpm-bpmn2</artifactId>
<version>${drools-version}</version>
<version>${drools.version}</version>
</dependency>
<!-- Drools -->
<dependency>
<groupId>org.drools</groupId>
<artifactId>drools-compiler</artifactId>
<version>${drools-version}</version>
<version>${drools.version}</version>
</dependency>
<dependency>
<groupId>org.drools</groupId>
<artifactId>drools-core</artifactId>
<version>${drools-version}</version>
<version>${drools.version}</version>
</dependency>
<dependency>
<groupId>org.kie</groupId>
<artifactId>kie-spring</artifactId>
<version>${drools-version}</version>
<version>${drools.version}</version>
</dependency>
<dependency>
<groupId>org.kie</groupId>
<artifactId>kie-api</artifactId>
<version>${drools-version}</version>
<version>${drools.version}</version>
</dependency>
<dependency>
......@@ -289,6 +291,13 @@
<version>${flowable-modeler.version}</version>
</dependency>
<dependency>
<groupId>org.reflections</groupId>
<artifactId>reflections</artifactId>
<version>${reflections.version}</version>
</dependency>
</dependencies>
</dependencyManagement>
......
package cn.ibizlab.util.security;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonInclude;
import lombok.Data;
import org.springframework.util.ObjectUtils;
import java.util.*;
@Data
@JsonInclude(JsonInclude.Include.NON_NULL)
@JsonIgnoreProperties(ignoreUnknown = true)
public class UAACustomAuthority extends UAAGrantedAuthority {
private String entity;
private String entityCode;
private String bscope;
private String authority;
public UAACustomAuthority(){
this.setType("CUSTOM");
}
@Override
public String getAuthority() {
return this.authority;
}
public void setAuthority(String authority) {
this.authority=authority;
}
}
package cn.ibizlab.util.security;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonInclude;
import lombok.Data;
import org.springframework.util.ObjectUtils;
import java.util.*;
@Data
@JsonInclude(JsonInclude.Include.NON_NULL)
@JsonIgnoreProperties(ignoreUnknown = true)
public class UAADEAuthority extends UAAGrantedAuthority {
......@@ -31,11 +35,11 @@ public class UAADEAuthority extends UAAGrantedAuthority {
@Override
public String getAuthority() {
return this.getName();
return this.authority;
}
public void setAuthority(String name) {
public void setAuthority(String authority) {
this.authority=authority;
}
public Set<String> getAuthorities()
......@@ -45,11 +49,59 @@ public class UAADEAuthority extends UAAGrantedAuthority {
return sets;
if(ObjectUtils.isEmpty(systemid))
return sets;
Set<String> scopes=new LinkedHashSet<>();
if(1==isAllData)
scopes.add("all");
else if(orgdr!=null&&(1&orgdr)>0)
scopes.add("curorg");
else if(orgdr!=null&&(2&orgdr)>0)
scopes.add("porg");
else if(orgdr!=null&&(4&orgdr)>0)
scopes.add("sorg");
else if(deptdr!=null&&(1&deptdr)>0)
scopes.add("curorgdept");
else if(deptdr!=null&&(2&deptdr)>0)
scopes.add("porgdept");
else if(deptdr!=null&&(4&deptdr)>0)
scopes.add("sorgdept");
else if(getName()!=null&&getName().startsWith("当前用户"))
scopes.add("createman");
else if(dataset||(!ObjectUtils.isEmpty(bscope)))
scopes.add("custom");
Set<String> privs=new LinkedHashSet<>();
deAction.forEach(item->{
String scope="";
// if(item.containsKey("READ"))
if(item.containsKey("READ"))
privs.add("Get");
else if(item.containsKey("CREATE")) {
privs.add("Create");
privs.add("Save");
}
else if(item.containsKey("Update")) {
privs.add("Create");
privs.add("Save");
}
else if(item.containsKey("DELETE"))
privs.add("Remove");
else
{
privs.addAll(item.keySet());
}
});
scopes.forEach(scope->{
privs.forEach(priv->{
sets.add(String.format("%s-%s-%s-%s",systemid,entityCode,priv,scope));
});
});
return sets;
}
}
......@@ -14,11 +14,13 @@ import org.springframework.security.core.GrantedAuthority;
@JsonSubTypes.Type(value = UAADEAuthority.class, name= UAAGrantedAuthority.TYPE_OPPRIV),
@JsonSubTypes.Type(value = UAAMenuAuthority.class, name= UAAGrantedAuthority.TYPE_APPMENU),
@JsonSubTypes.Type(value = UAAUniResAuthority.class, name= UAAGrantedAuthority.TYPE_UNIRES),
@JsonSubTypes.Type(value = UAARoleAuthority.class, name= UAAGrantedAuthority.TYPE_ROLE)
@JsonSubTypes.Type(value = UAARoleAuthority.class, name= UAAGrantedAuthority.TYPE_ROLE),
@JsonSubTypes.Type(value = UAACustomAuthority.class, name= UAAGrantedAuthority.TYPE_CUSTOM)
})
public class UAAGrantedAuthority implements GrantedAuthority {
public final static String TYPE_CUSTOM = "CUSTOM";
public final static String TYPE_OPPRIV = "OPPRIV";
......
package cn.ibizlab.util.security;
import com.alibaba.fastjson.annotation.JSONField;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonInclude;
import lombok.Data;
@Data
@JsonInclude(JsonInclude.Include.NON_NULL)
@JsonIgnoreProperties(ignoreUnknown = true)
public class UAAMenuAuthority extends UAAGrantedAuthority {
private String menuTag;
......@@ -13,7 +19,7 @@ public class UAAMenuAuthority extends UAAGrantedAuthority {
@Override
public String getAuthority() {
return "APPMENU_"+menuTag;
return menuTag==null||menuTag.startsWith("APPMENU_")?menuTag:("APPMENU_"+menuTag);
}
public void setAuthority(String menuTag) {
......
package cn.ibizlab.util.security;
import com.alibaba.fastjson.annotation.JSONField;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonInclude;
import lombok.Data;
@Data
@JsonInclude(JsonInclude.Include.NON_NULL)
@JsonIgnoreProperties(ignoreUnknown = true)
public class UAARoleAuthority extends UAAGrantedAuthority {
private String roleTag;
......@@ -13,7 +19,7 @@ public class UAARoleAuthority extends UAAGrantedAuthority {
@Override
public String getAuthority() {
return "ROLE_"+roleTag;
return roleTag==null||roleTag.startsWith("ROLE_")?roleTag:("ROLE_"+roleTag);
}
public void setAuthority(String roleTag) {
......
package cn.ibizlab.util.security;
import com.alibaba.fastjson.annotation.JSONField;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import com.fasterxml.jackson.annotation.JsonInclude;
import lombok.Data;
import java.io.Serializable;
@Data
@JsonInclude(JsonInclude.Include.NON_NULL)
@JsonIgnoreProperties(ignoreUnknown = true)
public class UAAUniResAuthority extends UAAGrantedAuthority {
private String unionResTag;
......@@ -13,7 +21,7 @@ public class UAAUniResAuthority extends UAAGrantedAuthority {
@Override
public String getAuthority() {
return "UNIRES_"+unionResTag;
return unionResTag==null||unionResTag.startsWith("UNIRES_")?unionResTag:("UNIRES_"+unionResTag);
}
public void setAuthority(String unionResTag) {
......
......@@ -41,7 +41,7 @@ public class IBZUAAUserService implements AuthenticationUserService{
}
@Override
@Cacheable( value="ibzuaa_users", key = "'getByUsername:'+#p0")
@Cacheable( value="ibzuaa_users", key = "#root.target.systemId+':getByUsername:'+#p0")
public AuthenticationUser loadUserByUsername(String username) {
AuthenticationUser user = uaaFeignClient.loginByUsername(username);
if(user == null) {
......@@ -72,7 +72,7 @@ public class IBZUAAUserService implements AuthenticationUserService{
}
@Override
@CacheEvict( value="ibzuaa_users", key = "'getByUsername:'+#p0")
@CacheEvict( value="ibzuaa_users", key = "'glob:*getByUsername:'+#p0")
public void resetByUsername(String username) {
}
}
......@@ -38,7 +38,7 @@ public class SimpleUserService implements AuthenticationUserService {
return systemId;
}
@Override
@Cacheable( value="ibzuaa_users", key = "#root.target.systemId+':'+#p0")
@Cacheable( value="ibzuaa_users", key = "#root.target.systemId+':getByUsername:'+#p0")
public AuthenticationUser loadUserByUsername(String username) {
AuthenticationUser user = new AuthenticationUser();
String[] data = username.split("[|]");
......@@ -82,7 +82,7 @@ public class SimpleUserService implements AuthenticationUserService {
@Override
@CacheEvict( value="simple_users", key = "#root.target.systemId+':'+#p0")
@CacheEvict( value="ibzuaa_users", key = "'glob:*getByUsername:'+#p0")
public void resetByUsername(String username) {
}
......
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册