Skip to content
项目
群组
代码片段
帮助
正在加载...
帮助
提交反馈
为 GitLab 提交贡献
登录
切换导航
I
ibizlab-boot-starters
项目
项目
详情
动态
版本
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
计划
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
统计图
创建新议题
作业
提交
议题看板
打开侧边栏
ibiz4jteam
ibizlab-boot-starters
提交
7166c8b4
提交
7166c8b4
编写于
9月 11, 2022
作者:
ibiz4j
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
cloud uaa 接入
上级
02d9b4c7
变更
13
隐藏空白字符变更
内嵌
并排
正在显示
13 个修改的文件
包含
389 行增加
和
60 行删除
+389
-60
IBZUSERServiceImpl.java
...main/java/cn/ibizlab/util/service/IBZUSERServiceImpl.java
+2
-2
CustomJacksonSerializer.java
.../cn/ibizlab/util/cache/redis/CustomJacksonSerializer.java
+8
-2
IBZUAAFallback.java
.../src/main/java/cn/ibizlab/util/client/IBZUAAFallback.java
+7
-0
IBZUAAFeignClient.java
...c/main/java/cn/ibizlab/util/client/IBZUAAFeignClient.java
+7
-0
ForbiddenException.java
.../main/java/cn/ibizlab/util/errors/ForbiddenException.java
+11
-0
UnauthorizedException.java
...in/java/cn/ibizlab/util/errors/UnauthorizedException.java
+11
-0
AppController.java
...ter/src/main/java/cn/ibizlab/util/rest/AppController.java
+2
-45
AuthenticationUser.java
...ain/java/cn/ibizlab/util/security/AuthenticationUser.java
+45
-5
SimpleTokenUtil.java
...c/main/java/cn/ibizlab/util/security/SimpleTokenUtil.java
+4
-1
UAAGrantedAuthority.java
...in/java/cn/ibizlab/util/security/UAAGrantedAuthority.java
+21
-0
UAATokenUtil.java
.../src/main/java/cn/ibizlab/util/security/UAATokenUtil.java
+5
-5
AuthenticationUserService.java
...va/cn/ibizlab/util/service/AuthenticationUserService.java
+59
-0
CloudUserService.java
...c/main/java/cn/ibizlab/util/service/CloudUserService.java
+207
-0
未找到文件。
ibizlab-boot-starter-data/src/main/java/cn/ibizlab/util/service/IBZUSERServiceImpl.java
浏览文件 @
7166c8b4
...
@@ -47,8 +47,8 @@ public class IBZUSERServiceImpl extends ServiceImpl<IBZUSERMapper, IBZUSER> impl
...
@@ -47,8 +47,8 @@ public class IBZUSERServiceImpl extends ServiceImpl<IBZUSERMapper, IBZUSER> impl
conds
.
eq
(
"domains"
,
domains
);
conds
.
eq
(
"domains"
,
domains
);
}
}
IBZUSER
user
=
this
.
getOne
(
conds
);
IBZUSER
user
=
this
.
getOne
(
conds
);
if
(
user
==
null
)
{
if
(
user
==
null
)
{
throw
new
UsernameNotFoundException
(
"用户"
+
username
+
"未找到"
);
throw
new
BadRequestAlertException
(
"登录失败"
,
"IBZUSER"
,
username
);
}
}
else
{
else
{
user
.
setUsername
(
username
);
user
.
setUsername
(
username
);
...
...
ibizlab-boot-starter/src/main/java/cn/ibizlab/util/cache/redis/CustomJacksonSerializer.java
浏览文件 @
7166c8b4
...
@@ -4,6 +4,7 @@ import cn.ibizlab.util.security.AuthenticationUser;
...
@@ -4,6 +4,7 @@ import cn.ibizlab.util.security.AuthenticationUser;
import
org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer
;
import
org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer
;
import
org.springframework.data.redis.serializer.SerializationException
;
import
org.springframework.data.redis.serializer.SerializationException
;
import
org.springframework.lang.Nullable
;
import
java.util.regex.Matcher
;
import
java.util.regex.Matcher
;
import
java.util.regex.Pattern
;
import
java.util.regex.Pattern
;
...
@@ -22,15 +23,20 @@ public class CustomJacksonSerializer<T> extends Jackson2JsonRedisSerializer<T>
...
@@ -22,15 +23,20 @@ public class CustomJacksonSerializer<T> extends Jackson2JsonRedisSerializer<T>
}
}
@Override
@Override
public
T
deserialize
(
byte
[]
bytes
)
throws
SerializationException
{
public
T
deserialize
(
@Nullable
byte
[]
bytes
)
throws
SerializationException
{
if
(
bytes
==
null
||
bytes
.
length
==
0
)
{
return
null
;
}
String
serializerContent
=
new
String
(
bytes
,
DEFAULT_CHARSET
);
String
serializerContent
=
new
String
(
bytes
,
DEFAULT_CHARSET
);
Matcher
matcher
=
Pattern
.
compile
(
DEFAULT_PACKAGE
).
matcher
(
serializerContent
);
Matcher
matcher
=
Pattern
.
compile
(
DEFAULT_PACKAGE
).
matcher
(
serializerContent
);
if
(
matcher
.
find
()){
if
(
matcher
.
find
()){
serializerContent
=
serializerContent
.
replaceAll
(
DEFAULT_PACKAGE
,
USER_PACKAGE
);
serializerContent
=
serializerContent
.
replaceAll
(
DEFAULT_PACKAGE
,
USER_PACKAGE
);
super
.
deserialize
(
serializerContent
.
getBytes
());
}
}
if
(
serializerContent
.
contains
(
CLASSNAME_EX
)){
if
(
serializerContent
.
contains
(
CLASSNAME_EX
)){
serializerContent
=
serializerContent
.
replaceAll
(
CLASSNAME_EX_PATTEN
,
""
);
serializerContent
=
serializerContent
.
replaceAll
(
CLASSNAME_EX_PATTEN
,
""
);
super
.
deserialize
(
serializerContent
.
getBytes
());
}
}
return
super
.
deserialize
(
serializerContent
.
getBytes
()
);
return
super
.
deserialize
(
bytes
);
}
}
}
}
ibizlab-boot-starter/src/main/java/cn/ibizlab/util/client/IBZUAAFallback.java
浏览文件 @
7166c8b4
...
@@ -5,6 +5,8 @@ import cn.ibizlab.util.security.AuthorizationLogin;
...
@@ -5,6 +5,8 @@ import cn.ibizlab.util.security.AuthorizationLogin;
import
com.alibaba.fastjson.JSONObject
;
import
com.alibaba.fastjson.JSONObject
;
import
org.springframework.stereotype.Component
;
import
org.springframework.stereotype.Component
;
import
java.util.Map
;
@Component
@Component
public
class
IBZUAAFallback
implements
IBZUAAFeignClient
{
public
class
IBZUAAFallback
implements
IBZUAAFeignClient
{
...
@@ -13,6 +15,11 @@ public class IBZUAAFallback implements IBZUAAFeignClient {
...
@@ -13,6 +15,11 @@ public class IBZUAAFallback implements IBZUAAFeignClient {
return
null
;
return
null
;
}
}
@Override
public
Map
getAppData
()
{
return
null
;
}
@Override
@Override
public
AuthenticationUser
login
(
AuthorizationLogin
authorizationLogin
)
{
public
AuthenticationUser
login
(
AuthorizationLogin
authorizationLogin
)
{
return
null
;
return
null
;
...
...
ibizlab-boot-starter/src/main/java/cn/ibizlab/util/client/IBZUAAFeignClient.java
浏览文件 @
7166c8b4
...
@@ -7,6 +7,8 @@ import org.springframework.cache.annotation.Cacheable;
...
@@ -7,6 +7,8 @@ import org.springframework.cache.annotation.Cacheable;
import
org.springframework.cloud.openfeign.FeignClient
;
import
org.springframework.cloud.openfeign.FeignClient
;
import
org.springframework.web.bind.annotation.*
;
import
org.springframework.web.bind.annotation.*
;
import
java.util.Map
;
@FeignClient
(
value
=
"${ibiz.ref.service.uaa:ibzuaa-api}"
,
contextId
=
"uaa"
,
fallback
=
IBZUAAFallback
.
class
)
@FeignClient
(
value
=
"${ibiz.ref.service.uaa:ibzuaa-api}"
,
contextId
=
"uaa"
,
fallback
=
IBZUAAFallback
.
class
)
public
interface
IBZUAAFeignClient
public
interface
IBZUAAFeignClient
{
{
...
@@ -18,6 +20,11 @@ public interface IBZUAAFeignClient
...
@@ -18,6 +20,11 @@ public interface IBZUAAFeignClient
@PostMapping
(
"/syspssystems/save"
)
@PostMapping
(
"/syspssystems/save"
)
Boolean
syncSysAuthority
(
@RequestBody
JSONObject
system
);
Boolean
syncSysAuthority
(
@RequestBody
JSONObject
system
);
@GetMapping
(
value
=
"/appdata"
)
Map
getAppData
();
/**
/**
* 用户登录
* 用户登录
* @param authorizationLogin 登录信息
* @param authorizationLogin 登录信息
...
...
ibizlab-boot-starter/src/main/java/cn/ibizlab/util/errors/ForbiddenException.java
0 → 100644
浏览文件 @
7166c8b4
package
cn
.
ibizlab
.
util
.
errors
;
import
org.zalando.problem.AbstractThrowableProblem
;
import
org.zalando.problem.Status
;
public
class
ForbiddenException
extends
AbstractThrowableProblem
{
public
ForbiddenException
(
String
message
)
{
super
(
ErrorConstants
.
DEFAULT_TYPE
,
message
,
Status
.
FORBIDDEN
);
}
}
ibizlab-boot-starter/src/main/java/cn/ibizlab/util/errors/UnauthorizedException.java
0 → 100644
浏览文件 @
7166c8b4
package
cn
.
ibizlab
.
util
.
errors
;
import
org.zalando.problem.AbstractThrowableProblem
;
import
org.zalando.problem.Status
;
public
class
UnauthorizedException
extends
AbstractThrowableProblem
{
public
UnauthorizedException
(
String
message
)
{
super
(
ErrorConstants
.
DEFAULT_TYPE
,
message
,
Status
.
UNAUTHORIZED
);
}
}
ibizlab-boot-starter/src/main/java/cn/ibizlab/util/rest/AppController.java
浏览文件 @
7166c8b4
...
@@ -28,43 +28,8 @@ public class AppController {
...
@@ -28,43 +28,8 @@ public class AppController {
@Autowired
@Autowired
private
AuthenticationUserService
userDetailsService
;
private
AuthenticationUserService
userDetailsService
;
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"/appdata"
)
public
ResponseEntity
<
Map
>
getAppData
()
{
public
ResponseEntity
<
JSONObject
>
getAppData
()
{
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
userDetailsService
.
getAppData
());
JSONObject
appData
=
new
JSONObject
()
;
Set
<
String
>
appMenu
=
new
HashSet
();
Set
<
String
>
uniRes
=
new
HashSet
();
AuthenticationUser
curUser
=
AuthenticationUser
.
getAuthenticationUser
();
if
(
enablePermissionValid
&&(!
ObjectUtils
.
isEmpty
(
systemId
))){
Collection
<
GrantedAuthority
>
authorities
=
curUser
.
getAuthorities
();
Iterator
it
=
authorities
.
iterator
();
while
(
it
.
hasNext
())
{
GrantedAuthority
authority
=
(
GrantedAuthority
)
it
.
next
();
String
strAuthority
=
authority
.
getAuthority
();
if
(
strAuthority
.
startsWith
(
"UNIRES_"
+
systemId
))
{
uniRes
.
add
(
strAuthority
.
substring
(
systemId
.
length
()+
8
));
}
else
if
(
strAuthority
.
startsWith
(
"APPMENU_"
+
systemId
)){
appMenu
.
add
(
strAuthority
.
substring
(
systemId
.
length
()+
9
));
}
}
}
Map
<
String
,
Object
>
context
=
new
HashMap
<>();
context
.
putAll
(
curUser
.
getSessionParams
());
context
.
put
(
"srfusername"
,
curUser
.
getPersonname
());
appData
.
put
(
"context"
,
context
);
appData
.
put
(
"unires"
,
uniRes
);
appData
.
put
(
"appmenu"
,
appMenu
);
appData
.
put
(
"enablepermissionvalid"
,
enablePermissionValid
);
if
(
curUser
.
getSuperuser
()==
1
){
appData
.
put
(
"enablepermissionvalid"
,
false
);
}
else
{
appData
.
put
(
"enablepermissionvalid"
,
enablePermissionValid
);
}
fillAppData
(
appData
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
appData
);
}
}
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"${ibiz.auth.logoutpath:v7/logout}"
)
@RequestMapping
(
method
=
RequestMethod
.
GET
,
value
=
"${ibiz.auth.logoutpath:v7/logout}"
)
...
@@ -74,12 +39,4 @@ public class AppController {
...
@@ -74,12 +39,4 @@ public class AppController {
}
}
}
}
/**
* 应用参数扩展
* @param appData
*/
protected
void
fillAppData
(
JSONObject
appData
){
}
}
}
ibizlab-boot-starter/src/main/java/cn/ibizlab/util/security/AuthenticationUser.java
浏览文件 @
7166c8b4
package
cn
.
ibizlab
.
util
.
security
;
package
cn
.
ibizlab
.
util
.
security
;
import
com.alibaba.fastjson.JSONObject
;
import
com.alibaba.fastjson.JSONObject
;
import
com.fasterxml.jackson.annotation.JsonIgnore
;
import
com.alibaba.fastjson.annotation.JSONField
;
import
com.fasterxml.jackson.annotation.JsonIgnoreProperties
;
import
com.fasterxml.jackson.annotation.*
;
import
io.jsonwebtoken.impl.DefaultClock
;
import
lombok.AllArgsConstructor
;
import
lombok.AllArgsConstructor
;
import
lombok.Data
;
import
lombok.Data
;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken
;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken
;
...
@@ -172,7 +173,7 @@ public class AuthenticationUser implements UserDetails
...
@@ -172,7 +173,7 @@ public class AuthenticationUser implements UserDetails
/**
/**
* 是否为超级管理员
* 是否为超级管理员
*/
*/
private
int
superuser
;
private
int
superuser
=
0
;
/**
/**
* 用户权限资源
* 用户权限资源
*/
*/
...
@@ -181,6 +182,7 @@ public class AuthenticationUser implements UserDetails
...
@@ -181,6 +182,7 @@ public class AuthenticationUser implements UserDetails
* 用户上下文参数
* 用户上下文参数
*/
*/
@JsonIgnore
@JsonIgnore
@JSONField
(
serialize
=
false
)
private
Map
<
String
,
Object
>
userSessionParam
;
private
Map
<
String
,
Object
>
userSessionParam
;
/**
/**
* 当前用户上下级组织信息
* 当前用户上下级组织信息
...
@@ -203,10 +205,22 @@ public class AuthenticationUser implements UserDetails
...
@@ -203,10 +205,22 @@ public class AuthenticationUser implements UserDetails
*/
*/
private
String
sdept
;
private
String
sdept
;
private
Integer
apiuser
=
0
;
private
String
dcsystemid
;
private
String
tenant
;
private
String
token
;
@JsonFormat
(
pattern
=
"yyyy-MM-dd HH:mm:ss"
,
locale
=
"zh"
,
timezone
=
"GMT+8"
)
@JSONField
(
format
=
"yyyy-MM-dd HH:mm:ss"
)
private
Date
expiration
;
@JsonIgnore
@JsonIgnore
@Override
@Override
public
boolean
isAccountNonExpired
()
{
public
boolean
isAccountNonExpired
()
{
return
true
;
return
expiration
==
null
?
true
:(!
expiration
.
before
(
DefaultClock
.
INSTANCE
.
now
()))
;
}
}
@JsonIgnore
@JsonIgnore
...
@@ -232,6 +246,8 @@ public class AuthenticationUser implements UserDetails
...
@@ -232,6 +246,8 @@ public class AuthenticationUser implements UserDetails
return
true
;
return
true
;
}
}
public
static
AuthenticationUser
getAuthenticationUser
()
public
static
AuthenticationUser
getAuthenticationUser
()
{
{
if
(
SecurityContextHolder
.
getContext
()==
null
||
SecurityContextHolder
.
getContext
().
getAuthentication
()==
null
||
SecurityContextHolder
.
getContext
().
getAuthentication
().
getPrincipal
()==
null
){
if
(
SecurityContextHolder
.
getContext
()==
null
||
SecurityContextHolder
.
getContext
().
getAuthentication
()==
null
||
SecurityContextHolder
.
getContext
().
getAuthentication
().
getPrincipal
()==
null
){
...
@@ -271,6 +287,8 @@ public class AuthenticationUser implements UserDetails
...
@@ -271,6 +287,8 @@ public class AuthenticationUser implements UserDetails
if
(
this
.
sessionParams
==
null
)
if
(
this
.
sessionParams
==
null
)
{
{
sessionParams
=
getUserSessionParam
();
sessionParams
=
getUserSessionParam
();
sessionParams
.
put
(
"srfdcid"
,
this
.
getTenant
());
sessionParams
.
put
(
"srfdcsystemid"
,
this
.
getDcsystemid
());
sessionParams
.
put
(
"srfsystemid"
,
this
.
getSrfsystemid
());
sessionParams
.
put
(
"srfsystemid"
,
this
.
getSrfsystemid
());
sessionParams
.
put
(
"srfpersonid"
,
this
.
getUserid
());
sessionParams
.
put
(
"srfpersonid"
,
this
.
getUserid
());
sessionParams
.
put
(
"srfpersonname"
,
this
.
getPersonname
());
sessionParams
.
put
(
"srfpersonname"
,
this
.
getPersonname
());
...
@@ -352,5 +370,27 @@ public class AuthenticationUser implements UserDetails
...
@@ -352,5 +370,27 @@ public class AuthenticationUser implements UserDetails
}
}
}
}
}
}
@JsonAnyGetter
@JSONField
(
name
=
"_any"
,
unwrapped
=
true
,
serialize
=
true
,
deserialize
=
false
)
public
Map
<
String
,
Object
>
any
()
{
return
userSessionParam
;
}
@JsonAnySetter
@JSONField
(
name
=
"_any"
,
unwrapped
=
true
,
serialize
=
false
,
deserialize
=
true
)
public
void
set
(
String
field
,
Object
value
)
{
this
.
userSessionParam
.
put
(
field
,
value
);
}
public
Object
get
(
String
field
)
{
return
this
.
userSessionParam
.
get
(
field
);
}
}
}
ibizlab-boot-starter/src/main/java/cn/ibizlab/util/security/SimpleTokenUtil.java
浏览文件 @
7166c8b4
...
@@ -113,8 +113,11 @@ public class SimpleTokenUtil implements AuthTokenUtil,Serializable {
...
@@ -113,8 +113,11 @@ public class SimpleTokenUtil implements AuthTokenUtil,Serializable {
public
Boolean
validateToken
(
String
token
,
UserDetails
userDetails
)
{
public
Boolean
validateToken
(
String
token
,
UserDetails
userDetails
)
{
AuthenticationUser
user
=
(
AuthenticationUser
)
userDetails
;
AuthenticationUser
user
=
(
AuthenticationUser
)
userDetails
;
user
.
setToken
(
token
);
final
Date
created
=
getIssuedAtDateFromToken
(
token
);
final
Date
created
=
getIssuedAtDateFromToken
(
token
);
return
(!
isTokenExpired
(
token
)
);
final
Date
expiration
=
getExpirationDateFromToken
(
token
);
user
.
setExpiration
(
expiration
);
return
!
expiration
.
before
(
clock
.
now
());
}
}
private
Date
calculateExpirationDate
(
Date
createdDate
)
{
private
Date
calculateExpirationDate
(
Date
createdDate
)
{
...
...
ibizlab-boot-starter/src/main/java/cn/ibizlab/util/security/UAAGrantedAuthority.java
浏览文件 @
7166c8b4
package
cn
.
ibizlab
.
util
.
security
;
package
cn
.
ibizlab
.
util
.
security
;
import
com.fasterxml.jackson.annotation.JsonSubTypes
;
import
com.fasterxml.jackson.annotation.JsonTypeInfo
;
import
lombok.Data
;
import
lombok.Data
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.core.GrantedAuthority
;
@Data
@Data
@JsonTypeInfo
(
use
=
JsonTypeInfo
.
Id
.
NAME
,
include
=
JsonTypeInfo
.
As
.
PROPERTY
,
property
=
"type"
)
@JsonSubTypes
({
@JsonSubTypes
.
Type
(
value
=
UAADEAuthority
.
class
,
name
=
UAAGrantedAuthority
.
TYPE_OPPRIV
),
@JsonSubTypes
.
Type
(
value
=
UAAMenuAuthority
.
class
,
name
=
UAAGrantedAuthority
.
TYPE_APPMENU
),
@JsonSubTypes
.
Type
(
value
=
UAAUniResAuthority
.
class
,
name
=
UAAGrantedAuthority
.
TYPE_UNIRES
),
@JsonSubTypes
.
Type
(
value
=
UAARoleAuthority
.
class
,
name
=
UAAGrantedAuthority
.
TYPE_ROLE
)
})
public
class
UAAGrantedAuthority
implements
GrantedAuthority
{
public
class
UAAGrantedAuthority
implements
GrantedAuthority
{
public
final
static
String
TYPE_OPPRIV
=
"OPPRIV"
;
public
final
static
String
TYPE_UNIRES
=
"UNIRES"
;
public
final
static
String
TYPE_APPMENU
=
"APPMENU"
;
public
final
static
String
TYPE_ROLE
=
"ROLE"
;
private
String
name
;
private
String
name
;
private
String
type
;
private
String
type
;
private
String
systemid
;
private
String
systemid
;
...
...
ibizlab-boot-starter/src/main/java/cn/ibizlab/util/security/UAATokenUtil.java
浏览文件 @
7166c8b4
...
@@ -67,10 +67,6 @@ public class UAATokenUtil implements AuthTokenUtil, Serializable {
...
@@ -67,10 +67,6 @@ public class UAATokenUtil implements AuthTokenUtil, Serializable {
.
getBody
();
.
getBody
();
}
}
private
Boolean
isTokenExpired
(
String
token
)
{
final
Date
expiration
=
getExpirationDateFromToken
(
token
);
return
expiration
.
before
(
clock
.
now
());
}
public
String
generateToken
(
UserDetails
userDetails
)
{
public
String
generateToken
(
UserDetails
userDetails
)
{
return
null
;
return
null
;
...
@@ -78,8 +74,12 @@ public class UAATokenUtil implements AuthTokenUtil, Serializable {
...
@@ -78,8 +74,12 @@ public class UAATokenUtil implements AuthTokenUtil, Serializable {
public
Boolean
validateToken
(
String
token
,
UserDetails
userDetails
)
{
public
Boolean
validateToken
(
String
token
,
UserDetails
userDetails
)
{
AuthenticationUser
user
=
(
AuthenticationUser
)
userDetails
;
AuthenticationUser
user
=
(
AuthenticationUser
)
userDetails
;
user
.
setToken
(
token
);
final
Date
created
=
getIssuedAtDateFromToken
(
token
);
final
Date
created
=
getIssuedAtDateFromToken
(
token
);
return
(!
isTokenExpired
(
token
)
);
final
Date
expiration
=
getExpirationDateFromToken
(
token
);
user
.
setExpiration
(
expiration
);
return
!
expiration
.
before
(
clock
.
now
());
}
}
...
...
ibizlab-boot-starter/src/main/java/cn/ibizlab/util/service/AuthenticationUserService.java
浏览文件 @
7166c8b4
...
@@ -2,9 +2,16 @@ package cn.ibizlab.util.service;
...
@@ -2,9 +2,16 @@ package cn.ibizlab.util.service;
import
cn.ibizlab.util.security.AuthenticationUser
;
import
cn.ibizlab.util.security.AuthenticationUser
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.cache.annotation.CacheEvict
;
import
org.springframework.cache.annotation.CacheEvict
;
import
org.springframework.cache.annotation.Cacheable
;
import
org.springframework.cache.annotation.Cacheable
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.core.userdetails.UserDetailsService
;
import
org.springframework.security.core.userdetails.UserDetailsService
;
import
org.springframework.util.ObjectUtils
;
import
java.text.DateFormat
;
import
java.text.SimpleDateFormat
;
import
java.util.*
;
public
interface
AuthenticationUserService
extends
UserDetailsService
{
public
interface
AuthenticationUserService
extends
UserDetailsService
{
...
@@ -23,5 +30,57 @@ public interface AuthenticationUserService extends UserDetailsService {
...
@@ -23,5 +30,57 @@ public interface AuthenticationUserService extends UserDetailsService {
@CacheEvict
(
value
=
"ibzuaa_users"
,
key
=
"'getByUsername:'+#p0"
)
@CacheEvict
(
value
=
"ibzuaa_users"
,
key
=
"'getByUsername:'+#p0"
)
default
void
resetByUsername
(
String
username
){}
default
void
resetByUsername
(
String
username
){}
@Value
(
"${ibiz.enablePermissionValid:false}"
)
boolean
enablePermissionValid
=
false
;
//是否开启权限校验
@Value
(
"${ibiz.systemid}"
)
String
systemId
=
""
;
default
Map
getAppData
()
{
Map
appData
=
new
HashMap
()
;
Set
<
String
>
appMenu
=
new
HashSet
();
Set
<
String
>
uniRes
=
new
HashSet
();
AuthenticationUser
curUser
=
AuthenticationUser
.
getAuthenticationUser
();
if
(
enablePermissionValid
&&(!
ObjectUtils
.
isEmpty
(
systemId
))){
Collection
<
GrantedAuthority
>
authorities
=
curUser
.
getAuthorities
();
Iterator
it
=
authorities
.
iterator
();
while
(
it
.
hasNext
())
{
GrantedAuthority
authority
=
(
GrantedAuthority
)
it
.
next
();
String
strAuthority
=
authority
.
getAuthority
();
if
(
strAuthority
.
startsWith
(
"UNIRES_"
+
systemId
))
{
uniRes
.
add
(
strAuthority
.
substring
(
systemId
.
length
()+
8
));
}
else
if
(
strAuthority
.
startsWith
(
"APPMENU_"
+
systemId
)){
appMenu
.
add
(
strAuthority
.
substring
(
systemId
.
length
()+
9
));
}
}
}
if
(!
ObjectUtils
.
isEmpty
(
curUser
.
getExpiration
()))
{
// yyyy-MM-dd HH:mm:ss
DateFormat
dtFormat
=
new
SimpleDateFormat
(
"yyyy-MM-dd HH:mm:ss"
);
appData
.
put
(
"expireddate"
,
dtFormat
.
format
(
curUser
.
getExpiration
()));
}
Map
<
String
,
Object
>
context
=
new
HashMap
<>();
context
.
putAll
(
curUser
.
getSessionParams
());
context
.
put
(
"srfusername"
,
curUser
.
getPersonname
());
appData
.
put
(
"context"
,
context
);
appData
.
put
(
"unires"
,
uniRes
);
appData
.
put
(
"appmenu"
,
appMenu
);
appData
.
put
(
"enablepermissionvalid"
,
enablePermissionValid
);
if
(
curUser
.
getSuperuser
()==
1
){
appData
.
put
(
"enablepermissionvalid"
,
false
);
}
else
{
appData
.
put
(
"enablepermissionvalid"
,
enablePermissionValid
);
}
fillAppData
(
appData
);
return
appData
;
}
default
void
fillAppData
(
Map
appData
)
{}
}
}
ibizlab-boot-starter/src/main/java/cn/ibizlab/util/service/CloudUserService.java
0 → 100644
浏览文件 @
7166c8b4
package
cn
.
ibizlab
.
util
.
service
;
import
cn.ibizlab.util.cache.redis.CustomJacksonSerializer
;
import
cn.ibizlab.util.client.IBZUAAFeignClient
;
import
cn.ibizlab.util.errors.BadRequestAlertException
;
import
cn.ibizlab.util.errors.UnauthorizedException
;
import
cn.ibizlab.util.security.*
;
import
com.alibaba.fastjson.JSONObject
;
import
com.alibaba.fastjson.util.TypeUtils
;
import
com.fasterxml.jackson.core.type.TypeReference
;
import
com.fasterxml.jackson.databind.ObjectMapper
;
import
lombok.extern.slf4j.Slf4j
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.boot.autoconfigure.condition.ConditionalOnExpression
;
import
org.springframework.context.annotation.Lazy
;
import
org.springframework.data.redis.core.RedisTemplate
;
import
org.springframework.http.HttpStatus
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.stereotype.Service
;
import
org.springframework.util.DigestUtils
;
import
org.springframework.util.ObjectUtils
;
import
org.springframework.util.StringUtils
;
import
org.springframework.web.context.request.RequestContextHolder
;
import
org.springframework.web.context.request.ServletRequestAttributes
;
import
javax.servlet.http.HttpServletRequest
;
import
java.io.IOException
;
import
java.net.URLDecoder
;
import
java.nio.charset.StandardCharsets
;
import
java.text.DateFormat
;
import
java.text.SimpleDateFormat
;
import
java.util.*
;
@Slf4j
@Service
(
"CloudUserService"
)
@ConditionalOnExpression
(
"${ibiz.enablePermissionValid:false}||'${ibiz.auth.service:IBZUAAUserService}'.equals('CloudUserService')"
)
public
class
CloudUserService
extends
IBZUAAUserService
{
@Autowired
@Lazy
private
RedisTemplate
redisTemplate
;
@Value
(
"${ibiz.jwt.header:Authorization}"
)
private
String
tokenHeader
;
private
ObjectMapper
objectMapper
=
new
ObjectMapper
();
private
TypeReference
<
Collection
<
UAAGrantedAuthority
>>
UAAGrantedAuthorityListType
=
new
TypeReference
<
Collection
<
UAAGrantedAuthority
>>(){};
@Override
public
AuthenticationUser
loadUserByUsername
(
String
username
)
{
Object
obj
=
redisTemplate
.
opsForValue
().
get
(
"ibiz-cloud-uaa-user-"
+
username
);
if
(
obj
==
null
)
{
throw
new
BadRequestAlertException
(
"登录失败"
,
"CloudUser"
,
username
);
}
try
{
AuthenticationUser
dcEmployee
=
objectMapper
.
readValue
(
objectMapper
.
writeValueAsBytes
(
obj
),
AuthenticationUser
.
class
);
ServletRequestAttributes
requestAttributes
=
(
ServletRequestAttributes
)
RequestContextHolder
.
getRequestAttributes
();
if
(
requestAttributes
!=
null
)
{
HttpServletRequest
request
=
requestAttributes
.
getRequest
();
final
String
requestHeader
=
request
.
getHeader
(
this
.
tokenHeader
);
if
(
requestHeader
!=
null
&&
requestHeader
.
startsWith
(
"Bearer "
))
{
String
authToken
=
requestHeader
.
substring
(
7
);
// 重新计算用户标识
String
srforgid
=
request
.
getHeader
(
"srforgid"
);
String
srfsystemid
=
request
.
getHeader
(
"srfsystemid"
);
String
srfdcsystemid
=
request
.
getHeader
(
"srfdcsystemid"
);
String
srfuserid
=
request
.
getHeader
(
"srfuserid"
);
String
srfdcid
=
request
.
getHeader
(
"srfdcid"
);
if
(
"undefined"
.
equals
(
srfsystemid
))
{
srfsystemid
=
null
;
}
if
(
"undefined"
.
equals
(
srforgid
))
{
srforgid
=
null
;
}
Collection
<?
extends
GrantedAuthority
>
authorities
=
null
;
if
(
StringUtils
.
hasLength
(
srfsystemid
)
&&
StringUtils
.
hasLength
(
srfdcid
)
&&
StringUtils
.
hasLength
(
srfdcsystemid
)
&&
StringUtils
.
hasLength
(
srfuserid
))
{
//可以没有组织
//&& StringUtils.hasLength(srforgid)
if
((
dcEmployee
.
getApiuser
()
==
1
)
||
(
dcEmployee
.
getSuperuser
()
==
1
))
{
String
srfusername
=
request
.
getHeader
(
"srfusername"
);
//接口用户用传入身份构造EMP
dcEmployee
.
setSrfdcid
(
srfdcid
);
dcEmployee
.
setUserid
(
srfuserid
);
dcEmployee
.
setDcsystemid
(
srfdcsystemid
);
if
(
StringUtils
.
hasLength
(
srfusername
))
{
try
{
dcEmployee
.
setPersonname
(
URLDecoder
.
decode
(
srfusername
,
"UTF-8"
));
}
catch
(
Exception
ex
)
{
log
.
error
(
ex
.
getMessage
());
dcEmployee
.
setPersonname
(
srfusername
);
}
}
dcEmployee
.
setOrgid
(
srforgid
);
String
strValue
=
request
.
getHeader
(
"srforgcode"
);
if
(
StringUtils
.
hasLength
(
strValue
))
{
dcEmployee
.
setOrgcode
(
strValue
);
}
strValue
=
request
.
getHeader
(
"srfdeptid"
);
if
(
StringUtils
.
hasLength
(
strValue
))
{
dcEmployee
.
setMdeptid
(
strValue
);
}
strValue
=
request
.
getHeader
(
"srfdeptcode"
);
if
(
StringUtils
.
hasLength
(
strValue
))
{
dcEmployee
.
setMdeptcode
(
strValue
);
}
strValue
=
request
.
getHeader
(
"srfporgids"
);
if
(
StringUtils
.
hasLength
(
strValue
))
{
dcEmployee
.
setPorg
(
strValue
);
}
strValue
=
request
.
getHeader
(
"srfsorgids"
);
if
(
StringUtils
.
hasLength
(
strValue
))
{
dcEmployee
.
setSorg
(
strValue
);
}
strValue
=
request
.
getHeader
(
"srfpdeptids"
);
if
(
StringUtils
.
hasLength
(
strValue
))
{
dcEmployee
.
setPdept
(
strValue
);
}
strValue
=
request
.
getHeader
(
"srfsdeptids"
);
if
(
StringUtils
.
hasLength
(
strValue
))
{
dcEmployee
.
setSdept
(
strValue
);
}
}
else
{
log
.
error
(
String
.
format
(
"用户[%1$s][%2$s]使用API模式访问系统"
,
dcEmployee
.
getUserid
(),
dcEmployee
.
getUsername
()));
throw
new
UnauthorizedException
(
String
.
format
(
"用户[%1$s][%2$s]使用API模式访问系统"
,
dcEmployee
.
getUserid
(),
dcEmployee
.
getUsername
()));
}
}
else
if
(
StringUtils
.
hasLength
(
srfsystemid
)
&&
StringUtils
.
hasLength
(
srforgid
))
{
AuthenticationUser
employee
=
this
.
getEmployee
(
srfsystemid
,
srforgid
,
dcEmployee
.
getUsername
(),
authToken
);
if
(
employee
!=
null
)
{
if
(
dcEmployee
.
getSuperuser
()
==
1
)
employee
.
setSuperuser
(
1
);
dcEmployee
=
employee
;
}
String
strDCSystemId
=
null
;
if
(
dcEmployee
!=
null
)
{
strDCSystemId
=
dcEmployee
.
getDcsystemid
();
}
if
(
StringUtils
.
hasLength
(
strDCSystemId
))
{
authorities
=
this
.
getGrantedAuthorities
(
strDCSystemId
,
dcEmployee
.
getUsername
(),
authToken
);
if
(!
ObjectUtils
.
isEmpty
(
authorities
))
{
dcEmployee
.
setAuthorities
((
Collection
)
authorities
);
JSONObject
permission
=
new
JSONObject
();
permission
.
put
(
"authorities"
,
authorities
);
dcEmployee
.
setPermissionList
(
permission
);
}
}
}
}
}
return
dcEmployee
;
}
catch
(
IOException
e
)
{
throw
new
BadRequestAlertException
(
"登录失败"
,
"CloudUser"
,
username
);
}
}
protected
Collection
<
UAAGrantedAuthority
>
getGrantedAuthorities
(
String
strDCSystemId
,
String
strUAAUserName
,
String
strToken
){
String
strCacheCat
=
String
.
format
(
"ibiz-cloud-uaa-cat-%2$s--%3$s"
,
strUAAUserName
,
DigestUtils
.
md5DigestAsHex
(
strToken
.
getBytes
(
StandardCharsets
.
UTF_8
)));;
String
strCacheTag
=
String
.
format
(
"authorities-%1$s"
,
strDCSystemId
);
Object
obj
=
this
.
redisTemplate
.
opsForHash
().
get
(
strCacheCat
,
strCacheTag
);
if
(!
ObjectUtils
.
isEmpty
(
obj
))
{
try
{
return
objectMapper
.
readValue
(
objectMapper
.
writeValueAsString
(
obj
),
this
.
UAAGrantedAuthorityListType
);
}
catch
(
IOException
e
)
{
}
}
return
null
;
}
protected
AuthenticationUser
getEmployee
(
String
strSystemId
,
String
strOrgId
,
String
strUAAUserName
,
String
strToken
)
{
String
strCacheCat
=
String
.
format
(
"ibiz-cloud-uaa-cat-%2$s--%3$s"
,
strUAAUserName
,
DigestUtils
.
md5DigestAsHex
(
strToken
.
getBytes
(
StandardCharsets
.
UTF_8
)));;
String
strCacheTag
=
String
.
format
(
"sysemp-%1$s--%2$s"
,
strSystemId
,
strOrgId
);
Object
obj
=
this
.
redisTemplate
.
opsForHash
().
get
(
strCacheCat
,
strCacheTag
);
if
(!
ObjectUtils
.
isEmpty
(
obj
))
{
try
{
return
objectMapper
.
readValue
(
objectMapper
.
writeValueAsString
(
obj
),
AuthenticationUser
.
class
);
}
catch
(
IOException
e
)
{
}
}
return
null
;
}
@Autowired
private
IBZUAAFeignClient
uaaFeignClient
;
@Override
public
Map
getAppData
()
{
Map
appData
=
uaaFeignClient
.
getAppData
();
return
ObjectUtils
.
isEmpty
(
appData
)?
super
.
getAppData
():
appData
;
}
}
编辑
预览
Markdown
格式
0%
请重试
or
添加新附件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
先完成此消息的编辑!
取消
想要评论请
注册
或
登录