From 407e3bee7deead2e41f43b4fa7db1517cf458dfa Mon Sep 17 00:00:00 2001 From: wenc000 <450292408@qq.com> Date: Fri, 7 Feb 2020 19:17:14 +0800 Subject: [PATCH] =?UTF-8?q?=E8=B0=83=E6=95=B4=E5=8D=95=E7=82=B9=E7=99=BB?= =?UTF-8?q?=E5=BD=95=E7=9A=84Token=E5=A4=84=E7=90=86=E9=80=BB=E8=BE=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../converter/ClientUserAuthConverter.java | 78 +++++++------ .../common/component/SecurityComponent.java | 49 +++++++- .../java/com/cm/common/pojo/bos/UserBO.java | 11 ++ .../com/cm/common/pojo/bos/UserInfoBO.java | 25 ++++- .../cm/common/pojo/dtos/UserAttrInfoDTO.java | 106 ++++++++++++++++++ .../cm/common/token/app/AppTokenManager.java | 1 + 6 files changed, 229 insertions(+), 41 deletions(-) create mode 100644 cloud-common/src/main/java/com/cm/common/pojo/dtos/UserAttrInfoDTO.java diff --git a/cloud-common-plugin-oauth/src/main/java/com/cm/common/plugin/converter/ClientUserAuthConverter.java b/cloud-common-plugin-oauth/src/main/java/com/cm/common/plugin/converter/ClientUserAuthConverter.java index 8410d6e..4f887b6 100644 --- a/cloud-common-plugin-oauth/src/main/java/com/cm/common/plugin/converter/ClientUserAuthConverter.java +++ b/cloud-common-plugin-oauth/src/main/java/com/cm/common/plugin/converter/ClientUserAuthConverter.java @@ -3,12 +3,17 @@ package com.cm.common.plugin.converter; import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson.JSONObject; import com.cm.common.config.properties.OauthProperties; +import com.cm.common.constants.ISystemConstant; import com.cm.common.plugin.IApiConsts; import com.cm.common.plugin.oauth.token.ClientTokenManager; import com.cm.common.plugin.utils.RestTemplateUtil; import com.cm.common.pojo.bos.RoleBO; import com.cm.common.pojo.bos.RoleGrantedAuthority; import com.cm.common.pojo.bos.UserInfoBO; +import com.cm.common.pojo.dtos.UserAttrInfoDTO; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.JavaType; +import com.fasterxml.jackson.databind.ObjectMapper; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; @@ -17,6 +22,7 @@ import org.springframework.security.core.GrantedAuthority; import org.springframework.security.oauth2.provider.token.UserAuthenticationConverter; import org.springframework.util.StringUtils; +import java.io.IOException; import java.util.*; /** @@ -45,52 +51,60 @@ public class ClientUserAuthConverter implements UserAuthenticationConverter { Object principal = map.get("user_name"); if (!Objects.isNull(principal)) { Collection authorities; - List roles = new ArrayList<>(); - if ("admin".equals(principal.toString())) { - authorities = new LinkedHashSet<>(); - authorities.add(new RoleGrantedAuthority("ROLE_ALL")); - authorities.add(new RoleGrantedAuthority("ROLE_GROUP_ALL")); - } else { - authorities = getAuthorities(roles, map); - } - // 包含用户信息,则直接抽取其中的用户信息 Map userInfo = (Map) map.get("user_info"); UserInfoBO userInfoBO = new UserInfoBO(); userInfoBO.setUserId(userInfo.get("userId").toString()); userInfoBO.setUserUsername(userInfo.get("username").toString()); userInfoBO.setUserName(userInfo.get("userName").toString()); userInfoBO.setUserPhone(userInfo.get("userPhone") == null ? "" : userInfo.get("userPhone").toString()); - userInfoBO.setRoles(roles); + if (ISystemConstant.ADMIN.equals(principal.toString())) { + authorities = new LinkedHashSet<>(); + authorities.add(new RoleGrantedAuthority("ROLE_ALL")); + authorities.add(new RoleGrantedAuthority("ROLE_GROUP_ALL")); + } else { + Map params = new HashMap<>(1); + params.put(IApiConsts.ACCESS_TOKEN, ClientTokenManager.getInstance().getClientToken().getAccessToken()); + String result = this.restTemplateUtil.doGetFormNormal(String.format("%s/resource/user/getuserinfobyuserid/%s", oauthProperties.getOauthServer(), userInfoBO.getUserId()), params); + if (Objects.isNull(result)) { + throw new IllegalArgumentException("系统错误"); + } + try { + // 获取角色信息 + ObjectMapper objectMapper = new ObjectMapper(); + UserAttrInfoDTO userAttrInfoDTO = objectMapper.readValue(result, UserAttrInfoDTO.class); + userInfoBO.setDepartments(userAttrInfoDTO.getDepartments()); + userInfoBO.setRoles(userAttrInfoDTO.getRoles()); + userInfoBO.setGroups(userAttrInfoDTO.getGroups()); + userInfoBO.setPositions(userAttrInfoDTO.getPositions()); + userInfoBO.setDataAuthority(userAttrInfoDTO.getDataAuthority()); + userInfoBO.setDataAuthorityUserIds(userAttrInfoDTO.getDataAuthorityUserIds()); + userInfoBO.setBaseDepartmentIds(userAttrInfoDTO.getBaseDepartmentIds()); + + authorities = getAuthorities(userAttrInfoDTO.getRoles()); + } catch (IOException e) { + LOG.error(e.getMessage(), e); + throw new IllegalArgumentException("系统错误"); + } + } + principal = userInfoBO; - LOG.debug("获取用户权限"); + LOG.debug("设置Token"); return new UsernamePasswordAuthenticationToken(principal, "N/A", authorities); - } else { - return null; } + return null; } - private Collection getAuthorities(List roles, Map map) { - Collection authorities = (Collection) map.get("authorities"); - if (authorities.isEmpty()) { - authorities = new LinkedHashSet(); - authorities.add(new RoleGrantedAuthority("ROLE_ALL")); - authorities.add(new RoleGrantedAuthority("ROLE_GROUP_ALL")); - return authorities; - } - Map params = new HashMap<>(1); - params.put(IApiConsts.ACCESS_TOKEN, ClientTokenManager.getInstance().getClientToken().getAccessToken()); - String result = this.restTemplateUtil.doGetFormNormal(String.format("%s/resource/role/listrolebo/%s", oauthProperties.getOauthServer(), StringUtils.collectionToDelimitedString(authorities, "_")), params); - if (Objects.isNull(result)) { - throw new IllegalArgumentException("权限不足,无法获取角色权限信息"); - } - JSONArray resultArray = JSONArray.parseArray(result); + /** + * 设置权限 + * + * @param roleBOs + * @return + */ + private Collection getAuthorities(List roleBOs) { Set roleGrantedAuthoritySet = new LinkedHashSet<>(); - for (int i = 0; i < resultArray.size(); i++) { - JSONObject resultObj = resultArray.getJSONObject(i); - RoleBO roleBO = resultObj.toJavaObject(RoleBO.class); + for (RoleBO roleBO : roleBOs) { RoleGrantedAuthority roleGrantedAuthority = new RoleGrantedAuthority(roleBO.getRoleId(), roleBO); roleGrantedAuthoritySet.add(roleGrantedAuthority); - roles.add(roleBO); } return roleGrantedAuthoritySet; } diff --git a/cloud-common/src/main/java/com/cm/common/component/SecurityComponent.java b/cloud-common/src/main/java/com/cm/common/component/SecurityComponent.java index 442dddc..133b633 100644 --- a/cloud-common/src/main/java/com/cm/common/component/SecurityComponent.java +++ b/cloud-common/src/main/java/com/cm/common/component/SecurityComponent.java @@ -1,13 +1,12 @@ package com.cm.common.component; -import com.cm.common.pojo.bos.RoleGrantedAuthority; -import com.cm.common.pojo.bos.UserBO; -import com.cm.common.pojo.bos.UserInfoBO; +import com.cm.common.pojo.bos.*; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Component; +import javax.swing.text.Position; import java.util.ArrayList; import java.util.Collection; import java.util.List; @@ -46,10 +45,12 @@ public class SecurityComponent { userInfoBO.setDataAuthorityUserIds(userBO.getDataAuthorityUserIds()); userInfoBO.setBaseDepartmentIds(userBO.getBaseDepartmentIds()); userInfoBO.setRoles(userBO.getRoles()); + userInfoBO.setDepartments(userBO.getDepartments()); + userInfoBO.setGroups(userBO.getGroups()); + userInfoBO.setPositions(userBO.getPositions()); } if (user instanceof UserInfoBO) { userInfoBO = (UserInfoBO) user; - } return userInfoBO; } @@ -70,6 +71,46 @@ public class SecurityComponent { return roleIds; } + /** + * 当前角色列表 + * + * @return + */ + public List listRole() { + UserInfoBO userInfoBO = getCurrentUser(); + return userInfoBO.getRoles(); + } + + /** + * 部门列表 + * + * @return + */ + public List listDepartment() { + UserInfoBO userInfoBO = getCurrentUser(); + return userInfoBO.getDepartments(); + } + + /** + * 组列表 + * + * @return + */ + public List listGroup() { + UserInfoBO userInfoBO = getCurrentUser(); + return userInfoBO.getGroups(); + } + + /** + * 职位列白 + * + * @return + */ + public List listPosition() { + UserInfoBO userInfoBO = getCurrentUser(); + return userInfoBO.getPositions(); + } + /** * 获取当前用户名 * diff --git a/cloud-common/src/main/java/com/cm/common/pojo/bos/UserBO.java b/cloud-common/src/main/java/com/cm/common/pojo/bos/UserBO.java index 9b1ec7d..6f2dfc4 100644 --- a/cloud-common/src/main/java/com/cm/common/pojo/bos/UserBO.java +++ b/cloud-common/src/main/java/com/cm/common/pojo/bos/UserBO.java @@ -26,6 +26,7 @@ public class UserBO extends User { private List roles; private List groups; private List departments; + private List positions; public UserBO() { super("", "", null); @@ -127,6 +128,14 @@ public class UserBO extends User { this.departments = departments; } + public List getPositions() { + return positions; + } + + public void setPositions(List positions) { + this.positions = positions; + } + @Override public String toString() { final StringBuilder sb = new StringBuilder("{"); @@ -152,6 +161,8 @@ public class UserBO extends User { .append(groups); sb.append(",\"departments\":") .append(departments); + sb.append(",\"positions\":") + .append(positions); sb.append('}'); return sb.toString(); } diff --git a/cloud-common/src/main/java/com/cm/common/pojo/bos/UserInfoBO.java b/cloud-common/src/main/java/com/cm/common/pojo/bos/UserInfoBO.java index 5b5ef22..c65d7af 100644 --- a/cloud-common/src/main/java/com/cm/common/pojo/bos/UserInfoBO.java +++ b/cloud-common/src/main/java/com/cm/common/pojo/bos/UserInfoBO.java @@ -21,6 +21,8 @@ public class UserInfoBO { private List baseDepartmentIds; private List departments; private List roles; + private List groups; + private List positions; public String getUserId() { return userId == null ? "" : userId.trim(); @@ -79,7 +81,7 @@ public class UserInfoBO { } public List getDepartments() { - return departments; + return departments == null ? new ArrayList<>(0) : departments; } public void setDepartments(List departments) { @@ -87,16 +89,29 @@ public class UserInfoBO { } public List getRoles() { - if (roles == null) { - return new ArrayList<>(); - } - return roles; + return roles == null ? new ArrayList<>(0) : roles; } public void setRoles(List roles) { this.roles = roles; } + public List getGroups() { + return groups == null ? new ArrayList<>(0) : groups; + } + + public void setGroups(List groups) { + this.groups = groups; + } + + public List getPositions() { + return positions == null ? new ArrayList<>(0) : positions; + } + + public void setPositions(List positions) { + this.positions = positions; + } + @Override public String toString() { final StringBuilder sb = new StringBuilder("{"); diff --git a/cloud-common/src/main/java/com/cm/common/pojo/dtos/UserAttrInfoDTO.java b/cloud-common/src/main/java/com/cm/common/pojo/dtos/UserAttrInfoDTO.java new file mode 100644 index 0000000..40cd523 --- /dev/null +++ b/cloud-common/src/main/java/com/cm/common/pojo/dtos/UserAttrInfoDTO.java @@ -0,0 +1,106 @@ +package com.cm.common.pojo.dtos; + +import com.cm.common.pojo.bos.DepartmentBO; +import com.cm.common.pojo.bos.GroupBO; +import com.cm.common.pojo.bos.PositionBO; +import com.cm.common.pojo.bos.RoleBO; + +import java.util.List; + +/** + * When you feel like quitting. Think about why you started + * 当你想要放弃的时候,想想当初你为何开始 + * + * @ClassName: UserAttrInfoBO + * @Description: 用户属性 + * @Author: WangGeng + * @Date: 2020/2/7 1:42 下午 + * @Version: 1.0 + **/ +public class UserAttrInfoDTO { + + private List roles; + private List departments; + private List groups; + private List positions; + private String dataAuthority; + private List baseDepartmentIds; + private List dataAuthorityUserIds; + + public List getRoles() { + return roles; + } + + public void setRoles(List roles) { + this.roles = roles; + } + + public List getDepartments() { + return departments; + } + + public void setDepartments(List departments) { + this.departments = departments; + } + + public List getGroups() { + return groups; + } + + public void setGroups(List groups) { + this.groups = groups; + } + + public List getPositions() { + return positions; + } + + public void setPositions(List positions) { + this.positions = positions; + } + + public String getDataAuthority() { + return dataAuthority == null ? "" : dataAuthority.trim(); + } + + public void setDataAuthority(String dataAuthority) { + this.dataAuthority = dataAuthority; + } + + public List getBaseDepartmentIds() { + return baseDepartmentIds; + } + + public void setBaseDepartmentIds(List baseDepartmentIds) { + this.baseDepartmentIds = baseDepartmentIds; + } + + public List getDataAuthorityUserIds() { + return dataAuthorityUserIds; + } + + public void setDataAuthorityUserIds(List dataAuthorityUserIds) { + this.dataAuthorityUserIds = dataAuthorityUserIds; + } + + @Override + public String toString() { + final StringBuilder sb = new StringBuilder("{"); + sb.append("\"roles\":") + .append(roles); + sb.append(",\"departments\":") + .append(departments); + sb.append(",\"groups\":") + .append(groups); + sb.append(",\"positions\":") + .append(positions); + sb.append(",\"dataAuthority\":") + .append("\"").append(dataAuthority).append("\""); + sb.append(",\"baseDepartmentIds\":") + .append(baseDepartmentIds); + sb.append(",\"dataAuthorityUserIds\":") + .append(dataAuthorityUserIds); + sb.append('}'); + return sb.toString(); + } +} diff --git a/cloud-common/src/main/java/com/cm/common/token/app/AppTokenManager.java b/cloud-common/src/main/java/com/cm/common/token/app/AppTokenManager.java index b578429..01834b6 100644 --- a/cloud-common/src/main/java/com/cm/common/token/app/AppTokenManager.java +++ b/cloud-common/src/main/java/com/cm/common/token/app/AppTokenManager.java @@ -66,6 +66,7 @@ public class AppTokenManager { appToken.setToken(token); appToken.setLastTime(System.currentTimeMillis()); appToken.setAppTokenUser(appTokenUser); + appToken.setUserId(appTokenUser.getId()); for (Map.Entry kvs : tokens.entrySet()) { if (StringUtils.equals(appTokenUser.getId(), kvs.getValue().getUserId())) { tokens.remove(kvs.getValue().getToken());