加拿大MES项目
blame | 历史 | 原始文档
wu
2023-09-17 1d806a95e30b2d1861c14b7db7cf6c83f5a6d41f 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

package com.example.springboot.security;


 


import cn.hutool.core.collection.CollectionUtil;


import com.example.springboot.entity.MenuList;


import com.example.springboot.entity.Permission;


import com.example.springboot.entity.Role;


import com.example.springboot.entity.RoleMenuList;


import com.example.springboot.entity.RolePermission;


import com.example.springboot.entity.User;


import com.example.springboot.security.constant.SystemConstant;


import com.example.springboot.security.util.SecurityUtil;


import com.example.springboot.service.MenuListService;


import com.example.springboot.service.PermissionService;


import com.example.springboot.service.RoleMenuListService;


import com.example.springboot.service.RolePermissionService;


import com.example.springboot.service.RoleService;


import com.example.springboot.service.UserService;


import lombok.extern.slf4j.Slf4j;


import org.apache.shiro.authc.AuthenticationInfo;


import org.apache.shiro.authc.AuthenticationToken;


import org.apache.shiro.authc.DisabledAccountException;


import org.apache.shiro.authc.SimpleAuthenticationInfo;


import org.apache.shiro.authc.UnknownAccountException;


import org.apache.shiro.authc.UsernamePasswordToken;


import org.apache.shiro.authz.AuthorizationInfo;


import org.apache.shiro.authz.SimpleAuthorizationInfo;


import org.apache.shiro.realm.AuthorizingRealm;


import org.apache.shiro.subject.PrincipalCollection;


import org.apache.shiro.util.ByteSource;


import org.springframework.beans.factory.annotation.Autowired;


 


import java.util.HashSet;


import java.util.List;


import java.util.Set;


import java.util.stream.Collectors;


 


@Slf4j


public class UserRealm extends AuthorizingRealm {


    @Autowired


    private UserService userService;


    @Autowired


    private RolePermissionService rolePermissionService;


    @Autowired


    private PermissionService permissionService;


    @Autowired


    private RoleService roleService;


    @Autowired


    private MenuListService menuListService;


    @Autowired


    private RoleMenuListService roleMenuListService;


 


    @Override


    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {


        // 执行授权


        SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();


        // 设置角色


        List<Role> roles = roleService.selectRoles(SecurityUtil.getCurrentUser().getRoleId(), true);


        if (CollectionUtil.isEmpty(roles)) {


            return null;


        }


        authorizationInfo.addRoles(roles.stream().map(Role::getName).collect(Collectors.toList()));


        List<RolePermission> rolePermissions = rolePermissionService.lambdaQuery().eq(RolePermission::getRoleId, SecurityUtil.getCurrentUser().getRoleId())


                .eq(RolePermission::getState, 1).list();


        if (CollectionUtil.isNotEmpty(rolePermissions)) {


            Set<Permission> set = new HashSet<>();


            for (RolePermission rolePermission : rolePermissions) {


                List<Permission> permissions = permissionService.lambdaQuery().eq(Permission::getId, rolePermission.getPermissionId()).list();


                set.addAll(permissions);


            }


            // 设置权限


            authorizationInfo.addStringPermissions(set.stream().map(Permission::getName).collect(Collectors.toList()));


        }


        return authorizationInfo;


    }


 


    @Override


    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) {


        if (authenticationToken.getPrincipal() == null) {


            return null;


        }


        // 执行认证


        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;


        User user = userService.selectByUsername(usernamePasswordToken.getUsername());


        // 判断用户


        if (user == null) {


            throw new UnknownAccountException("用户不存在!");


        }


        if (user.getState() == 0) {


            throw new DisabledAccountException("账号已被禁用!");


        }


 


        // 认证成功之后设置角色关联的菜单


        List<RoleMenuList> roleMenuLists = roleMenuListService.lambdaQuery().in(RoleMenuList::getRoleId, user.getRoleId()).list();


        if (CollectionUtil.isNotEmpty(roleMenuLists)) {


            List<Long> collect = roleMenuLists.stream().map(RoleMenuList::getMenuListId).collect(Collectors.toList());


            List<MenuList> menuLists = menuListService.lambdaQuery().in(CollectionUtil.isNotEmpty(collect), MenuList::getId, collect).list();


            // 认证成功之后设置角色关联的菜单


            user.setMenuLists(CollectionUtil.isNotEmpty(collect) ? menuLists : null);


        }


        return new SimpleAuthenticationInfo(user, user.getPassword(), ByteSource.Util.bytes(SystemConstant.JWT_SECRET_KEY), getName());


    }


}