Skip to content

I
ibzuaa
提交 67143ce7 编写于 作者: zhouweidong's avatar zhouweidong
浏览文件
操作

UAA权限配置usr代码

上级 e23ae5bc
隐藏空白字符变更
内嵌 并排
正在显示 包含 163 行增加73 行删除
ibzuaa-boot/src/main/java/cn/ibizlab/config/DevBootSecurityConfig.java
浏览文件 @ 67143ce7
......@@ -40,6 +40,9 @@ public class DevBootSecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${ibiz.auth.path:v7/login}")
private String loginPath;
@Value("${ibiz.auth.clientloginpath:uaa/login}")
private String clientLoginPath;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
......@@ -93,6 +96,7 @@ public class DevBootSecurityConfig extends WebSecurityConfigurerAdapter {
.antMatchers("/uaa/permission/**").permitAll()
//放行登录请求
.antMatchers( HttpMethod.POST,"/"+loginPath).permitAll()
.antMatchers( HttpMethod.POST,"/"+clientLoginPath).permitAll()
.anyRequest().authenticated()
// 防止iframe 造成跨域
.and().headers().frameOptions().disable();
......
ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/rest/extensions/ClientAuthenticationResource.java 0 → 100644
浏览文件 @ 67143ce7
package cn.ibizlab.api.rest.rest.extensions;
import cn.ibizlab.core.uaa.service.ISYS_PERMISSIONService;
import cn.ibizlab.util.client.IBZOUFeignClient;
import cn.ibizlab.util.security.AuthenticationUser;
import cn.ibizlab.util.security.AuthorizationLogin;
import cn.ibizlab.util.service.AuthenticationUserService;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.ResponseEntity;
import org.springframework.util.StringUtils;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* 客户端登录认证
*/
@RestController
@RequestMapping("/")
public class ClientAuthenticationResource
{
@Value("${ibiz.jwt.header:Authorization}")
private String tokenHeader;
/**
* 实体操作标识
*/
private String OPPriTag="OPPRIV";
@Autowired
private AuthenticationUserService userDetailsService;
@Autowired
private IBZOUFeignClient ouFeignClient;
@Autowired
private ISYS_PERMISSIONService permissionService;
@PostMapping(value = "uaa/login")
public ResponseEntity<AuthenticationUser> login(@Validated @RequestBody AuthorizationLogin authorizationLogin){
userDetailsService.resetByUsername(authorizationLogin.getUsername());
AuthenticationUser user = userDetailsService.loadUserByLogin(authorizationLogin.getDomain(),authorizationLogin.getLoginname(),authorizationLogin.getPassword());
setUserName(user,authorizationLogin);
setUserPermission(user);
setUserOrgInfo(user);
return ResponseEntity.ok().body(user);
}
/**
* 设置用户权限
* @param user
* @return
*/
public void setUserPermission(AuthenticationUser user) {
JSONObject permissionObj=new JSONObject();
String opprivSQL="SELECT\n" +
"\tT2.pssysmoduleid as sysmodule,\n" +
"\tT2.psdataentityid as dataentity,\n" +
"\tT2.pssourceid as pssourceid,\n" +
"\tT2.pssourcetype as pssourcetype,\n" +
"\tT2.psdedatarangeid as dedatarange,\n" +
"\tT1.sys_permissionname\n" +
"FROM\n" +
"\tibzrole_permission T\n" +
"INNER JOIN ibzpermission T1 ON T.SYS_PERMISSIONID = T1.SYS_PERMISSIONID\n" +
"INNER JOIN ibzpsdeoppriv T2 on T1.SYS_PERMISSIONID=t2.SYS_PSDEOPPRIVID\n" +
"WHERE\n" +
"\tT.SYS_ROLEID IN (\n" +
"\t SELECT SYS_ROLEID\n" +
"\t FROM\n" +
"\t IBZUSER_ROLE t LEFT JOIN IBZUSER t1 ON t.SYS_USERID=T1.USERID\n" +
"\t WHERE\n" +
"\t T1.USERID = '%s'\n" +
"\t)\n" +
"AND T1.PERMISSIONTYPE = '%s' ";
List<JSONObject> userPermission= permissionService.select(String.format(opprivSQL,user.getUserid(),OPPriTag)); //查询用户权限下的菜单数据
JSONObject userPermissionList=getUserPermissionList(userPermission);
permissionObj.put("userPermissionList",userPermissionList);
user.setPermisionList(permissionObj);
}
/**
* 拼接实体行为资源
* @param role_permissions
* @return
*/
private JSONObject getUserPermissionList(List<JSONObject> role_permissions) {
JSONObject permission_entity= new JSONObject();
for (Map rolePermission : role_permissions) {
JSONObject obj = JSONObject.parseObject(JSONObject.toJSON(rolePermission).toString());
String entityName = obj.getString("dataentity");
String dataRangeName = obj.getString("dedatarange");
String sourceName = obj.getString("pssourceid");
String sourceType=obj.getString("pssourcetype");
JSONObject entity = new JSONObject();
JSONObject permission = new JSONObject();
JSONArray dataRange = new JSONArray();
if (permission_entity.containsKey(entityName))//实体合并
entity = permission_entity.getJSONObject(entityName);
if (entity.containsKey(sourceType))//数据能力合并
permission = entity.getJSONObject(sourceType);
if(permission.containsKey(sourceName))
dataRange=permission.getJSONArray(sourceName);
dataRange.add(dataRangeName);
permission.put(sourceName,dataRange);
entity.put(sourceType, permission);
permission_entity.put(entityName, entity);
}
return permission_entity;
}
/**
* 设置用户组织相关信息
* @param user
*/
private void setUserOrgInfo(AuthenticationUser user) {
Map<String, Set<String>> orgInfo=ouFeignClient.getOUMapsByUserId(user.getUserid());
if(orgInfo==null)
throw new RuntimeException(String.format("获取用户信息失败,请检查用户中心[IBZOU]中是否存在[%s]用户!",user.getLoginname()));
user.setOrgInfo(orgInfo);
}
/**
* 设置用户信息
* @param user
* @param authorizationLogin
*/
private void setUserName(AuthenticationUser user, AuthorizationLogin authorizationLogin) {
String domain=authorizationLogin.getDomain();
String username=authorizationLogin.getUsername();
String password=authorizationLogin.getPassword();
if(!StringUtils.isEmpty(domain))
username = username+"|"+domain;
username=username+"|"+password;
user.setUsername(username);
}
}
ibzuaa-provider/ibzuaa-provider-api/src/main/java/cn/ibizlab/api/rest/rest/extensions/PermissionFeignService.java
浏览文件 @ 67143ce7
......@@ -45,79 +45,6 @@ public class PermissionFeignService {
@Autowired
private ISYS_PSDEOPPRIVService opprivService;
/**
* 根据登录的用户userid,系统标识,获取指定该系统下角色的菜单、或权限
* @return
*/
@GetMapping(value = "/uaa/permission/{loginname}")
public JSONObject getUserPermissionData(@Validated @NotBlank(message = "loginname不允许为空")@PathVariable("loginname") String loginName, @Validated @NotBlank(message = "systemid不允许为空") @RequestParam("systemid") String systemid) {
JSONObject permissionObj=new JSONObject();
String opprivSQL="SELECT\n" +
"\tT2.pssysmoduleid as sysmodule,\n" +
"\tT2.psdataentityid as dataentity,\n" +
"\tT2.pssourceid as pssourceid,\n" +
"\tT2.pssourcetype as pssourcetype,\n" +
"\tT2.psdedatarangeid as dedatarange,\n" +
"\tT1.sys_permissionname\n" +
"FROM\n" +
"\tibzrole_permission T\n" +
"INNER JOIN ibzpermission T1 ON T.SYS_PERMISSIONID = T1.SYS_PERMISSIONID\n" +
"INNER JOIN ibzpsdeoppriv T2 on T1.SYS_PERMISSIONID=t2.SYS_PSDEOPPRIVID\n" +
"WHERE\n" +
"\tT.SYS_ROLEID IN (\n" +
"\t SELECT SYS_ROLEID\n" +
"\t FROM\n" +
"\t IBZUSER_ROLE t LEFT JOIN IBZUSER t1 ON t.SYS_USERID=T1.USERID\n" +
"\t WHERE\n" +
"\t T1.USERNAME = '%s'\n" +
"\t)\n" +
"AND T1.SYSTEMID = '%s'\n" +
"AND T1.PERMISSIONTYPE = '%s' ";
List<JSONObject> userPermission= permissionService.select(String.format(opprivSQL,loginName,systemid,OPPriTag)); //查询用户权限下的菜单数据
JSONObject userPermissionList=getUserPermissionList(userPermission);
permissionObj.put("userPermissionList",userPermissionList);
return permissionObj;
}
/**
* 拼接实体行为资源
* @param role_permissions
* @return
*/
private JSONObject getUserPermissionList(List<JSONObject> role_permissions) {
JSONObject permission_entity= new JSONObject();
for (Map rolePermission : role_permissions) {
JSONObject obj = JSONObject.parseObject(JSONObject.toJSON(rolePermission).toString());
String entityName = obj.getString("dataentity");
String dataRangeName = obj.getString("dedatarange");
String sourceName = obj.getString("pssourceid");
String sourceType=obj.getString("pssourcetype");
JSONObject entity = new JSONObject();
JSONObject permission = new JSONObject();
JSONArray dataRange = new JSONArray();
if (permission_entity.containsKey(entityName))//实体合并
entity = permission_entity.getJSONObject(entityName);
if (entity.containsKey(sourceType))//数据能力合并
permission = entity.getJSONObject(sourceType);
if(permission.containsKey(sourceName))
dataRange=permission.getJSONArray(sourceName);
dataRange.add(dataRangeName);
permission.put(sourceName,dataRange);
entity.put(sourceType, permission);
permission_entity.put(entityName, entity);
}
return permission_entity;
}
/**
* 拿到业务系统传过来的权限和菜单数据,存入uaa的权限表中
*/
......
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册