自己写一套权限控制,去掉spring security
This commit is contained in:
暮光:城中城
@@ -2,12 +2,12 @@ package com.zyplayer.doc.manage.web.manage;
|
||||
|
||||
import com.zyplayer.doc.core.json.DocResponseJson;
|
||||
import com.zyplayer.doc.core.json.ResponseJson;
|
||||
import com.zyplayer.doc.data.aspect.AuthMan;
|
||||
import com.zyplayer.doc.data.config.security.DocUserDetails;
|
||||
import com.zyplayer.doc.data.config.security.DocUserUtil;
|
||||
import com.zyplayer.doc.data.repository.manage.entity.AuthInfo;
|
||||
import com.zyplayer.doc.data.service.manage.AuthInfoService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
@@ -17,7 +17,7 @@ import java.util.List;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/auth/info")
|
||||
@PreAuthorize("hasAuthority('AUTH_MANAGE')")
|
||||
@AuthMan("AUTH_MANAGE")
|
||||
public class AuthInfoController {
|
||||
|
||||
@Autowired
|
||||
|
||||
@@ -1,66 +1,77 @@
|
||||
package com.zyplayer.doc.manage.web.manage;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.WebAttributes;
|
||||
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
|
||||
import org.springframework.security.web.savedrequest.RequestCache;
|
||||
import org.springframework.security.web.savedrequest.SavedRequest;
|
||||
import cn.hutool.core.util.RandomUtil;
|
||||
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
|
||||
import com.zyplayer.doc.core.json.DocResponseJson;
|
||||
import com.zyplayer.doc.data.config.security.DocUserDetails;
|
||||
import com.zyplayer.doc.data.config.security.DocUserUtil;
|
||||
import com.zyplayer.doc.data.repository.manage.entity.AuthInfo;
|
||||
import com.zyplayer.doc.data.repository.manage.entity.UserAuth;
|
||||
import com.zyplayer.doc.data.repository.manage.entity.UserInfo;
|
||||
import com.zyplayer.doc.data.service.manage.AuthInfoService;
|
||||
import com.zyplayer.doc.data.service.manage.UserAuthService;
|
||||
import com.zyplayer.doc.data.service.manage.UserInfoService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.servlet.ModelAndView;
|
||||
|
||||
import com.zyplayer.doc.core.json.DocResponseJson;
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
@RestController
|
||||
public class LoginController {
|
||||
private RequestCache requestCache = new HttpSessionRequestCache();
|
||||
|
||||
@Autowired
|
||||
private UserInfoService userInfoService;
|
||||
@Autowired
|
||||
private UserAuthService userAuthService;
|
||||
@Autowired
|
||||
private AuthInfoService authInfoService;
|
||||
|
||||
@GetMapping(value = "/login")
|
||||
public ModelAndView loginPage(HttpServletRequest request) {
|
||||
public ModelAndView loginPage() {
|
||||
return new ModelAndView("/statics/manage/login.html");
|
||||
}
|
||||
|
||||
// @PostMapping(value = "/logout")
|
||||
// public DocResponseJson<Object> logout(HttpServletRequest request) {
|
||||
//
|
||||
// return DocResponseJson.ok();
|
||||
// }
|
||||
|
||||
/**
|
||||
* 如果是访问受限页面后,跳转到登录页的,则在targetUrl保存之前受限页面的路径,供页面调用
|
||||
*
|
||||
* @param request
|
||||
* @param response
|
||||
* @return
|
||||
*/
|
||||
@GetMapping(value = "/login/success")
|
||||
public DocResponseJson<String> loginSuccess(HttpServletRequest request, HttpServletResponse response) {
|
||||
SavedRequest savedRequest = requestCache.getRequest(request, response);
|
||||
String targetUrl = null;
|
||||
if (savedRequest != null) {
|
||||
targetUrl = savedRequest.getRedirectUrl();
|
||||
@PostMapping(value = "/login")
|
||||
public DocResponseJson<Object> login(String userNo, HttpServletResponse response) {
|
||||
QueryWrapper<UserInfo> queryWrapper = new QueryWrapper<>();
|
||||
queryWrapper.eq("user_no", userNo);
|
||||
UserInfo userInfo = userInfoService.getOne(queryWrapper);
|
||||
if (userInfo == null) {
|
||||
return DocResponseJson.warn("用户名'" + userNo + "'没有找到!");
|
||||
}
|
||||
if (StringUtils.isBlank(targetUrl)) {
|
||||
targetUrl = "/";
|
||||
QueryWrapper<UserAuth> authWrapper = new QueryWrapper<>();
|
||||
authWrapper.eq("user_id", userInfo.getId()).eq("del_flag", "0");
|
||||
List<UserAuth> userAuthList = userAuthService.list(authWrapper);
|
||||
Set<String> userAuthSet = Collections.emptySet();
|
||||
if (userAuthList != null && userAuthList.size() > 0) {
|
||||
List<Long> authIdList = userAuthList.stream().map(UserAuth::getAuthId).collect(Collectors.toList());
|
||||
Collection<AuthInfo> authInfoList = authInfoService.listByIds(authIdList);
|
||||
userAuthSet = authInfoList.stream().map(AuthInfo::getAuthName).collect(Collectors.toSet());
|
||||
}
|
||||
return DocResponseJson.ok(targetUrl);
|
||||
String accessToken = RandomUtil.simpleUUID();
|
||||
DocUserDetails userDetails = new DocUserDetails(userInfo.getId(), userInfo.getUserName(), userInfo.getPassword(), true, userAuthSet);
|
||||
DocUserUtil.setCurrentUser(accessToken, userDetails);
|
||||
// 放入cookie,过期时间:24小时
|
||||
Cookie cookie = new Cookie("accessToken", accessToken);
|
||||
cookie.setPath("/");
|
||||
cookie.setDomain("zyplayer.com");
|
||||
cookie.setMaxAge(60 * 60 * 24);
|
||||
response.addCookie(cookie);
|
||||
return DocResponseJson.ok();
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取异常信息返回给页面
|
||||
*
|
||||
* @param request
|
||||
* @param response
|
||||
* @return
|
||||
*/
|
||||
@GetMapping(value = "/login/failure")
|
||||
public DocResponseJson<String> loginFailure(HttpServletRequest request, HttpServletResponse response) {
|
||||
AuthenticationException ae = (AuthenticationException) request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION);
|
||||
return DocResponseJson.warn(ae.getMessage());
|
||||
@PostMapping(value = "/logout")
|
||||
public DocResponseJson<Object> logout() {
|
||||
DocUserUtil.logout();
|
||||
return DocResponseJson.ok();
|
||||
}
|
||||
}
|
||||
@@ -3,6 +3,7 @@ package com.zyplayer.doc.manage.web.manage;
|
||||
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
|
||||
import com.zyplayer.doc.core.json.DocResponseJson;
|
||||
import com.zyplayer.doc.core.json.ResponseJson;
|
||||
import com.zyplayer.doc.data.aspect.AuthMan;
|
||||
import com.zyplayer.doc.data.config.security.DocUserDetails;
|
||||
import com.zyplayer.doc.data.config.security.DocUserUtil;
|
||||
import com.zyplayer.doc.data.repository.manage.entity.AuthInfo;
|
||||
@@ -10,7 +11,6 @@ import com.zyplayer.doc.data.repository.manage.entity.UserAuth;
|
||||
import com.zyplayer.doc.data.service.manage.AuthInfoService;
|
||||
import com.zyplayer.doc.data.service.manage.UserAuthService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
@@ -21,7 +21,7 @@ import java.util.stream.Collectors;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/user/auth")
|
||||
@PreAuthorize("hasAuthority('AUTH_ASSIGN')")
|
||||
@AuthMan("AUTH_ASSIGN")
|
||||
public class UserAuthController {
|
||||
|
||||
@Autowired
|
||||
|
||||
@@ -3,6 +3,7 @@ package com.zyplayer.doc.manage.web.manage;
|
||||
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
|
||||
import com.zyplayer.doc.core.json.DocResponseJson;
|
||||
import com.zyplayer.doc.core.json.ResponseJson;
|
||||
import com.zyplayer.doc.data.aspect.AuthMan;
|
||||
import com.zyplayer.doc.data.config.security.DocUserDetails;
|
||||
import com.zyplayer.doc.data.config.security.DocUserUtil;
|
||||
import com.zyplayer.doc.data.repository.manage.entity.AuthInfo;
|
||||
@@ -15,7 +16,6 @@ import com.zyplayer.doc.manage.web.manage.vo.AuthInfoVo;
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.dozer.Mapper;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.util.DigestUtils;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@@ -27,7 +27,7 @@ import java.util.stream.Collectors;
|
||||
|
||||
@RestController
|
||||
@RequestMapping("/user/info")
|
||||
@PreAuthorize("hasAuthority('USER_MANAGE')")
|
||||
@AuthMan("USER_MANAGE")
|
||||
public class UserInfoController {
|
||||
|
||||
@Autowired
|
||||
|
||||
Reference in New Issue
Block a user