Tenlion/cm-cloud
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

调整单点登录的Token处理逻辑

Browse Source
This commit is contained in:
wenc000 2020-02-07 19:17:14 +08:00
parent a58991853d
commit 407e3bee7d
6 changed files with 229 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
cloud-common-plugin-oauth/src/main/java/com/cm/common/plugin/converter/ClientUserAuthConverter.java
View File

@ -3,12 +3,17 @@ package com.cm.common.plugin.converter;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.cm.common.config.properties.OauthProperties;
import com.cm.common.constants.ISystemConstant;
import com.cm.common.plugin.IApiConsts;
import com.cm.common.plugin.oauth.token.ClientTokenManager;
import com.cm.common.plugin.utils.RestTemplateUtil;
import com.cm.common.pojo.bos.RoleBO;
import com.cm.common.pojo.bos.RoleGrantedAuthority;
import com.cm.common.pojo.bos.UserInfoBO;
import com.cm.common.pojo.dtos.UserAttrInfoDTO;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.JavaType;
import com.fasterxml.jackson.databind.ObjectMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@ -17,6 +22,7 @@ import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.provider.token.UserAuthenticationConverter;
import org.springframework.util.StringUtils;
import java.io.IOException;
import java.util.*;
/**
@ -45,52 +51,60 @@ public class ClientUserAuthConverter implements UserAuthenticationConverter {
Object principal = map.get("user_name");
if (!Objects.isNull(principal)) {
Collection<GrantedAuthority> authorities;
List<RoleBO> roles = new ArrayList<>();
if ("admin".equals(principal.toString())) {
authorities = new LinkedHashSet<>();
authorities.add(new RoleGrantedAuthority("ROLE_ALL"));
authorities.add(new RoleGrantedAuthority("ROLE_GROUP_ALL"));
} else {
authorities = getAuthorities(roles, map);
}
// 包含用户信息则直接抽取其中的用户信息
Map<String, Object> userInfo = (Map<String, Object>) map.get("user_info");
UserInfoBO userInfoBO = new UserInfoBO();
userInfoBO.setUserId(userInfo.get("userId").toString());
userInfoBO.setUserUsername(userInfo.get("username").toString());
userInfoBO.setUserName(userInfo.get("userName").toString());
userInfoBO.setUserPhone(userInfo.get("userPhone") == null ? "" : userInfo.get("userPhone").toString());
userInfoBO.setRoles(roles);
if (ISystemConstant.ADMIN.equals(principal.toString())) {
authorities = new LinkedHashSet<>();
authorities.add(new RoleGrantedAuthority("ROLE_ALL"));
authorities.add(new RoleGrantedAuthority("ROLE_GROUP_ALL"));
} else {
Map<String, Object> params = new HashMap<>(1);
params.put(IApiConsts.ACCESS_TOKEN, ClientTokenManager.getInstance().getClientToken().getAccessToken());
String result = this.restTemplateUtil.doGetFormNormal(String.format("%s/resource/user/getuserinfobyuserid/%s", oauthProperties.getOauthServer(), userInfoBO.getUserId()), params);
if (Objects.isNull(result)) {
throw new IllegalArgumentException("系统错误");
}
try {
// 获取角色信息
ObjectMapper objectMapper = new ObjectMapper();
UserAttrInfoDTO userAttrInfoDTO = objectMapper.readValue(result, UserAttrInfoDTO.class);
userInfoBO.setDepartments(userAttrInfoDTO.getDepartments());
userInfoBO.setRoles(userAttrInfoDTO.getRoles());
userInfoBO.setGroups(userAttrInfoDTO.getGroups());
userInfoBO.setPositions(userAttrInfoDTO.getPositions());
userInfoBO.setDataAuthority(userAttrInfoDTO.getDataAuthority());
userInfoBO.setDataAuthorityUserIds(userAttrInfoDTO.getDataAuthorityUserIds());
userInfoBO.setBaseDepartmentIds(userAttrInfoDTO.getBaseDepartmentIds());
authorities = getAuthorities(userAttrInfoDTO.getRoles());
} catch (IOException e) {
LOG.error(e.getMessage(), e);
throw new IllegalArgumentException("系统错误");
}
}
principal = userInfoBO;
LOG.debug("获取用户权限");
LOG.debug("设置Token");
return new UsernamePasswordAuthenticationToken(principal, "N/A", authorities);
} else {
return null;
}
return null;
}
private Collection<GrantedAuthority> getAuthorities(List<RoleBO> roles, Map<String, ?> map) {
Collection authorities = (Collection) map.get("authorities");
if (authorities.isEmpty()) {
authorities = new LinkedHashSet();
authorities.add(new RoleGrantedAuthority("ROLE_ALL"));
authorities.add(new RoleGrantedAuthority("ROLE_GROUP_ALL"));
return authorities;
}
Map<String, Object> params = new HashMap<>(1);
params.put(IApiConsts.ACCESS_TOKEN, ClientTokenManager.getInstance().getClientToken().getAccessToken());
String result = this.restTemplateUtil.doGetFormNormal(String.format("%s/resource/role/listrolebo/%s", oauthProperties.getOauthServer(), StringUtils.collectionToDelimitedString(authorities, "_")), params);
if (Objects.isNull(result)) {
throw new IllegalArgumentException("权限不足,无法获取角色权限信息");
}
JSONArray resultArray = JSONArray.parseArray(result);
/**
* 设置权限
*
* @param roleBOs
* @return
*/
private Collection<GrantedAuthority> getAuthorities(List<RoleBO> roleBOs) {
Set<GrantedAuthority> roleGrantedAuthoritySet = new LinkedHashSet<>();
for (int i = 0; i < resultArray.size(); i++) {
JSONObject resultObj = resultArray.getJSONObject(i);
RoleBO roleBO = resultObj.toJavaObject(RoleBO.class);
for (RoleBO roleBO : roleBOs) {
RoleGrantedAuthority roleGrantedAuthority = new RoleGrantedAuthority(roleBO.getRoleId(), roleBO);
roleGrantedAuthoritySet.add(roleGrantedAuthority);
roles.add(roleBO);
}
return roleGrantedAuthoritySet;
}

49
cloud-common/src/main/java/com/cm/common/component/SecurityComponent.java
View File

@ -1,13 +1,12 @@
package com.cm.common.component;
import com.cm.common.pojo.bos.RoleGrantedAuthority;
import com.cm.common.pojo.bos.UserBO;
import com.cm.common.pojo.bos.UserInfoBO;
import com.cm.common.pojo.bos.*;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import javax.swing.text.Position;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
@ -46,10 +45,12 @@ public class SecurityComponent {
userInfoBO.setDataAuthorityUserIds(userBO.getDataAuthorityUserIds());
userInfoBO.setBaseDepartmentIds(userBO.getBaseDepartmentIds());
userInfoBO.setRoles(userBO.getRoles());
userInfoBO.setDepartments(userBO.getDepartments());
userInfoBO.setGroups(userBO.getGroups());
userInfoBO.setPositions(userBO.getPositions());
}
if (user instanceof UserInfoBO) {
userInfoBO = (UserInfoBO) user;
}
return userInfoBO;
}
@ -70,6 +71,46 @@ public class SecurityComponent {
return roleIds;
}
/**
* 当前角色列表
*
* @return
*/
public List<RoleBO> listRole() {
UserInfoBO userInfoBO = getCurrentUser();
return userInfoBO.getRoles();
}
/**
* 部门列表
*
* @return
*/
public List<DepartmentBO> listDepartment() {
UserInfoBO userInfoBO = getCurrentUser();
return userInfoBO.getDepartments();
}
/**
* 组列表
*
* @return
*/
public List<GroupBO> listGroup() {
UserInfoBO userInfoBO = getCurrentUser();
return userInfoBO.getGroups();
}
/**
* 职位列白
*
* @return
*/
public List<PositionBO> listPosition() {
UserInfoBO userInfoBO = getCurrentUser();
return userInfoBO.getPositions();
}
/**
* 获取当前用户名
*

11
cloud-common/src/main/java/com/cm/common/pojo/bos/UserBO.java
View File

@ -26,6 +26,7 @@ public class UserBO extends User {
private List<RoleBO> roles;
private List<GroupBO> groups;
private List<DepartmentBO> departments;
private List<PositionBO> positions;
public UserBO() {
super("", "", null);
@ -127,6 +128,14 @@ public class UserBO extends User {
this.departments = departments;
}
public List<PositionBO> getPositions() {
return positions;
}
public void setPositions(List<PositionBO> positions) {
this.positions = positions;
}
@Override
public String toString() {
final StringBuilder sb = new StringBuilder("{");
@ -152,6 +161,8 @@ public class UserBO extends User {
.append(groups);
sb.append(",\"departments\":")
.append(departments);
sb.append(",\"positions\":")
.append(positions);
sb.append('}');
return sb.toString();
}

25
cloud-common/src/main/java/com/cm/common/pojo/bos/UserInfoBO.java
View File

@ -21,6 +21,8 @@ public class UserInfoBO {
private List<String> baseDepartmentIds;
private List<DepartmentBO> departments;
private List<RoleBO> roles;
private List<GroupBO> groups;
private List<PositionBO> positions;
public String getUserId() {
return userId == null ? "" : userId.trim();
@ -79,7 +81,7 @@ public class UserInfoBO {
}
public List<DepartmentBO> getDepartments() {
return departments;
return departments == null ? new ArrayList<>(0) : departments;
}
public void setDepartments(List<DepartmentBO> departments) {
@ -87,16 +89,29 @@ public class UserInfoBO {
}
public List<RoleBO> getRoles() {
if (roles == null) {
return new ArrayList<>();
}
return roles;
return roles == null ? new ArrayList<>(0) : roles;
}
public void setRoles(List<RoleBO> roles) {
this.roles = roles;
}
public List<GroupBO> getGroups() {
return groups == null ? new ArrayList<>(0) : groups;
}
public void setGroups(List<GroupBO> groups) {
this.groups = groups;
}
public List<PositionBO> getPositions() {
return positions == null ? new ArrayList<>(0) : positions;
}
public void setPositions(List<PositionBO> positions) {
this.positions = positions;
}
@Override
public String toString() {
final StringBuilder sb = new StringBuilder("{");

106
cloud-common/src/main/java/com/cm/common/pojo/dtos/UserAttrInfoDTO.java Normal file
View File

@ -0,0 +1,106 @@
package com.cm.common.pojo.dtos;
import com.cm.common.pojo.bos.DepartmentBO;
import com.cm.common.pojo.bos.GroupBO;
import com.cm.common.pojo.bos.PositionBO;
import com.cm.common.pojo.bos.RoleBO;
import java.util.List;
/**
* When you feel like quitting. Think about why you started
* 当你想要放弃的时候想想当初你为何开始
*
* @ClassName: UserAttrInfoBO
* @Description: 用户属性
* @Author: WangGeng
* @Date: 2020/2/7 1:42 下午
* @Version: 1.0
**/
public class UserAttrInfoDTO {
private List<RoleBO> roles;
private List<DepartmentBO> departments;
private List<GroupBO> groups;
private List<PositionBO> positions;
private String dataAuthority;
private List<String> baseDepartmentIds;
private List<String> dataAuthorityUserIds;
public List<RoleBO> getRoles() {
return roles;
}
public void setRoles(List<RoleBO> roles) {
this.roles = roles;
}
public List<DepartmentBO> getDepartments() {
return departments;
}
public void setDepartments(List<DepartmentBO> departments) {
this.departments = departments;
}
public List<GroupBO> getGroups() {
return groups;
}
public void setGroups(List<GroupBO> groups) {
this.groups = groups;
}
public List<PositionBO> getPositions() {
return positions;
}
public void setPositions(List<PositionBO> positions) {
this.positions = positions;
}
public String getDataAuthority() {
return dataAuthority == null ? "" : dataAuthority.trim();
}
public void setDataAuthority(String dataAuthority) {
this.dataAuthority = dataAuthority;
}
public List<String> getBaseDepartmentIds() {
return baseDepartmentIds;
}
public void setBaseDepartmentIds(List<String> baseDepartmentIds) {
this.baseDepartmentIds = baseDepartmentIds;
}
public List<String> getDataAuthorityUserIds() {
return dataAuthorityUserIds;
}
public void setDataAuthorityUserIds(List<String> dataAuthorityUserIds) {
this.dataAuthorityUserIds = dataAuthorityUserIds;
}
@Override
public String toString() {
final StringBuilder sb = new StringBuilder("{");
sb.append("\"roles\":")
.append(roles);
sb.append(",\"departments\":")
.append(departments);
sb.append(",\"groups\":")
.append(groups);
sb.append(",\"positions\":")
.append(positions);
sb.append(",\"dataAuthority\":")
.append("\"").append(dataAuthority).append("\"");
sb.append(",\"baseDepartmentIds\":")
.append(baseDepartmentIds);
sb.append(",\"dataAuthorityUserIds\":")
.append(dataAuthorityUserIds);
sb.append('}');
return sb.toString();
}
}

1
cloud-common/src/main/java/com/cm/common/token/app/AppTokenManager.java
View File

@ -66,6 +66,7 @@ public class AppTokenManager {
appToken.setToken(token);
appToken.setLastTime(System.currentTimeMillis());
appToken.setAppTokenUser(appTokenUser);
appToken.setUserId(appTokenUser.getId());
for (Map.Entry<String, AppToken> kvs : tokens.entrySet()) {
if (StringUtils.equals(appTokenUser.getId(), kvs.getValue().getUserId())) {
tokens.remove(kvs.getValue().getToken());