jiangyc/RuoYi-Vue-Plus
1
0
Fork 0
mirror of https://github.com/dromara/RuoYi-Vue-Plus.git synced 2025-09-24 07:19:46 +08:00
Code Issues Packages Projects Releases Wiki Activity

update 整合 satoken 权限、鉴权一体化框架

Browse Source
This commit is contained in:
疯狂的狮子li
2021-09-23 19:13:58 +08:00
parent 071c4c1412
commit 553c29ab8a
54 changed files with 653 additions and 1581 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserOnlineService.java
View File

@ -1,47 +0,0 @@
package com.ruoyi.system.service;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.system.domain.SysUserOnline;
/**
* 在线用户 服务层
*
* @author ruoyi
*/
public interface ISysUserOnlineService {
/**
* 通过登录地址查询信息
*
* @param ipaddr 登录地址
* @param user 用户信息
* @return 在线用户信息
*/
public SysUserOnline selectOnlineByIpaddr(String ipaddr, LoginUser user);
/**
* 通过用户名称查询信息
*
* @param userName 用户名称
* @param user 用户信息
* @return 在线用户信息
*/
public SysUserOnline selectOnlineByUserName(String userName, LoginUser user);
/**
* 通过登录地址/用户名称查询信息
*
* @param ipaddr 登录地址
* @param userName 用户名称
* @param user 用户信息
* @return 在线用户信息
*/
public SysUserOnline selectOnlineByInfo(String ipaddr, String userName, LoginUser user);
/**
* 设置在线用户信息
*
* @param user 用户信息
* @return 在线用户
*/
public SysUserOnline loginUserToUserOnline(LoginUser user);
}

3
ruoyi-system/src/main/java/com/ruoyi/system/service/ISysUserService.java
View File

@ -3,6 +3,7 @@ package com.ruoyi.system.service;
import com.baomidou.mybatisplus.extension.service.IService;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.page.TableDataInfo;
import com.ruoyi.common.core.service.IUserService;
import java.util.List;
@ -11,7 +12,7 @@ import java.util.List;
*
* @author ruoyi
*/
public interface ISysUserService extends IService<SysUser> {
public interface ISysUserService extends IService<SysUser>, IUserService {
TableDataInfo<SysUser> selectPageUserList(SysUser user);

166
ruoyi-system/src/main/java/com/ruoyi/system/service/PermissionService.java
View File

@ -1,166 +0,0 @@
package com.ruoyi.system.service;
import com.ruoyi.common.core.domain.entity.SysRole;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.utils.SecurityUtils;
import com.ruoyi.common.utils.StringUtils;
import org.springframework.stereotype.Service;
import org.springframework.util.CollectionUtils;
import java.util.Set;
/**
* RuoYi首创 自定义权限实现ss取自SpringSecurity首字母
*
* @author ruoyi
*/
@Service("ss")
public class PermissionService
{
/** 所有权限标识 */
private static final String ALL_PERMISSION = "*:*:*";
/** 管理员角色权限标识 */
private static final String SUPER_ADMIN = "admin";
private static final String ROLE_DELIMETER = ",";
private static final String PERMISSION_DELIMETER = ",";
/**
* 验证用户是否具备某权限
*
* @param permission 权限字符串
* @return 用户是否具备某权限
*/
public boolean hasPermi(String permission)
{
if (StringUtils.isEmpty(permission))
{
return false;
}
LoginUser loginUser = SecurityUtils.getLoginUser();
if (StringUtils.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getPermissions()))
{
return false;
}
return hasPermissions(loginUser.getPermissions(), permission);
}
/**
* 验证用户是否不具备某权限,与 hasPermi逻辑相反
*
* @param permission 权限字符串
* @return 用户是否不具备某权限
*/
public boolean lacksPermi(String permission)
{
return hasPermi(permission) != true;
}
/**
* 验证用户是否具有以下任意一个权限
*
* @param permissions 以 PERMISSION_NAMES_DELIMETER 为分隔符的权限列表
* @return 用户是否具有以下任意一个权限
*/
public boolean hasAnyPermi(String permissions)
{
if (StringUtils.isEmpty(permissions))
{
return false;
}
LoginUser loginUser = SecurityUtils.getLoginUser();
if (StringUtils.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getPermissions()))
{
return false;
}
Set<String> authorities = loginUser.getPermissions();
for (String permission : permissions.split(PERMISSION_DELIMETER))
{
if (permission != null && hasPermissions(authorities, permission))
{
return true;
}
}
return false;
}
/**
* 判断用户是否拥有某个角色
*
* @param role 角色字符串
* @return 用户是否具备某角色
*/
public boolean hasRole(String role)
{
if (StringUtils.isEmpty(role))
{
return false;
}
LoginUser loginUser = SecurityUtils.getLoginUser();
if (StringUtils.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getUser().getRoles()))
{
return false;
}
for (SysRole sysRole : loginUser.getUser().getRoles())
{
String roleKey = sysRole.getRoleKey();
if (SUPER_ADMIN.equals(roleKey) || roleKey.equals(StringUtils.trim(role)))
{
return true;
}
}
return false;
}
/**
* 验证用户是否不具备某角色,与 isRole逻辑相反。
*
* @param role 角色名称
* @return 用户是否不具备某角色
*/
public boolean lacksRole(String role)
{
return hasRole(role) != true;
}
/**
* 验证用户是否具有以下任意一个角色
*
* @param roles 以 ROLE_NAMES_DELIMETER 为分隔符的角色列表
* @return 用户是否具有以下任意一个角色
*/
public boolean hasAnyRoles(String roles)
{
if (StringUtils.isEmpty(roles))
{
return false;
}
LoginUser loginUser = SecurityUtils.getLoginUser();
if (StringUtils.isNull(loginUser) || CollectionUtils.isEmpty(loginUser.getUser().getRoles()))
{
return false;
}
for (String role : roles.split(ROLE_DELIMETER))
{
if (hasRole(role))
{
return true;
}
}
return false;
}
/**
* 判断是否包含权限
*
* @param permissions 权限列表
* @param permission 权限字符串
* @return 用户是否具备某权限
*/
private boolean hasPermissions(Set<String> permissions, String permission)
{
return permissions.contains(ALL_PERMISSION) || permissions.contains(StringUtils.trim(permission));
}
}

65
ruoyi-system/src/main/java/com/ruoyi/system/service/SysLoginService.java
View File

@ -1,26 +1,20 @@
package com.ruoyi.system.service;
import cn.dev33.satoken.stp.StpUtil;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.core.service.LogininforService;
import com.ruoyi.common.core.service.TokenService;
import com.ruoyi.common.enums.UserStatus;
import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.exception.user.CaptchaException;
import com.ruoyi.common.exception.user.CaptchaExpireException;
import com.ruoyi.common.exception.user.UserPasswordNotMatchException;
import com.ruoyi.common.utils.DateUtils;
import com.ruoyi.common.utils.MessageUtils;
import com.ruoyi.common.utils.RedisUtils;
import com.ruoyi.common.utils.ServletUtils;
import com.ruoyi.common.utils.*;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Component;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
/**
@ -28,14 +22,10 @@ import javax.servlet.http.HttpServletRequest;
*
* @author ruoyi
*/
@Slf4j
@Component
public class SysLoginService
{
@Autowired
private TokenService tokenService;
@Resource
private AuthenticationManager authenticationManager;
@Autowired
private ISysUserService userService;
@ -64,32 +54,35 @@ public class SysLoginService
{
validateCaptcha(username, code, uuid, request);
}
// 用户验证
Authentication authentication = null;
try
SysUser user = userService.selectUserByUserName(username);
if (StringUtils.isNull(user))
{
// 该方法会去调用UserDetailsServiceImpl.loadUserByUsername
authentication = authenticationManager
.authenticate(new UsernamePasswordAuthenticationToken(username, password));
log.info("登录用户:{} 不存在.", username);
throw new ServiceException("登录用户:" + username + " 不存在");
}
catch (Exception e)
else if (UserStatus.DELETED.getCode().equals(user.getDelFlag()))
{
if (e instanceof BadCredentialsException)
{
asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match"), request);
throw new UserPasswordNotMatchException();
}
else
{
asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, e.getMessage(), request);
throw new ServiceException(e.getMessage());
}
log.info("登录用户:{} 已被删除.", username);
throw new ServiceException("对不起,您的账号:" + username + " 已被删除");
}
else if (UserStatus.DISABLE.getCode().equals(user.getStatus()))
{
log.info("登录用户:{} 已被停用.", username);
throw new ServiceException("对不起,您的账号:" + username + " 已停用");
}
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String encodePassword = passwordEncoder.encode(password);
if (SecurityUtils.matchesPassword(user.getPassword(), encodePassword))
{
asyncService.recordLogininfor(username, Constants.LOGIN_FAIL, MessageUtils.message("user.password.not.match"), request);
throw new UserPasswordNotMatchException();
}
asyncService.recordLogininfor(username, Constants.LOGIN_SUCCESS, MessageUtils.message("user.login.success"), request);
LoginUser loginUser = (LoginUser) authentication.getPrincipal();
recordLoginInfo(loginUser.getUser());
recordLoginInfo(user);
// 生成token
return tokenService.createToken(loginUser);
StpUtil.login(user.getUserId(), "PC");
return StpUtil.getTokenValue();
}
/**

36
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SaInterfaceImpl.java Normal file
View File

@ -0,0 +1,36 @@
package com.ruoyi.system.service.impl;
import cn.dev33.satoken.stp.StpInterface;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.system.service.ISysUserService;
import com.ruoyi.system.service.SysPermissionService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
@Component
public class SaInterfaceImpl implements StpInterface {
@Autowired
private SysPermissionService sysPermissionService;
@Autowired
private ISysUserService iSysUserService;
@Override
public List<String> getPermissionList(Object loginId, String loginType) {
SysUser user = iSysUserService.getById(loginId.toString());
Set<String> menuPermission = sysPermissionService.getMenuPermission(user);
//采用的是用户里自带的权限实现一次性访问reids,进行判断是否可以访问
return new ArrayList<>(menuPermission);
}
@Override
public List<String> getRoleList(Object loginId, String loginType) {
SysUser user = iSysUserService.getById(loginId.toString());
Set<String> rolePermission = sysPermissionService.getRolePermission(user);
return new ArrayList<>(rolePermission);
}
}

86
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/SysUserOnlineServiceImpl.java
View File

@ -1,86 +0,0 @@
package com.ruoyi.system.service.impl;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.system.domain.SysUserOnline;
import com.ruoyi.system.service.ISysUserOnlineService;
import org.springframework.stereotype.Service;
/**
* 在线用户 服务层处理
*
* @author ruoyi
*/
@Service
public class SysUserOnlineServiceImpl implements ISysUserOnlineService {
/**
* 通过登录地址查询信息
*
* @param ipaddr 登录地址
* @param user 用户信息
* @return 在线用户信息
*/
@Override
public SysUserOnline selectOnlineByIpaddr(String ipaddr, LoginUser user) {
if (StringUtils.equals(ipaddr, user.getIpaddr())) {
return loginUserToUserOnline(user);
}
return null;
}
/**
* 通过用户名称查询信息
*
* @param userName 用户名称
* @param user 用户信息
* @return 在线用户信息
*/
@Override
public SysUserOnline selectOnlineByUserName(String userName, LoginUser user) {
if (StringUtils.equals(userName, user.getUsername())) {
return loginUserToUserOnline(user);
}
return null;
}
/**
* 通过登录地址/用户名称查询信息
*
* @param ipaddr 登录地址
* @param userName 用户名称
* @param user 用户信息
* @return 在线用户信息
*/
@Override
public SysUserOnline selectOnlineByInfo(String ipaddr, String userName, LoginUser user) {
if (StringUtils.equals(ipaddr, user.getIpaddr()) && StringUtils.equals(userName, user.getUsername())) {
return loginUserToUserOnline(user);
}
return null;
}
/**
* 设置在线用户信息
*
* @param user 用户信息
* @return 在线用户
*/
@Override
public SysUserOnline loginUserToUserOnline(LoginUser user) {
if (StringUtils.isNull(user) || StringUtils.isNull(user.getUser())) {
return null;
}
SysUserOnline sysUserOnline = new SysUserOnline();
sysUserOnline.setTokenId(user.getToken());
sysUserOnline.setUserName(user.getUsername());
sysUserOnline.setIpaddr(user.getIpaddr());
sysUserOnline.setLoginLocation(user.getLoginLocation());
sysUserOnline.setBrowser(user.getBrowser());
sysUserOnline.setOs(user.getOs());
sysUserOnline.setLoginTime(user.getLoginTime());
if (StringUtils.isNotNull(user.getUser().getDept())) {
sysUserOnline.setDeptName(user.getUser().getDept().getDeptName());
}
return sysUserOnline;
}
}

204
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/TokenServiceImpl.java
View File

@ -1,204 +0,0 @@
package com.ruoyi.system.service.impl;
import cn.hutool.core.util.IdUtil;
import cn.hutool.http.useragent.UserAgent;
import cn.hutool.http.useragent.UserAgentUtil;
import com.ruoyi.common.constant.Constants;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.core.service.TokenService;
import com.ruoyi.common.properties.TokenProperties;
import com.ruoyi.common.utils.RedisUtils;
import com.ruoyi.common.utils.ServletUtils;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.common.utils.ip.AddressUtils;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
/**
* token验证处理
*
* @author Lion Li
*/
@Component
public class TokenServiceImpl implements TokenService {
protected static final long MILLIS_SECOND = 1000;
protected static final long MILLIS_MINUTE = 60 * MILLIS_SECOND;
private static final Long MILLIS_MINUTE_TEN = 20 * 60 * 1000L;
@Autowired
private TokenProperties tokenProperties;
/**
* 获取用户身份信息
*
* @return 用户信息
*/
@Override
public LoginUser getLoginUser(HttpServletRequest request) {
// 获取请求携带的令牌
String token = getToken(request);
if (StringUtils.isNotEmpty(token)) {
try {
Claims claims = parseToken(token);
// 解析对应的权限以及用户信息
String uuid = (String) claims.get(Constants.LOGIN_USER_KEY);
String userKey = getTokenKey(uuid);
LoginUser user = RedisUtils.getCacheObject(userKey);
return user;
} catch (Exception e) {
}
}
return null;
}
/**
* 设置用户身份信息
*/
@Override
public void setLoginUser(LoginUser loginUser) {
if (StringUtils.isNotNull(loginUser) && StringUtils.isNotEmpty(loginUser.getToken())) {
refreshToken(loginUser);
}
}
/**
* 删除用户身份信息
*/
@Override
public void delLoginUser(String token) {
if (StringUtils.isNotEmpty(token)) {
String userKey = getTokenKey(token);
RedisUtils.deleteObject(userKey);
}
}
/**
* 创建令牌
*
* @param loginUser 用户信息
* @return 令牌
*/
@Override
public String createToken(LoginUser loginUser) {
String token = IdUtil.fastUUID();
loginUser.setToken(token);
setUserAgent(loginUser);
refreshToken(loginUser);
Map<String, Object> claims = new HashMap<>();
claims.put(Constants.LOGIN_USER_KEY, token);
return createToken(claims);
}
/**
* 验证令牌有效期相差不足20分钟自动刷新缓存
*
* @param loginUser
* @return 令牌
*/
@Override
public void verifyToken(LoginUser loginUser) {
long expireTime = loginUser.getExpireTime();
long currentTime = System.currentTimeMillis();
if (expireTime - currentTime <= MILLIS_MINUTE_TEN) {
refreshToken(loginUser);
}
}
/**
* 刷新令牌有效期
*
* @param loginUser 登录信息
*/
@Override
public void refreshToken(LoginUser loginUser) {
loginUser.setLoginTime(System.currentTimeMillis());
loginUser.setExpireTime(loginUser.getLoginTime() + tokenProperties.getExpireTime() * MILLIS_MINUTE);
// 根据uuid将loginUser缓存
String userKey = getTokenKey(loginUser.getToken());
RedisUtils.setCacheObject(userKey, loginUser, tokenProperties.getExpireTime(), TimeUnit.MINUTES);
}
/**
* 设置用户代理信息
*
* @param loginUser 登录信息
*/
@Override
public void setUserAgent(LoginUser loginUser) {
UserAgent userAgent = UserAgentUtil.parse(ServletUtils.getRequest().getHeader("User-Agent"));
String ip = ServletUtils.getClientIP();
loginUser.setIpaddr(ip);
loginUser.setLoginLocation(AddressUtils.getRealAddressByIP(ip));
loginUser.setBrowser(userAgent.getBrowser().getName());
loginUser.setOs(userAgent.getOs().getName());
}
/**
* 从数据声明生成令牌
*
* @param claims 数据声明
* @return 令牌
*/
private String createToken(Map<String, Object> claims) {
String token = Jwts.builder()
.setClaims(claims)
.signWith(SignatureAlgorithm.HS512, tokenProperties.getSecret()).compact();
return token;
}
/**
* 从令牌中获取数据声明
*
* @param token 令牌
* @return 数据声明
*/
private Claims parseToken(String token) {
return Jwts.parser()
.setSigningKey(tokenProperties.getSecret())
.parseClaimsJws(token)
.getBody();
}
/**
* 从令牌中获取用户名
*
* @param token 令牌
* @return 用户名
*/
@Override
public String getUsernameFromToken(String token) {
Claims claims = parseToken(token);
return claims.getSubject();
}
/**
* 获取请求token
*
* @param request
* @return token
*/
private String getToken(HttpServletRequest request) {
String token = request.getHeader(tokenProperties.getHeader());
if (StringUtils.isNotEmpty(token) && token.startsWith(Constants.TOKEN_PREFIX)) {
token = token.replace(Constants.TOKEN_PREFIX, "");
}
return token;
}
private String getTokenKey(String uuid) {
return Constants.LOGIN_TOKEN_KEY + uuid;
}
}

60
ruoyi-system/src/main/java/com/ruoyi/system/service/impl/UserDetailsServiceImpl.java
View File

@ -1,60 +0,0 @@
package com.ruoyi.system.service.impl;
import com.ruoyi.common.core.domain.entity.SysUser;
import com.ruoyi.common.core.domain.model.LoginUser;
import com.ruoyi.common.enums.UserStatus;
import com.ruoyi.common.exception.ServiceException;
import com.ruoyi.common.utils.StringUtils;
import com.ruoyi.system.service.ISysUserService;
import com.ruoyi.system.service.SysPermissionService;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
/**
* 用户验证处理
*
* @author ruoyi
*/
@Slf4j
@Service
public class UserDetailsServiceImpl implements UserDetailsService
{
@Autowired
private ISysUserService userService;
@Autowired
private SysPermissionService permissionService;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException
{
SysUser user = userService.selectUserByUserName(username);
if (StringUtils.isNull(user))
{
log.info("登录用户:{} 不存在.", username);
throw new ServiceException("登录用户:" + username + " 不存在");
}
else if (UserStatus.DELETED.getCode().equals(user.getDelFlag()))
{
log.info("登录用户:{} 已被删除.", username);
throw new ServiceException("对不起,您的账号:" + username + " 已被删除");
}
else if (UserStatus.DISABLE.getCode().equals(user.getStatus()))
{
log.info("登录用户:{} 已被停用.", username);
throw new ServiceException("对不起,您的账号:" + username + " 已停用");
}
return createLoginUser(user);
}
public UserDetails createLoginUser(SysUser user)
{
return new LoginUser(user.getUserId(), user.getDeptId(), user, permissionService.getMenuPermission(user));
}
}