UAA登录

f0878a49 · zhouweidong · 111d1057 · f0878a49 · f0878a49 · f0878a49
--- a/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/client/IBZUAAFallback.java.ftl
+++ b/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/client/IBZUAAFallback.java.ftl
@@ -3,7 +3,8 @@ TARGET=PSSYSTEM
 </#ibiztemplate>
 package ${pub.getPKGCodeName()}.util.client;

-import com.alibaba.fastjson.JSONObject;
+import ${pub.getPKGCodeName()}.util.security.AuthenticationUser;
+import ${pub.getPKGCodeName()}.util.security.AuthorizationLogin;
 import org.springframework.stereotype.Component;
 import java.util.Map;

@@ -11,12 +12,12 @@ import java.util.Map;
 public class IBZUAAFallback implements IBZUAAFeignClient {

    @Override
-    public JSONObject getUserPermissionData(String loginName, String systemId) {
+    public Map<String, Object> pushSystemPermissionData(Map<String, Object> systemPermissionData, String systemId) {
        return null;
    }

    @Override
-    public Map<String, Object> pushSystemPermissionData(Map<String, Object> systemPermissionData, String systemId) {
+    public AuthenticationUser login(AuthorizationLogin authorizationLogin) {
        return null;
    }


--- a/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/client/IBZUAAFeignClient.java.ftl
+++ b/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/client/IBZUAAFeignClient.java.ftl
@@ -3,7 +3,8 @@ TARGET=PSSYSTEM
 </#ibiztemplate>
 package ${pub.getPKGCodeName()}.util.client;

-import com.alibaba.fastjson.JSONObject;
+import ${pub.getPKGCodeName()}.util.security.AuthenticationUser;
+import ${pub.getPKGCodeName()}.util.security.AuthorizationLogin;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.*;
 import java.util.Map;
@@ -11,16 +12,6 @@ import java.util.Map;
 @FeignClient(value = "ibzuaa",fallback = IBZUAAFallback.class)
 public interface IBZUAAFeignClient
 {
-
-	/**
-	 * 从uaa中获取当前用户权限
-	 * @param loginName
-	 * @param systemId
-	 * @return
-	 */
-	@GetMapping(value = "/uaa/permission/{loginname}")
-    JSONObject getUserPermissionData(@PathVariable("loginname") String loginName, @RequestParam("systemid") String systemId);
-
 	/**
 	 * 推送系统权限数据到uaa
 	 * @param systemPermissionData
@@ -30,4 +21,12 @@ public interface IBZUAAFeignClient
 	@PostMapping("/uaa/permission/save")
 	Map<String,Object> pushSystemPermissionData(@RequestBody Map<String, Object> systemPermissionData,  @RequestParam("systemid") String systemId);

+	/**
+	 * 用户登录
+	 * @param authorizationLogin 登录信息
+	 * @return
+	 */
+	@PostMapping(value = "/uaa/authentication/login")
+	AuthenticationUser login(@RequestBody AuthorizationLogin authorizationLogin);
+
 }
--- a/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/AuthPermissionEvaluator.java.ftl
+++ b/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/AuthPermissionEvaluator.java.ftl
@@ -7,8 +7,6 @@ import com.alibaba.fastjson.JSONArray;
 import com.alibaba.fastjson.JSONObject;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
-import com.mongodb.BasicDBList;
-import com.mongodb.BasicDBObject;
 import com.mongodb.QueryBuilder;
 import ${pub.getPKGCodeName()}.util.annotation.DEField;
 import ${pub.getPKGCodeName()}.util.domain.EntityBase;
@@ -16,9 +14,7 @@ import ${pub.getPKGCodeName()}.util.enums.DEPredefinedFieldType;
 import ${pub.getPKGCodeName()}.util.filter.QueryBuildContext;
 import ${pub.getPKGCodeName()}.util.filter.QueryWrapperContext;
 import ${pub.getPKGCodeName()}.util.helper.DEFieldCacheMap;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.data.domain.PageImpl;
 import org.springframework.data.mongodb.core.MongoTemplate;
 import org.springframework.data.mongodb.core.query.BasicQuery;
 import org.springframework.data.mongodb.core.query.Query;
@@ -28,13 +24,9 @@ import org.springframework.stereotype.Component;
 import org.springframework.util.ObjectUtils;
 import org.springframework.util.StringUtils;
 import javax.annotation.Resource;
-import javax.swing.text.html.parser.Entity;
 import java.io.Serializable;
 import java.lang.reflect.Field;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import java.util.*;

 /**
 * spring security 权限管理类
@@ -129,7 +121,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
            //拼接权限条件
            deDataSetFillPermissionSQLRouter(deStorageMode, searchContext, entity , dataSetName , permissionList);
        }
-            return true;
+                return true;
    }


@@ -443,13 +435,11 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        String orgDeptField=permissionField.get("orgsecfield");
        String createManField=permissionField.get("createmanfield");
        AuthenticationUser authenticationUser = AuthenticationUser.getAuthenticationUser();
-        JSONObject userInfo = authenticationUser.getOrgInfo();
-        JSONObject orgObject = userInfo.getJSONObject("org");
-        JSONArray orgParent = orgObject.getJSONArray("porg");
-        JSONArray orgChild = orgObject.getJSONArray("sorg");
-        JSONObject orgDeptObject = userInfo.getJSONObject("orgdept");
-        JSONArray orgDeptParent = orgDeptObject.getJSONArray("porgdept");
-        JSONArray orgDeptChild = orgDeptObject.getJSONArray("sorgdept");
+        Map<String, Set<String>> userInfo = authenticationUser.getOrgInfo();
+        Set<String> orgParent = userInfo.get("parentorg");
+        Set<String> orgChild = userInfo.get("suborg");
+        Set<String> orgDeptParent = userInfo.get("parentdept");
+        Set<String> orgDeptChild = userInfo.get("subdept");

        for(int i=0;i<oppriList.size();i++){
            String permissionCond=oppriList.getString(i);//权限配置条件
@@ -495,13 +485,11 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
        String createManField=permissionField.get("createmanfield");
        StringBuffer permissionSQL=new StringBuffer();
        AuthenticationUser authenticationUser = AuthenticationUser.getAuthenticationUser();
-        JSONObject userInfo = authenticationUser.getOrgInfo();
-        JSONObject orgObject = userInfo.getJSONObject("org");
-        JSONArray orgParent = orgObject.getJSONArray("porg");
-        JSONArray orgChild = orgObject.getJSONArray("sorg");
-        JSONObject orgDeptObject = userInfo.getJSONObject("orgdept");
-        JSONArray orgDeptParent = orgDeptObject.getJSONArray("porgdept");
-        JSONArray orgDeptChild = orgDeptObject.getJSONArray("sorgdept");
+        Map<String, Set<String>> userInfo = authenticationUser.getOrgInfo();
+        Set<String> orgParent = userInfo.get("parentorg");
+        Set<String> orgChild = userInfo.get("suborg");
+        Set<String> orgDeptParent = userInfo.get("parentdept");
+        Set<String> orgDeptChild = userInfo.get("subdept");

        for(int i=0;i<oppriList.size();i++){
            permissionSQL.append("OR");
@@ -610,7 +598,7 @@ public class AuthPermissionEvaluator implements PermissionEvaluator {
     * 转换[a,b]格式字符串到 'a','b'格式
     * @return
     */
-    private String formatStringArr(JSONArray array) {
+    private String formatStringArr(Set<String> array) {

        String[] arr = array.toArray(new String[array.size()]);
        return "'" + String.join("','", arr) + "'";

--- a/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/AuthenticationUser.java.ftl
+++ b/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/security/AuthenticationUser.java.ftl
@@ -15,6 +15,7 @@ import java.util.Map;
 import java.util.HashMap;
 import java.sql.Timestamp;
 import java.util.Collection;
+import java.util.Set;
 import com.alibaba.fastjson.JSONObject;

 @Data
@@ -63,14 +64,12 @@ public class AuthenticationUser implements UserDetails
 	private   Collection<GrantedAuthority> authorities;
    @JsonIgnore
    private int superuser;
-    @JsonIgnore
    private JSONObject permisionList;
    private String orglevel;//单位级别
    private String deptlevel;//部门级别
    @JsonIgnore
    private Map<String,Object> userSessionParam;//用户自定义session值
-    @JsonIgnore
-    private JSONObject orgInfo;//上下级组织信息
+    private Map<String, Set<String>> orgInfo;//上下级组织信息


 	@JsonIgnore

--- a/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/service/IBZUAAUserService.java.ftl
+++ b/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/service/IBZUAAUserService.java.ftl
+<#ibiztemplate>
+TARGET=PSSYSTEM
+</#ibiztemplate>
+package ${pub.getPKGCodeName()}.util.service;
+
+import com.alibaba.fastjson.JSONObject;
+import ${pub.getPKGCodeName()}.util.client.IBZOUFeignClient;
+import ${pub.getPKGCodeName()}.util.client.IBZUAAFeignClient;
+import ${pub.getPKGCodeName()}.util.security.AuthenticationUser;
+import ${pub.getPKGCodeName()}.util.security.AuthorizationLogin;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Primary;
+import org.springframework.stereotype.Service;
+import org.springframework.util.DigestUtils;
+import org.springframework.util.StringUtils;
+
+/**
+ * 实体[IBZUSER] 服务对象接口实现
+ */
+//@Primary
+@Service("IBZUAAUserService")
+public class IBZUAAUserService implements AuthenticationUserService{
+
+	@Autowired
+	private IBZUAAFeignClient uaaFeignClient;
+
+	@Override
+	public AuthenticationUser loadUserByUsername(String username) {
+
+		String[] data=username.split("[|]");
+		String loginname=username;
+		String domains="";
+		String password="";
+
+		if(data.length==3) {
+			loginname=data[0].trim();
+			domains=data[1].trim();
+			password=data[2].trim();
+		}
+		else if(data.length==2) {
+			loginname=data[0].trim();
+			password=data[1].trim();
+		}
+		AuthorizationLogin user = new AuthorizationLogin();
+		user.setDomain(domains);
+		user.setLoginname(loginname);
+		user.setPassword(password);
+		return uaaFeignClient.login(user);
+	}
+
+	@Override
+	public AuthenticationUser loadUserByLogin(String username, String password) {
+		AuthenticationUser authuserdetail = loadUserByUsername(username+"|"+password);
+		return authuserdetail;
+	}
+
+	@Override
+	public AuthenticationUser loadUserByLogin(String domain, String username, String password) {
+		if(!StringUtils.isEmpty(domain))
+			username = username+"|"+domain;
+		return loadUserByLogin(username,password);
+	}
+
+	@Override
+	public void resetByUsername(String username) {
+
+	}
+
+}
--- a/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/service/SimpleUserService.java.ftl
+++ b/SLN/%PUBPRJ%-util/src/main/java/%SYS_PKGPATH%/util/service/SimpleUserService.java.ftl
@@ -33,12 +33,6 @@ public class SimpleUserService implements AuthenticationUserService{
    @Value("${r'$'}{ibiz.systemid:${sid}}")
    private String systemid;

-	@Autowired
-	private IBZUAAFeignClient uaaFeignClient;
-
-	@Autowired
-	private IBZOUFeignClient ouFeignClient;
-
 	@Override
 	public AuthenticationUser loadUserByUsername(String username) {
 		AuthenticationUser user = new AuthenticationUser();
@@ -68,9 +62,6 @@ public class SimpleUserService implements AuthenticationUserService{
 		user.setOrgcode(domains);
 		user.setOrgname(domains);

-		setUserPermission(user);
-		setUserOrgInfo(user);
-
 		return user;
 	}

@@ -93,30 +84,4 @@ public class SimpleUserService implements AuthenticationUserService{

 	}

-	/**
-	 * 设置用户权限
-	 */
-	private void setUserPermission(AuthenticationUser user) {
-		if(enablePermissionValid){
-			JSONObject permission= uaaFeignClient.getUserPermissionData(user.getLoginname(),systemid);
-			user.setPermisionList(permission);
-		}
-	}
-
-	/**
-	 * 设置用户组织相关信息
-	 * @param user
-	 */
-	private void setUserOrgInfo(AuthenticationUser user) {
-		if(enablePermissionValid) {
-			JSONObject orgInfo=ouFeignClient.getOrgInfo(user.getLoginname());
-			if(orgInfo==null)
-				throw new RuntimeException("获取用户信息失败，请检查用户中心[IBZOU]中是否存在当前用户!");
-			JSONObject curUser=orgInfo.getJSONObject("curuser");
-			user.setOrgInfo(orgInfo);
-			user.setMdeptid(curUser.getString("orgdept"));
-			user.setOrgid(curUser.getString("org"));
-		}
-	}
-
 }