Skip to content
项目
群组
代码片段
帮助
正在加载...
帮助
提交反馈
为 GitLab 提交贡献
登录
切换导航
I
ibzuaa
项目
项目
详情
动态
版本
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
计划
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
统计图
创建新议题
作业
提交
议题看板
打开侧边栏
ibiz4jteam
ibzuaa
提交
5fcdee14
提交
5fcdee14
编写于
5月 25, 2020
作者:
zhouweidong
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
移除资源表查询接口,权限数按照Authority返回
上级
07859c6b
变更
4
隐藏空白字符变更
内嵌
并排
正在显示
4 个修改的文件
包含
20 行增加
和
207 行删除
+20
-207
DevBootSecurityConfig.java
...rc/main/java/cn/ibizlab/config/DevBootSecurityConfig.java
+2
-0
apiSecurityConfig.java
...rc/main/java/cn/ibizlab/api/config/apiSecurityConfig.java
+2
-0
SysPSSystemResource.java
...rc/main/java/cn/ibizlab/api/rest/SysPSSystemResource.java
+1
-1
ClientAuthenticationResource.java
...lab/api/rest/extensions/ClientAuthenticationResource.java
+15
-206
未找到文件。
ibzuaa-boot/src/main/java/cn/ibizlab/config/DevBootSecurityConfig.java
浏览文件 @
5fcdee14
...
@@ -102,6 +102,8 @@ public class DevBootSecurityConfig extends WebSecurityConfigurerAdapter {
...
@@ -102,6 +102,8 @@ public class DevBootSecurityConfig extends WebSecurityConfigurerAdapter {
.
antMatchers
(
HttpMethod
.
POST
,
"/"
+
uaaLoginPath
).
permitAll
()
.
antMatchers
(
HttpMethod
.
POST
,
"/"
+
uaaLoginPath
).
permitAll
()
.
antMatchers
(
HttpMethod
.
POST
,
"/"
+
uaaLoginPath2
).
permitAll
()
.
antMatchers
(
HttpMethod
.
POST
,
"/"
+
uaaLoginPath2
).
permitAll
()
.
antMatchers
(
"/syspssystems/**/permissiondata"
).
permitAll
()
.
antMatchers
(
"/syspssystems/**/permissiondata"
).
permitAll
()
//同步系统权限资源
.
antMatchers
(
"/syspssystems/save"
).
permitAll
()
.
antMatchers
(
"/uaa/login"
).
permitAll
()
.
antMatchers
(
"/uaa/login"
).
permitAll
()
.
anyRequest
().
authenticated
()
.
anyRequest
().
authenticated
()
// 防止iframe 造成跨域
// 防止iframe 造成跨域
...
...
ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/config/apiSecurityConfig.java
浏览文件 @
5fcdee14
...
@@ -117,6 +117,8 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
...
@@ -117,6 +117,8 @@ public class apiSecurityConfig extends WebSecurityConfigurerAdapter {
.
antMatchers
(
"/"
+
uploadpath
).
permitAll
()
.
antMatchers
(
"/"
+
uploadpath
).
permitAll
()
.
antMatchers
(
"/"
+
previewpath
+
"/**"
).
permitAll
()
.
antMatchers
(
"/"
+
previewpath
+
"/**"
).
permitAll
()
.
antMatchers
(
"/syspssystems/**/permissiondata"
).
permitAll
()
.
antMatchers
(
"/syspssystems/**/permissiondata"
).
permitAll
()
//同步系统权限资源
.
antMatchers
(
"/syspssystems/save"
).
permitAll
()
.
antMatchers
(
"/uaa/login"
).
permitAll
()
.
antMatchers
(
"/uaa/login"
).
permitAll
()
// 所有请求都需要认证
// 所有请求都需要认证
.
anyRequest
().
authenticated
()
.
anyRequest
().
authenticated
()
...
...
ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/SysPSSystemResource.java
浏览文件 @
5fcdee14
...
@@ -105,7 +105,7 @@ public class SysPSSystemResource {
...
@@ -105,7 +105,7 @@ public class SysPSSystemResource {
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
return
ResponseEntity
.
status
(
HttpStatus
.
OK
).
body
(
true
);
}
}
@PreAuthorize
(
"hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysPSSystem-Save-all')"
)
//
@PreAuthorize("hasAnyAuthority('ROLE_SUPERADMIN','ibzuaa-SysPSSystem-Save-all')")
@ApiOperation
(
value
=
"Save"
,
tags
=
{
"SysPSSystem"
},
notes
=
"Save"
)
@ApiOperation
(
value
=
"Save"
,
tags
=
{
"SysPSSystem"
},
notes
=
"Save"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/syspssystems/save"
)
@RequestMapping
(
method
=
RequestMethod
.
POST
,
value
=
"/syspssystems/save"
)
public
ResponseEntity
<
Boolean
>
save
(
@RequestBody
SysPSSystemDTO
syspssystemdto
)
{
public
ResponseEntity
<
Boolean
>
save
(
@RequestBody
SysPSSystemDTO
syspssystemdto
)
{
...
...
ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/extensions/ClientAuthenticationResource.java
浏览文件 @
5fcdee14
package
cn
.
ibizlab
.
api
.
rest
.
extensions
;
package
cn
.
ibizlab
.
api
.
rest
.
extensions
;
import
cn.ibizlab.core.uaa.
service.ISysPermission
Service
;
import
cn.ibizlab.core.uaa.
extensions.service.UAACore
Service
;
import
cn.ibizlab.util.client.IBZOUFeignClient
;
import
cn.ibizlab.util.client.IBZOUFeignClient
;
import
cn.ibizlab.util.security.AuthTokenUtil
;
import
cn.ibizlab.util.security.AuthTokenUtil
;
import
cn.ibizlab.util.security.AuthenticationInfo
;
import
cn.ibizlab.util.security.AuthenticationInfo
;
import
cn.ibizlab.util.security.AuthenticationUser
;
import
cn.ibizlab.util.security.AuthenticationUser
;
import
cn.ibizlab.util.security.AuthorizationLogin
;
import
cn.ibizlab.util.security.AuthorizationLogin
;
import
cn.ibizlab.util.service.AuthenticationUserService
;
import
cn.ibizlab.util.service.AuthenticationUserService
;
import
com.alibaba.fastjson.JSONArray
;
import
com.alibaba.fastjson.JSONObject
;
import
com.alibaba.fastjson.JSONObject
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Qualifier
;
import
org.springframework.beans.factory.annotation.Qualifier
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.http.ResponseEntity
;
import
org.springframework.http.ResponseEntity
;
import
org.springframework.util.StringUtils
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.core.authority.AuthorityUtils
;
import
org.springframework.validation.annotation.Validated
;
import
org.springframework.validation.annotation.Validated
;
import
org.springframework.web.bind.annotation.*
;
import
org.springframework.web.bind.annotation.*
;
import
java.util.HashMap
;
import
java.util.*
;
import
java.util.List
;
import
java.util.Map
;
import
java.util.Set
;
/**
/**
* 客户端登录认证
* 客户端登录认证
...
@@ -36,19 +33,6 @@ public class ClientAuthenticationResource
...
@@ -36,19 +33,6 @@ public class ClientAuthenticationResource
@Autowired
@Autowired
private
AuthTokenUtil
jwtTokenUtil
;
private
AuthTokenUtil
jwtTokenUtil
;
/**
* 实体操作标识
*/
private
String
OPPriTag
=
"OPPRIV"
;
/**
* 统一资源标识
*/
private
String
UniResTag
=
"UNIRES"
;
/**
* 菜单项标识
*/
private
String
AppMenuTag
=
"APPMENU"
;
@Autowired
@Autowired
@Qualifier
(
"IBZUSERService"
)
@Qualifier
(
"IBZUSERService"
)
private
AuthenticationUserService
userDetailsService
;
private
AuthenticationUserService
userDetailsService
;
...
@@ -56,9 +40,6 @@ public class ClientAuthenticationResource
...
@@ -56,9 +40,6 @@ public class ClientAuthenticationResource
@Autowired
@Autowired
private
IBZOUFeignClient
ouFeignClient
;
private
IBZOUFeignClient
ouFeignClient
;
@Autowired
private
ISysPermissionService
permissionService
;
@PostMapping
(
value
=
"v7/login"
)
@PostMapping
(
value
=
"v7/login"
)
public
ResponseEntity
<
AuthenticationInfo
>
login
(
@Validated
@RequestBody
AuthorizationLogin
authorizationLogin
){
public
ResponseEntity
<
AuthenticationInfo
>
login
(
@Validated
@RequestBody
AuthorizationLogin
authorizationLogin
){
userDetailsService
.
resetByUsername
(
authorizationLogin
.
getUsername
());
userDetailsService
.
resetByUsername
(
authorizationLogin
.
getUsername
());
...
@@ -98,197 +79,25 @@ public class ClientAuthenticationResource
...
@@ -98,197 +79,25 @@ public class ClientAuthenticationResource
return
ResponseEntity
.
ok
().
body
(
user
);
return
ResponseEntity
.
ok
().
body
(
user
);
}
}
@Autowired
UAACoreService
uaaCoreService
;
/**
/**
* 设置用户权限
* 设置用户权限
* 由于GrantedAuthority缺少无参构造,导致无法序列化,暂时通过PermissionList中转
* @param user
* @param user
* @return
* @return
*/
*/
public
void
setUserPermission
(
AuthenticationUser
user
)
{
public
void
setUserPermission
(
AuthenticationUser
user
)
{
Collection
<
GrantedAuthority
>
userAuthorities
=
uaaCoreService
.
getAuthoritiesByUserId
(
user
.
getUserid
());
JSONObject
permissionObj
=
new
JSONObject
();
Set
<
String
>
authorities
=
AuthorityUtils
.
authorityListToSet
(
userAuthorities
);
//数据能力
String
opprivSQL
=
"SELECT\n"
+
"\tT2.pssysmoduleid as sysmodule,\n"
+
"\tT2.psdataentityid as dataentity,\n"
+
"\tT2.pssourceid as pssourceid,\n"
+
"\tT2.pssourcetype as pssourcetype,\n"
+
"\tT2.psdedatarangeid as dedatarange,\n"
+
"\tT1.sys_permissionid as permissionid,\n"
+
"\tT1.sys_permissionname\n"
+
"FROM\n"
+
"\tibzrole_permission T\n"
+
"INNER JOIN ibzpermission T1 ON T.SYS_PERMISSIONID = T1.SYS_PERMISSIONID\n"
+
"INNER JOIN ibzpsdeoppriv T2 on T1.SYS_PERMISSIONID=t2.SYS_PSDEOPPRIVID\n"
+
"WHERE\n"
+
"\tT.SYS_ROLEID IN (\n"
+
"\t SELECT SYS_ROLEID\n"
+
"\t FROM\n"
+
"\t IBZUSER_ROLE t LEFT JOIN IBZUSER t1 ON t.SYS_USERID=T1.USERID\n"
+
"\t WHERE\n"
+
"\t T1.USERID = #{et.param0}\n"
+
"\t)\n"
+
"AND T1.PERMISSIONTYPE = #{et.param1} and t1.enable=1 "
;
//统一资源
String
uniResSQL
=
"SELECT\n"
+
"\tt2.SYS_PSSYSUNIRESID,\n"
+
"\tt2.SYS_PSSYSUNIRESNAME,\n"
+
"\tT2.UNIRESCODE \n"
+
"FROM\n"
+
"\tibzrole_permission T\n"
+
"INNER JOIN ibzpermission T1 ON T.SYS_PERMISSIONID = T1.SYS_PERMISSIONID\n"
+
"INNER JOIN IBZPSSYSUNIRES T2 on T1.SYS_PERMISSIONID=t2.SYS_PSSYSUNIRESID\n"
+
"WHERE\n"
+
"\tT.SYS_ROLEID IN (\n"
+
"\t SELECT SYS_ROLEID\n"
+
"\t FROM\n"
+
"\t IBZUSER_ROLE t LEFT JOIN IBZUSER t1 ON t.SYS_USERID=T1.USERID\n"
+
"\t WHERE\n"
+
"\t T1.USERID = #{et.param0}\n"
+
"\t)\n"
+
"AND T1.PERMISSIONTYPE = #{et.param1} and t1.enable=1"
;
//应用菜单
String
appMenuSQL
=
"SELECT\n"
+
"\tt2.PSAPPMENUITEMID as MENUITEMID,\n"
+
"\tt2.SYS_PSAPPMENUITEMNAME AS MENUITEMNAME \n"
+
"FROM\n"
+
"\tibzrole_permission T\n"
+
"INNER JOIN ibzpermission T1 ON T.SYS_PERMISSIONID = T1.SYS_PERMISSIONID\n"
+
"INNER JOIN ibzpsappmenuitem T2 on T1.SYS_PERMISSIONID=t2.SYS_PSAPPMENUITEMID\n"
+
"WHERE\n"
+
"\tT.SYS_ROLEID IN (\n"
+
"\t SELECT SYS_ROLEID\n"
+
"\t FROM\n"
+
"\t IBZUSER_ROLE t LEFT JOIN IBZUSER t1 ON t.SYS_USERID=T1.USERID\n"
+
"\t WHERE\n"
+
"\t T1.USERID = #{et.param0}\n"
+
"\t)\n"
+
"AND T1.PERMISSIONTYPE = #{et.param1} and t1.enable=1"
;
Map
opprivParam
=
new
HashMap
();
opprivParam
.
put
(
"param0"
,
user
.
getUserid
());
opprivParam
.
put
(
"param1"
,
OPPriTag
);
Map
uniresParam
=
new
HashMap
();
uniresParam
.
put
(
"param0"
,
user
.
getUserid
());
uniresParam
.
put
(
"param1"
,
UniResTag
);
Map
appMenuParam
=
new
HashMap
();
appMenuParam
.
put
(
"param0"
,
user
.
getUserid
());
appMenuParam
.
put
(
"param1"
,
AppMenuTag
);
List
<
JSONObject
>
entitiesList
=
permissionService
.
select
(
opprivSQL
,
opprivParam
);
//查询用户权限下数据能力
List
<
JSONObject
>
uniResList
=
permissionService
.
select
(
uniResSQL
,
uniresParam
);
//查询用户权限下的统一资源
List
<
JSONObject
>
appMenuItemList
=
permissionService
.
select
(
appMenuSQL
,
appMenuParam
);
//查询用户权限下的菜单项
JSONObject
entities
=
getEntitiesList
(
entitiesList
);
JSONArray
uniRes
=
getUniRes
(
uniResList
);
JSONArray
appMenuItem
=
getAppMenuItem
(
appMenuItemList
);
permissionObj
.
put
(
"entities"
,
entities
);
permissionObj
.
put
(
"unires"
,
uniRes
);
permissionObj
.
put
(
"appmenu"
,
appMenuItem
);
permissionObj
.
put
(
"authorities"
,
getAuthoritiesArray
(
user
,
entitiesList
));
user
.
setPermissionList
(
permissionObj
);
}
/**
* 获取用户资源
* @return
*/
private
JSONArray
getAuthoritiesArray
(
AuthenticationUser
user
,
List
<
JSONObject
>
dataRangeArray
)
{
JSONArray
authoritiesArray
=
new
JSONArray
();
if
(
dataRangeArray
.
size
()>
0
){
for
(
int
a
=
0
;
a
<
dataRangeArray
.
size
();
a
++){
JSONObject
dataRangeObj
=
dataRangeArray
.
get
(
a
);
String
dataRangeId
=
dataRangeObj
.
getString
(
"dedatarange"
);
String
permissionId
=
dataRangeObj
.
getString
(
"permissionid"
);
if
(
!
StringUtils
.
isEmpty
(
dataRangeId
)
&&
!
StringUtils
.
isEmpty
(
permissionId
)
&&
dataRangeId
.
equalsIgnoreCase
(
"all"
)
){
authoritiesArray
.
add
(
permissionId
);
}
}
}
if
(
user
.
getSuperuser
()==
1
){
if
(
user
.
getSuperuser
()==
1
){
authoritiesArray
.
add
(
"ROLE_SUPERADMIN"
);
authorities
.
add
(
"ROLE_SUPERADMIN"
);
}
return
authoritiesArray
;
}
/**
* 获取应用菜单
* @param menuItemList
* @return
*/
private
JSONArray
getAppMenuItem
(
List
<
JSONObject
>
menuItemList
)
{
JSONArray
menuItemArr
=
new
JSONArray
();
for
(
int
a
=
0
;
a
<
menuItemList
.
size
();
a
++){
JSONObject
menuItem
=
menuItemList
.
get
(
a
);
JSONObject
newMenuItem
=
new
JSONObject
();
newMenuItem
.
put
(
"appid"
,
menuItem
.
getString
(
"MENUITEMID"
));
newMenuItem
.
put
(
"appmenuid"
,
menuItem
.
getString
(
"MENUITEMNAME"
));
newMenuItem
.
put
(
"menuitemid"
,
menuItem
.
getString
(
"MENUITEMID"
));
newMenuItem
.
put
(
"menuitemname"
,
menuItem
.
getString
(
"MENUITEMNAME"
));
menuItemArr
.
add
(
newMenuItem
);
}
return
menuItemArr
;
}
/**
* 获取统一资源
* @param uniResList
* @return
*/
private
JSONArray
getUniRes
(
List
<
JSONObject
>
uniResList
)
{
JSONArray
uniResArr
=
new
JSONArray
();
for
(
int
a
=
0
;
a
<
uniResList
.
size
();
a
++){
JSONObject
uniRes
=
uniResList
.
get
(
a
);
JSONObject
newUniRes
=
new
JSONObject
();
newUniRes
.
put
(
"unirescode"
,
uniRes
.
getString
(
"UNIRESCODE"
));
newUniRes
.
put
(
"uniresname"
,
uniRes
.
getString
(
"SYS_PSSYSUNIRESNAME"
));
uniResArr
.
add
(
newUniRes
);
}
return
uniResArr
;
}
/**
* 拼接实体行为资源
* @param role_permissions
* @return
*/
private
JSONObject
getEntitiesList
(
List
<
JSONObject
>
role_permissions
)
{
JSONObject
permission_entity
=
new
JSONObject
();
for
(
Map
rolePermission
:
role_permissions
)
{
JSONObject
obj
=
JSONObject
.
parseObject
(
JSONObject
.
toJSON
(
rolePermission
).
toString
());
String
entityName
=
obj
.
getString
(
"dataentity"
);
String
dataRangeName
=
obj
.
getString
(
"dedatarange"
);
String
sourceName
=
obj
.
getString
(
"pssourceid"
);
String
sourceType
=
obj
.
getString
(
"pssourcetype"
);
JSONObject
entity
=
new
JSONObject
();
JSONObject
permission
=
new
JSONObject
();
JSONArray
dataRange
=
new
JSONArray
();
if
(
permission_entity
.
containsKey
(
entityName
))
//实体合并
entity
=
permission_entity
.
getJSONObject
(
entityName
);
if
(
entity
.
containsKey
(
sourceType
))
//数据能力合并
permission
=
entity
.
getJSONObject
(
sourceType
);
if
(
permission
.
containsKey
(
sourceName
))
dataRange
=
permission
.
getJSONArray
(
sourceName
);
dataRange
.
add
(
dataRangeName
);
permission
.
put
(
sourceName
,
dataRange
);
entity
.
put
(
sourceType
,
permission
);
permission_entity
.
put
(
entityName
,
entity
);
}
}
return
permission_entity
;
JSONObject
permission
=
new
JSONObject
();
permission
.
put
(
"authorities"
,
authorities
);
user
.
setPermissionList
(
permission
);
}
}
/**
/**
...
...
编辑
预览
Markdown
格式
0%
请重试
or
添加新附件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
先完成此消息的编辑!
取消
想要评论请
注册
或
登录