Skip to content
项目
群组
代码片段
帮助
正在加载...
帮助
提交反馈
为 GitLab 提交贡献
登录
切换导航
I
ibzuaa
项目
项目
详情
动态
版本
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
计划
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
统计图
创建新议题
作业
提交
议题看板
打开侧边栏
ibiz4jteam
ibzuaa
提交
67143ce7
提交
67143ce7
编写于
5月 06, 2020
作者:
zhouweidong
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
UAA权限配置usr代码
上级
e23ae5bc
变更
3
隐藏空白字符变更
内嵌
并排
正在显示
3 个修改的文件
包含
163 行增加
和
73 行删除
+163
-73
DevBootSecurityConfig.java
...rc/main/java/cn/ibizlab/config/DevBootSecurityConfig.java
+4
-0
ClientAuthenticationResource.java
...pi/rest/rest/extensions/ClientAuthenticationResource.java
+159
-0
PermissionFeignService.java
...zlab/api/rest/rest/extensions/PermissionFeignService.java
+0
-73
未找到文件。
ibzuaa-boot/src/main/java/cn/ibizlab/config/DevBootSecurityConfig.java
浏览文件 @
67143ce7
...
...
@@ -40,6 +40,9 @@ public class DevBootSecurityConfig extends WebSecurityConfigurerAdapter {
@Value
(
"${ibiz.auth.path:v7/login}"
)
private
String
loginPath
;
@Value
(
"${ibiz.auth.clientloginpath:uaa/login}"
)
private
String
clientLoginPath
;
@Autowired
public
void
configureGlobal
(
AuthenticationManagerBuilder
auth
)
throws
Exception
{
auth
...
...
@@ -93,6 +96,7 @@ public class DevBootSecurityConfig extends WebSecurityConfigurerAdapter {
.
antMatchers
(
"/uaa/permission/**"
).
permitAll
()
//放行登录请求
.
antMatchers
(
HttpMethod
.
POST
,
"/"
+
loginPath
).
permitAll
()
.
antMatchers
(
HttpMethod
.
POST
,
"/"
+
clientLoginPath
).
permitAll
()
.
anyRequest
().
authenticated
()
// 防止iframe 造成跨域
.
and
().
headers
().
frameOptions
().
disable
();
...
...
ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/rest/extensions/ClientAuthenticationResource.java
0 → 100644
浏览文件 @
67143ce7
package
cn
.
ibizlab
.
api
.
rest
.
rest
.
extensions
;
import
cn.ibizlab.core.uaa.service.ISYS_PERMISSIONService
;
import
cn.ibizlab.util.client.IBZOUFeignClient
;
import
cn.ibizlab.util.security.AuthenticationUser
;
import
cn.ibizlab.util.security.AuthorizationLogin
;
import
cn.ibizlab.util.service.AuthenticationUserService
;
import
com.alibaba.fastjson.JSONArray
;
import
com.alibaba.fastjson.JSONObject
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Value
;
import
org.springframework.http.ResponseEntity
;
import
org.springframework.util.StringUtils
;
import
org.springframework.validation.annotation.Validated
;
import
org.springframework.web.bind.annotation.PostMapping
;
import
org.springframework.web.bind.annotation.RequestBody
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.bind.annotation.RestController
;
import
java.util.List
;
import
java.util.Map
;
import
java.util.Set
;
/**
* 客户端登录认证
*/
@RestController
@RequestMapping
(
"/"
)
public
class
ClientAuthenticationResource
{
@Value
(
"${ibiz.jwt.header:Authorization}"
)
private
String
tokenHeader
;
/**
* 实体操作标识
*/
private
String
OPPriTag
=
"OPPRIV"
;
@Autowired
private
AuthenticationUserService
userDetailsService
;
@Autowired
private
IBZOUFeignClient
ouFeignClient
;
@Autowired
private
ISYS_PERMISSIONService
permissionService
;
@PostMapping
(
value
=
"uaa/login"
)
public
ResponseEntity
<
AuthenticationUser
>
login
(
@Validated
@RequestBody
AuthorizationLogin
authorizationLogin
){
userDetailsService
.
resetByUsername
(
authorizationLogin
.
getUsername
());
AuthenticationUser
user
=
userDetailsService
.
loadUserByLogin
(
authorizationLogin
.
getDomain
(),
authorizationLogin
.
getLoginname
(),
authorizationLogin
.
getPassword
());
setUserName
(
user
,
authorizationLogin
);
setUserPermission
(
user
);
setUserOrgInfo
(
user
);
return
ResponseEntity
.
ok
().
body
(
user
);
}
/**
* 设置用户权限
* @param user
* @return
*/
public
void
setUserPermission
(
AuthenticationUser
user
)
{
JSONObject
permissionObj
=
new
JSONObject
();
String
opprivSQL
=
"SELECT\n"
+
"\tT2.pssysmoduleid as sysmodule,\n"
+
"\tT2.psdataentityid as dataentity,\n"
+
"\tT2.pssourceid as pssourceid,\n"
+
"\tT2.pssourcetype as pssourcetype,\n"
+
"\tT2.psdedatarangeid as dedatarange,\n"
+
"\tT1.sys_permissionname\n"
+
"FROM\n"
+
"\tibzrole_permission T\n"
+
"INNER JOIN ibzpermission T1 ON T.SYS_PERMISSIONID = T1.SYS_PERMISSIONID\n"
+
"INNER JOIN ibzpsdeoppriv T2 on T1.SYS_PERMISSIONID=t2.SYS_PSDEOPPRIVID\n"
+
"WHERE\n"
+
"\tT.SYS_ROLEID IN (\n"
+
"\t SELECT SYS_ROLEID\n"
+
"\t FROM\n"
+
"\t IBZUSER_ROLE t LEFT JOIN IBZUSER t1 ON t.SYS_USERID=T1.USERID\n"
+
"\t WHERE\n"
+
"\t T1.USERID = '%s'\n"
+
"\t)\n"
+
"AND T1.PERMISSIONTYPE = '%s' "
;
List
<
JSONObject
>
userPermission
=
permissionService
.
select
(
String
.
format
(
opprivSQL
,
user
.
getUserid
(),
OPPriTag
));
//查询用户权限下的菜单数据
JSONObject
userPermissionList
=
getUserPermissionList
(
userPermission
);
permissionObj
.
put
(
"userPermissionList"
,
userPermissionList
);
user
.
setPermisionList
(
permissionObj
);
}
/**
* 拼接实体行为资源
* @param role_permissions
* @return
*/
private
JSONObject
getUserPermissionList
(
List
<
JSONObject
>
role_permissions
)
{
JSONObject
permission_entity
=
new
JSONObject
();
for
(
Map
rolePermission
:
role_permissions
)
{
JSONObject
obj
=
JSONObject
.
parseObject
(
JSONObject
.
toJSON
(
rolePermission
).
toString
());
String
entityName
=
obj
.
getString
(
"dataentity"
);
String
dataRangeName
=
obj
.
getString
(
"dedatarange"
);
String
sourceName
=
obj
.
getString
(
"pssourceid"
);
String
sourceType
=
obj
.
getString
(
"pssourcetype"
);
JSONObject
entity
=
new
JSONObject
();
JSONObject
permission
=
new
JSONObject
();
JSONArray
dataRange
=
new
JSONArray
();
if
(
permission_entity
.
containsKey
(
entityName
))
//实体合并
entity
=
permission_entity
.
getJSONObject
(
entityName
);
if
(
entity
.
containsKey
(
sourceType
))
//数据能力合并
permission
=
entity
.
getJSONObject
(
sourceType
);
if
(
permission
.
containsKey
(
sourceName
))
dataRange
=
permission
.
getJSONArray
(
sourceName
);
dataRange
.
add
(
dataRangeName
);
permission
.
put
(
sourceName
,
dataRange
);
entity
.
put
(
sourceType
,
permission
);
permission_entity
.
put
(
entityName
,
entity
);
}
return
permission_entity
;
}
/**
* 设置用户组织相关信息
* @param user
*/
private
void
setUserOrgInfo
(
AuthenticationUser
user
)
{
Map
<
String
,
Set
<
String
>>
orgInfo
=
ouFeignClient
.
getOUMapsByUserId
(
user
.
getUserid
());
if
(
orgInfo
==
null
)
throw
new
RuntimeException
(
String
.
format
(
"获取用户信息失败,请检查用户中心[IBZOU]中是否存在[%s]用户!"
,
user
.
getLoginname
()));
user
.
setOrgInfo
(
orgInfo
);
}
/**
* 设置用户信息
* @param user
* @param authorizationLogin
*/
private
void
setUserName
(
AuthenticationUser
user
,
AuthorizationLogin
authorizationLogin
)
{
String
domain
=
authorizationLogin
.
getDomain
();
String
username
=
authorizationLogin
.
getUsername
();
String
password
=
authorizationLogin
.
getPassword
();
if
(!
StringUtils
.
isEmpty
(
domain
))
username
=
username
+
"|"
+
domain
;
username
=
username
+
"|"
+
password
;
user
.
setUsername
(
username
);
}
}
ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/rest/extensions/PermissionFeignService.java
浏览文件 @
67143ce7
...
...
@@ -45,79 +45,6 @@ public class PermissionFeignService {
@Autowired
private
ISYS_PSDEOPPRIVService
opprivService
;
/**
* 根据登录的用户userid,系统标识,获取指定该系统下角色的菜单、或权限
* @return
*/
@GetMapping
(
value
=
"/uaa/permission/{loginname}"
)
public
JSONObject
getUserPermissionData
(
@Validated
@NotBlank
(
message
=
"loginname不允许为空"
)
@PathVariable
(
"loginname"
)
String
loginName
,
@Validated
@NotBlank
(
message
=
"systemid不允许为空"
)
@RequestParam
(
"systemid"
)
String
systemid
)
{
JSONObject
permissionObj
=
new
JSONObject
();
String
opprivSQL
=
"SELECT\n"
+
"\tT2.pssysmoduleid as sysmodule,\n"
+
"\tT2.psdataentityid as dataentity,\n"
+
"\tT2.pssourceid as pssourceid,\n"
+
"\tT2.pssourcetype as pssourcetype,\n"
+
"\tT2.psdedatarangeid as dedatarange,\n"
+
"\tT1.sys_permissionname\n"
+
"FROM\n"
+
"\tibzrole_permission T\n"
+
"INNER JOIN ibzpermission T1 ON T.SYS_PERMISSIONID = T1.SYS_PERMISSIONID\n"
+
"INNER JOIN ibzpsdeoppriv T2 on T1.SYS_PERMISSIONID=t2.SYS_PSDEOPPRIVID\n"
+
"WHERE\n"
+
"\tT.SYS_ROLEID IN (\n"
+
"\t SELECT SYS_ROLEID\n"
+
"\t FROM\n"
+
"\t IBZUSER_ROLE t LEFT JOIN IBZUSER t1 ON t.SYS_USERID=T1.USERID\n"
+
"\t WHERE\n"
+
"\t T1.USERNAME = '%s'\n"
+
"\t)\n"
+
"AND T1.SYSTEMID = '%s'\n"
+
"AND T1.PERMISSIONTYPE = '%s' "
;
List
<
JSONObject
>
userPermission
=
permissionService
.
select
(
String
.
format
(
opprivSQL
,
loginName
,
systemid
,
OPPriTag
));
//查询用户权限下的菜单数据
JSONObject
userPermissionList
=
getUserPermissionList
(
userPermission
);
permissionObj
.
put
(
"userPermissionList"
,
userPermissionList
);
return
permissionObj
;
}
/**
* 拼接实体行为资源
* @param role_permissions
* @return
*/
private
JSONObject
getUserPermissionList
(
List
<
JSONObject
>
role_permissions
)
{
JSONObject
permission_entity
=
new
JSONObject
();
for
(
Map
rolePermission
:
role_permissions
)
{
JSONObject
obj
=
JSONObject
.
parseObject
(
JSONObject
.
toJSON
(
rolePermission
).
toString
());
String
entityName
=
obj
.
getString
(
"dataentity"
);
String
dataRangeName
=
obj
.
getString
(
"dedatarange"
);
String
sourceName
=
obj
.
getString
(
"pssourceid"
);
String
sourceType
=
obj
.
getString
(
"pssourcetype"
);
JSONObject
entity
=
new
JSONObject
();
JSONObject
permission
=
new
JSONObject
();
JSONArray
dataRange
=
new
JSONArray
();
if
(
permission_entity
.
containsKey
(
entityName
))
//实体合并
entity
=
permission_entity
.
getJSONObject
(
entityName
);
if
(
entity
.
containsKey
(
sourceType
))
//数据能力合并
permission
=
entity
.
getJSONObject
(
sourceType
);
if
(
permission
.
containsKey
(
sourceName
))
dataRange
=
permission
.
getJSONArray
(
sourceName
);
dataRange
.
add
(
dataRangeName
);
permission
.
put
(
sourceName
,
dataRange
);
entity
.
put
(
sourceType
,
permission
);
permission_entity
.
put
(
entityName
,
entity
);
}
return
permission_entity
;
}
/**
* 拿到业务系统传过来的权限和菜单数据,存入uaa的权限表中
*/
...
...
编辑
预览
Markdown
格式
0%
请重试
or
添加新附件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
先完成此消息的编辑!
取消
想要评论请
注册
或
登录