p96170835
/
diboot
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

新增BaseLoginUser以便于扩展

This commit is contained in:
mazhicheng 2020-06-28 22:41:43 +08:00
parent 51f1b7e283
commit d39cb307a9
7 changed files with 79 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
iam-base-starter/src/main/java/com/diboot/iam/auth/IamExtensible.java
View File

@ -15,6 +15,7 @@
*/ */
package com.diboot.iam.auth; package com.diboot.iam.auth;
import com.diboot.core.vo.KeyValue;
import com.diboot.iam.entity.IamRole; import com.diboot.iam.entity.IamRole;
import java.util.List; import java.util.List;
@ -33,7 +34,7 @@ public interface IamExtensible {
* @param userId * @param userId
* @return * @return
*/ */
Object getUserExtentionObj(String userType, Long userId); KeyValue getUserExtentionObj(String userType, Long userId);
/** /**
* 获取可扩展的角色 * 获取可扩展的角色

7
iam-base-starter/src/main/java/com/diboot/iam/auth/impl/PwdAuthServiceImpl.java
View File

@ -22,12 +22,12 @@ import com.diboot.core.vo.Status;
import com.diboot.iam.auth.AuthService; import com.diboot.iam.auth.AuthService;
import com.diboot.iam.config.Cons; import com.diboot.iam.config.Cons;
import com.diboot.iam.dto.AuthCredential; import com.diboot.iam.dto.AuthCredential;
import com.diboot.iam.entity.BaseLoginUser;
import com.diboot.iam.entity.IamAccount; import com.diboot.iam.entity.IamAccount;
import com.diboot.iam.entity.IamLoginTrace; import com.diboot.iam.entity.IamLoginTrace;
import com.diboot.iam.jwt.BaseJwtAuthToken; import com.diboot.iam.jwt.BaseJwtAuthToken;
import com.diboot.iam.service.IamAccountService; import com.diboot.iam.service.IamAccountService;
import com.diboot.iam.service.IamLoginTraceService; import com.diboot.iam.service.IamLoginTraceService;
import com.diboot.iam.util.BeanUtils;
import com.diboot.iam.util.IamSecurityUtils; import com.diboot.iam.util.IamSecurityUtils;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.SecurityUtils; import org.apache.shiro.SecurityUtils;
@ -144,10 +144,9 @@ public class PwdAuthServiceImpl implements AuthService {
protected void saveLoginTrace(BaseJwtAuthToken authToken, boolean isSuccess){ protected void saveLoginTrace(BaseJwtAuthToken authToken, boolean isSuccess){
IamLoginTrace loginTrace = new IamLoginTrace(); IamLoginTrace loginTrace = new IamLoginTrace();
loginTrace.setAuthType(getAuthType()).setAuthAccount(authToken.getAuthAccount()).setUserType(authToken.getUserType()).setSuccess(isSuccess); loginTrace.setAuthType(getAuthType()).setAuthAccount(authToken.getAuthAccount()).setUserType(authToken.getUserType()).setSuccess(isSuccess);
Object currentUser = IamSecurityUtils.getCurrentUser(); BaseLoginUser currentUser = IamSecurityUtils.getCurrentUser();
if(currentUser != null){ if(currentUser != null){
Long userId = (Long) BeanUtils.getProperty(currentUser, Cons.FieldName.id.name()); loginTrace.setUserId(currentUser.getId());
loginTrace.setUserId(userId);
} }
// 记录客户端信息 // 记录客户端信息
String userAgent = request.getHeader("user-agent"); String userAgent = request.getHeader("user-agent");

6
iam-base-starter/src/main/java/com/diboot/iam/auth/impl/SSOAuthServiceImpl.java
View File

@ -25,12 +25,12 @@ import com.diboot.iam.auth.AuthService;
import com.diboot.iam.config.Cons; import com.diboot.iam.config.Cons;
import com.diboot.iam.dto.AuthCredential; import com.diboot.iam.dto.AuthCredential;
import com.diboot.iam.dto.SSOCredential; import com.diboot.iam.dto.SSOCredential;
import com.diboot.iam.entity.BaseLoginUser;
import com.diboot.iam.entity.IamAccount; import com.diboot.iam.entity.IamAccount;
import com.diboot.iam.entity.IamLoginTrace; import com.diboot.iam.entity.IamLoginTrace;
import com.diboot.iam.jwt.BaseJwtAuthToken; import com.diboot.iam.jwt.BaseJwtAuthToken;
import com.diboot.iam.service.IamAccountService; import com.diboot.iam.service.IamAccountService;
import com.diboot.iam.service.IamLoginTraceService; import com.diboot.iam.service.IamLoginTraceService;
import com.diboot.iam.util.BeanUtils;
import com.diboot.iam.util.HttpHelper; import com.diboot.iam.util.HttpHelper;
import com.diboot.iam.util.IamSecurityUtils; import com.diboot.iam.util.IamSecurityUtils;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
@ -149,9 +149,9 @@ public class SSOAuthServiceImpl implements AuthService {
protected void saveLoginTrace(BaseJwtAuthToken authToken, boolean isSuccess){ protected void saveLoginTrace(BaseJwtAuthToken authToken, boolean isSuccess){
IamLoginTrace loginTrace = new IamLoginTrace(); IamLoginTrace loginTrace = new IamLoginTrace();
loginTrace.setAuthType(getAuthType()).setAuthAccount(authToken.getAuthAccount()).setUserType(authToken.getUserType()).setSuccess(isSuccess); loginTrace.setAuthType(getAuthType()).setAuthAccount(authToken.getAuthAccount()).setUserType(authToken.getUserType()).setSuccess(isSuccess);
Object currentUser = IamSecurityUtils.getCurrentUser(); BaseLoginUser currentUser = IamSecurityUtils.getCurrentUser();
if(currentUser != null){ if(currentUser != null){
Long userId = (Long) BeanUtils.getProperty(currentUser, Cons.FieldName.id.name()); Long userId = currentUser.getId();
loginTrace.setUserId(userId); loginTrace.setUserId(userId);
} }
// 记录客户端信息 // 记录客户端信息

19
iam-base-starter/src/main/java/com/diboot/iam/dto/AuthCredential.java
View File

@ -39,6 +39,10 @@ public abstract class AuthCredential implements Serializable {
* 用户类型的Class * 用户类型的Class
*/ */
private Class userTypeClass = IamUser.class; private Class userTypeClass = IamUser.class;
/**
* 用户类型
*/
private String userType;
@NotNull(message = "认证方式不能为空") @NotNull(message = "认证方式不能为空")
private String authType; private String authType;
@ -62,6 +66,21 @@ public abstract class AuthCredential implements Serializable {
* @return * @return
*/ */
public String getUserType(){ public String getUserType(){
if(userType != null){
return userType;
}
return userTypeClass.getSimpleName(); return userTypeClass.getSimpleName();
} }
/**
* 指定用户类型class
* @param userTypeClass
*/
public void setUserTypeClass(Class userTypeClass){
this.userTypeClass = userTypeClass;
if(this.userType == null){
this.userType = userTypeClass.getSimpleName();
}
}
} }

34
iam-base-starter/src/main/java/com/diboot/iam/entity/BaseLoginUser.java Normal file
View File

@ -0,0 +1,34 @@
package com.diboot.iam.entity;
import com.baomidou.mybatisplus.annotation.TableField;
import com.diboot.core.entity.BaseEntity;
import com.diboot.core.vo.KeyValue;
/**
* 可登录用户Base类定义
* @author mazc@dibo.ltd
* @version v2.1.0
* @date 2020/06/28
*/
public abstract class BaseLoginUser extends BaseEntity {
/**
* 获取显示名称
* @return
*/
public abstract String getDisplayName();
/**
* 附加对象用于岗位等扩展
*/
@TableField(exist = false)
private KeyValue extentionObj;
public KeyValue getExtentionObj(){
return this.extentionObj;
}
public void setExtentionObj(KeyValue extentionObj){
this.extentionObj = extentionObj;
}
}

10
iam-base-starter/src/main/java/com/diboot/iam/entity/IamUser.java
View File

@ -16,7 +16,6 @@
package com.diboot.iam.entity; package com.diboot.iam.entity;
import com.baomidou.mybatisplus.annotation.TableField; import com.baomidou.mybatisplus.annotation.TableField;
import com.diboot.core.entity.BaseEntity;
import lombok.Getter; import lombok.Getter;
import lombok.Setter; import lombok.Setter;
import lombok.experimental.Accessors; import lombok.experimental.Accessors;
@ -31,7 +30,7 @@ import javax.validation.constraints.NotNull;
* @date 2019-12-17 * @date 2019-12-17
*/ */
@Getter @Setter @Accessors(chain = true) @Getter @Setter @Accessors(chain = true)
public class IamUser extends BaseEntity { public class IamUser extends BaseLoginUser {
private static final long serialVersionUID = -8462352695775599715L; private static final long serialVersionUID = -8462352695775599715L;
// 组织ID // 组织ID
@ -76,8 +75,9 @@ public class IamUser extends BaseEntity {
@TableField() @TableField()
private String avatarUrl; private String avatarUrl;
// 附加对象用于岗位等身份切换 @Override
@TableField(exist = false) public String getDisplayName() {
private Object extentionObj; return this.realname;
}
} }

34
iam-base-starter/src/main/java/com/diboot/iam/jwt/BaseJwtRealm.java
View File

@ -18,15 +18,16 @@ package com.diboot.iam.jwt;
import com.diboot.core.service.BaseService; import com.diboot.core.service.BaseService;
import com.diboot.core.util.ContextHelper; import com.diboot.core.util.ContextHelper;
import com.diboot.core.util.V; import com.diboot.core.util.V;
import com.diboot.core.vo.KeyValue;
import com.diboot.iam.annotation.process.ApiPermissionCache; import com.diboot.iam.annotation.process.ApiPermissionCache;
import com.diboot.iam.auth.AuthService; import com.diboot.iam.auth.AuthService;
import com.diboot.iam.auth.AuthServiceFactory; import com.diboot.iam.auth.AuthServiceFactory;
import com.diboot.iam.config.Cons; import com.diboot.iam.config.Cons;
import com.diboot.iam.entity.BaseLoginUser;
import com.diboot.iam.entity.IamAccount; import com.diboot.iam.entity.IamAccount;
import com.diboot.iam.entity.IamRole; import com.diboot.iam.entity.IamRole;
import com.diboot.iam.service.IamRolePermissionService; import com.diboot.iam.service.IamRolePermissionService;
import com.diboot.iam.service.IamUserRoleService; import com.diboot.iam.service.IamUserRoleService;
import com.diboot.iam.util.BeanUtils;
import com.diboot.iam.util.IamSecurityUtils; import com.diboot.iam.util.IamSecurityUtils;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationException;
@ -94,31 +95,26 @@ public class BaseJwtRealm extends AuthorizingRealm {
throw new AuthenticationException("用户账号或密码错误!"); throw new AuthenticationException("用户账号或密码错误!");
} }
// 获取当前user对象并缓存 // 获取当前user对象并缓存
Object userObject = null; BaseLoginUser loginUser = null;
BaseService userService = ContextHelper.getBaseServiceByEntity(jwtToken.getUserTypeClass()); BaseService userService = ContextHelper.getBaseServiceByEntity(jwtToken.getUserTypeClass());
if(userService != null){ if(userService != null){
userObject = userService.getEntity(account.getUserId()); loginUser = (BaseLoginUser)userService.getEntity(account.getUserId());
} }
else{ else{
throw new AuthenticationException("用户 "+jwtToken.getUserTypeClass().getName()+" 相关的Service未定义"); throw new AuthenticationException("用户 "+jwtToken.getUserTypeClass().getName()+" 相关的Service未定义");
} }
if(userObject == null){ if(loginUser == null){
throw new AuthenticationException("用户不存在"); throw new AuthenticationException("用户不存在");
} }
if(iamUserRoleService.getIamExtensible() != null){ if(iamUserRoleService.getIamExtensible() != null){
Object extentionObj = iamUserRoleService.getIamExtensible().getUserExtentionObj(jwtToken.getUserTypeClass().getSimpleName(), account.getUserId()); KeyValue extentionObj = iamUserRoleService.getIamExtensible().getUserExtentionObj(jwtToken.getUserTypeClass().getSimpleName(), account.getUserId());
if(extentionObj != null){ if(extentionObj != null){
try{ loginUser.setExtentionObj(extentionObj);
BeanUtils.setProperty(userObject, "extentionObj", extentionObj);
}
catch (Exception e){
log.warn("设置{}.extentionObj异常属性不存在? {}", jwtToken.getUserTypeClass().getSimpleName(), e.getMessage());
}
} }
} }
// 清空当前用户缓存 // 清空当前用户缓存
this.clearCachedAuthorizationInfo(IamSecurityUtils.getSubject().getPrincipals()); this.clearCachedAuthorizationInfo(IamSecurityUtils.getSubject().getPrincipals());
return new SimpleAuthenticationInfo(userObject, jwtToken.getCredentials(), this.getName()); return new SimpleAuthenticationInfo(loginUser, jwtToken.getCredentials(), this.getName());
} }
} }
@ -130,21 +126,15 @@ public class BaseJwtRealm extends AuthorizingRealm {
@Override @Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
Object currentUser = principals.getPrimaryPrincipal(); BaseLoginUser currentUser = (BaseLoginUser) principals.getPrimaryPrincipal();
// 根据用户类型与用户id获取roleList // 根据用户类型与用户id获取roleList
Long userId = (Long) BeanUtils.getProperty(currentUser, Cons.FieldName.id.name());
Long extentionObjId = null; Long extentionObjId = null;
try{ KeyValue extentionObj = currentUser.getExtentionObj();
Object extentionObj = BeanUtils.getProperty(currentUser, "extentionObj");
if(extentionObj != null){ if(extentionObj != null){
extentionObjId = (Long)BeanUtils.getProperty(extentionObj, Cons.FieldName.id.name()); extentionObjId = (Long)extentionObj.getV();
}
}
catch (Exception e){
log.warn("解析user.extentionObj异常: {}", e.getMessage());
} }
// 获取角色列表 // 获取角色列表
List<IamRole> roleList = iamUserRoleService.getUserRoleList(currentUser.getClass().getSimpleName(), userId, extentionObjId); List<IamRole> roleList = iamUserRoleService.getUserRoleList(currentUser.getClass().getSimpleName(), currentUser.getId(), extentionObjId);
// 如果没有任何角色返回 // 如果没有任何角色返回
if (V.isEmpty(roleList)){ if (V.isEmpty(roleList)){
return authorizationInfo; return authorizationInfo;