Home Explore Help
Register Sign In
zhoufan
/
webapidemo
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Commits 70 Releases 0 Wiki
Browse Source

新增鉴权模块

zhoufan 2 years ago
parent
d1cf0390b1
commit
837f1cb1da
1 changed files with 70 additions and 26 deletions
Split View Show Diff Stats
  1. 70 26
      webapidemo-api/src/main/java/com/example/filter/AuthenticationInterceptor.java

+ 70 - 26
webapidemo-api/src/main/java/com/example/filter/AuthenticationInterceptor.java
View File 

@@ -1,8 +1,14 @@
1 1 
 package com.example.filter;
2 2
3 3 
 import com.alibaba.fastjson2.JSON;
4 
-import com.example.service.system.IUserService;
4 
+import com.example.entity.database.system.User;
5 
+import com.example.entity.view.system.UserView;
6 
+import com.example.model.AjaxResult;
7 
+import com.example.service.system.*;
5 8 
 import com.example.util.annotation.Anonymous;
9 
+import com.example.util.helper.JwtHelper;
10 
+import com.example.util.helper.StringHelper;
11 
+import io.jsonwebtoken.Claims;
6 12 
 import lombok.extern.slf4j.Slf4j;
7 13 
 import org.springframework.beans.factory.annotation.Autowired;
8 14 
 import org.springframework.http.HttpHeaders;
 
@@ -16,8 +22,8 @@ import javax.servlet.http.HttpServletRequest;
16 22 
 import javax.servlet.http.HttpServletResponse;
17 23 
 import java.io.PrintWriter;
18 24 
 import java.lang.reflect.Method;
19 
-import java.util.HashMap;
20 
-import java.util.Map;
25 
+import java.util.*;
26 
+import java.util.stream.Collectors;
21 27
22 28 
 @Slf4j
23 29 
 @Component
 
@@ -25,6 +31,12 @@ public class AuthenticationInterceptor implements HandlerInterceptor {
25 31
26 32 
     @Autowired
27 33 
     private IUserService userService;
34 
+    @Autowired
35 
+    private IUserRoleService userRoleService;
36 
+    @Autowired
37 
+    private IRoleMenuService roleMenuService;
38 
+    @Autowired
39 
+    private IMenuService menuService;
28 40
29 41 
     @Override
30 42 
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
 
@@ -34,9 +46,9 @@ public class AuthenticationInterceptor implements HandlerInterceptor {
34 46 
         response.setCharacterEncoding("UTF-8");
35 47 
         response.setContentType("application/json; charset=utf-8");
36 48
37 
-        Map map = new HashMap();
38 
-        boolean isAuth = false;
39 49
50 
+        boolean isAuth = false;
51 
+        AjaxResult result=new AjaxResult();
40 52 
         try {
41 53 
             // 如果不是映射到方法直接通过
42 54 
             if (!(handler instanceof HandlerMethod)) {
 
@@ -44,7 +56,7 @@ public class AuthenticationInterceptor implements HandlerInterceptor {
44 56 
             }
45 57 
             HandlerMethod handlerMethod = (HandlerMethod) handler;
46 58 
             //检查控制器是否有Anonymous注释,有则跳过认证
47 
-            String name=handlerMethod.getBeanType().getName();
59 
+
48 60 
             if (handlerMethod.getBeanType().isAnnotationPresent(Anonymous.class)) {
49 61 
                 return true;
50 62 
             }
 
@@ -53,23 +65,55 @@ public class AuthenticationInterceptor implements HandlerInterceptor {
53 65 
             if (method.isAnnotationPresent(Anonymous.class)) {
54 66 
                 return true;
55 67 
             }
56 
-            return true;
57 
-//            if(!StringHelper.isEmpty(token) ) {
58 
-//                // 执行认证
59 
-//                token = token.substring(7);
60 
-//                Claims cls = JwtHelper.parseToken(token);
61 
-//                if (cls != null) {
62 
-//                    Long userId = (Long) cls.get("UserId");
63 
-//                    if (userId > 0) {
64 
-//                        //判断用户信息
65 
-//                        User user = userService.getEntity(userId);
66 
-//                        if (user != null) {
67 
-//                            request.setAttribute("CurrentUser", user);
68 
-//                            isAuth = true;
69 
-//                        }
70 
-//                    }
71 
-//                }
72 
-//            }
68 
+
69 
+            if(!StringHelper.isEmpty(token) ) {
70 
+                // 执行认证
71 
+                token = token.substring(7);
72 
+                Claims cls = JwtHelper.parseToken(token);
73 
+                if (cls != null) {
74 
+                    Long userId = Long.parseLong(cls.get("UserId").toString()) ;
75 
+                    if (userId > 0) {
76 
+                        //判断用户信息
77 
+                        List<User> users = userService.getList().stream().filter(p->p.getUser_id()==userId && Objects.equals(p.getStatus(), "0") && Objects.equals(p.getDel_flag(), "0")).collect(Collectors.toList());
78 
+                        if (users != null && users.size()>0) {
79 
+                            User user = users.get(0);
80 
+                            List<Long> croleids = (List<Long>)cls.get("RoleIds");
81 
+                            List<Long> roleids=userRoleService.getList().stream().filter(p->p.getUser_id()==userId).map(p->p.getRole_id()).sorted().collect(Collectors.toList());
82 
+
83 
+                            if(Objects.equals(JSON.toJSONString(croleids), JSON.toJSONString(roleids))) {
84 
+                                String className = handlerMethod.getBeanType().getName();
85 
+                                className = className.substring(className.lastIndexOf(".") + 1)
86 
+                                        .replace("Controller", "");
87 
+                                String methodName = handlerMethod.getMethod().getName();
88 
+                                String permission = (className + "/" + methodName).toLowerCase();
89 
+                                List<Long> mids = menuService.getList().stream().filter(p -> Objects.equals(p.getPerms(), permission)).map(p -> p.getMenu_id()).collect(Collectors.toList());
90 
+                                if (mids != null && mids.size() > 0) {
91 
+                                    Long n = roleMenuService.getList().stream().filter(p -> roleids.contains(p.getRole_id()) && mids.contains(p.getMenu_id())).count();
92 
+                                    if (n > 0) {
93 
+                                        isAuth = true;
94 
+                                    } else {
95 
+                                        result.setState("error");
96 
+                                        result.setMessage("你没有此权限");
97 
+                                        PrintWriter out = response.getWriter();
98 
+                                        out.write(JSON.toJSONString(result));
99 
+                                        out.flush();
100 
+                                        out.close();
101 
+                                        return false;
102 
+                                    }
103 
+                                } else {
104 
+                                    isAuth = true;
105 
+                                }
106 
+                            }
107 
+
108 
+                            if(isAuth) {
109 
+                                UserView uv = JSON.parseObject(JSON.toJSONString(user), UserView.class);
110 
+                                uv.setRoleIds(roleids);
111 
+                                request.setAttribute("CurrentUser", uv);
112 
+                            }
113 
+                        }
114 
+                    }
115 
+                }
116 
+            }
73 117 
         } catch (Exception e) {
74 118 
             String requestURI = request.getRequestURL().toString();
75 119 
             String methodType = request.getMethod();
 
@@ -82,10 +126,10 @@ public class AuthenticationInterceptor implements HandlerInterceptor {
82 126 
             }
83 127 
         }
84 128 
         if (!isAuth) {
129 
+            result.setState("notoken");
130 
+            result.setMessage("token无效,请重新登录");
85 131 
             PrintWriter out = response.getWriter();
86 
-            map.put("state", "notoken");
87 
-            map.put("message", "token无效,请重新登录");
88 
-            out.write(JSON.toJSONString(map));
132 
+            out.write(JSON.toJSONString(result));
89 133 
             out.flush();
90 134 
             out.close();
91 135 
         }