cloud uaa 接入

7166c8b4 · ibiz4j · 02d9b4c7 · 7166c8b4 · 7166c8b4 · 7166c8b4
--- a/ibizlab-boot-starter-data/src/main/java/cn/ibizlab/util/service/IBZUSERServiceImpl.java
+++ b/ibizlab-boot-starter-data/src/main/java/cn/ibizlab/util/service/IBZUSERServiceImpl.java
@@ -47,8 +47,8 @@ public class IBZUSERServiceImpl extends ServiceImpl<IBZUSERMapper, IBZUSER> impl
 			conds.eq("domains",domains);
 		}
 		IBZUSER user = this.getOne(conds);
-		if (user == null) {
+		if(user == null) {
-			throw new UsernameNotFoundException("用户" + username + "未找到");
+			throw new BadRequestAlertException("登录失败","IBZUSER",username);
 		}
 		else {
 			user.setUsername(username);

--- a/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/cache/redis/CustomJacksonSerializer.java
+++ b/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/cache/redis/CustomJacksonSerializer.java
@@ -4,6 +4,7 @@ import cn.ibizlab.util.security.AuthenticationUser;
 import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer;
 import org.springframework.data.redis.serializer.SerializationException;
+import org.springframework.lang.Nullable;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -22,15 +23,20 @@ public class CustomJacksonSerializer<T> extends Jackson2JsonRedisSerializer<T>
    }
    @Override
-    public T deserialize(byte[] bytes) throws SerializationException {
+    public T deserialize(@Nullable byte[] bytes) throws SerializationException {
+        if ( bytes==null || bytes.length==0) {
+            return null;
+        }
        String serializerContent = new String(bytes, DEFAULT_CHARSET);
        Matcher matcher = Pattern.compile(DEFAULT_PACKAGE).matcher(serializerContent);
        if(matcher.find()){
            serializerContent=serializerContent.replaceAll(DEFAULT_PACKAGE,USER_PACKAGE);
+            super.deserialize(serializerContent.getBytes());
        }
        if(serializerContent.contains(CLASSNAME_EX)){
            serializerContent=serializerContent.replaceAll(CLASSNAME_EX_PATTEN,"");
+            super.deserialize(serializerContent.getBytes());
        }
-        return super.deserialize(serializerContent.getBytes());
+        return super.deserialize(bytes);
    }
 }
--- a/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/client/IBZUAAFallback.java
+++ b/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/client/IBZUAAFallback.java
@@ -5,6 +5,8 @@ import cn.ibizlab.util.security.AuthorizationLogin;
 import com.alibaba.fastjson.JSONObject;
 import org.springframework.stereotype.Component;
+import java.util.Map;
 @Component
 public class IBZUAAFallback implements IBZUAAFeignClient {
@@ -13,6 +15,11 @@ public class IBZUAAFallback implements IBZUAAFeignClient {
        return null;
    }
+    @Override
+    public Map getAppData() {
+        return null;
+    }
    @Override
    public AuthenticationUser login(AuthorizationLogin authorizationLogin) {
        return null;

--- a/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/client/IBZUAAFeignClient.java
+++ b/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/client/IBZUAAFeignClient.java
@@ -7,6 +7,8 @@ import org.springframework.cache.annotation.Cacheable;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.*;
+import java.util.Map;
 @FeignClient(value = "${ibiz.ref.service.uaa:ibzuaa-api}",contextId = "uaa",fallback = IBZUAAFallback.class)
 public interface IBZUAAFeignClient
 {
@@ -18,6 +20,11 @@ public interface IBZUAAFeignClient
 	@PostMapping("/syspssystems/save")
 	Boolean syncSysAuthority(@RequestBody JSONObject system);
+	@GetMapping(value = "/appdata")
+	Map getAppData();
 	/**
 	 * 用户登录
 	 * @param authorizationLogin 登录信息

--- a/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/errors/ForbiddenException.java
+++ b/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/errors/ForbiddenException.java
+package cn.ibizlab.util.errors;
+import org.zalando.problem.AbstractThrowableProblem;
+import org.zalando.problem.Status;
+public class ForbiddenException extends AbstractThrowableProblem {
+    public ForbiddenException(String message) {
+        super(ErrorConstants.DEFAULT_TYPE, message, Status.FORBIDDEN);
+    }
+}
--- a/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/errors/UnauthorizedException.java
+++ b/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/errors/UnauthorizedException.java
+package cn.ibizlab.util.errors;
+import org.zalando.problem.AbstractThrowableProblem;
+import org.zalando.problem.Status;
+public class UnauthorizedException extends AbstractThrowableProblem {
+    public UnauthorizedException(String message) {
+        super(ErrorConstants.DEFAULT_TYPE, message, Status.UNAUTHORIZED);
+    }
+}
--- a/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/rest/AppController.java
+++ b/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/rest/AppController.java
@@ -28,43 +28,8 @@ public class AppController {
 	@Autowired
 	private AuthenticationUserService userDetailsService;
-	@RequestMapping(method = RequestMethod.GET, value = "/appdata")
+	public ResponseEntity<Map> getAppData() {
-	public ResponseEntity<JSONObject> getAppData() {
+		return ResponseEntity.status(HttpStatus.OK).body(userDetailsService.getAppData());
-		JSONObject appData = new JSONObject() ;
-		Set<String> appMenu = new HashSet();
-		Set<String> uniRes = new HashSet();
-		AuthenticationUser curUser = AuthenticationUser.getAuthenticationUser();
-		if(enablePermissionValid&&(!ObjectUtils.isEmpty(systemId))){
-			Collection<GrantedAuthority> authorities=curUser.getAuthorities();
-				Iterator it = authorities.iterator();
-				while(it.hasNext()) {
-					GrantedAuthority authority = (GrantedAuthority)it.next();
-					String strAuthority=authority.getAuthority();
-					if(strAuthority.startsWith("UNIRES_"+systemId)) {
-						uniRes.add(strAuthority.substring(systemId.length()+8));
-                	}
-					else if(strAuthority.startsWith("APPMENU_"+systemId)){
-						appMenu.add(strAuthority.substring(systemId.length()+9));
-					}
-				}
-		}
-		Map<String,Object> context = new HashMap<>();
-		context.putAll(curUser.getSessionParams());
-		context.put("srfusername",curUser.getPersonname());
-		appData.put("context",context);
-		appData.put("unires",uniRes);
-    	appData.put("appmenu",appMenu);
-		appData.put("enablepermissionvalid",enablePermissionValid);
-		if(curUser.getSuperuser()==1){
-			appData.put("enablepermissionvalid",false);
-		}
-		else{
-			appData.put("enablepermissionvalid",enablePermissionValid);
-		}
-		fillAppData(appData);
-		return ResponseEntity.status(HttpStatus.OK).body(appData);
 	}
    @RequestMapping(method = RequestMethod.GET, value = "${ibiz.auth.logoutpath:v7/logout}")
@@ -74,12 +39,4 @@ public class AppController {
    	}
    }
-	/**
-	* 应用参数扩展
-	* @param appData
-	*/
-	protected void fillAppData(JSONObject appData){
-	}
 }
--- a/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/security/AuthenticationUser.java
+++ b/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/security/AuthenticationUser.java
 package cn.ibizlab.util.security;
 import com.alibaba.fastjson.JSONObject;
-import com.fasterxml.jackson.annotation.JsonIgnore;
+import com.alibaba.fastjson.annotation.JSONField;
-import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import com.fasterxml.jackson.annotation.*;
+import io.jsonwebtoken.impl.DefaultClock;
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -172,7 +173,7 @@ public class AuthenticationUser implements UserDetails
    /**
    * 是否为超级管理员
    */
-    private int superuser;
+    private int superuser=0;
    /**
    * 用户权限资源
    */
@@ -181,6 +182,7 @@ public class AuthenticationUser implements UserDetails
    * 用户上下文参数
    */
    @JsonIgnore
+	@JSONField(serialize = false)
    private Map<String,Object> userSessionParam;
    /**
    * 当前用户上下级组织信息
@@ -203,10 +205,22 @@ public class AuthenticationUser implements UserDetails
 	*/
 	private String sdept;
+	private Integer apiuser=0;
+	private String dcsystemid;
+	private String tenant;
+	private String token;
+	@JsonFormat(pattern="yyyy-MM-dd HH:mm:ss", locale = "zh" , timezone="GMT+8")
+	@JSONField(format="yyyy-MM-dd HH:mm:ss")
+	private Date expiration;
 	@JsonIgnore
 	@Override
 	public boolean isAccountNonExpired() {
-		return true;
+		return expiration==null?true:(!expiration.before(DefaultClock.INSTANCE.now()));
 	}
 	@JsonIgnore
@@ -232,6 +246,8 @@ public class AuthenticationUser implements UserDetails
 		return true;
 	}
 	public static AuthenticationUser getAuthenticationUser()
 	{
        if(SecurityContextHolder.getContext()==null||SecurityContextHolder.getContext().getAuthentication()==null||SecurityContextHolder.getContext().getAuthentication().getPrincipal()==null){
@@ -271,6 +287,8 @@ public class AuthenticationUser implements UserDetails
 		if(this.sessionParams==null)
 		{
 			sessionParams = getUserSessionParam();
+			sessionParams.put("srfdcid", this.getTenant());
+			sessionParams.put("srfdcsystemid", this.getDcsystemid());
 			sessionParams.put("srfsystemid",this.getSrfsystemid());
 			sessionParams.put("srfpersonid", this.getUserid());
 			sessionParams.put("srfpersonname", this.getPersonname());
@@ -353,4 +371,26 @@ public class AuthenticationUser implements UserDetails
 		}
 	}
+	@JsonAnyGetter
+	@JSONField(name = "_any", unwrapped = true, serialize = true, deserialize = false)
+	public Map<String , Object> any() {
+		return userSessionParam;
+	}
+	@JsonAnySetter
+	@JSONField(name = "_any", unwrapped = true, serialize = false, deserialize = true)
+	public void set(String field, Object value) {
+		this.userSessionParam.put(field,value);
+	}
+	public Object get(String field) {
+		return this.userSessionParam.get(field);
+	}
 }
--- a/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/security/SimpleTokenUtil.java
+++ b/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/security/SimpleTokenUtil.java
@@ -113,8 +113,11 @@ public class SimpleTokenUtil implements AuthTokenUtil,Serializable {
    public Boolean validateToken(String token, UserDetails userDetails) {
        AuthenticationUser user = (AuthenticationUser) userDetails;
+        user.setToken(token);
        final Date created = getIssuedAtDateFromToken(token);
-        return (!isTokenExpired(token) );
+        final Date expiration = getExpirationDateFromToken(token);
+        user.setExpiration(expiration);
+        return !expiration.before(clock.now());
    }
    private Date calculateExpirationDate(Date createdDate) {

--- a/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/security/UAAGrantedAuthority.java
+++ b/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/security/UAAGrantedAuthority.java
 package cn.ibizlab.util.security;
+import com.fasterxml.jackson.annotation.JsonSubTypes;
+import com.fasterxml.jackson.annotation.JsonTypeInfo;
 import lombok.Data;
 import org.springframework.security.core.GrantedAuthority;
 @Data
+@JsonTypeInfo(use = JsonTypeInfo.Id.NAME,
+        include = JsonTypeInfo.As.PROPERTY,
+        property = "type")
+@JsonSubTypes({
+        @JsonSubTypes.Type(value = UAADEAuthority.class, name= UAAGrantedAuthority.TYPE_OPPRIV),
+        @JsonSubTypes.Type(value = UAAMenuAuthority.class, name= UAAGrantedAuthority.TYPE_APPMENU),
+        @JsonSubTypes.Type(value = UAAUniResAuthority.class, name= UAAGrantedAuthority.TYPE_UNIRES),
+        @JsonSubTypes.Type(value = UAARoleAuthority.class, name= UAAGrantedAuthority.TYPE_ROLE)
+})
 public class UAAGrantedAuthority implements GrantedAuthority {
+    public final static String TYPE_OPPRIV = "OPPRIV";
+    public final static String TYPE_UNIRES = "UNIRES";
+    public final static String TYPE_APPMENU = "APPMENU";
+    public final static String TYPE_ROLE = "ROLE";
    private String name;
    private String type ;
    private String systemid;

--- a/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/security/UAATokenUtil.java
+++ b/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/security/UAATokenUtil.java
@@ -67,10 +67,6 @@ public class UAATokenUtil implements AuthTokenUtil, Serializable {
                .getBody();
    }
-    private Boolean isTokenExpired(String token) {
-        final Date expiration = getExpirationDateFromToken(token);
-        return expiration.before(clock.now());
-    }
    public String generateToken(UserDetails userDetails) {
        return null;
@@ -78,8 +74,12 @@ public class UAATokenUtil implements AuthTokenUtil, Serializable {
    public Boolean validateToken(String token, UserDetails userDetails) {
        AuthenticationUser user = (AuthenticationUser) userDetails;
+        user.setToken(token);
        final Date created = getIssuedAtDateFromToken(token);
-        return (!isTokenExpired(token) );
+        final Date expiration = getExpirationDateFromToken(token);
+        user.setExpiration(expiration);
+        return !expiration.before(clock.now());
    }

--- a/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/service/AuthenticationUserService.java
+++ b/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/service/AuthenticationUserService.java
@@ -2,9 +2,16 @@ package cn.ibizlab.util.service;
 import cn.ibizlab.util.security.AuthenticationUser;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.cache.annotation.CacheEvict;
 import org.springframework.cache.annotation.Cacheable;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.util.ObjectUtils;
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.*;
 public interface AuthenticationUserService extends UserDetailsService {
@@ -23,5 +30,57 @@ public interface AuthenticationUserService extends UserDetailsService {
    @CacheEvict( value="ibzuaa_users", key = "'getByUsername:'+#p0")
    default void resetByUsername(String username){}
+    @Value("${ibiz.enablePermissionValid:false}")
+    boolean enablePermissionValid = false;  //是否开启权限校验
+    @Value("${ibiz.systemid}")
+    String systemId = "";
+    default Map getAppData()
+    {
+        Map appData = new HashMap() ;
+        Set<String> appMenu = new HashSet();
+        Set<String> uniRes = new HashSet();
+        AuthenticationUser curUser = AuthenticationUser.getAuthenticationUser();
+        if(enablePermissionValid&&(!ObjectUtils.isEmpty(systemId))){
+            Collection<GrantedAuthority> authorities=curUser.getAuthorities();
+            Iterator it = authorities.iterator();
+            while(it.hasNext()) {
+                GrantedAuthority authority = (GrantedAuthority)it.next();
+                String strAuthority=authority.getAuthority();
+                if(strAuthority.startsWith("UNIRES_"+systemId)) {
+                    uniRes.add(strAuthority.substring(systemId.length()+8));
+                }
+                else if(strAuthority.startsWith("APPMENU_"+systemId)){
+                    appMenu.add(strAuthority.substring(systemId.length()+9));
+                }
+            }
+        }
+        if (!ObjectUtils.isEmpty(curUser.getExpiration())) {
+            // yyyy-MM-dd HH:mm:ss
+            DateFormat dtFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
+            appData.put("expireddate", dtFormat.format(curUser.getExpiration()));
+        }
+        Map<String,Object> context = new HashMap<>();
+        context.putAll(curUser.getSessionParams());
+        context.put("srfusername",curUser.getPersonname());
+        appData.put("context",context);
+        appData.put("unires",uniRes);
+        appData.put("appmenu",appMenu);
+        appData.put("enablepermissionvalid",enablePermissionValid);
+        if(curUser.getSuperuser()==1){
+            appData.put("enablepermissionvalid",false);
+        }
+        else{
+            appData.put("enablepermissionvalid",enablePermissionValid);
+        }
+        fillAppData(appData);
+        return appData;
+    }
+    default void fillAppData(Map appData) {}
 }
--- a/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/service/CloudUserService.java
+++ b/ibizlab-boot-starter/src/main/java/cn/ibizlab/util/service/CloudUserService.java