新增BaseLoginUser以便于扩展
This commit is contained in:
mazhicheng
parent
51f1b7e283
commit
d39cb307a9
|
|
@ -15,6 +15,7 @@
|
|||
*/
|
||||
package com.diboot.iam.auth;
|
||||
|
||||
import com.diboot.core.vo.KeyValue;
|
||||
import com.diboot.iam.entity.IamRole;
|
||||
|
||||
import java.util.List;
|
||||
|
|
@ -33,7 +34,7 @@ public interface IamExtensible {
|
|||
* @param userId
|
||||
* @return
|
||||
*/
|
||||
Object getUserExtentionObj(String userType, Long userId);
|
||||
KeyValue getUserExtentionObj(String userType, Long userId);
|
||||
|
||||
/**
|
||||
* 获取可扩展的角色
|
||||
|
|
|
|||
|
|
@ -22,12 +22,12 @@ import com.diboot.core.vo.Status;
|
|||
import com.diboot.iam.auth.AuthService;
|
||||
import com.diboot.iam.config.Cons;
|
||||
import com.diboot.iam.dto.AuthCredential;
|
||||
import com.diboot.iam.entity.BaseLoginUser;
|
||||
import com.diboot.iam.entity.IamAccount;
|
||||
import com.diboot.iam.entity.IamLoginTrace;
|
||||
import com.diboot.iam.jwt.BaseJwtAuthToken;
|
||||
import com.diboot.iam.service.IamAccountService;
|
||||
import com.diboot.iam.service.IamLoginTraceService;
|
||||
import com.diboot.iam.util.BeanUtils;
|
||||
import com.diboot.iam.util.IamSecurityUtils;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.apache.shiro.SecurityUtils;
|
||||
|
|
@ -144,10 +144,9 @@ public class PwdAuthServiceImpl implements AuthService {
|
|||
protected void saveLoginTrace(BaseJwtAuthToken authToken, boolean isSuccess){
|
||||
IamLoginTrace loginTrace = new IamLoginTrace();
|
||||
loginTrace.setAuthType(getAuthType()).setAuthAccount(authToken.getAuthAccount()).setUserType(authToken.getUserType()).setSuccess(isSuccess);
|
||||
Object currentUser = IamSecurityUtils.getCurrentUser();
|
||||
BaseLoginUser currentUser = IamSecurityUtils.getCurrentUser();
|
||||
if(currentUser != null){
|
||||
Long userId = (Long) BeanUtils.getProperty(currentUser, Cons.FieldName.id.name());
|
||||
loginTrace.setUserId(userId);
|
||||
loginTrace.setUserId(currentUser.getId());
|
||||
}
|
||||
// 记录客户端信息
|
||||
String userAgent = request.getHeader("user-agent");
|
||||
|
|
|
|||
|
|
@ -25,12 +25,12 @@ import com.diboot.iam.auth.AuthService;
|
|||
import com.diboot.iam.config.Cons;
|
||||
import com.diboot.iam.dto.AuthCredential;
|
||||
import com.diboot.iam.dto.SSOCredential;
|
||||
import com.diboot.iam.entity.BaseLoginUser;
|
||||
import com.diboot.iam.entity.IamAccount;
|
||||
import com.diboot.iam.entity.IamLoginTrace;
|
||||
import com.diboot.iam.jwt.BaseJwtAuthToken;
|
||||
import com.diboot.iam.service.IamAccountService;
|
||||
import com.diboot.iam.service.IamLoginTraceService;
|
||||
import com.diboot.iam.util.BeanUtils;
|
||||
import com.diboot.iam.util.HttpHelper;
|
||||
import com.diboot.iam.util.IamSecurityUtils;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
|
@ -149,9 +149,9 @@ public class SSOAuthServiceImpl implements AuthService {
|
|||
protected void saveLoginTrace(BaseJwtAuthToken authToken, boolean isSuccess){
|
||||
IamLoginTrace loginTrace = new IamLoginTrace();
|
||||
loginTrace.setAuthType(getAuthType()).setAuthAccount(authToken.getAuthAccount()).setUserType(authToken.getUserType()).setSuccess(isSuccess);
|
||||
Object currentUser = IamSecurityUtils.getCurrentUser();
|
||||
BaseLoginUser currentUser = IamSecurityUtils.getCurrentUser();
|
||||
if(currentUser != null){
|
||||
Long userId = (Long) BeanUtils.getProperty(currentUser, Cons.FieldName.id.name());
|
||||
Long userId = currentUser.getId();
|
||||
loginTrace.setUserId(userId);
|
||||
}
|
||||
// 记录客户端信息
|
||||
|
|
|
|||
|
|
@ -39,6 +39,10 @@ public abstract class AuthCredential implements Serializable {
|
|||
* 用户类型的Class
|
||||
*/
|
||||
private Class userTypeClass = IamUser.class;
|
||||
/**
|
||||
* 用户类型
|
||||
*/
|
||||
private String userType;
|
||||
|
||||
@NotNull(message = "认证方式不能为空")
|
||||
private String authType;
|
||||
|
|
@ -62,6 +66,21 @@ public abstract class AuthCredential implements Serializable {
|
|||
* @return
|
||||
*/
|
||||
public String getUserType(){
|
||||
if(userType != null){
|
||||
return userType;
|
||||
}
|
||||
return userTypeClass.getSimpleName();
|
||||
}
|
||||
|
||||
/**
|
||||
* 指定用户类型class
|
||||
* @param userTypeClass
|
||||
*/
|
||||
public void setUserTypeClass(Class userTypeClass){
|
||||
this.userTypeClass = userTypeClass;
|
||||
if(this.userType == null){
|
||||
this.userType = userTypeClass.getSimpleName();
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,34 @@
|
|||
package com.diboot.iam.entity;
|
||||
|
||||
import com.baomidou.mybatisplus.annotation.TableField;
|
||||
import com.diboot.core.entity.BaseEntity;
|
||||
import com.diboot.core.vo.KeyValue;
|
||||
|
||||
/**
|
||||
* 可登录用户Base类定义
|
||||
* @author mazc@dibo.ltd
|
||||
* @version v2.1.0
|
||||
* @date 2020/06/28
|
||||
*/
|
||||
public abstract class BaseLoginUser extends BaseEntity {
|
||||
|
||||
/**
|
||||
* 获取显示名称
|
||||
* @return
|
||||
*/
|
||||
public abstract String getDisplayName();
|
||||
|
||||
/**
|
||||
* 附加对象,用于岗位等扩展
|
||||
*/
|
||||
@TableField(exist = false)
|
||||
private KeyValue extentionObj;
|
||||
|
||||
public KeyValue getExtentionObj(){
|
||||
return this.extentionObj;
|
||||
}
|
||||
public void setExtentionObj(KeyValue extentionObj){
|
||||
this.extentionObj = extentionObj;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -16,7 +16,6 @@
|
|||
package com.diboot.iam.entity;
|
||||
|
||||
import com.baomidou.mybatisplus.annotation.TableField;
|
||||
import com.diboot.core.entity.BaseEntity;
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
import lombok.experimental.Accessors;
|
||||
|
|
@ -31,7 +30,7 @@ import javax.validation.constraints.NotNull;
|
|||
* @date 2019-12-17
|
||||
*/
|
||||
@Getter @Setter @Accessors(chain = true)
|
||||
public class IamUser extends BaseEntity {
|
||||
public class IamUser extends BaseLoginUser {
|
||||
private static final long serialVersionUID = -8462352695775599715L;
|
||||
|
||||
// 组织ID
|
||||
|
|
@ -76,8 +75,9 @@ public class IamUser extends BaseEntity {
|
|||
@TableField()
|
||||
private String avatarUrl;
|
||||
|
||||
// 附加对象,用于岗位等身份切换
|
||||
@TableField(exist = false)
|
||||
private Object extentionObj;
|
||||
@Override
|
||||
public String getDisplayName() {
|
||||
return this.realname;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -18,15 +18,16 @@ package com.diboot.iam.jwt;
|
|||
import com.diboot.core.service.BaseService;
|
||||
import com.diboot.core.util.ContextHelper;
|
||||
import com.diboot.core.util.V;
|
||||
import com.diboot.core.vo.KeyValue;
|
||||
import com.diboot.iam.annotation.process.ApiPermissionCache;
|
||||
import com.diboot.iam.auth.AuthService;
|
||||
import com.diboot.iam.auth.AuthServiceFactory;
|
||||
import com.diboot.iam.config.Cons;
|
||||
import com.diboot.iam.entity.BaseLoginUser;
|
||||
import com.diboot.iam.entity.IamAccount;
|
||||
import com.diboot.iam.entity.IamRole;
|
||||
import com.diboot.iam.service.IamRolePermissionService;
|
||||
import com.diboot.iam.service.IamUserRoleService;
|
||||
import com.diboot.iam.util.BeanUtils;
|
||||
import com.diboot.iam.util.IamSecurityUtils;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.apache.shiro.authc.AuthenticationException;
|
||||
|
|
@ -94,31 +95,26 @@ public class BaseJwtRealm extends AuthorizingRealm {
|
|||
throw new AuthenticationException("用户账号或密码错误!");
|
||||
}
|
||||
// 获取当前user对象并缓存
|
||||
Object userObject = null;
|
||||
BaseLoginUser loginUser = null;
|
||||
BaseService userService = ContextHelper.getBaseServiceByEntity(jwtToken.getUserTypeClass());
|
||||
if(userService != null){
|
||||
userObject = userService.getEntity(account.getUserId());
|
||||
loginUser = (BaseLoginUser)userService.getEntity(account.getUserId());
|
||||
}
|
||||
else{
|
||||
throw new AuthenticationException("用户 "+jwtToken.getUserTypeClass().getName()+" 相关的Service未定义!");
|
||||
}
|
||||
if(userObject == null){
|
||||
if(loginUser == null){
|
||||
throw new AuthenticationException("用户不存在");
|
||||
}
|
||||
if(iamUserRoleService.getIamExtensible() != null){
|
||||
Object extentionObj = iamUserRoleService.getIamExtensible().getUserExtentionObj(jwtToken.getUserTypeClass().getSimpleName(), account.getUserId());
|
||||
KeyValue extentionObj = iamUserRoleService.getIamExtensible().getUserExtentionObj(jwtToken.getUserTypeClass().getSimpleName(), account.getUserId());
|
||||
if(extentionObj != null){
|
||||
try{
|
||||
BeanUtils.setProperty(userObject, "extentionObj", extentionObj);
|
||||
}
|
||||
catch (Exception e){
|
||||
log.warn("设置{}.extentionObj异常,属性不存在? {}", jwtToken.getUserTypeClass().getSimpleName(), e.getMessage());
|
||||
}
|
||||
loginUser.setExtentionObj(extentionObj);
|
||||
}
|
||||
}
|
||||
// 清空当前用户缓存
|
||||
this.clearCachedAuthorizationInfo(IamSecurityUtils.getSubject().getPrincipals());
|
||||
return new SimpleAuthenticationInfo(userObject, jwtToken.getCredentials(), this.getName());
|
||||
return new SimpleAuthenticationInfo(loginUser, jwtToken.getCredentials(), this.getName());
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -130,21 +126,15 @@ public class BaseJwtRealm extends AuthorizingRealm {
|
|||
@Override
|
||||
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
|
||||
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
|
||||
Object currentUser = principals.getPrimaryPrincipal();
|
||||
BaseLoginUser currentUser = (BaseLoginUser) principals.getPrimaryPrincipal();
|
||||
// 根据用户类型与用户id获取roleList
|
||||
Long userId = (Long) BeanUtils.getProperty(currentUser, Cons.FieldName.id.name());
|
||||
Long extentionObjId = null;
|
||||
try{
|
||||
Object extentionObj = BeanUtils.getProperty(currentUser, "extentionObj");
|
||||
if(extentionObj != null){
|
||||
extentionObjId = (Long)BeanUtils.getProperty(extentionObj, Cons.FieldName.id.name());
|
||||
}
|
||||
}
|
||||
catch (Exception e){
|
||||
log.warn("解析user.extentionObj异常: {}", e.getMessage());
|
||||
KeyValue extentionObj = currentUser.getExtentionObj();
|
||||
if(extentionObj != null){
|
||||
extentionObjId = (Long)extentionObj.getV();
|
||||
}
|
||||
// 获取角色列表
|
||||
List<IamRole> roleList = iamUserRoleService.getUserRoleList(currentUser.getClass().getSimpleName(), userId, extentionObjId);
|
||||
List<IamRole> roleList = iamUserRoleService.getUserRoleList(currentUser.getClass().getSimpleName(), currentUser.getId(), extentionObjId);
|
||||
// 如果没有任何角色,返回
|
||||
if (V.isEmpty(roleList)){
|
||||
return authorizationInfo;
|
||||
|
|
|
|||
Loading…
Reference in New Issue