自己写一套权限控制，去掉spring security

zyplayer-doc-data/src/main/java/com/zyplayer/doc/data/aspect/AuthAspect.java

@@ -0,0 +1,65 @@
+package com.zyplayer.doc.data.aspect;
+
+import com.zyplayer.doc.core.json.DocResponseJson;
+import com.zyplayer.doc.core.json.HttpConst;
+import com.zyplayer.doc.core.json.ResponseJson;
+import com.zyplayer.doc.data.config.security.DocUserDetails;
+import com.zyplayer.doc.data.config.security.DocUserUtil;
+import com.zyplayer.doc.data.service.manage.UserAuthService;
+import com.zyplayer.doc.data.utils.BeanUtil;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.reflect.MethodSignature;
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.annotation.Resource;
+import java.lang.reflect.Method;
+
+@Aspect
+@Component
+public class AuthAspect {
+	
+	@Resource
+	private UserAuthService userAuthService;
+	
+	@Around(value = "@annotation(AuthMan) || @within(AuthMan)")
+	public Object authController(ProceedingJoinPoint pjp) throws Throwable {
+		AuthMan authMan = BeanUtil.getAnnotation(pjp, AuthMan.class);
+		ResponseBody responseBody = BeanUtil.getAnnotation(pjp, ResponseBody.class);
+		RestController restController = BeanUtil.getAnnotation(pjp, RestController.class);
+		boolean isResponseBody = (restController != null || responseBody != null);
+		
+		DocUserDetails currentUser = DocUserUtil.getCurrentUser();
+		if (currentUser == null) {
+			String reason = "你访问的内容需要登录，请登录后再试";
+			if (isResponseBody) {
+				return DocResponseJson.failure(HttpConst.TOKEN_TIMEOUT, reason);
+			} else {
+				return authMan.authUrl();
+			}
+		}
+		// 判断权限是否足够
+		boolean haveAuth = DocUserUtil.haveAuth(authMan.value());
+		if (haveAuth) {
+			return pjp.proceed();
+		}
+		String reasonStr = "没有操作权限，请联系管理员";
+		if (isResponseBody) {
+			Method method = ((MethodSignature) pjp.getSignature()).getMethod();
+			if (method.getReturnType().equals(ResponseJson.class)) {
+				return DocResponseJson.warn(reasonStr);
+			} else {
+				try {
+					return Class.forName(method.getReturnType().getName()).newInstance();
+				} catch (Exception e) {
+					return null;
+				}
+			}
+		} else {
+			return authMan.authUrl();
+		}
+	}
+}

zyplayer-doc-data/src/main/java/com/zyplayer/doc/data/aspect/AuthMan.java

@@ -0,0 +1,12 @@
+package com.zyplayer.doc.data.aspect;
+
+import java.lang.annotation.*;
+
+@Target({ElementType.METHOD,ElementType.TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface AuthMan {
+	String[] value() default {};
+	String authUrl() default "common/authfailed";
+	boolean all() default false;
+}

zyplayer-doc-data/src/main/java/com/zyplayer/doc/data/config/security/DocUserDetails.java

@@ -1,19 +1,54 @@
 package com.zyplayer.doc.data.config.security;
 
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.userdetails.UserDetails;
+import java.util.Set;
 
-import java.util.Collection;
-
-public class DocUserDetails implements UserDetails {
-	private static final long serialVersionUID = 1L;
-	
+public class DocUserDetails {
 	private Long userId;
 	private String username;
 	private String password;
 	private boolean enabled;
-	private Collection<? extends GrantedAuthority> authorities;
-
+	private Set<String> authorities;
+	
+	public Long getUserId() {
+		return userId;
+	}
+	
+	public void setUserId(Long userId) {
+		this.userId = userId;
+	}
+	
+	public String getUsername() {
+		return username;
+	}
+	
+	public void setUsername(String username) {
+		this.username = username;
+	}
+	
+	public String getPassword() {
+		return password;
+	}
+	
+	public void setPassword(String password) {
+		this.password = password;
+	}
+	
+	public boolean isEnabled() {
+		return enabled;
+	}
+	
+	public void setEnabled(boolean enabled) {
+		this.enabled = enabled;
+	}
+	
+	public Set<String> getAuthorities() {
+		return authorities;
+	}
+	
+	public void setAuthorities(Set<String> authorities) {
+		this.authorities = authorities;
+	}
+	
 	public DocUserDetails(Long userId, String username, String password, boolean enabled) {
 		super();
 		this.userId = userId;
@@ -21,9 +56,8 @@ public class DocUserDetails implements UserDetails {
 		this.password = password;
 		this.enabled = enabled;
 	}
-
-	public DocUserDetails(Long userId, String username, String password, boolean enabled,
-						  Collection<? extends GrantedAuthority> authorities) {
+	
+	public DocUserDetails(Long userId, String username, String password, boolean enabled, Set<String> authorities) {
 		super();
 		this.userId = userId;
 		this.username = username;
@@ -31,49 +65,15 @@ public class DocUserDetails implements UserDetails {
 		this.enabled = enabled;
 		this.authorities = authorities;
 	}
-
-	public Long getUserId() {
-		return this.userId;
-	}
-
-	@Override
-	public Collection<? extends GrantedAuthority> getAuthorities() {
-		return authorities;
-	}
-
-	@Override
-	public String getPassword() {
-		return password;
-	}
-
-	@Override
-	public String getUsername() {
-		return username;
-	}
-
-	@Override
-	public boolean isAccountNonExpired() {
-		return true;
-	}
-
-	@Override
-	public boolean isAccountNonLocked() {
-		return true;
-	}
-
-	@Override
-	public boolean isCredentialsNonExpired() {
-		return true;
-	}
-
-	@Override
-	public boolean isEnabled() {
-		return enabled;
-	}
-
+	
 	@Override
 	public String toString() {
-		return "MyUserDetails [userId=" + userId + ", username=" + username + ", password=" + password + ", enabled="
-				+ enabled + ", authorities=" + authorities + "]";
+		return "DocUserDetails{" +
+				"userId=" + userId +
+				", username='" + username + '\'' +
+				", password='" + password + '\'' +
+				", enabled=" + enabled +
+				", authorities=" + authorities +
+				'}';
 	}
 }

zyplayer-doc-data/src/main/java/com/zyplayer/doc/data/config/security/DocUserUtil.java

@@ -1,25 +1,82 @@
 package com.zyplayer.doc.data.config.security;
 
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
+import com.zyplayer.doc.data.utils.CacheUtil;
 
 /**
  * 用户工具类
+ * @author 暮光：城中城
+ * @since 2019年05月25日
  */
 public class DocUserUtil {
+	private static ThreadLocal<DocUserDetails> DOC_USER_DETAILS = new ThreadLocal<>();
+	private static ThreadLocal<String> ACCESS_TOKEN = new ThreadLocal<>();
+
+//
+//	/**
+//	 * 获取当前用户
+//	 * @return 用户信息
+//	 */
+//	public static DocUserDetails getCurrentUser() {
+//		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+//		if (authentication != null) {
+//			Object principal = authentication.getPrincipal();
+//			if (principal instanceof DocUserDetails) {
+//				return (DocUserDetails) principal;
+//			}
+//		}
+//		return null;
+//	}
+	
+	public static void setAccessToken(String accessToken) {
+		DocUserUtil.ACCESS_TOKEN.set(accessToken);
+	}
+	
+	public static boolean haveAuth(String... authNames) {
+		DocUserDetails currentUser = getCurrentUser();
+		if (currentUser == null) {
+			return false;
+		}
+		for (String authName : authNames) {
+			if (!currentUser.getAuthorities().contains(authName)) {
+				return false;
+			}
+		}
+		return true;
+	}
 	
 	/**
 	 * 获取当前用户
+	 *
 	 * @return 用户信息
 	 */
 	public static DocUserDetails getCurrentUser() {
-		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-		if (authentication != null) {
-			Object principal = authentication.getPrincipal();
-			if (principal instanceof DocUserDetails) {
-				return (DocUserDetails) principal;
+		DocUserDetails docUser = DOC_USER_DETAILS.get();
+		if (docUser == null) {
+			docUser = CacheUtil.get(ACCESS_TOKEN.get());
+			if (docUser != null) {
+				DOC_USER_DETAILS.set(docUser);
 			}
 		}
-		return null;
+		return docUser;
+	}
+	
+	/**
+	 * 设置当前用户
+	 */
+	public static void setCurrentUser(String accessToken, DocUserDetails docUser) {
+		DOC_USER_DETAILS.set(docUser);
+		CacheUtil.put(accessToken, docUser);
+	}
+	
+	/**
+	 * 退出登录
+	 */
+	public static void logout() {
+		CacheUtil.remove(ACCESS_TOKEN.get());
+	}
+	
+	public static void clean() {
+		DocUserUtil.DOC_USER_DETAILS.remove();
+		DocUserUtil.ACCESS_TOKEN.remove();
 	}
 }

zyplayer-doc-data/src/main/java/com/zyplayer/doc/data/utils/BeanUtil.java

@@ -0,0 +1,33 @@
+package com.zyplayer.doc.data.utils;
+
+import org.aspectj.lang.JoinPoint;
+import org.aspectj.lang.Signature;
+import org.aspectj.lang.reflect.MethodSignature;
+
+import java.lang.annotation.Annotation;
+import java.lang.reflect.Method;
+
+public class BeanUtil {
+	
+	@SuppressWarnings({"unchecked"})
+	public static <T extends Annotation> T getAnnotation(JoinPoint pjp, Class<T> t) throws Exception {
+		Method method = ((MethodSignature) pjp.getSignature()).getMethod();
+		T annotation = method.getAnnotation(t);// 方法上定义的
+		if (annotation == null) {
+			annotation = (T) pjp.getSignature().getDeclaringType().getAnnotation(t);// 类上定义的
+			if (annotation == null) {
+				Object target = pjp.getTarget();
+				annotation = target.getClass().getAnnotation(t);// 实现类上定义的
+				if (annotation == null) {
+					Signature sig = pjp.getSignature();
+					if (sig instanceof MethodSignature) {
+						MethodSignature msig = (MethodSignature) sig;
+						Method currentMethod = target.getClass().getMethod(msig.getName(), msig.getParameterTypes());
+						annotation = currentMethod.getAnnotation(t);// 实现类的方法上定义的
+					}
+				}
+			}
+		}
+		return annotation;
+	}
+}

zyplayer-doc-data/src/main/java/com/zyplayer/doc/data/utils/CacheUtil.java

@@ -0,0 +1,84 @@
+package com.zyplayer.doc.data.utils;
+
+import java.util.Map;
+import java.util.Timer;
+import java.util.TimerTask;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ * 缓存工具类
+ * @author 暮光：城中城
+ * @since 2019年05月25日
+ */
+public class CacheUtil {
+	
+	// 定期清除过期的key
+	static {
+		Timer timer = new Timer();
+		timer.scheduleAtFixedRate(new TimerTask() {
+			@Override
+			public void run() {
+				long currentTimeMillis = System.currentTimeMillis();
+				for (Map.Entry<String, CacheTime> entry : cacheTimeMap.entrySet()) {
+					CacheTime cacheTime = entry.getValue();
+					if (currentTimeMillis - cacheTime.getLastVisitTime() < (cacheTime.getSecond() * 1000)) {
+						continue;
+					}
+					cacheMap.remove(entry.getKey());
+				}
+			}
+		}, 0, 1000);
+	}
+	
+	private static Map<String, Object> cacheMap = new ConcurrentHashMap<>();
+	private static Map<String, CacheTime> cacheTimeMap = new ConcurrentHashMap<>();
+	
+	public static void put(String key, Object value) {
+		put(key, value, (long) (60 * 60 * 12));
+	}
+	
+	public static void put(String key, Object value, Long second) {
+		cacheMap.put(key, value);
+		cacheTimeMap.put(key, new CacheTime(second));
+	}
+	
+	public static void remove(String key) {
+		cacheMap.remove(key);
+		cacheTimeMap.remove(key);
+	}
+	
+	public static <T> T get(String key) {
+		CacheTime cacheTime = cacheTimeMap.get(key);
+		if (cacheTime != null) {
+			cacheTime.setLastVisitTime(System.currentTimeMillis());
+			cacheTimeMap.put(key, cacheTime);
+		}
+		return (T) cacheMap.get(key);
+	}
+	
+	private static class CacheTime {
+		private Long second;
+		private Long lastVisitTime;
+		
+		public CacheTime(Long second) {
+			this.second = second;
+			this.lastVisitTime = System.currentTimeMillis();
+		}
+		
+		public Long getSecond() {
+			return second;
+		}
+		
+		public void setSecond(Long second) {
+			this.second = second;
+		}
+		
+		public Long getLastVisitTime() {
+			return lastVisitTime;
+		}
+		
+		public void setLastVisitTime(Long lastVisitTime) {
+			this.lastVisitTime = lastVisitTime;
+		}
+	}
+}