pengjunjie/JeecgBoot
1
0
Fork 1
mirror of https://github.com/jeecgboot/JeecgBoot.git synced 2026-01-04 04:45:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: pengjunjie:ed87ac3bffca70eaec4a8eeba72842d4e0fedc84
Branches Tags
pengjunjie:dependabot/npm_and_yarn/jeecgboot-vue3/qs-6.14.1 pengjunjie:main pengjunjie:main-jeecg-ai pengjunjie:springboot3-satoken pengjunjie:springboot3_sas pengjunjie:springboot2
pengjunjie:v3.9.0 pengjunjie:v3.8.3.1 pengjunjie:v3.8.3springboot3sas pengjunjie:v3.8.3 pengjunjie:v3.8.2last_springboot3 pengjunjie:v3.8.2last_springboot2 pengjunjie:v3.8.2 pengjunjie:v3.8.1 pengjunjie:v3.8.0last pengjunjie:v3.8.0last_springboot3 pengjunjie:v3.8.0last_springboot3sas pengjunjie:v3.7.3springboot3 pengjunjie:v3.8.0 pengjunjie:v3.7.4 pengjunjie:v3.7.3springboot3sas pengjunjie:v3.7.1SpringBoot3sas pengjunjie:v3.7.1springboot3 pengjunjie:v3.7.3 pengjunjie:v3.7.2 pengjunjie:v3.7.1last pengjunjie:v3.7.0last_springboot3 pengjunjie:v3.7.1 pengjunjie:v3.7.0_all_last pengjunjie:v3.7.0last_springboot3sas pengjunjie:v3.7.0_springboot3sas_20240821 pengjunjie:v3.7.0_all pengjunjie:v3.7.0_springboot3sas pengjunjie:v3.7.0_springboot3 pengjunjie:v3.7.0 pengjunjie:v3.6.3_springboot3sas pengjunjie:v3.6.3last pengjunjie:v3.6.3_springboot3 pengjunjie:v3.6.3 pengjunjie:v3.6.2_springboot3 pengjunjie:v3.6.2last pengjunjie:v3.6.2 pengjunjie:v3.6.1last pengjunjie:v3.6.1 pengjunjie:v3.6.0 pengjunjie:v3.5.5last pengjunjie:v3.5.5 pengjunjie:v3.5.3 pengjunjie:v3.5.1last pengjunjie:v3.5.1 pengjunjie:v3.5.0 pengjunjie:v3.4.4last pengjunjie:v3.4.4 pengjunjie:v3.4.3last pengjunjie:v3.4.3 pengjunjie:v3.4.2 pengjunjie:v3.4.0 pengjunjie:v3.3.0 pengjunjie:v3.2.0 pengjunjie:v3.1.0 pengjunjie:v3.0.0 pengjunjie:v3.0 pengjunjie:v2.4.6 pengjunjie:2.4.5 pengjunjie:v2.4.5 pengjunjie:v2.4.3 pengjunjie:v2.4.2 pengjunjie:v2.4.1 pengjunjie:2.4.1 pengjunjie:2.4.0 pengjunjie:v2.3.0 pengjunjie:2.3.0 pengjunjie:v2.3 pengjunjie:v2.2.1 pengjunjie:2.2.0 pengjunjie:v2.1.4 pengjunjie:v2.1.3 pengjunjie:v2.1.2 pengjunjie:v2.1.1 pengjunjie:v2.1.0 pengjunjie:v2.0.2
..
compare: pengjunjie:v3.8.3springboot3sas
Branches Tags
pengjunjie:dependabot/npm_and_yarn/jeecgboot-vue3/qs-6.14.1 pengjunjie:main pengjunjie:main-jeecg-ai pengjunjie:springboot3-satoken pengjunjie:springboot3_sas pengjunjie:springboot2
pengjunjie:v3.9.0 pengjunjie:v3.8.3.1 pengjunjie:v3.8.3springboot3sas pengjunjie:v3.8.3 pengjunjie:v3.8.2last_springboot3 pengjunjie:v3.8.2last_springboot2 pengjunjie:v3.8.2 pengjunjie:v3.8.1 pengjunjie:v3.8.0last pengjunjie:v3.8.0last_springboot3 pengjunjie:v3.8.0last_springboot3sas pengjunjie:v3.7.3springboot3 pengjunjie:v3.8.0 pengjunjie:v3.7.4 pengjunjie:v3.7.3springboot3sas pengjunjie:v3.7.1SpringBoot3sas pengjunjie:v3.7.1springboot3 pengjunjie:v3.7.3 pengjunjie:v3.7.2 pengjunjie:v3.7.1last pengjunjie:v3.7.0last_springboot3 pengjunjie:v3.7.1 pengjunjie:v3.7.0_all_last pengjunjie:v3.7.0last_springboot3sas pengjunjie:v3.7.0_springboot3sas_20240821 pengjunjie:v3.7.0_all pengjunjie:v3.7.0_springboot3sas pengjunjie:v3.7.0_springboot3 pengjunjie:v3.7.0 pengjunjie:v3.6.3_springboot3sas pengjunjie:v3.6.3last pengjunjie:v3.6.3_springboot3 pengjunjie:v3.6.3 pengjunjie:v3.6.2_springboot3 pengjunjie:v3.6.2last pengjunjie:v3.6.2 pengjunjie:v3.6.1last pengjunjie:v3.6.1 pengjunjie:v3.6.0 pengjunjie:v3.5.5last pengjunjie:v3.5.5 pengjunjie:v3.5.3 pengjunjie:v3.5.1last pengjunjie:v3.5.1 pengjunjie:v3.5.0 pengjunjie:v3.4.4last pengjunjie:v3.4.4 pengjunjie:v3.4.3last pengjunjie:v3.4.3 pengjunjie:v3.4.2 pengjunjie:v3.4.0 pengjunjie:v3.3.0 pengjunjie:v3.2.0 pengjunjie:v3.1.0 pengjunjie:v3.0.0 pengjunjie:v3.0 pengjunjie:v2.4.6 pengjunjie:2.4.5 pengjunjie:v2.4.5 pengjunjie:v2.4.3 pengjunjie:v2.4.2 pengjunjie:v2.4.1 pengjunjie:2.4.1 pengjunjie:2.4.0 pengjunjie:v2.3.0 pengjunjie:2.3.0 pengjunjie:v2.3 pengjunjie:v2.2.1 pengjunjie:2.2.0 pengjunjie:v2.1.4 pengjunjie:v2.1.3 pengjunjie:v2.1.2 pengjunjie:v2.1.1 pengjunjie:v2.1.0 pengjunjie:v2.0.2

140 Commits
ed87ac3bff ... v3.8.3spri

Author SHA1 Message Date
JEECG
d988a637b2 替换sas的注解 2025-11-13 09:56:28 +08:00
JEECG
33cbc6e25b Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 2025-11-10 15:56:21 +08:00
JEECG
d715c7a0ac rollup版本号固定4.52.5,rollup-plugin-visualizer固定5.14.0,导致打包失败 2025-11-10 15:54:36 +08:00
JEECG
aca407e1ce AI实战编程教程:JEECG低代码与Cursor+GitHub Copilot实现AI高效编程实战 2025-10-31 11:31:10 +08:00
JEECG
cfea79a187 修复功能菜单“系统管理”-“部门管理”,用户列表中,编辑用户界面-用户账号为空 #9032 2025-10-30 22:26:55 +08:00
JEECG
7848d1fb33 lock版本更新 2025-10-28 22:59:47 +08:00
JEECG
91fa645878 3.8.3-master分支:租户用户 菜单下 新增用户报错 #9039 2025-10-28 13:40:27 +08:00
JEECG
5bcb649384 Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 2025-10-22 09:32:55 +08:00
JEECG
c9fc948658 更新jimureport和jimubi的版本号至2.1.5 2025-10-21 17:44:28 +08:00
JEECG
b97d041e7f 更新springboot3版本号 2025-10-17 19:31:53 +08:00
JEECG
6492f2c99a 更新README.md,修正Sa-Token下载链接格式 2025-10-16 19:13:47 +08:00
JEECG
bf32385a06 更新README.md,调整下载链接顺序 2025-10-16 19:12:11 +08:00
JEECG
6ef637c46f 提供SpringBoot3.3 + Sa-Token版本 2025-10-16 19:05:59 +08:00
JEECG
d02753ce50 Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 2025-10-09 11:48:54 +08:00
JEECG
0bfe5689cc Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 
# Conflicts:
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
 2025-09-28 21:59:14 +08:00
JEECG
aa55c3a86c Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 2025-09-25 15:22:55 +08:00
JEECG
6a6d29254b 【v3.8.3版本发布】 
Merge remote-tracking branch 'origin/springboot3' into springboot3_sas

# Conflicts:
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/CommonAPI.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/JwtUtil.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/vo/LoginUser.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/filters/JwtFilter.java
#	jeecg-boot/jeecg-module-system/jeecg-system-api/jeecg-system-cloud-api/src/main/java/org/jeecg/common/system/api/ISysBaseAPI.java
#	jeecg-boot/jeecg-module-system/jeecg-system-api/jeecg-system-cloud-api/src/main/java/org/jeecg/common/system/api/fallback/SysBaseAPIFallback.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/api/controller/SystemApiController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysLogController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserAgentController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/entity/SysDataLog.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysAnnouncementServiceImpl.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysBaseApiImpl.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysTenantPackServiceImpl.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysUserDepartServiceImpl.java
#	jeecg-boot/jeecg-module-system/jeecg-system-start/src/main/resources/application-docker.yml
#	jeecg-boot/pom.xml
 2025-09-24 18:24:19 +08:00
JEECG
c4a87d7c58 swagger请求,token无效还是返回了下载文件,期望返回401 #8767 2025-09-02 14:49:14 +08:00
JEECG
47107a53c2 Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 
# Conflicts:
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/Swagger3Config.java
 2025-08-13 18:16:31 +08:00
JEECG
52cd43d17c sas版本,swagger接口测试token无效返回下载文件,应该返回401错误json 2025-08-13 17:49:36 +08:00
JEECG
7ff70930ef swagger上选择的接口和实际接口不对应 #8705 2025-08-13 17:21:46 +08:00
JEECG
45f83dff43 # Conflicts: 
#	jeecg-boot/jeecg-boot-base-core/pom.xml
 2025-08-13 16:45:40 +08:00
JEECG
fcbaed2f7f fix(xxljob): 修复因 factoryBeanObjectType 导致的启动失败 #8550 2025-08-13 00:04:28 +08:00
JEECG
4acd5b3464 Squashed commit of the following: 
升级seata到1.7.0;升级dynamic-datasource-spring-boot-starter到3.5.2
    支持多字段默认排序defSort数组、解决多列排序无效 #8659
    支持多字段默认排序defSort数组
    提供JeecgBoot 运行环境python检查脚本
    提供jeecgboot-oracle11g.dmp
 2025-08-12 09:43:20 +08:00
JEECG
e10df20e98 引入jeecg-boot-starter-job依赖启动报错 #8694 2025-08-08 22:23:25 +08:00
JEECG
d0f85ccc7e Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 2025-08-07 18:18:56 +08:00
JEECG
d12fe9d8de 模型配置-无法添加模型-接口存在问题 #8677 2025-08-06 11:04:54 +08:00
JEECG
223d374edd Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 2025-08-04 18:45:21 +08:00
JEECG
7f011f199e yaml加入security配置 2025-08-03 12:52:40 +08:00
JEECG
873b8bd823 Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 2025-08-03 12:52:21 +08:00
JEECG
2f3aff9584 yaml加入security配置 2025-08-03 10:37:08 +08:00
JEECG
1f74cb538f Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 2025-08-03 10:33:40 +08:00
JEECG
2cce917ab2 Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 2025-08-03 10:11:35 +08:00
JEECG
fd320be203 Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 2025-08-01 17:21:25 +08:00
JEECG
6e5c0eebce JEECG Boot 一键docker启动脚本 2025-08-01 17:05:44 +08:00
JEECG
cae8e7e8d2 【合并v3.8.2 docker-compose优化配置】 
Squashed commit of the following:

commit e70844ce61
Merge: e00ffa26 676fffa2
Author: JEECG <445654970@qq.com>
Date:   Fri Aug 1 10:54:33 2025 +0800

    【合并v3.8.2 docker-compose优化配置】
    Merge remote-tracking branch 'origin/master' into springboot3

    # Conflicts:
    #	jeecg-boot/jeecg-boot-base-core/pom.xml
    #	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/Swagger3Config.java
    #	jeecg-boot/jeecg-module-system/jeecg-system-start/Dockerfile
    #	jeecg-boot/jeecg-module-system/jeecg-system-start/src/main/java/org/jeecg/JeecgSystemApplication.java
    #	jeecg-boot/jeecg-module-system/jeecg-system-start/src/main/resources/application-docker.yml
    #	jeecg-boot/jeecg-server-cloud/jeecg-visual/jeecg-cloud-sentinel/pom.xml
    #	jeecg-boot/pom.xml

commit e00ffa2670
Author: JEECG <445654970@qq.com>
Date:   Fri Aug 1 10:46:07 2025 +0800

    升级autopoi到1.4.14最新版

commit 676fffa2c8
Author: JEECG <445654970@qq.com>
Date:   Thu Jul 31 22:47:01 2025 +0800

    docker-compose增加jeecg-boot-pgvector

commit 23cc569a47
Author: JEECG <445654970@qq.com>
Date:   Thu Jul 31 18:12:57 2025 +0800

    docker system日志中文乱码解决

commit dafacf153b
Author: JEECG <445654970@qq.com>
Date:   Thu Jul 31 18:12:41 2025 +0800

    升级版本号到3.8.2

commit 7a9f357510
Author: JEECG <445654970@qq.com>
Date:   Thu Jul 31 17:56:40 2025 +0800

    更新v3.8.2 功能清单

commit f30a8c658a
Author: JEECG <445654970@qq.com>
Date:   Thu Jul 31 11:35:16 2025 +0800

    数据库缺少openapi微服务网关配置

commit e84d7726d2
Author: JEECG <445654970@qq.com>
Date:   Thu Jul 31 10:20:09 2025 +0800

    后台接口地址修改

commit 0f39802698
Author: JEECG <445654970@qq.com>
Date:   Thu Jul 31 09:56:24 2025 +0800

    docker自动化部署命令

commit a014a3ed0e
Author: JEECG <445654970@qq.com>
Date:   Wed Jul 30 21:55:16 2025 +0800

    v3.8.2 优化一键docker启动前后端

commit 5720d1a01e
Author: JEECG <445654970@qq.com>
Date:   Wed Jul 30 19:26:38 2025 +0800

    升级版本号到3.8.2

commit 5eed6ac6d2
Author: JEECG <445654970@qq.com>
Date:   Wed Jul 30 18:49:29 2025 +0800

    升级版本号到3.8.2

commit 0cfa1e223a
Author: JEECG <445654970@qq.com>
Date:   Wed Jul 30 18:28:10 2025 +0800

    v3.8.2 系统通知改造支持分类

commit 219869f4c0
Author: JEECG <445654970@qq.com>
Date:   Wed Jul 30 18:25:58 2025 +0800

    v3.8.2 版本前端代码

commit e6edde963a
Author: JEECG <445654970@qq.com>
Date:   Wed Jul 30 18:25:46 2025 +0800

    v3.8.2 版本后端代码

commit c44b66128e
Author: JEECG <445654970@qq.com>
Date:   Wed Jul 30 18:23:09 2025 +0800

    XXL-JOB(2.4.0 及以上)已被移除,分片参数获取方式变更。

commit 9356b04741
Author: JEECG <445654970@qq.com>
Date:   Wed Jul 30 10:57:52 2025 +0800

    升级online到3.8.2-beta

commit d0a094f9a3
Author: JEECG <445654970@qq.com>
Date:   Wed Jul 30 10:57:31 2025 +0800

    升级mybatis-plus到3.5.12、升级jsqlparser到4.9

commit 73eb625737
Author: JEECG <445654970@qq.com>
Date:   Wed Jul 30 09:51:34 2025 +0800

    升级jimureport到v2.1.1

commit 74880705b8
Author: JEECG <445654970@qq.com>
Date:   Wed Jul 30 09:18:46 2025 +0800

    升级online到3.8.2-beta

# Conflicts:
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
 2025-08-01 10:56:21 +08:00
JEECG
ada97acb04 【合并v3.8.2版本代码】 Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 
# Conflicts:
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
#	jeecg-boot/jeecg-module-system/jeecg-system-api/jeecg-system-cloud-api/src/main/java/org/jeecg/common/system/api/fallback/SysBaseAPIFallback.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysRoleIndexController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ThirdAppController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysBaseApiImpl.java
#	jeecg-boot/jeecg-module-system/jeecg-system-start/src/main/resources/banner.txt
 2025-07-31 16:10:56 +08:00
JEECG
01547ef83e Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 2025-07-30 09:14:08 +08:00
JEECG
b3ed442b55 Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 
# Conflicts:
#	jeecg-boot/jeecg-boot-base-core/pom.xml
 2025-07-25 14:10:51 +08:00
JEECG
9cca8f8719 Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 2025-07-25 13:26:18 +08:00
JEECG
ae6069882f TODO 暂时注释掉,for:【issues/8638】springboot3分支,knife4j不能正确显示文档,但是swagger-ui和v3/api-docs正常 #8638 2025-07-24 18:36:21 +08:00
JEECG
f0a5edaa49 启动democloud服务时出现循环依赖报错 #8573 2025-07-11 10:45:56 +08:00
JEECG
ab98b26cac 【合并升级v3.8.1】 
Merge remote-tracking branch 'origin/springboot3' into springboot3_sas

# Conflicts:
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDataSourceController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartPermissionController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartRoleController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysRoleIndexController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTableWhiteListController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysUserServiceImpl.java
 2025-07-08 18:32:55 +08:00
JEECG
64b3c9e42e 解决积木报表springboot3 找不到类base64utils #3834和SqlServer兼容问题 2025-06-05 15:45:31 +08:00
JEECG
8eb81493ce ai流程脚本节点执行报错 2025-05-28 11:28:55 +08:00
JEECG
044fc47586 ai ⼯作流使⽤知识库报错"白名单未通过" 2025-05-27 17:58:02 +08:00
JEECG
bbe18c582c 访问Swagger接口不带doc.html后缀,会丢失项目前缀/jeecg-boot/导致测试接口,返回下载文件 2025-05-26 19:17:00 +08:00
JEECG
b894125b53 【升级到springboot 3.4.5】 
Merge remote-tracking branch 'origin/springboot3' into springboot3_sas

# Conflicts:
#	jeecg-boot/jeecg-boot-base-core/pom.xml
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/encryption/AesEncryptUtil.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
#	jeecg-boot/jeecg-module-system/jeecg-system-start/src/main/resources/application-prod.yml
 2025-05-22 11:25:00 +08:00
JEECG
2e236703b2 升级spring-boot-starter-parent版本至2.7.18 2025-05-19 18:04:16 +08:00
JEECG
a771d24a57 升级knife4j-spring-boot-starter版本至4.5.0 2025-05-19 16:26:30 +08:00
JEECG
69f5d12de7 缺少的token排除请求 2025-05-19 16:26:13 +08:00
JEECG
5b5999e786 shiro排除配置改成security 2025-05-19 16:25:49 +08:00
JEECG
fc3fe39d95 升级mybatis为springboot3版本 2025-05-19 15:28:07 +08:00
JEECG
48e23aafab 【v3.8.0合并】Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 
# Conflicts:
#	jeecg-boot/jeecg-boot-base-core/pom.xml
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/encryption/AesEncryptUtil.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/firewall/interceptor/LowCodeModeInterceptor.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDataSourceController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartPermissionController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartRoleController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysRoleIndexController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTableWhiteListController.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysTenantPackServiceImpl.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/resources/jeecg/code-template-online/default/tree/java/${bussiPackage}/${entityPackage}/controller/${entityName}Controller.javai
#	jeecg-boot/jeecg-module-system/jeecg-system-start/src/main/resources/application-dev.yml
#	jeecg-boot/jeecg-module-system/jeecg-system-start/src/main/resources/application-prod.yml
#	jeecg-boot/jeecg-module-system/jeecg-system-start/src/test/java/org/jeecg/modules/system/test/InsertDemoTest.java
#	jeecg-boot/pom.xml
#	jeecgboot-vue3/pnpm-lock.yaml
 2025-05-19 13:52:08 +08:00
JEECG
657b84d3cf Merge pull request #8007 from EightMonth/springboot3_sas 
修复 CVE-2023-6378
 2025-03-25 16:02:45 +08:00
EightMonth
2021bf39f8 修复 CVE-2023-6378 2025-03-25 16:00:14 +08:00
JEECG
fdeb37c3d0 Merge pull request #8005 from EightMonth/springboot3_sas 
jeewx-api修改成weixin4j
 2025-03-25 14:19:33 +08:00
EightMonth
f9123208e1 jeewx-api修改成weixin4j 2025-03-25 14:15:05 +08:00
JEECG
accb8f2f9f Merge pull request #7950 from EightMonth/springboot3_sas 
解决严重bug,War包方式部署,服务启动报错
 2025-03-12 15:28:44 +08:00
JEECG
c643994546 解决严重bug,War包方式部署,服务启动报错 2025-03-12 14:16:50 +08:00
JEECG
6934a0adee Merge pull request #7875 from EightMonth/springboot3_sas 
修复 #7613
 2025-03-03 17:05:12 +08:00
EightMonth
93e32a7177 Merge branch 'springboot3' into springboot3_sas 2025-03-03 14:30:40 +08:00
JEECG
c9f5bb4409 【3.7.3 版本合并升级】 
Merge remote-tracking branch 'origin/springboot3' into springboot3_sas

# Conflicts:
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/JwtUtil.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
#	jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysTenantPackServiceImpl.java
#	jeecgboot-vue3/package.json
 2025-02-24 18:24:51 +08:00
JEECG
10b68858d6 Merge pull request #7796 from EightMonth/springboot3_sas 
固定vue-router版本号
 2025-02-11 14:49:17 +08:00
EightMonth
da72e8f9c5 Update package.json 2025-02-11 14:27:40 +08:00
EightMonth
73e86686dc 固定vue-router版本号 2025-02-11 09:25:59 +08:00
JEECG
f43d0d486b Merge pull request #7378 from EightMonth/springboot3_sas 
分布式事务demo修复
 2024-11-20 17:42:55 +08:00
EightMonth
65bde3331b 修复#7459,修复sas分支 @ignoreauth注解无效 2024-11-20 11:08:53 +08:00
EightMonth
b60942aa86 分布式事务demo修复 2024-10-24 10:48:00 +08:00
EightMonth
197b267e71 分布式事务demo修复 2024-10-24 09:19:49 +08:00
JEECG
79f7134bd5 【springboot3分支 issues/7353】The bean 'dataSource', defined in class path resource #7353 2024-10-19 19:30:05 +08:00
JEECG
6d432bc186 Merge pull request #7332 from EightMonth/springboot3_sas 
修复redis序列化认证信息问题
 2024-10-11 16:33:11 +08:00
EightMonth
415307eb9f 修复redis序列化认证信息问题 2024-10-11 16:27:28 +08:00
JEECG
48e20b2af5 Merge pull request #7329 from EightMonth/springboot3_sas 
Revert "修复redis序列化认证信息问题"
 2024-10-11 15:03:12 +08:00
EightMonth
b7924b9ca8 Revert "修复redis序列化认证信息问题" 
This reverts commit 4aa88189ed.
 2024-10-11 14:59:11 +08:00
JEECG
a10a2e0a9d Merge pull request #7327 from EightMonth/springboot3_sas 
修复redis序列化认证信息问题
 2024-10-11 13:44:54 +08:00
EightMonth
4aa88189ed 修复redis序列化认证信息问题 2024-10-11 11:43:05 +08:00
JEECG
fdb05443c2 【版本合并】springboot3 sas升级到3.7.1 2024-10-10 22:48:10 +08:00
JEECG
65d737db6d Merge remote-tracking branch 'origin/springboot3_sas' into springboot3_sas 2024-08-21 15:22:11 +08:00
JEECG
f04f7f9abf Merge pull request #6899 from EightMonth/springboot3_sas 
缩短token长度,适配主分支前端页面登录
 2024-08-21 15:14:01 +08:00
EightMonth
935e118d15 sas分支前端同步master分支 2024-08-21 12:46:58 +08:00
EightMonth
e218367332 登出及强退逻辑完善 2024-08-21 11:22:13 +08:00
JEECG
3a3f3cf367 升级积木报表到v1.8.0 2024-08-20 16:41:14 +08:00
EightMonth
0e762b4157 缩短token长度,适配主分支前端页面登录 2024-07-15 17:11:05 +08:00
JEECG
f4712baa39 Merge pull request #6879 from EightMonth/springboot3_sas 
修复访问仪表盘401
 2024-07-10 16:23:48 +08:00
EightMonth
7d8b653d6e 修复访问仪表盘401 2024-07-10 16:22:10 +08:00
JEECG
cf7f3f94be Merge pull request #6878 from EightMonth/springboot3_sas 
修复访问仪表盘401问题
 2024-07-10 16:03:19 +08:00
EightMonth
49f63b92ac 修复访问仪表盘401问题 2024-07-10 16:01:57 +08:00
JEECG
5670a15b20 Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 2024-07-08 12:28:17 +08:00
JEECG
9e9ef20b7c 改法不兼容,暂时先还原 2024-07-03 14:35:44 +08:00
JEECG
0c034031d1 Merge branch 'springboot3_sas' of https://github.com/jeecgboot/jeecg-boot into springboot3_sas 2024-07-03 12:23:13 +08:00
JEECG
491a038b5a 增加仪表盘的请求排除 2024-07-03 12:22:43 +08:00
JEECG
8a4fcb0023 Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 2024-07-03 12:02:32 +08:00
JEECG
e93dcc1a7e Merge pull request #6660 from EightMonth/springboot3_sas 
修复redis反序列化时间问题
 2024-06-27 18:33:16 +08:00
kezhijie
383cbf250f 修复redis反序列化时间问题 2024-06-27 18:09:54 +08:00
JEECG
9fe1450ac9 Merge pull request #6646 from EightMonth/springboot3_sas 
sas实现免登录注解
 2024-06-25 17:38:48 +08:00
kezhijie
88b9b12998 sas实现免登录注解 2024-06-25 17:32:57 +08:00
JEECG
9e25566271 【重要更新】vue3前端为了适配springboot3 sas分支(Spring Authorization Server)特定修改 2024-06-23 11:25:55 +08:00
JEECG
8e54e06978 Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 2024-06-23 11:23:34 +08:00
JEECG
e5c082ae13 版本合并前端和后端放到一起 2024-06-23 10:35:53 +08:00
JEECG
96ab98ac3e Merge remote-tracking branch 'origin/springboot3' into springboot3_sas 
# Conflicts:
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgCaptchaException.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/JwtToken.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/filters/CustomShiroFilterFactoryBean.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/filters/JwtFilter.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/filters/ResourceCheckFilter.java
#	jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/vo/Shiro.java
 2024-06-23 10:29:34 +08:00
JEECG
1632c241ee 修改nacos命名空间springboot3的id也是springboot3,方便理解 2024-06-22 23:23:55 +08:00
JEECG
e9d05b0e75 访问积木报表提示token无权限,原因TokenUtils.getLoginUser方法报错 2024-06-22 22:59:34 +08:00
JEECG
6ade7e22f8 积木报表扩展实现类放开注释 2024-06-22 20:06:13 +08:00
JEECG
43d47c08cb 【jeecgboot 3.7.0里程碑版本发布——合并springboot3sas分支】 
Merge remote-tracking branch 'origin/springboot3' into springboot3_sas

# Conflicts:
#	.gitignore
#	db/tables_nacos.sql
#	jeecg-boot-base-core/pom.xml
#	jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/AutoLogAspect.java
#	jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgBootExceptionHandler.java
#	jeecg-boot-base-core/src/main/java/org/jeecg/config/DruidWallConfigRegister.java
#	jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
#	jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
#	jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/filters/JwtFilter.java
#	jeecg-boot-base-core/src/main/java/org/jeecg/modules/base/service/impl/BaseCommonServiceImpl.java
#	jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java
#	jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysAnnouncementController.java
#	jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartController.java
#	jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartRoleController.java
#	jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDictController.java
#	jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysPermissionController.java
#	jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTableWhiteListController.java
#	jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java
#	jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java
#	jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysAnnouncementServiceImpl.java
#	jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysDepartServiceImpl.java
#	jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysTenantPackServiceImpl.java
#	jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysTenantServiceImpl.java
#	jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/service/impl/SysUserDepartServiceImpl.java
#	jeecg-module-system/jeecg-system-start/src/main/resources/application-dev.yml
#	jeecg-module-system/jeecg-system-start/src/main/resources/application-prod.yml
#	jeecg-module-system/jeecg-system-start/src/main/resources/application-test.yml
#	pom.xml
 2024-06-22 19:55:35 +08:00
JEECG
e616c5d8fe Merge pull request #6243 from EightMonth/springboot3_sas 
sas兼容shiro处理
 2024-06-20 16:09:29 +08:00
EightMonth
cddf23c787 sas 兼容shiro处理 2024-05-31 14:29:21 +08:00
EightMonth
70a37309dd sas兼容shiro处理 2024-05-22 18:08:31 +08:00
JEECG
48555b5219 Merge pull request #6201 from EightMonth/springboot3_sas 
增加bug修复注释
 2024-04-30 14:25:10 +08:00
EightMonth
06d58f202f 增加bug修复注释 2024-04-30 14:07:59 +08:00
JEECG
628870af9b Merge pull request #6199 from EightMonth/springboot3_sas 
修复#6168\#6169\websocket连接问题
 2024-04-30 14:02:22 +08:00
EightMonth
b46a6438e6 修复#6168\#6169\websocket连接问题 2024-04-30 11:47:51 +08:00
JEECG
5488f99723 Merge pull request #6194 from EightMonth/springboot3_sas 
修复#6150,同时修复online表单无法加载问题
 2024-04-29 17:34:06 +08:00
EightMonth
6bc1fe8d21 修复#6150,同时修复online表单无法加载问题 2024-04-29 17:27:25 +08:00
JEECG
7cac16320c Merge pull request #6182 from EightMonth/springboot3_sas 
修复Online同步数据库
 2024-04-26 12:59:43 +08:00
EightMonth
24dbd1db39 修复Online同步数据库 2024-04-26 12:53:22 +08:00
JEECG
46b026b989 Merge pull request #6092 from EightMonth/springboot3_sas 
升级druid v1.2.22版本兼容处理
 2024-04-08 15:26:41 +08:00
EightMonth
94c45f5e0f 升级druid v1.2.22版本兼容处理 2024-04-08 14:11:39 +08:00
JEECG
8950e19d4e Merge pull request #6037 from EightMonth/springboot3_sas 
修复 #5936
 2024-03-25 15:00:06 +08:00
EightMonth
99eb88f71c 修复 #5936 2024-03-25 14:44:23 +08:00
JEECG
824d7839d8 Merge pull request #6014 from EightMonth/springboot3_sas 
支持手动生成token
 2024-03-22 16:18:29 +08:00
EightMonth
c88f9d95d4 支持手动生成token 2024-03-19 17:16:12 +08:00
JEECG
beb0bc2f64 Merge pull request #5995 from EightMonth/springboot3_sas 
移除权限不足异常堆栈,权限加载加入缓存
 2024-03-15 17:06:05 +08:00
EightMonth
f741db874c 移除权限不足异常堆栈,权限加载加入缓存 2024-03-15 13:55:58 +08:00
JEECG
d684c09392 Merge pull request #5965 from EightMonth/springboot3_sas 
新增token校验、客户端便捷工具类、修复登录缺乏租户信息、强退功能失效
 2024-03-12 14:27:11 +08:00
EightMonth
364be22dd0 新增token校验、客户端便捷工具类、修复登录缺乏租户信息、强退功能失效 2024-03-08 16:30:23 +08:00
JEECG
20efa3bf9a Merge pull request #5934 from EightMonth/springboot3_sas 
修正springboot3 sas默认配置
 2024-03-01 16:23:13 +08:00
EightMonth
c7977dda3d 添加nacos sql自动创建nacos库 2024-03-01 16:17:30 +08:00
EightMonth
c27c5a9a9b 梳理服务配置信息 2024-03-01 15:49:28 +08:00
EightMonth
0ab280f812 添加springboot3的配置变更 2024-03-01 14:59:40 +08:00
EightMonth
c3066dac17 修改认证异常类拦截 2024-03-01 14:51:16 +08:00
EightMonth
b650d512b3 修复 #5903 ,完善在微服务的sas认证 2024-03-01 14:51:09 +08:00
JEECG
925ec9447d Merge pull request #5819 from EightMonth/springboot3_sas 
打通三方登录&移除shiro
 2024-01-17 13:55:58 +08:00
EightMonth
411a73c1bf 移除shiro 2024-01-16 19:49:42 +08:00
EightMonth
84077e6e24 移除shiro 2024-01-16 19:49:15 +08:00
EightMonth
184cf97304 打通三方登录 2024-01-16 19:09:56 +08:00
JEECG
5f425b49b2 Merge pull request #5761 from EightMonth/springboot3_sas 
升级 spring authorization server
 2024-01-12 09:40:48 +08:00
EightMonth
3ac8ee304a 完全替换shiro权限注解,新增手机登录、APP登录 2024-01-12 09:26:30 +08:00
EightMonth
0faac01bb7 sas升级脚本 2024-01-04 11:27:33 +08:00
EightMonth
74d88a8fcc springboot sas升级 2024-01-04 11:27:23 +08:00
140 changed files with 6246 additions and 3803 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@ -13,4 +13,6 @@ os_del.cmd
os_del_doc.cmd
.svn
derby.log
*.log
.cursor
.history

3
README.md
View File

@ -50,7 +50,7 @@ JeecgBoot低代码平台兼容所有J2EE项目开发支持信创国产化
版本说明
-----------------------------------
|下载 | SpringBoot3.3 + Shiro |SpringBoot3.3+ SpringAuthorizationServer | SpringBoot3.3 + Sa-Token | SpringBoot2.7(JDK17/JDK8) |
|下载 | SpringBoot3.5 + Shiro |SpringBoot3.5+ SpringAuthorizationServer | SpringBoot3.5 + Sa-Token | SpringBoot2.7(JDK17/JDK8) |
|------|----------------|----------------------------|-------------------|--------------------------------------------|
| Github | [`springboot3`](https://github.com/jeecgboot/JeecgBoot/tree/springboot3) | [`springboot3_sas`](https://github.com/jeecgboot/JeecgBoot/tree/springboot3_sas) 分支 | [`springboot3-satoken`](https://github.com/jeecgboot/JeecgBoot/tree/springboot3-satoken) 分支|[`master`](https://github.com/jeecgboot/JeecgBoot) 分支|
| Gitee | [`springboot3`](https://gitee.com/jeecg/JeecgBoot/tree/springboot3/) | [`springboot3_sas`](https://gitee.com/jeecg/JeecgBoot/tree/springboot3_sas) 分支| [`springboot3-satoken`](https://gitee.com/jeecg/JeecgBoot/tree/springboot3-satoken) 分支|[`master`](https://gitee.com/jeecg/JeecgBoot) 分支 |
@ -83,6 +83,7 @@ JeecgBoot低代码平台兼容所有J2EE项目开发支持信创国产化
- 官方网站: [http://www.jeecg.com](http://www.jeecg.com)
- 在线演示: [平台演示](https://boot3.jeecg.com) | [APP演示](https://jeecg.com/appIndex)
- 入门指南: [快速入门](http://www.jeecg.com/doc/quickstart) | [代码生成使用](https://help.jeecg.com/java/codegen/online) | [开发文档](https://help.jeecg.com) | [AI应用手册](https://help.jeecg.com/aigc) | [视频教程](http://jeecg.com/doc/video)
- AI编程实战视频 [JEECG低代码与Cursor+GitHub Copilot实现AI高效编程实战](https://www.bilibili.com/video/BV11XyaBVEoH)
- 技术支持: [反馈问题](https://github.com/jeecgboot/JeecgBoot/issues/new?template=bug_report.md) | [低代码体验一分钟](https://jeecg.blog.csdn.net/article/details/106079007)
- QQ交流群 964611995、⑩716488839(满)、⑨808791225(满)、其他(满)

1
jeecg-boot/.gitignore vendored
View File

@ -13,3 +13,4 @@ os_del.cmd
os_del_doc.cmd
.svn
derby.log
*.log

368
jeecg-boot/Shiro到Sa-Token迁移指南.md
View File

@ -1,368 +0,0 @@
# `Shiro 到 Sa-Token 迁移指南`
本项目已从 **Apache Shiro 2.0.4** 迁移到 **Sa-Token 1.44.0**,采用 JWT-Simple 模式,完全兼容原 JWT token 格式。
---
## 📦 1. 依赖配置
### 1.1 Maven 依赖
移除 Shiro 相关依赖,新增:
```xml
<dependency>
<groupId>cn.dev33</groupId>
<artifactId>sa-token-spring-boot3-starter</artifactId>
<version>1.44.0</version>
</dependency>
<dependency>
<groupId>cn.dev33</groupId>
<artifactId>sa-token-redis-jackson</artifactId>
<version>1.44.0</version>
</dependency>
<dependency>
<groupId>cn.dev33</groupId>
<artifactId>sa-token-jwt</artifactId>
<version>1.44.0</version>
</dependency>
```
### 1.2 配置文件application.yml
```yaml
sa-token:
token-name: X-Access-Token
timeout: 2592000 # token有效期30天
is-concurrent: true # 允许同账号并发登录
token-style: jwt-simple # JWT模式兼容原格式
jwt-secret-key: "your-secret-key-here"
```
---
## 💡 2. 核心代码实现
### 2.1 登录逻辑(⚠️ 使用 username 作为 loginId
```java
// 从数据库查询用户信息
SysUser sysUser = userService.getUserByUsername(username);
// 执行登录自动完成Sa-Token登录 + 存储Session + 返回token
String token = LoginUserUtils.doLogin(sysUser);
// 返回token给前端
return Result.ok(token);
```
**💡 设计说明:**
- `doLogin()` 方法自动完成:
1. 调用 `StpUtil.login(username)` (使用 username 而非 userId
2. 调用 `setSessionUser()` 存储用户信息(自动清除 password 等15个字段
3. 返回生成的 token
- 减少 Redis 存储约 50%,密码不再存储到 Session
### 2.2 权限认证接口(⚠️ 必须手动实现缓存)
```java
@Component
public class StpInterfaceImpl implements StpInterface {
@Lazy @Resource
private CommonAPI commonApi;
private static final long CACHE_TIMEOUT = 60 * 60 * 24 * 30; // 30天
private static final String PERMISSION_CACHE_PREFIX = "satoken:user-permission:";
private static final String ROLE_CACHE_PREFIX = "satoken:user-role:";
@Override
@SuppressWarnings("unchecked")
public List<String> getPermissionList(Object loginId, String loginType) {
String username = loginId.toString();
String cacheKey = PERMISSION_CACHE_PREFIX + username;
SaTokenDao dao = SaManager.getSaTokenDao();
// 1. 先从缓存获取
List<String> permissionList = (List<String>) dao.getObject(cacheKey);
if (permissionList == null) {
// 2. 缓存未命中,查询数据库
log.warn("权限缓存未命中,查询数据库 [ username={} ]", username);
String userId = commonApi.getUserIdByName(username);
Set<String> permissionSet = commonApi.queryUserAuths(userId);
permissionList = new ArrayList<>(permissionSet);
// 3. 将结果缓存起来
dao.setObject(cacheKey, permissionList, CACHE_TIMEOUT);
}
return permissionList;
}
@Override
public List<String> getRoleList(Object loginId, String loginType) {
// 实现类似 getPermissionList(),使用 ROLE_CACHE_PREFIX
// 详见StpInterfaceImpl.java
}
// 清除缓存的静态方法
public static void clearUserCache(List<String> usernameList) {
SaTokenDao dao = SaManager.getSaTokenDao();
for (String username : usernameList) {
dao.deleteObject(PERMISSION_CACHE_PREFIX + username);
dao.deleteObject(ROLE_CACHE_PREFIX + username);
}
}
}
```
**⚠️ 关键:** Sa-Token 的 `StpInterface` **不提供自动缓存**,必须手动实现,否则每次请求都会查询数据库!
### 2.3 Filter 配置(支持 URL 参数传递 token
```java
@Bean
@Primary
public StpLogic getStpLogicJwt() {
return new StpLogicJwtForSimple() {
@Override
public String getTokenValue() {
SaRequest request = SaHolder.getRequest();
// 优先级Header > URL参数"token" > URL参数"X-Access-Token"
String tokenValue = request.getHeader(getConfigOrGlobal().getTokenName());
if (isEmpty(tokenValue)) {
tokenValue = request.getParam("token"); // 兼容 WebSocket、积木报表
}
if (isEmpty(tokenValue)) {
tokenValue = request.getParam(getConfigOrGlobal().getTokenName());
}
return isEmpty(tokenValue) ? super.getTokenValue() : tokenValue;
}
};
}
@Bean
public SaServletFilter getSaServletFilter() {
return new SaServletFilter()
.addInclude("/**")
.setExcludeList(getExcludeUrls()) // 排除登录、静态资源等
.setAuth(obj -> {
// 检查是否是免认证路径
String servletPath = SaHolder.getRequest().getRequestPath();
if (InMemoryIgnoreAuth.contains(servletPath)) {
return;
}
// ⚠️ 关键:如果请求带 token先切换到对应的登录会话
try {
String token = StpUtil.getTokenValue();
if (isNotEmpty(token)) {
Object loginId = StpUtil.getLoginIdByToken(token);
if (loginId != null) {
StpUtil.switchTo(loginId); // 切换登录会话
}
}
} catch (Exception e) {
log.debug("切换登录会话失败: {}", e.getMessage());
}
// 最终校验登录状态
StpUtil.checkLogin();
})
.setError(e -> {
// 返回401 JSON响应
SaHolder.getResponse()
.setStatus(401)
.setHeader("Content-Type", "application/json;charset=UTF-8");
return JwtUtil.responseErrorJson(401, "Token失效请重新登录!");
});
}
```
### 2.4 全局异常处理
```java
@ExceptionHandler(NotLoginException.class)
public Result<?> handleNotLoginException(NotLoginException e) {
log.warn("用户未登录或Token失效: {}", e.getMessage());
return Result.error(401, "Token失效请重新登录!");
}
@ExceptionHandler(NotPermissionException.class)
public Result<?> handleNotPermissionException(NotPermissionException e) {
log.warn("权限不足: {}", e.getMessage());
return Result.error(403, "用户权限不足,无法访问!");
}
```
---
## 🔄 3. API 迁移对照表
### 3.1 注解替换
| Shiro | Sa-Token | 说明 |
|-------|----------|------|
| `@RequiresPermissions("user:add")` | `@SaCheckPermission("user:add")` | 权限校验 |
| `@RequiresRoles("admin")` | `@SaCheckRole("admin")` | 角色校验 |
### 3.2 API 替换
| Shiro | Sa-Token | 说明 |
|-------|----------|------|
| `SecurityUtils.getSubject().getPrincipal()` | `LoginUserUtils.getSessionUser()` | 获取登录用户 |
| `Subject.login(token)` | `LoginUserUtils.doLogin(sysUser)` | 登录(推荐) |
| `Subject.login(token)` | `StpUtil.login(username)` | 登录底层API |
| `Subject.logout()` | `StpUtil.logout()` | 退出登录 |
| `Subject.isAuthenticated()` | `StpUtil.isLogin()` | 判断是否登录 |
| `Subject.hasRole("admin")` | `StpUtil.hasRole("admin")` | 判断角色 |
| `Subject.isPermitted("user:add")` | `StpUtil.hasPermission("user:add")` | 判断权限 |
---
## ⚠️ 4. 重要特性说明
### 4.1 JWT-Simple 模式特性
-**生成标准 JWT token**:与原 Shiro JWT 格式完全兼容
-**仍然检查 Redis Session**:支持强制退出(与纯 JWT 无状态模式不同)
-**支持 URL 参数传递**:兼容 WebSocket、积木报表等场景
- ⚠️ **非完全无状态**:依赖 Redis 存储会话和权限缓存
### 4.2 Session 数据优化
`LoginUserUtils.setSessionUser()` 会自动清除以下字段:
```
password, workNo, birthday, sex, email, phone, status,
delFlag, activitiSync, createTime, userIdentity, post,
telephone, clientId, mainDepPostId
```
**优势:**
- 减少 Redis 存储约 **50%**
- 密码不再存储在 Session 中,**安全性提升**
### 4.3 权限缓存动态更新
修改角色权限后,系统会自动清除受影响用户的权限缓存:
```java
// SysPermissionController.saveRolePermission() 中
@RequestMapping(value = "/saveRolePermission", method = RequestMethod.POST)
public Result<String> saveRolePermission(@RequestBody JSONObject json) {
String roleId = json.getString("roleId");
String permissionIds = json.getString("permissionIds");
String lastPermissionIds = json.getString("lastpermissionIds");
// 保存角色权限关系
sysRolePermissionService.saveRolePermission(roleId, permissionIds, lastPermissionIds);
// ⚠️ 关键:清除拥有该角色的所有用户的权限缓存
clearRolePermissionCache(roleId);
return Result.ok("保存成功!");
}
// 实现:查询该角色下的所有用户,批量清除缓存
private void clearRolePermissionCache(String roleId) {
List<String> usernameList = new ArrayList<>();
// 分页查询拥有该角色的用户
int pageNo = 1, pageSize = 100;
while (true) {
Page<SysUser> page = new Page<>(pageNo, pageSize);
IPage<SysUser> userPage = sysUserService.getUserByRoleId(page, roleId, null, null);
if (userPage.getRecords().isEmpty()) break;
for (SysUser user : userPage.getRecords()) {
usernameList.add(user.getUsername());
}
if (pageNo >= userPage.getPages()) break;
pageNo++;
}
// 批量清除用户权限和角色缓存
if (!usernameList.isEmpty()) {
StpInterfaceImpl.clearUserCache(usernameList);
}
}
```
**结果:** 权限变更立即生效,用户无需重新登录。
## ✅ 6. 测试清单
### 6.1 登录功能测试
| 测试项 | 测试状态 | 说明 |
|--------|---------|------|
| 账号密码登录 | ✅ 通过 | 验证 `/sys/login` 接口 |
| 手机号登录 | ✅ 通过 | 验证 `/sys/phoneLogin` 接口 |
| APP 登录 | ✅ 通过 | 验证 APP 端登录流程 |
| 扫码登录 | ✅ 通过 | 验证二维码扫码登录 |
| 第三方登录 | ⏳ 待测试 | 微信、QQ 等第三方登录 |
| 钉钉 OAuth2.0 登录 | ⏳ 待测试 | 钉钉授权登录流程 |
| 企业微信 OAuth2.0 登录 | ⏳ 待测试 | 企业微信授权登录流程 |
| CAS 单点登录 | ⏳ 待测试 | CAS 单点登录集成 |
### 6.2 核心功能测试
| 测试项 | 测试状态 | 说明 |
|--------|---------|------|
| Token 权限拦截 | ✅ 通过 | 无 token 或失效 token 返回 401 |
| 权限注解 `@SaCheckPermission` | ✅ 通过 | 无权限返回 403 |
| 角色注解 `@SaCheckRole` | ✅ 通过 | 无角色返回 403 |
| `@IgnoreAuth` 免认证 | ✅ 通过 | 无 token 也能正常访问 |
| 自动续期(操作不掉线) | ✅ 通过 | 活跃用户 token 自动续期 |
| 用户权限变更即刻生效 | ✅ 通过 | 修改角色权限后无需重新登录 |
| 积木报表 token 参数模式 | ✅ 通过 | `/jmreport/**?token=xxx` 正常访问 |
### 6.3 异步和网关测试
| 测试项 | 测试状态 | 说明 |
|--------|---------|------|
| 异步接口(`@Async` | ❌ 有问题 | **需排查:异步线程中获取登录用户失败** |
| Gateway 模式权限验证 | ⏳ 待测试 | 网关模式下的权限拦截 |
### 6.4 多租户测试
| 测试项 | 测试状态 | 说明 |
|--------|---------|------|
| 租户 ID 校验 | ⚠️ 缺失 | **需补充:校验用户 tenant_id 和前端传参一致性** |
### 6.5 测试说明
**✅ 通过** - 功能正常,符合预期
**❌ 有问题** - 功能异常,需要修复
**⏳ 待测试** - 尚未测试
**⚠️ 缺失** - 功能缺失,需要补充
---
## 📊 7. 迁移总结
| 优化项 | 说明 | 收益 |
|--------|------|------|
| **loginId 设计** | 使用 `username` 而非 `userId` | 语义清晰,与业务逻辑一致 |
| **Session 优化** | 清除 15 个不必要字段 | Redis 存储减少 50%,安全性提升 |
| **权限缓存** | 手动实现 30 天缓存 | 性能提升 99%,降低 DB 压力 |
| **权限实时更新** | 角色权限修改后自动清除缓存 | 无需重新登录即生效 |
| **URL Token 支持** | Filter 中实现 `switchTo` | 兼容 WebSocket、积木报表等场景 |
| **JWT 兼容** | JWT-Simple 模式 | 完全兼容原 JWT token 格式 |
---
## 📚 参考资料
- [Sa-Token 官方文档](https://sa-token.cc/)
- [Sa-Token JWT-Simple 模式](https://sa-token.cc/doc.html#/plugin/jwt-extend)
- [Sa-Token 权限缓存最佳实践](https://sa-token.cc/doc.html#/fun/jur-cache)

45
jeecg-boot/db/增量SQL/sas升级脚本.sql Normal file
View File

@ -0,0 +1,45 @@
CREATE TABLE `oauth2_registered_client` (
`id` varchar(100) NOT NULL,
`client_id` varchar(100) NOT NULL,
`client_id_issued_at` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
`client_secret` varchar(200) DEFAULT NULL,
`client_secret_expires_at` timestamp NULL DEFAULT NULL,
`client_name` varchar(200) NOT NULL,
`client_authentication_methods` varchar(1000) NOT NULL,
`authorization_grant_types` varchar(1000) NOT NULL,
`redirect_uris` varchar(1000) DEFAULT NULL,
`post_logout_redirect_uris` varchar(1000) DEFAULT NULL,
`scopes` varchar(1000) NOT NULL,
`client_settings` varchar(2000) NOT NULL,
`token_settings` varchar(2000) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
INSERT INTO `oauth2_registered_client`
(`id`,
`client_id`,
`client_id_issued_at`,
`client_secret`,
`client_secret_expires_at`,
`client_name`,
`client_authentication_methods`,
`authorization_grant_types`,
`redirect_uris`,
`post_logout_redirect_uris`,
`scopes`,
`client_settings`,
`token_settings`)
VALUES
('3eacac0e-0de9-4727-9a64-6bdd4be2ee1f',
'jeecg-client',
now(),
'secret',
null,
'3eacac0e-0de9-4727-9a64-6bdd4be2ee1f',
'client_secret_basic',
'refresh_token,authorization_code,password,app,phone,social',
'http://127.0.0.1:8080/jeecg-',
'http://127.0.0.1:8080/',
'*',
'{"@class":"java.util.Collections$UnmodifiableMap","settings.client.require-proof-key":false,"settings.client.require-authorization-consent":true}',
'{"@class":"java.util.Collections$UnmodifiableMap","settings.token.reuse-refresh-tokens":true,"settings.token.id-token-signature-algorithm":["org.springframework.security.oauth2.jose.jws.SignatureAlgorithm","RS256"],"settings.token.access-token-time-to-live":["java.time.Duration",300000.000000000],"settings.token.access-token-format":{"@class":"org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat","value":"self-contained"},"settings.token.refresh-token-time-to-live":["java.time.Duration",3600.000000000],"settings.token.authorization-code-time-to-live":["java.time.Duration",300000.000000000],"settings.token.device-code-time-to-live":["java.time.Duration",300000.000000000]}');

27
jeecg-boot/jeecg-boot-base-core/pom.xml
View File

@ -180,23 +180,26 @@
<artifactId>spring-boot-starter-quartz</artifactId>
</dependency>
<!-- Sa-Token 权限认证在线文档https://sa-token.cc -->
<!--JWT-->
<dependency>
<groupId>cn.dev33</groupId>
<artifactId>sa-token-spring-boot3-starter</artifactId>
<version>${sa-token.version}</version>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
<version>${java-jwt.version}</version>
</dependency>
<!-- Sa-Token 整合 Redis (使用 jackson 序列化方式) -->
<dependency>
<groupId>cn.dev33</groupId>
<artifactId>sa-token-redis-jackson</artifactId>
<version>${sa-token.version}</version>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-authorization-server</artifactId>
</dependency>
<!-- Sa-Token 整合 jwt (Simple模式)保持与原JWT token格式兼容 -->
<dependency>
<groupId>cn.dev33</groupId>
<artifactId>sa-token-jwt</artifactId>
<version>${sa-token.version}</version>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-oauth2-resource-server</artifactId>
</dependency>
<!-- 添加spring security cas支持 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
</dependency>

5
jeecg-boot/jeecg-boot-base-core/src/main/java/org/apache/shiro/subject/Subject.java
View File

@ -1,7 +1,6 @@
package org.apache.shiro.subject;
import org.jeecg.common.util.LoginUserUtils;
import org.jeecg.config.security.utils.SecureUtil;
/**
* 兼容处理Online功能使用处理请勿修改
@ -10,6 +9,6 @@ import org.jeecg.common.util.LoginUserUtils;
*/
public interface Subject {
default Object getPrincipal() {
return LoginUserUtils.getSessionUser();
return SecureUtil.currentUser();
}
}

35
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/api/CommonAPI.java
View File

@ -1,5 +1,6 @@
package org.jeecg.common.api;
import com.alibaba.fastjson.JSONObject;
import org.jeecg.common.api.dto.AiragFlowDTO;
import org.jeecg.common.system.vo.*;
@ -65,6 +66,13 @@ public interface CommonAPI {
*/
public String getUserIdByName(String username);
/**
* 5根据用户手机号查询用户信息
* @param username
* @return
*/
public LoginUser getUserByPhone(String phone);
/**
* 6字典表的 翻译
@ -156,4 +164,31 @@ public interface CommonAPI {
*/
Object runAiragFlow(AiragFlowDTO airagFlowDTO);
/**
* 登录加载系统字典
* @return
*/
Map<String,List<DictModel>> queryAllDictItems();
/**
* 查询SysDepart集合
* @param userId
* @return
*/
List<SysDepartModel> queryUserDeparts(String userId);
/**
* 根据用户名设置部门ID
* @param username
* @param orgCode
*/
void updateUserDepart(String username,String orgCode,Integer loginTenantId);
/**
* 设置登录租户
* @param username
* @return
*/
JSONObject setLoginTenant(String username);
}

9
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/aspect/AutoLogAspect.java
View File

@ -1,8 +1,9 @@
package org.jeecg.common.aspect;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.serializer.PropertyFilter;
import org.jeecg.common.util.LoginUserUtils;
import org.apache.shiro.SecurityUtils;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
@ -15,12 +16,14 @@ import org.jeecg.common.aspect.annotation.AutoLog;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.constant.enums.ModuleType;
import org.jeecg.common.constant.enums.OperateTypeEnum;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.base.service.BaseCommonService;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.IpUtils;
import org.jeecg.common.util.SpringContextUtils;
import org.jeecg.common.util.oConvertUtils;
import org.springframework.core.StandardReflectionParameterNameDiscoverer;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.validation.BindingResult;
import org.springframework.web.multipart.MultipartFile;
@ -100,7 +103,7 @@ public class AutoLogAspect {
//设置IP地址
dto.setIp(IpUtils.getIpAddr(request));
//获取登录用户信息
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
if(sysUser!=null){
dto.setUserid(sysUser.getUsername());
dto.setUsername(sysUser.getRealname());
@ -244,7 +247,7 @@ public class AutoLogAspect {
sysLog.setIp(IPUtils.getIpAddr(request));
//获取登录用户信息
LoginUser sysUser = LoginUserUtils.getLoginUser();
LoginUser sysUser = (LoginUser)SecurityUtils.getSubject().getPrincipal();
if(sysUser!=null){
sysLog.setUserid(sysUser.getUsername());
sysLog.setUsername(sysUser.getRealname());

7
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/constant/CommonConstant.java
View File

@ -87,6 +87,13 @@ public interface CommonConstant {
/**访问权限认证未通过 510*/
Integer SC_JEECG_NO_AUTHZ=510;
/** 登录用户Shiro权限缓存KEY前缀 */
public static String PREFIX_USER_SHIRO_CACHE = "shiro:cache:org.jeecg.config.shiro.ShiroRealm.authorizationCache:";
/** 登录用户Token令牌缓存KEY前缀 */
String PREFIX_USER_TOKEN = "token::jeecg-client::";
// /** Token缓存时间3600秒即一小时 */
// int TOKEN_EXPIRE_TIME = 3600;
/** 登录二维码 */
String LOGIN_QRCODE_PRE = "QRCODELOGIN:";
String LOGIN_QRCODE = "LQ:";

57
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgBootExceptionHandler.java
View File

@ -5,10 +5,7 @@ import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.jeecg.common.util.LoginUserUtils;
import cn.dev33.satoken.exception.NotLoginException;
import cn.dev33.satoken.exception.NotPermissionException;
import cn.dev33.satoken.exception.NotRoleException;
import org.apache.shiro.SecurityUtils;
import org.jeecg.common.api.dto.LogDTO;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.CommonConstant;
@ -25,6 +22,8 @@ import org.springframework.dao.DataIntegrityViolationException;
import org.springframework.dao.DuplicateKeyException;
import org.springframework.data.redis.connection.PoolException;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.util.CollectionUtils;
import org.springframework.validation.ObjectError;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@ -48,9 +47,27 @@ import java.util.stream.Collectors;
@RestControllerAdvice
@Slf4j
public class JeecgBootExceptionHandler {
@Resource
@Resource
BaseCommonService baseCommonService;
/**
* 验证码错误异常
*/
@ExceptionHandler(JeecgCaptchaException.class)
@ResponseStatus(HttpStatus.OK)
public Result<?> handleJeecgCaptchaException(JeecgCaptchaException e) {
log.error(e.getMessage(), e);
return Result.error(e.getCode(), e.getMessage());
}
@ExceptionHandler(AuthenticationException.class)
@ResponseStatus(HttpStatus.OK)
public Result<?> handleJeecgCaptchaException(AuthenticationException e) {
log.error(e.getMessage(), e);
return Result.error(401, e.getMessage());
}
@ExceptionHandler(MethodArgumentNotValidException.class)
public Result<?> handleValidationExceptions(MethodArgumentNotValidException e) {
@ -113,34 +130,12 @@ public class JeecgBootExceptionHandler {
return Result.error("数据库中已存在该记录");
}
/**
* 处理Sa-Token未登录异常
*/
@ExceptionHandler(NotLoginException.class)
@ResponseStatus(HttpStatus.UNAUTHORIZED)
public Result<?> handleNotLoginException(NotLoginException e){
log.error("Sa-Token未登录异常: {}", e.getMessage());
return new Result(401, CommonConstant.TOKEN_IS_INVALID_MSG);
}
/**
* 处理Sa-Token无权限异常
*/
@ExceptionHandler(NotPermissionException.class)
public Result<?> handleNotPermissionException(NotPermissionException e){
@ExceptionHandler(AccessDeniedException.class)
public Result<?> handleAuthorizationException(AccessDeniedException e){
log.error(e.getMessage(), e);
return Result.noauth("没有权限,请联系管理员分配权限!");
}
/**
* 处理Sa-Token无角色异常
*/
@ExceptionHandler(NotRoleException.class)
public Result<?> handleNotRoleException(NotRoleException e){
log.error(e.getMessage(), e);
return Result.noauth("没有角色权限,请联系管理员分配角色!");
}
@ExceptionHandler(Exception.class)
public Result<?> handleException(Exception e){
log.error(e.getMessage(), e);
@ -290,7 +285,7 @@ public class JeecgBootExceptionHandler {
//获取登录用户信息
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
if(sysUser!=null){
log.setUserid(sysUser.getUsername());
log.setUsername(sysUser.getRealname());

28
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgCaptchaException.java Normal file
View File

@ -0,0 +1,28 @@
package org.jeecg.common.exception;
import lombok.Data;
/**
* @author kezhijie@wuhandsj.com
* @date 2024/1/2 11:38
*/
@Data
public class JeecgCaptchaException extends RuntimeException{
private Integer code;
private static final long serialVersionUID = -9093410345065209053L;
public JeecgCaptchaException(Integer code, String message) {
super(message);
this.code = code;
}
public JeecgCaptchaException(String message, Throwable cause) {
super(message, cause);
}
public JeecgCaptchaException(Throwable cause) {
super(cause);
}
}

11
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/base/controller/JeecgController.java
View File

@ -1,17 +1,19 @@
package org.jeecg.common.system.base.controller;
import com.alibaba.fastjson.JSON;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.baomidou.mybatisplus.extension.service.IService;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.beanutils.PropertyUtils;
import org.apache.shiro.SecurityUtils;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.system.query.QueryGenerator;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.LoginUserUtils;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.JeecgBaseConfig;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecgframework.poi.excel.ExcelImportUtil;
import org.jeecgframework.poi.excel.def.NormalExcelConstants;
import org.jeecgframework.poi.excel.entity.ExportParams;
@ -20,6 +22,7 @@ import org.jeecgframework.poi.excel.entity.enmus.ExcelType;
import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
import org.jeecgframework.poi.handler.inter.IExcelExportServer;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;
import org.springframework.web.servlet.ModelAndView;
@ -52,7 +55,7 @@ public class JeecgController<T, S extends IService<T>> {
protected ModelAndView exportXls(HttpServletRequest request, T object, Class<T> clazz, String title) {
// Step.1 组装查询条件
QueryWrapper<T> queryWrapper = QueryGenerator.initQueryWrapper(object, request.getParameterMap());
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
// 过滤选中数据
String selections = request.getParameter("selections");
@ -90,7 +93,7 @@ public class JeecgController<T, S extends IService<T>> {
protected ModelAndView exportXlsSheet(HttpServletRequest request, T object, Class<T> clazz, String title,String exportFields,Integer pageNum) {
// Step.1 组装查询条件
QueryWrapper<T> queryWrapper = QueryGenerator.initQueryWrapper(object, request.getParameterMap());
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
// Step.2 计算分页sheet数据
double total = service.count();
int count = (int)Math.ceil(total/pageNum);
@ -142,7 +145,7 @@ public class JeecgController<T, S extends IService<T>> {
protected ModelAndView exportXlsForBigData(HttpServletRequest request, T object, Class<T> clazz, String title,Integer pageSize) {
// 组装查询条件
QueryWrapper<T> queryWrapper = QueryGenerator.initQueryWrapper(object, request.getParameterMap());
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
// 计算分页数
double total = service.count();
int count = (int) Math.ceil(total / pageSize);

1
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/base/entity/JeecgEntity.java
View File

@ -13,7 +13,6 @@ import io.swagger.v3.oas.annotations.media.Schema;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.experimental.Accessors;
import io.swagger.v3.oas.annotations.media.Schema;
/**
* @Description: Entity基类

256
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/util/JwtUtil.java
View File

@ -1,101 +1,156 @@
package org.jeecg.common.system.util;
import cn.dev33.satoken.stp.StpUtil;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson2.JSONObject;
import com.auth0.jwt.JWT;
import com.auth0.jwt.JWTVerifier;
import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.exceptions.JWTDecodeException;
import com.auth0.jwt.interfaces.DecodedJWT;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.base.Joiner;
import java.io.IOException;
import java.util.Objects;
import java.io.OutputStream;
import java.util.*;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.api.CommonAPI;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.constant.DataBaseConstant;
import org.jeecg.common.constant.SymbolConstant;
import org.jeecg.common.constant.TenantConstant;
import org.jeecg.common.util.LoginUserUtils;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.DataBaseConstant;
import org.jeecg.common.exception.JeecgBootException;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.system.vo.SysUserCacheInfo;
import org.jeecg.common.util.DateUtils;
import org.jeecg.common.util.SpringContextUtils;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.security.self.SelfAuthenticationProvider;
import org.jeecg.config.security.self.SelfAuthenticationToken;
import org.jeecg.config.security.utils.SecureUtil;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.*;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
/**
* @Author Scott
* @Date 2018-07-12 14:23
* @Desc JWT工具类 - 已迁移到Sa-Token此类作为兼容层保留
* @Desc JWT工具类
**/
@Slf4j
public class JwtUtil {
/**Token有效期为7天Token在reids中缓存时间为两倍*/
public static final long EXPIRE_TIME = (7 * 12) * 60 * 60 * 1000;
static final String WELL_NUMBER = SymbolConstant.WELL_NUMBER + SymbolConstant.LEFT_CURLY_BRACKET;
/**
* 返回错误 JSON 字符串(用于 Sa-Token Filter
* @param code 错误码
* @param errorMsg 错误信息
* @return JSON 字符串
*/
public static String responseErrorJson(Integer code, String errorMsg) {
try {
Result jsonResult = new Result(code, errorMsg);
jsonResult.setSuccess(false);
ObjectMapper objectMapper = new ObjectMapper();
return objectMapper.writeValueAsString(jsonResult);
} catch (IOException e) {
log.error("生成错误 JSON 失败: {}", e.getMessage());
// 返回备用的硬编码 JSON
return "{\"success\":false,\"message\":\"" + errorMsg + "\",\"code\":" + code + ",\"result\":null,\"timestamp\":" + System.currentTimeMillis() + "}";
}
}
public static final String DEFAULT_CLIENT = "jeecg-client";
/**
*
* @param response
* @param code
* @param errorMsg
*/
public static void responseError(ServletResponse response, Integer code, String errorMsg) {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
// issues/I4YH95浏览器显示乱码问题
httpServletResponse.setHeader("Content-type", "text/html;charset=UTF-8");
response.setContentType("application/json;charset=UTF-8");
Result jsonResult = new Result(code, errorMsg);
jsonResult.setSuccess(false);
OutputStream os = null;
try {
os = httpServletResponse.getOutputStream();
httpServletResponse.setCharacterEncoding("UTF-8");
httpServletResponse.setStatus(code);
os.write(new ObjectMapper().writeValueAsString(jsonResult).getBytes("UTF-8"));
os.flush();
os.close();
} catch (IOException e) {
log.error(e.getMessage(), e);
}
}
/**
* 校验token是否正确
* 注意此方法已废弃使用Sa-Token自动校验
*
* @param token
* @return
*
* @param token 密钥
* @param secret 用户的密码
* @return 是否正确
*/
@Deprecated
public static boolean verify(String token){
public static boolean verify(String token, String username, String secret) {
try {
// 使用Sa-Token验证
return StpUtil.getLoginIdByToken(token) != null;
// 根据密码生成JWT效验器
JwtDecoder jwtDecoder = SpringContextUtils.getBean(JwtDecoder.class);
// 效验TOKEN
jwtDecoder.decode(token);
return true;
} catch (Exception e) {
log.warn(e.getMessage(), e);
log.error(e.getMessage(), e);
return false;
}
}
/**
* 获得Token中的用户名不校验token是否有效
* <p>注意:现在 loginId 就是 username直接返回
*
* @param token JWT token
* @return 用户名username如果 token 无效则返回 null
* 获得token中的信息无需secret解密也能获得
*
* @return token中包含的用户名
*/
public static String getUsername(String token){
public static String getUsername(String token) {
try {
if(oConvertUtils.isEmpty(token)) {
return null;
}
// Sa-Token 的 loginId 现在就是 username直接返回
Object loginId = StpUtil.getLoginIdByToken(token);
return loginId != null ? loginId.toString() : null;
} catch (Exception e) {
log.warn("获取用户名失败: {}", e.getMessage());
DecodedJWT jwt = JWT.decode(token);
return jwt.getClaim("username").asString();
} catch (JWTDecodeException e) {
log.error(e.getMessage(), e);
return null;
}
}
/**
* 生成token
*
* @param username 用户名
* @param secret 用户的密码
* @return 加密的token
*/
public static String sign(String username, String secret) {
Map<String, Object> additionalParameter = new HashMap<>();
additionalParameter.put("username", username);
RegisteredClientRepository registeredClientRepository = SpringContextUtils.getBean(RegisteredClientRepository.class);
SelfAuthenticationProvider selfAuthenticationProvider = SpringContextUtils.getBean(SelfAuthenticationProvider.class);
OAuth2ClientAuthenticationToken client = new OAuth2ClientAuthenticationToken(Objects.requireNonNull(registeredClientRepository.findByClientId("jeecg-client")), ClientAuthenticationMethod.CLIENT_SECRET_BASIC, null);
client.setAuthenticated(true);
SelfAuthenticationToken selfAuthenticationToken = new SelfAuthenticationToken(client, additionalParameter);
selfAuthenticationToken.setAuthenticated(true);
OAuth2AccessTokenAuthenticationToken accessToken = (OAuth2AccessTokenAuthenticationToken) selfAuthenticationProvider.authenticate(selfAuthenticationToken);
return accessToken.getAccessToken().getTokenValue();
}
/**
* 根据request中的token获取用户账号
* 注意此方法已适配Sa-Token
*
* @param request
* @return
@ -109,9 +164,9 @@ public class JwtUtil {
}
return username;
}
/**
* 从session中获取变量
* 从session中获取变量
* @param key
* @return
*/
@ -122,7 +177,7 @@ public class JwtUtil {
String wellNumber = WELL_NUMBER;
if(key.indexOf(SymbolConstant.RIGHT_CURLY_BRACKET)!=-1){
moshi = key.substring(key.indexOf("}")+1);
moshi = key.substring(key.indexOf("}")+1);
}
String returnValue = null;
if (key.contains(wellNumber)) {
@ -136,16 +191,16 @@ public class JwtUtil {
if(returnValue!=null){returnValue = returnValue + moshi;}
return returnValue;
}
/**
* 从当前用户中获取变量
* 从当前用户中获取变量
* @param key
* @param user
* @return
*/
public static String getUserSystemData(String key, SysUserCacheInfo user) {
//1.优先获取 SysUserCacheInfo
if (user == null) {
if(user==null) {
try {
user = JeecgDataAutorUtils.loadUserInfo();
} catch (Exception e) {
@ -155,82 +210,84 @@ public class JwtUtil {
//2.通过shiro获取登录用户信息
LoginUser sysUser = null;
try {
sysUser = (LoginUser) LoginUserUtils.getSessionUser();
sysUser = SecureUtil.currentUser();
} catch (Exception e) {
log.warn("SecurityUtils.getSubject() 获取用户信息异常:" + e.getMessage());
}
//#{sys_user_code}%
String moshi = "";
String wellNumber = WELL_NUMBER;
if (key.indexOf(SymbolConstant.RIGHT_CURLY_BRACKET) != -1) {
moshi = key.substring(key.indexOf("}") + 1);
String wellNumber = WELL_NUMBER;
if(key.indexOf(SymbolConstant.RIGHT_CURLY_BRACKET)!=-1){
moshi = key.substring(key.indexOf("}")+1);
}
String returnValue = null;
//针对特殊标示处理#{sysOrgCode},判断替换
if (key.contains(wellNumber)) {
key = key.substring(2, key.indexOf("}"));
key = key.substring(2,key.indexOf("}"));
} else {
key = key;
}
//update-begin---author:chenrui ---date:20250107 for[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------
// 是否存在字符串标志
boolean multiStr;
if (oConvertUtils.isNotEmpty(key) && key.trim().matches("^\\[\\w+]$")) {
key = key.substring(1, key.length() - 1);
if(oConvertUtils.isNotEmpty(key) && key.trim().matches("^\\[\\w+]$")){
key = key.substring(1,key.length()-1);
multiStr = true;
} else {
multiStr = false;
}
multiStr = false;
}
//update-end---author:chenrui ---date:20250107 for[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------
//替换为当前系统时间(年月日)
if (key.equals(DataBaseConstant.SYS_DATE) || key.toLowerCase().equals(DataBaseConstant.SYS_DATE_TABLE)) {
if (key.equals(DataBaseConstant.SYS_DATE)|| key.toLowerCase().equals(DataBaseConstant.SYS_DATE_TABLE)) {
returnValue = DateUtils.formatDate();
}
//替换为当前系统时间(年月日时分秒)
else if (key.equals(DataBaseConstant.SYS_TIME) || key.toLowerCase().equals(DataBaseConstant.SYS_TIME_TABLE)) {
else if (key.equals(DataBaseConstant.SYS_TIME)|| key.toLowerCase().equals(DataBaseConstant.SYS_TIME_TABLE)) {
returnValue = DateUtils.now();
}
//流程状态默认值(默认未发起)
else if (key.equals(DataBaseConstant.BPM_STATUS) || key.toLowerCase().equals(DataBaseConstant.BPM_STATUS_TABLE)) {
else if (key.equals(DataBaseConstant.BPM_STATUS)|| key.toLowerCase().equals(DataBaseConstant.BPM_STATUS_TABLE)) {
returnValue = "1";
}
//后台任务获取用户信息异常,导致程序中断
if (sysUser == null && user == null) {
if(sysUser==null && user==null){
return null;
}
//替换为系统登录用户帐号
if (key.equals(DataBaseConstant.SYS_USER_CODE) || key.toLowerCase().equals(DataBaseConstant.SYS_USER_CODE_TABLE)) {
if (user == null) {
if (key.equals(DataBaseConstant.SYS_USER_CODE)|| key.toLowerCase().equals(DataBaseConstant.SYS_USER_CODE_TABLE)) {
if(user==null) {
returnValue = sysUser.getUsername();
} else {
}else {
returnValue = user.getSysUserCode();
}
}
// 替换为系统登录用户ID
else if (key.equals(DataBaseConstant.SYS_USER_ID) || key.equalsIgnoreCase(DataBaseConstant.SYS_USER_ID_TABLE)) {
if (user == null) {
if(user==null) {
returnValue = sysUser.getId();
} else {
}else {
returnValue = user.getSysUserId();
}
}
//替换为系统登录用户真实名字
else if (key.equals(DataBaseConstant.SYS_USER_NAME) || key.toLowerCase().equals(DataBaseConstant.SYS_USER_NAME_TABLE)) {
if (user == null) {
else if (key.equals(DataBaseConstant.SYS_USER_NAME)|| key.toLowerCase().equals(DataBaseConstant.SYS_USER_NAME_TABLE)) {
if(user==null) {
returnValue = sysUser.getRealname();
} else {
}else {
returnValue = user.getSysUserName();
}
}
//替换为系统用户登录所使用的机构编码
else if (key.equals(DataBaseConstant.SYS_ORG_CODE) || key.toLowerCase().equals(DataBaseConstant.SYS_ORG_CODE_TABLE)) {
if (user == null) {
else if (key.equals(DataBaseConstant.SYS_ORG_CODE)|| key.toLowerCase().equals(DataBaseConstant.SYS_ORG_CODE_TABLE)) {
if(user==null) {
returnValue = sysUser.getOrgCode();
} else {
}else {
returnValue = user.getSysOrgCode();
}
}
@ -245,17 +302,24 @@ public class JwtUtil {
}
//替换为系统用户所拥有的所有机构编码
else if (key.equals(DataBaseConstant.SYS_MULTI_ORG_CODE) || key.toLowerCase().equals(DataBaseConstant.SYS_MULTI_ORG_CODE_TABLE)) {
if (user == null) {
else if (key.equals(DataBaseConstant.SYS_MULTI_ORG_CODE)|| key.toLowerCase().equals(DataBaseConstant.SYS_MULTI_ORG_CODE_TABLE)) {
if(user==null){
//TODO 暂时使用用户登录部门,存在逻辑缺陷,不是用户所拥有的部门
returnValue = sysUser.getOrgCode();
//update-begin---author:chenrui ---date:20250107 for[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------
returnValue = multiStr ? "'" + returnValue + "'" : returnValue;
} else {
if (user.isOneDepart()) {
//update-end---author:chenrui ---date:20250107 for[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------
}else{
if(user.isOneDepart()) {
returnValue = user.getSysMultiOrgCode().get(0);
//update-begin---author:chenrui ---date:20250107 for[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------
returnValue = multiStr ? "'" + returnValue + "'" : returnValue;
} else {
//update-end---author:chenrui ---date:20250107 for[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------
}else {
//update-begin---author:chenrui ---date:20250107 for[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------
returnValue = user.getSysMultiOrgCode().stream()
.filter(Objects::nonNull)
//update-begin---author:chenrui ---date:20250224 for[issues/7288]数据权限,查看自己拥有部门的权限中存在问题 #7288------------
.map(orgCode -> {
if (multiStr) {
return "'" + orgCode + "'";
@ -263,7 +327,9 @@ public class JwtUtil {
return orgCode;
}
})
//update-end---author:chenrui ---date:20250224 for[issues/7288]数据权限,查看自己拥有部门的权限中存在问题 #7288------------
.collect(Collectors.joining(", "));
//update-end---author:chenrui ---date:20250107 for[QQYUN-10785]数据权限,查看自己拥有部门的权限中存在问题 #7288------------
}
}
}
@ -277,17 +343,21 @@ public class JwtUtil {
}
}
// 多租户ID作为系统变量
else if (key.equals(TenantConstant.TENANT_ID) || key.toLowerCase().equals(TenantConstant.TENANT_ID_TABLE)) {
//update-begin-author:taoyan date:20210330 for:多租户ID作为系统变量
else if (key.equals(TenantConstant.TENANT_ID) || key.toLowerCase().equals(TenantConstant.TENANT_ID_TABLE)){
try {
returnValue = SpringContextUtils.getHttpServletRequest().getHeader(CommonConstant.TENANT_ID);
} catch (Exception e) {
log.warn("获取系统租户异常:" + e.getMessage());
}
}
if (returnValue != null) {
returnValue = returnValue + moshi;
}
//update-end-author:taoyan date:20210330 for:多租户ID作为系统变量
if(returnValue!=null){returnValue = returnValue + moshi;}
return returnValue;
}
// public static void main(String[] args) {
// String token = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1NjUzMzY1MTMsInVzZXJuYW1lIjoiYWRtaW4ifQ.xjhud_tWCNYBOg_aRlMgOdlZoWFFKB_givNElHNw3X0";
// System.out.println(JwtUtil.getUsername(token));
// }
}

35
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/system/vo/LoginUser.java
View File

@ -1,13 +1,18 @@
package org.jeecg.common.system.vo;
import com.alibaba.fastjson2.JSON;
import com.fasterxml.jackson.annotation.JsonFormat;
import lombok.Data;
import lombok.EqualsAndHashCode;
import lombok.experimental.Accessors;
import org.jeecg.common.desensitization.annotation.SensitiveField;
import org.springframework.format.annotation.DateTimeFormat;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.io.Serializable;
import java.util.Date;
import java.util.Set;
/**
* <p>
@ -20,8 +25,10 @@ import java.util.Date;
@Data
@EqualsAndHashCode(callSuper = false)
@Accessors(chain = true)
public class LoginUser {
public class LoginUser implements Serializable {
private static final long serialVersionUID = -7143159031677245866L;
/**
* 登录人id
*/
@ -148,4 +155,30 @@ public class LoginUser {
* 主岗位
*/
private String mainDepPostId;
@SensitiveField
private String salt;
@Override
public String toString() {
// 重新构建对象过滤一些敏感字段
LoginUser loginUser = new LoginUser();
loginUser.setId(id);
loginUser.setUsername(username);
loginUser.setRealname(realname);
loginUser.setOrgCode(orgCode);
loginUser.setSex(sex);
loginUser.setEmail(email);
loginUser.setPhone(phone);
loginUser.setDelFlag(delFlag);
loginUser.setStatus(status);
loginUser.setActivitiSync(activitiSync);
loginUser.setUserIdentity(userIdentity);
loginUser.setDepartIds(departIds);
loginUser.setPost(post);
loginUser.setTelephone(telephone);
loginUser.setRelTenantIds(relTenantIds);
loginUser.setClientId(clientId);
return JSON.toJSONString(loginUser);
}
}

175
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/LoginUserUtils.java
View File

@ -1,175 +0,0 @@
package org.jeecg.common.util;
import cn.dev33.satoken.stp.StpUtil;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.system.vo.LoginUser;
/**
* 登录用户工具类
* 替代原有的Shiro SecurityUtils工具类
* @author jeecg-boot
*/
@Slf4j
public class LoginUserUtils {
/**
* Session中存储登录用户信息的key
*/
private static final String SESSION_KEY_LOGIN_USER = "loginUser";
/**
* 执行登录并设置用户信息到Session推荐
*
* <p>此方法会:
* <ul>
* <li>1. 调用 StpUtil.login(username) 生成token和session</li>
* <li>2. 将 LoginUser 存入 Session 缓存清除不必要的字段密码等15个字段</li>
* <li>3. 返回生成的 token</li>
* </ul>
*
* @param sysUser 完整的用户对象(从数据库查询得到)
* @return 生成的 token
*/
public static String doLogin(LoginUser sysUser) {
if (sysUser == null) {
throw new IllegalArgumentException("用户对象不能为空");
}
try {
// 1. 获取 username
String username = sysUser.getUsername();
if (username == null || username.trim().isEmpty()) {
throw new IllegalArgumentException("用户名不能为空");
}
// 2. Sa-Token 登录(使用 username 作为 loginId
StpUtil.login(username);
// 3. 用户信息到 LoginUser 并存入 Session
setSessionUser(sysUser);
// 4. 返回生成的 token
return StpUtil.getTokenValue();
} catch (Exception e) {
throw new RuntimeException("登录失败: " + e.getMessage(), e);
}
}
/**
* 获取当前登录用户信息
*
* <p>说明:
* <ul>
* <li>对于需要认证的接口Sa-Token Filter 已经校验过登录状态,此方法必然能获取到用户</li>
* <li>对于已排除拦截的接口:如果未登录或获取失败则返回 null由业务代码自行判断处理</li>
* </ul>
*
* @return 登录用户对象如果未登录或session中没有则返回null
*/
public static LoginUser getSessionUser() {
// 尝试从Sa-Token的Session中获取用户信息
Object loginUser = StpUtil.getSession().get(SESSION_KEY_LOGIN_USER);
if (loginUser instanceof LoginUser) {
return (LoginUser) loginUser;
}
return null;
}
/**
* 根据指定的 token 获取登录用户信息
*
* <p>适用场景:已排除拦截的接口(如 WebSocket需要显式传入 token 来获取用户信息
*
* <p>实现方式:临时切换到该 token 对应的会话,然后获取用户信息
*
* @param token JWT token
* @return 登录用户对象,如果 token 无效或session中没有则返回null
*/
public static LoginUser getSessionUser(String token) {
try {
// 根据 token 获取登录ID
Object loginId = StpUtil.getLoginIdByToken(token);
if (loginId == null) {
return null;
}
// 临时切换到该 token 对应的登录会话
StpUtil.switchTo(loginId);
// 直接调用无参方法获取用户信息
return getSessionUser();
} catch (Exception e) {
log.debug("根据token获取用户信息失败: {}", e.getMessage());
return null;
}
}
/**
* 设置当前登录用户信息到Session
*
* <p>为减少 Redis 存储和保障安全,只保留必要的核心字段:
* <ul>
* <li>id, username, realname - 基础用户信息</li>
* <li>orgCode, orgId, departIds - 部门和数据权限</li>
* <li>roleCode - 角色权限</li>
* <li>loginTenantId, relTenantIds - 多租户</li>
* <li>avatar - 用户头像</li>
* </ul>
*
* <p>⚠️ 注意:调用此方法前需要先调用 StpUtil.login()
*
* @param loginUser 登录用户对象
*/
public static void setSessionUser(LoginUser loginUser) {
if (loginUser == null) {
return;
}
// ⚠️ 安全与性能:清除不必要的字段,减少 Redis 存储
loginUser.setPassword(null); // 密码(安全)
loginUser.setWorkNo(null); // 工号
loginUser.setBirthday(null); // 生日
loginUser.setSex(null); // 性别
loginUser.setEmail(null); // 邮箱
loginUser.setPhone(null); // 手机号
loginUser.setStatus(null); // 状态
loginUser.setDelFlag(null); // 删除标志
loginUser.setActivitiSync(null); // 工作流同步
loginUser.setCreateTime(null); // 创建时间
loginUser.setUserIdentity(null); // 用户身份
loginUser.setPost(null); // 职务
loginUser.setTelephone(null); // 座机
loginUser.setRelTenantIds(null); // 关联租户
loginUser.setMainDepPostId(null); // 主岗位
StpUtil.getSession().set(SESSION_KEY_LOGIN_USER, loginUser);
}
/**
* 获取当前登录用户名(推荐使用此方法,语义更清晰)
* @return 用户名username
*/
public static String getUsername() {
return StpUtil.getLoginIdAsString();
}
/**
* 检查是否已登录
* @return true-已登录false-未登录
*/
public static boolean isLogin() {
return StpUtil.isLogin();
}
/**
* 退出登录
*/
public static void logout() {
StpUtil.logout();
}
}

32
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/ShiroThreadPoolExecutor.java Normal file
View File

@ -0,0 +1,32 @@
package org.jeecg.common.util;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import java.util.concurrent.*;
/**
* @date 2025-09-04
* @author scott
*
* @Description: 支持Spring Security的API获取当前登录人方法的线程池
*/
public class ShiroThreadPoolExecutor extends ThreadPoolExecutor {
public ShiroThreadPoolExecutor(int corePoolSize, int maximumPoolSize, long keepAliveTime, TimeUnit unit, BlockingQueue<Runnable> workQueue) {
super(corePoolSize, maximumPoolSize, keepAliveTime, unit, workQueue);
}
@Override
public void execute(Runnable command) {
SecurityContext context = SecurityContextHolder.getContext();
super.execute(() -> {
SecurityContext previousContext = SecurityContextHolder.getContext();
try {
SecurityContextHolder.setContext(context);
command.run();
} finally {
SecurityContextHolder.setContext(previousContext);
}
});
}
}

56
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/TokenUtils.java
View File

@ -1,6 +1,6 @@
package org.jeecg.common.util;
import cn.dev33.satoken.stp.StpUtil;
import jakarta.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.jeecg.common.api.CommonAPI;
@ -12,8 +12,6 @@ import org.jeecg.common.exception.JeecgBoot401Exception;
import org.jeecg.common.system.util.JwtUtil;
import org.jeecg.common.system.vo.LoginUser;
import jakarta.servlet.http.HttpServletRequest;
/**
* @Author scott
* @Date 2019/9/23 14:12
@ -88,42 +86,68 @@ public class TokenUtils {
}
/**
* 验证Token已重写为Sa-Token实现
* 验证Token
*/
public static boolean verifyToken(HttpServletRequest request, CommonAPI commonApi) {
public static boolean verifyToken(HttpServletRequest request, CommonAPI commonApi, RedisUtil redisUtil) {
log.debug(" -- url --" + request.getRequestURL());
String token = getTokenByRequest(request);
return TokenUtils.verifyToken(token, commonApi);
return TokenUtils.verifyToken(token, commonApi, redisUtil);
}
/**
* 验证Token已重写为Sa-Token实现
* 验证Token
*/
public static boolean verifyToken(String token, CommonAPI commonApi) {
public static boolean verifyToken(String token, CommonAPI commonApi, RedisUtil redisUtil) {
if (StringUtils.isBlank(token)) {
throw new JeecgBoot401Exception("token不能为空!");
}
// 使用Sa-Token校验token
Object username = StpUtil.getLoginIdByToken(token);
// 解密获得username用于和数据库进行对比
String username = JwtUtil.getUsername(token);
if (username == null) {
throw new JeecgBoot401Exception("token非法无效!");
}
// 查询用户信息
LoginUser user = commonApi.getUserByName(username.toString());
//LoginUser user = TokenUtils.getLoginUser(username, commonApi, redisUtil);
LoginUser user = commonApi.getUserByName(username);
if (user == null) {
throw new JeecgBoot401Exception("用户不存在!");
}
// 判断用户状态
if (user.getStatus() != 1) {
throw new JeecgBoot401Exception("账号已被锁定,请联系管理员!");
}
// 校验token是否超时失效 & 或者账号密码是否错误
if (!jwtTokenRefresh(token, username, user.getPassword(), redisUtil)) {
throw new JeecgBoot401Exception(CommonConstant.TOKEN_IS_INVALID_MSG);
}
return true;
}
/**
* 刷新token保证用户在线操作不掉线
* @param token
* @param userName
* @param passWord
* @param redisUtil
* @return
*/
private static boolean jwtTokenRefresh(String token, String userName, String passWord, RedisUtil redisUtil) {
String cacheToken = oConvertUtils.getString(redisUtil.get(CommonConstant.PREFIX_USER_TOKEN + token));
if (oConvertUtils.isNotEmpty(cacheToken)) {
// 校验token有效性
if (!JwtUtil.verify(cacheToken, userName, passWord)) {
String newAuthorization = JwtUtil.sign(userName, passWord);
// 设置Toekn缓存有效时间
redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, newAuthorization);
redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME * 2 / 1000);
}
return true;
}
return false;
}
/**
* 获取登录用户
*
@ -137,10 +161,11 @@ public class TokenUtils {
//【重要】此处通过redis原生获取缓存用户是为了解决微服务下system服务挂了其他服务互调不通问题---
if (redisUtil.hasKey(loginUserKey)) {
try {
loginUser = (LoginUser) redisUtil.get(loginUserKey);
Object obj = redisUtil.get(loginUserKey);
loginUser = (LoginUser) obj;
//解密用户
SensitiveInfoUtil.handlerObject(loginUser, false);
} catch (IllegalAccessException e) {
} catch (Exception e) {
e.printStackTrace();
}
} else {
@ -149,5 +174,4 @@ public class TokenUtils {
}
return loginUser;
}
}

2
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/encryption/AesEncryptUtil.java
View File

@ -1,9 +1,9 @@
package org.jeecg.common.util.encryption;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.util.Base64;
/**
* @Description: AES 加密

12
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/JeecgBaseConfig.java
View File

@ -40,10 +40,6 @@ public class JeecgBaseConfig {
*/
private Firewall firewall;
/**
* shiro拦截排除
*/
private Shiro shiro;
/**
* 上传文件配置
*/
@ -108,14 +104,6 @@ public class JeecgBaseConfig {
this.signatureSecret = signatureSecret;
}
public Shiro getShiro() {
return shiro;
}
public void setShiro(Shiro shiro) {
this.shiro = shiro;
}
public Path getPath() {
return path;
}

7
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/filter/WebsocketFilter.java
View File

@ -24,18 +24,23 @@ public class WebsocketFilter implements Filter {
private static CommonAPI commonApi;
private static RedisUtil redisUtil;
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
if (commonApi == null) {
commonApi = SpringContextUtils.getBean(CommonAPI.class);
}
if (redisUtil == null) {
redisUtil = SpringContextUtils.getBean(RedisUtil.class);
}
HttpServletRequest request = (HttpServletRequest)servletRequest;
String token = request.getHeader(TOKEN_KEY);
log.debug("Websocket连接 Token安全校验Path = {}token:{}", request.getRequestURI(), token);
try {
TokenUtils.verifyToken(token, commonApi);
TokenUtils.verifyToken(token, commonApi, redisUtil);
} catch (Exception exception) {
//log.error("Websocket连接 Token安全校验失败IP:{}, Token:{}, Path = {},异常:{}", oConvertUtils.getIpAddrByRequest(request), token, request.getRequestURI(), exception.getMessage());
log.debug("Websocket连接 Token安全校验失败IP:{}, Token:{}, Path = {},异常:{}", oConvertUtils.getIpAddrByRequest(request), token, request.getRequestURI(), exception.getMessage());

10
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/firewall/interceptor/LowCodeModeInterceptor.java
View File

@ -1,8 +1,11 @@
package org.jeecg.config.firewall.interceptor;
import com.alibaba.fastjson.JSON;
import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.util.LoginUserUtils;
import org.apache.shiro.SecurityUtils;
import org.jeecg.common.api.CommonAPI;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.CommonConstant;
@ -14,9 +17,6 @@ import org.jeecg.config.JeecgBaseConfig;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.HandlerInterceptor;
import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Set;
@ -68,7 +68,7 @@ public class LowCodeModeInterceptor implements HandlerInterceptor {
if (jeecgBaseConfig.getFirewall()!=null && LowCodeModeInterceptor.LOW_CODE_MODE_PROD.equals(jeecgBaseConfig.getFirewall().getLowCodeMode())) {
String requestURI = request.getRequestURI().substring(request.getContextPath().length());
log.info("低代码模式,拦截请求路径:" + requestURI);
LoginUser loginUser = LoginUserUtils.getSessionUser();
LoginUser loginUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
Set<String> hasRoles = null;
if (loginUser == null) {
loginUser = commonAPI.getUserByName(JwtUtil.getUserNameByToken(SpringContextUtils.getHttpServletRequest()));

4
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/mybatis/MybatisInterceptor.java
View File

@ -6,13 +6,13 @@ import org.apache.ibatis.executor.Executor;
import org.apache.ibatis.mapping.MappedStatement;
import org.apache.ibatis.mapping.SqlCommandType;
import org.apache.ibatis.plugin.*;
import org.jeecg.common.util.LoginUserUtils;
import org.jeecg.common.config.TenantContext;
import org.jeecg.common.constant.TenantConstant;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.SpringContextUtils;
import org.jeecg.common.util.TokenUtils;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.security.utils.SecureUtil;
import org.springframework.stereotype.Component;
import java.lang.reflect.Field;
@ -192,7 +192,7 @@ public class MybatisInterceptor implements Interceptor {
private LoginUser getLoginUser() {
LoginUser sysUser = null;
try {
sysUser = LoginUserUtils.getSessionUser() != null ? LoginUserUtils.getSessionUser() : null;
sysUser = SecureUtil.currentUser() != null ? SecureUtil.currentUser() : null;
} catch (Exception e) {
//e.printStackTrace();
sysUser = null;

420
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/satoken/SaTokenConfig.java
View File

@ -1,420 +0,0 @@
package org.jeecg.config.satoken;
import cn.dev33.satoken.context.SaHolder;
import cn.dev33.satoken.context.model.SaRequest;
import cn.dev33.satoken.exception.NotLoginException;
import cn.dev33.satoken.filter.SaServletFilter;
import cn.dev33.satoken.interceptor.SaInterceptor;
import cn.dev33.satoken.jwt.StpLogicJwtForSimple;
import cn.dev33.satoken.router.SaHttpMethod;
import cn.dev33.satoken.router.SaRouter;
import cn.dev33.satoken.stp.StpLogic;
import cn.dev33.satoken.stp.StpUtil;
import jakarta.annotation.Resource;
import jakarta.servlet.DispatcherType;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.api.CommonAPI;
import org.jeecg.common.config.TenantContext;
import org.jeecg.common.constant.CacheConstant;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.*;
import org.jeecg.config.JeecgBaseConfig;
import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
import org.jeecg.config.satoken.ignore.InMemoryIgnoreAuth;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.context.annotation.Role;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
/**
* @author: jeecg-boot
* @description: Sa-Token 配置类
*/
@Slf4j
@Configuration
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
public class SaTokenConfig implements WebMvcConfigurer {
@Resource
private JeecgBaseConfig jeecgBaseConfig;
@Autowired
private Environment env;
@Autowired
private CommonAPI commonAPI;
@Autowired
private RedisUtil redisUtil;
/**
* Sa-Token 整合 jwt (Simple 模式)
* 使用JWT-Simple模式生成标准JWT格式的token
* 并支持从URL参数"token"读取token兼容原系统
*/
@Bean
@Primary
public StpLogic getStpLogicJwt() {
return new StpLogicJwtForSimple() {
/**
* 获取当前请求的 Token 值
* 优先级Header > URL参数token > URL参数X-Access-Token
*/
@Override
public String getTokenValue() {
try {
SaRequest request = SaHolder.getRequest();
// 1. 优先从Header中获取
String tokenValue = request.getHeader(getConfigOrGlobal().getTokenName());
if (oConvertUtils.isNotEmpty(tokenValue)) {
return tokenValue;
}
// 2. 从URL参数"token"获取(兼容原系统)
tokenValue = request.getParam("token");
if (oConvertUtils.isNotEmpty(tokenValue)) {
return tokenValue;
}
// 3. 从URL参数"X-Access-Token"获取
tokenValue = request.getParam(getConfigOrGlobal().getTokenName());
if (oConvertUtils.isNotEmpty(tokenValue)) {
return tokenValue;
}
} catch (Exception e) {
log.debug("获取token失败: {}", e.getMessage());
}
// 4. 如果都没有,使用默认逻辑
return super.getTokenValue();
}
};
}
/**
* 注册 Sa-Token 拦截器,打开注解式鉴权功能
*/
@Override
public void addInterceptors(InterceptorRegistry registry) {
// 注册 Sa-Token 拦截器,打开注解式鉴权功能
registry.addInterceptor(new SaInterceptor()).addPathPatterns("/**");
}
/**
* 注册 Sa-Token 全局过滤器
*/
@Bean
public SaServletFilter getSaServletFilter() {
return new SaServletFilter()
// 指定 [拦截路由] 与 [放行路由]
.addInclude("/**")
.setExcludeList(getExcludeUrls())
// 认证函数: 每次请求执行
.setAuth(obj -> {
// 检查是否是免认证路径
String servletPath = SaHolder.getRequest().getRequestPath();
if (InMemoryIgnoreAuth.contains(servletPath)) {
return;
}
// 校验 token如果请求中带有 token先切换到对应的登录会话再校验
try {
String token = StpUtil.getTokenValue();
if (oConvertUtils.isNotEmpty(token)) {
// 根据 token 获取 loginId 并切换到对应的登录会话
Object loginId = StpUtil.getLoginIdByToken(token);
if (loginId != null) {
StpUtil.switchTo(loginId);
// 需要手工自动续签默认参数auto-renew:true 不好使
long activeTimeout = StpUtil.stpLogic.getConfigOrGlobal().getActiveTimeout();
if (activeTimeout > 0) {
// 获取当前token的活跃剩余时间
long tokenActiveTimeout = StpUtil.getTokenActiveTimeout();
// 如果剩余活跃时间少于总活跃时间的一半,进行续签
if (tokenActiveTimeout > 0 && tokenActiveTimeout < (activeTimeout / 2)) {
StpUtil.stpLogic.updateLastActiveToNow(token);
log.info("【Sa-Token拦截器】Token续签成功剩余活跃时间: {}秒", tokenActiveTimeout);
}
}
}
}
} catch (Exception e) {
// 如果获取 loginId 失败,说明 token 无效或未登录,让 checkLogin 抛出异常
log.debug("切换登录会话失败: {}", e.getMessage());
}
// 最终校验登录状态
StpUtil.checkLogin();
// 租户校验逻辑
checkTenantAuthorization();
})
// 异常处理函数:每次认证函数发生异常时执行此函数
.setError(e -> {
log.warn("Sa-Token 认证失败用户未登录或token无效");
log.warn("请求路径: {}, Method: {}Token: {}", SaHolder.getRequest().getRequestPath(), SaHolder.getRequest().getMethod(), StpUtil.getTokenValue());
// 返回401状态码
SaHolder.getResponse().setStatus(401).setHeader("Content-Type", "application/json;charset=UTF-8");
return org.jeecg.common.system.util.JwtUtil.responseErrorJson(401, CommonConstant.TOKEN_IS_INVALID_MSG);
})
// 前置函数在每次认证函数之前执行BeforeAuth 不受 includeList 与 excludeList 的限制,所有请求都会进入)
.setBeforeAuth(r -> {
// 设置跨域配置
Object cloudServer = env.getProperty(CommonConstant.CLOUD_SERVER_KEY);
// 如果cloudServer为空 则说明是单体 需要加载跨域配置【微服务跨域切换】
if (cloudServer == null) {
SaHolder.getResponse()
// 允许指定域访问跨域资源
.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, SaHolder.getRequest().getHeader(HttpHeaders.ORIGIN))
// 允许所有请求方式
.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_METHODS, "GET, POST, PUT, DELETE, OPTIONS")
// 有效时间
.setHeader(HttpHeaders.ACCESS_CONTROL_MAX_AGE, "3600")
// 允许的header参数
.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_HEADERS, SaHolder.getRequest().getHeader(HttpHeaders.ACCESS_CONTROL_REQUEST_HEADERS))
// 允许携带凭证
.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_CREDENTIALS, "true");
}
// OPTIONS预检请求直接返回
SaRouter.match(SaHttpMethod.OPTIONS).free(r2 -> {
SaHolder.getResponse().setStatus(HttpStatus.OK.value());
});
// 设置当前线程上下文的租户ID
String tenantId = SaHolder.getRequest().getHeader(CommonConstant.TENANT_ID);
TenantContext.setTenant(tenantId);
log.info("===【TenantContext 线程设置】=== 请求路径: {}, 租户ID: {}", SaHolder.getRequest().getRequestPath(), tenantId);
});
}
/**
* spring过滤装饰器 <br/>
* 支持异步请求的过滤器装饰
*/
@Bean
public FilterRegistrationBean<SaServletFilter> saTokenFilterRegistration() {
FilterRegistrationBean<SaServletFilter> registration = new FilterRegistrationBean<>();
registration.setFilter(getSaServletFilter());
registration.setName("SaServletFilter");
// 支持异步请求
registration.setDispatcherTypes(DispatcherType.REQUEST, DispatcherType.ASYNC);
// 拦截所有请求
registration.addUrlPatterns("/*");
registration.setOrder(1);
registration.setAsyncSupported(true); // 支持异步请求
return registration;
}
/**
* 获取排除URL列表
*/
private List<String> getExcludeUrls() {
List<String> excludeUrls = new ArrayList<>();
// 支持yml方式配置拦截排除
if (jeecgBaseConfig != null && jeecgBaseConfig.getShiro() != null) {
String shiroExcludeUrls = jeecgBaseConfig.getShiro().getExcludeUrls();
if (oConvertUtils.isNotEmpty(shiroExcludeUrls)) {
String[] permissionUrl = shiroExcludeUrls.split(",");
excludeUrls.addAll(Arrays.asList(permissionUrl));
}
}
// 添加默认排除路径
excludeUrls.addAll(Arrays.asList(
"/sys/cas/client/validateLogin", // cas验证登录
"/sys/randomImage/**", // 登录验证码接口排除
"/sys/checkCaptcha", // 登录验证码接口排除
"/sys/smsCheckCaptcha", // 短信次数发送太多验证码排除
"/sys/login", // 登录接口排除
"/sys/mLogin", // 登录接口排除
"/sys/logout", // 登出接口排除
"/sys/thirdLogin/**", // 第三方登录
"/sys/getEncryptedString", // 获取加密串
"/sys/sms", // 短信验证码
"/sys/phoneLogin", // 手机登录
"/sys/user/checkOnlyUser", // 校验用户是否存在
"/sys/user/register", // 用户注册
"/sys/user/phoneVerification", // 用户忘记密码验证手机号
"/sys/user/passwordChange", // 用户更改密码
"/auth/2step-code", // 登录验证码
"/sys/common/static/**", // 图片预览 & 下载文件不限制token
"/sys/common/pdf/**", // pdf预览
"/generic/**", // pdf预览需要文件
"/sys/getLoginQrcode/**", // 登录二维码
"/sys/getQrcodeToken/**", // 监听扫码
"/sys/checkAuth", // 授权接口排除
"/openapi/call/**", // 开放平台接口排除
// 排除静态资源后缀
"/",
"/doc.html",
"**/*.js",
"**/*.css",
"**/*.html",
"**/*.svg",
"**/*.pdf",
"**/*.jpg",
"**/*.png",
"**/*.gif",
"**/*.ico",
"**/*.ttf",
"**/*.woff",
"**/*.woff2",
"**/*.glb",
"**/*.wasm",
"**/*.js.map",
"**/*.css.map",
"/druid/**",
"/swagger-ui.html",
"/swagger*/**",
"/webjars/**",
"/v3/**",
// 排除消息通告查看详情页面用于第三方APP
"/sys/annountCement/show/**",
// 积木报表和积木BI排除
"/jmreport/**",
"/drag/lib/**",
"/drag/list/**",
"/drag/favicon.ico",
"/drag/view",
"/drag/page/queryById",
"/drag/page/addVisitsNumber",
"/drag/page/queryTemplateList",
"/drag/share/view/**",
"/drag/onlDragDatasetHead/getAllChartData",
"/drag/onlDragDatasetHead/getTotalData",
"/drag/onlDragDatasetHead/getMapDataByCode",
"/drag/onlDragDatasetHead/getTotalDataByCompId",
"/drag/mock/json/**",
"/drag/onlDragDatasetHead/getDictByCodes",
"/drag/onlDragDatasetHead/queryAllById",
"/jimubi/view",
"/jimubi/share/view/**",
// 大屏模板例子
"/test/bigScreen/**",
"/bigscreen/template1/**",
"/bigscreen/template2/**",
// websocket排除
"/websocket/**", // 系统通知和公告
"/newsWebsocket/**", // CMS模块
"/vxeSocket/**", // JVxeTable无痕刷新示例
"/dragChannelSocket/**", // 仪表盘(按钮通信)
// App vue3版本查询版本接口
"/sys/version/app3version",
// 测试模块排除
"/test/seata/**",
// 错误路径排除
"/error",
// 企业微信证书排除
"/WW_verify*"
));
return excludeUrls;
}
/**
* 校验用户的tenant_id和前端传过来的是否一致
*
* <p>实现逻辑:
* <ul>
* <li>1. 获取当前登录用户信息</li>
* <li>2. 检查用户是否配置了租户信息</li>
* <li>3. 获取前端请求头中的租户ID</li>
* <li>4. 校验用户所属租户中是否包含当前请求的租户ID</li>
* <li>5. 如果校验失败,从数据库重新查询用户信息并再次校验</li>
* <li>6. 最终校验失败则抛出异常</li>
* </ul>
*
* @throws NotLoginException 租户授权变更异常
*/
private void checkTenantAuthorization() {
log.debug("------ 租户校验开始 ------");
// 如果未开启租户控制,直接返回
if (!MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) {
return;
}
try {
// 获取当前登录用户信息
LoginUser loginUser = TokenUtils.getLoginUser(LoginUserUtils.getUsername(), commonAPI, redisUtil);
if (loginUser == null) {
return;
}
String username = loginUser.getUsername();
String userTenantIds = loginUser.getRelTenantIds();
// 如果用户未配置租户信息,直接返回
if (oConvertUtils.isEmpty(userTenantIds)) {
return;
}
// 获取前端请求头中的租户ID
String loginTenantId = TokenUtils.getTenantIdByRequest(SpringContextUtils.getHttpServletRequest());
log.info("登录租户:{}", loginTenantId);
log.info("用户拥有那些租户:{}", userTenantIds);
// 登录用户无租户前端header中租户ID值为 0
String str = "0";
if (oConvertUtils.isEmpty(loginTenantId) || str.equals(loginTenantId)) {
return;
}
String[] userTenantIdsArray = userTenantIds.split(",");
if (!oConvertUtils.isIn(loginTenantId, userTenantIdsArray)) {
boolean isAuthorization = false;
//========================================================================
// 查询用户信息(如果租户不匹配从数据库中重新查询一次用户信息)
String loginUserKey = CacheConstant.SYS_USERS_CACHE + "::" + username;
redisUtil.del(loginUserKey);
LoginUser loginUserFromDb = commonAPI.getUserByName(username);
LoginUserUtils.setSessionUser(loginUserFromDb);
if (loginUserFromDb != null && oConvertUtils.isNotEmpty(loginUserFromDb.getRelTenantIds())) {
String[] newArray = loginUserFromDb.getRelTenantIds().split(",");
if (oConvertUtils.isIn(loginTenantId, newArray)) {
isAuthorization = true;
}
}
//========================================================================
if (!isAuthorization) {
log.info("租户异常——登录租户:{}", loginTenantId);
log.info("租户异常——用户拥有租户组:{}", userTenantIds);
throw new NotLoginException("登录租户授权变更,请重新登陆!", StpUtil.TYPE, NotLoginException.KICK_OUT);
}
}
}catch (Exception e) {
log.error("租户校验异常:{}", e.getMessage(), e);
}
}
}

174
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/satoken/StpInterfaceImpl.java
View File

@ -1,174 +0,0 @@
package org.jeecg.config.satoken;
import cn.dev33.satoken.dao.SaTokenDao;
import cn.dev33.satoken.SaManager;
import cn.dev33.satoken.stp.StpInterface;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.api.CommonAPI;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component;
import jakarta.annotation.Resource;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
/**
* @description: Sa-Token 权限认证接口实现(带缓存)
*
* <p>⚠️ 重要说明:</p>
* <ul>
* <li><strong>Sa-Token 的 StpInterface 默认不提供缓存能力</strong>,需要自己实现缓存逻辑</li>
* <li>本实现采用 <strong>[账号id -> 权限/角色列表]</strong> 缓存模型</li>
* <li>缓存键格式:
* <ul>
* <li>用户权限缓存satoken:user-permission:{username}</li>
* <li>用户角色缓存satoken:user-role:{username}</li>
* </ul>
* </li>
* <li>缓存过期时间30天</li>
* <li>⚠️ 当修改用户的角色或权限时,需要手动清除缓存</li>
* </ul>
*
* <p>清除缓存示例:</p>
* <pre>
* // 清除单个用户的权限和角色缓存
* StpInterfaceImpl.clearUserCache("admin");
*
* // 清除多个用户的缓存
* StpInterfaceImpl.clearUserCache(Arrays.asList("admin", "user1", "user2"));
* </pre>
*/
@Component
@Slf4j
public class StpInterfaceImpl implements StpInterface {
@Lazy
@Resource
private CommonAPI commonApi;
/**
* 缓存过期时间30天
*/
private static final long CACHE_TIMEOUT = 60 * 60 * 24 * 30;
/**
* 权限缓存键前缀
*/
private static final String PERMISSION_CACHE_PREFIX = "satoken:user-permission:";
/**
* 角色缓存键前缀
*/
private static final String ROLE_CACHE_PREFIX = "satoken:user-role:";
/**
* 返回一个账号所拥有的权限码集合(带缓存)
*
* @param loginId 账号id这里是 username
* @param loginType 账号类型
* @return 权限码集合
*/
@Override
@SuppressWarnings("unchecked")
public List<String> getPermissionList(Object loginId, String loginType) {
String username = loginId.toString();
String cacheKey = PERMISSION_CACHE_PREFIX + username;
SaTokenDao dao = SaManager.getSaTokenDao();
// 1. 先从缓存获取
List<String> permissionList = (List<String>) dao.getObject(cacheKey);
if (permissionList == null) {
// 2. 缓存不存在,从数据库查询
log.warn("权限缓存未命中,查询数据库 [ username={} ]", username);
String userId = commonApi.getUserIdByName(username);
if (userId == null) {
log.warn("用户不存在: {}", username);
return new ArrayList<>();
}
Set<String> permissionSet = commonApi.queryUserAuths(userId);
permissionList = new ArrayList<>(permissionSet);
// 3. 将结果缓存起来
dao.setObject(cacheKey, permissionList, CACHE_TIMEOUT);
log.info("权限已缓存 [ username={}, permissions={} ]", username, permissionList.size());
} else {
log.debug("权限缓存命中 [ username={}, permissions={} ]", username, permissionList.size());
}
return permissionList;
}
/**
* 返回一个账号所拥有的角色标识集合(带缓存)
*
* @param loginId 账号id这里是 username
* @param loginType 账号类型
* @return 角色标识集合
*/
@Override
@SuppressWarnings("unchecked")
public List<String> getRoleList(Object loginId, String loginType) {
String username = loginId.toString();
String cacheKey = ROLE_CACHE_PREFIX + username;
SaTokenDao dao = SaManager.getSaTokenDao();
// 1. 先从缓存获取
List<String> roleList = (List<String>) dao.getObject(cacheKey);
if (roleList == null) {
// 2. 缓存不存在,从数据库查询
log.warn("角色缓存未命中,查询数据库 [ username={} ]", username);
String userId = commonApi.getUserIdByName(username);
if (userId == null) {
log.warn("用户不存在: {}", username);
return new ArrayList<>();
}
Set<String> roleSet = commonApi.queryUserRolesById(userId);
roleList = new ArrayList<>(roleSet);
// 3. 将结果缓存起来
dao.setObject(cacheKey, roleList, CACHE_TIMEOUT);
log.info("角色已缓存 [ username={}, roles={} ]", username, roleList.size());
} else {
log.debug("角色缓存命中 [ username={}, roles={} ]", username, roleList.size());
}
return roleList;
}
/**
* 清除单个用户的权限和角色缓存
* <p>使用场景:修改用户的角色分配后</p>
*
* @param username 用户名
*/
public static void clearUserCache(String username) {
SaTokenDao dao = SaManager.getSaTokenDao();
dao.deleteObject(PERMISSION_CACHE_PREFIX + username);
dao.deleteObject(ROLE_CACHE_PREFIX + username);
log.info("已清除用户缓存 [ username={} ]", username);
}
/**
* 批量清除多个用户的权限和角色缓存
* <p>使用场景:修改角色权限后,清除拥有该角色的所有用户的缓存</p>
*
* @param usernameList 用户名列表
*/
public static void clearUserCache(List<String> usernameList) {
SaTokenDao dao = SaManager.getSaTokenDao();
for (String username : usernameList) {
dao.deleteObject(PERMISSION_CACHE_PREFIX + username);
dao.deleteObject(ROLE_CACHE_PREFIX + username);
}
log.info("已批量清除用户缓存 [ count={} ]", usernameList.size());
}
}

104
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/satoken/ignore/IgnoreAuthPostProcessor.java
View File

@ -1,104 +0,0 @@
package org.jeecg.config.satoken.ignore;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.config.satoken.IgnoreAuth;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
import java.lang.reflect.Method;
import java.util.*;
import java.util.stream.Collectors;
/**
* 在spring boot初始化时根据@RestController注解获取当前spring容器中的bean
* @author eightmonth
* @date 2024/4/18 11:35
*/
@Slf4j
@Lazy(false)
@Component
@AllArgsConstructor
public class IgnoreAuthPostProcessor implements InitializingBean {
private RequestMappingHandlerMapping requestMappingHandlerMapping;
@Override
public void afterPropertiesSet() throws Exception {
long startTime = System.currentTimeMillis();
List<String> ignoreAuthUrls = new ArrayList<>();
// 优化直接从HandlerMethod过滤避免重复扫描
requestMappingHandlerMapping.getHandlerMethods().values().stream()
.filter(handlerMethod -> handlerMethod.getMethod().isAnnotationPresent(IgnoreAuth.class))
.forEach(handlerMethod -> {
Class<?> clazz = handlerMethod.getBeanType();
Method method = handlerMethod.getMethod();
ignoreAuthUrls.addAll(processIgnoreAuthMethod(clazz, method));
});
log.info("Init Token ignoreAuthUrls Config [ 集合 ] {}", ignoreAuthUrls);
if (!CollectionUtils.isEmpty(ignoreAuthUrls)) {
InMemoryIgnoreAuth.set(ignoreAuthUrls);
}
// 计算方法的耗时
long endTime = System.currentTimeMillis();
long elapsedTime = endTime - startTime;
log.info("Init Token ignoreAuthUrls Config [ 耗时 ] " + elapsedTime + "ms");
}
// 优化:新方法处理单个@IgnoreAuth方法减少重复注解检查
private List<String> processIgnoreAuthMethod(Class<?> clazz, Method method) {
RequestMapping base = clazz.getAnnotation(RequestMapping.class);
String[] baseUrl = Objects.nonNull(base) ? base.value() : new String[]{};
String[] uri = null;
if (method.isAnnotationPresent(RequestMapping.class)) {
uri = method.getAnnotation(RequestMapping.class).value();
} else if (method.isAnnotationPresent(GetMapping.class)) {
uri = method.getAnnotation(GetMapping.class).value();
} else if (method.isAnnotationPresent(PostMapping.class)) {
uri = method.getAnnotation(PostMapping.class).value();
} else if (method.isAnnotationPresent(PutMapping.class)) {
uri = method.getAnnotation(PutMapping.class).value();
} else if (method.isAnnotationPresent(DeleteMapping.class)) {
uri = method.getAnnotation(DeleteMapping.class).value();
} else if (method.isAnnotationPresent(PatchMapping.class)) {
uri = method.getAnnotation(PatchMapping.class).value();
}
return uri != null ? rebuildUrl(baseUrl, uri) : Collections.emptyList();
}
private List<String> rebuildUrl(String[] bases, String[] uris) {
List<String> urls = new ArrayList<>();
if (bases.length > 0) {
for (String base : bases) {
for (String uri : uris) {
// 如果uri包含路径占位符, 则需要将其替换为*
if (uri.matches(".*\\{.*}.*")) {
uri = uri.replaceAll("\\{.*?}", "*");
}
urls.add(prefix(base) + prefix(uri));
}
}
} else {
Arrays.stream(uris).forEach(uri -> {
urls.add(prefix(uri));
});
}
return urls;
}
private String prefix(String seg) {
return seg.startsWith("/") ? seg : "/"+seg;
}
}

90
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/ClientService.java Normal file
View File

@ -0,0 +1,90 @@
package org.jeecg.config.security;
import lombok.AllArgsConstructor;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
import org.springframework.stereotype.Component;
import java.time.Duration;
import java.util.Set;
/**
* spring authorization server 注册客户端便捷工具类
* @author eightmonth@qq.com
* @date 2024/3/7 11:22
*/
@Component
@AllArgsConstructor
public class ClientService {
private RegisteredClientRepository registeredClientRepository;
/**
* 修改客户端token有效期
* 认证码、设备码有效期与accessToken有效期保持一致
*/
public void updateTokenValidation(String clientId, Long accessTokenValidation, Long refreshTokenValidation){
RegisteredClient registeredClient = findByClientId(clientId);
RegisteredClient.Builder builder = RegisteredClient.from(registeredClient);
TokenSettings tokenSettings = TokenSettings.builder()
.idTokenSignatureAlgorithm(SignatureAlgorithm.RS256)
.accessTokenTimeToLive(Duration.ofSeconds(accessTokenValidation))
.accessTokenFormat(OAuth2TokenFormat.SELF_CONTAINED)
.reuseRefreshTokens(true)
.refreshTokenTimeToLive(Duration.ofSeconds(refreshTokenValidation))
.authorizationCodeTimeToLive(Duration.ofSeconds(accessTokenValidation))
.deviceCodeTimeToLive(Duration.ofSeconds(accessTokenValidation))
.build();
builder.tokenSettings(tokenSettings);
registeredClientRepository.save(builder.build());
}
/**
* 修改客户端授权类型
* @param clientId
* @param grantTypes
*/
public void updateGrantType(String clientId, Set<AuthorizationGrantType> grantTypes) {
RegisteredClient registeredClient = findByClientId(clientId);
RegisteredClient.Builder builder = RegisteredClient.from(registeredClient);
for (AuthorizationGrantType grantType : grantTypes) {
builder.authorizationGrantType(grantType);
}
registeredClientRepository.save(builder.build());
}
/**
* 修改客户端重定向uri
* @param clientId
* @param redirectUris
*/
public void updateRedirectUris(String clientId, String redirectUris) {
RegisteredClient registeredClient = findByClientId(clientId);
RegisteredClient.Builder builder = RegisteredClient.from(registeredClient);
builder.redirectUri(redirectUris);
registeredClientRepository.save(builder.build());
}
/**
* 修改客户端授权范围
* @param clientId
* @param scopes
*/
public void updateScopes(String clientId, Set<String> scopes) {
RegisteredClient registeredClient = findByClientId(clientId);
RegisteredClient.Builder builder = RegisteredClient.from(registeredClient);
for (String scope : scopes) {
builder.scope(scope);
}
registeredClientRepository.save(builder.build());
}
public RegisteredClient findByClientId(String clientId) {
return registeredClientRepository.findByClientId(clientId);
}
}

80
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/CopyTokenFilter.java Normal file
View File

@ -0,0 +1,80 @@
package org.jeecg.config.security;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequestWrapper;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
import java.util.*;
/**
* 仪盘表请求query体携带的token
* @author eightmonth
* @date 2024/7/3 14:04
*/
@Slf4j
@Component
@Order(value = Integer.MIN_VALUE)
public class CopyTokenFilter extends OncePerRequestFilter {
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
// 以下为undertow定制代码如切换其它servlet容器需要同步更换
String token = request.getHeader("Authorization");
String bearerToken = request.getParameter("token");
String headerBearerToken = request.getHeader("X-Access-Token");
String finalToken;
log.debug("【仪盘表请求query体携带的token】CopyTokenFilter token: {}, bearerToken: {}, headerBearerToken: {}", token, bearerToken, headerBearerToken);
if (StringUtils.hasText(token)) {
finalToken = "bearer " + token;
} else if (StringUtils.hasText(bearerToken)) {
finalToken = "bearer " + bearerToken;
} else if (StringUtils.hasText(headerBearerToken)) {
finalToken = "bearer " + headerBearerToken;
} else {
finalToken = null;
}
if (finalToken != null) {
HttpServletRequestWrapper wrapper = new HttpServletRequestWrapper(request) {
@Override
public String getHeader(String name) {
if ("Authorization".equalsIgnoreCase(name)) {
return finalToken;
}
return super.getHeader(name);
}
@Override
public Enumeration<String> getHeaders(String name) {
if ("Authorization".equalsIgnoreCase(name)) {
return Collections.enumeration(Collections.singleton(finalToken));
}
return super.getHeaders(name);
}
@Override
public Enumeration<String> getHeaderNames() {
List<String> names = Collections.list(super.getHeaderNames());
if (!names.contains("Authorization")) {
names.add("Authorization");
}
return Collections.enumeration(names);
}
};
filterChain.doFilter(wrapper, response);
} else {
filterChain.doFilter(request, response);
}
}
}

34
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgAuthenticationConvert.java Normal file
View File

@ -0,0 +1,34 @@
package org.jeecg.config.security;
import org.jeecg.common.api.CommonAPI;
import org.jeecg.common.system.vo.LoginUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
/**
* token只存储用户名与过期时间
* 这里通过取用户名转全量用户信息存储到Security中
* @author eightmonth@qq.com
* @date 2024/7/15 11:05
*/
@Component
public class JeecgAuthenticationConvert implements Converter<Jwt, AbstractAuthenticationToken> {
@Lazy
@Autowired
private CommonAPI commonAPI;
@Override
public AbstractAuthenticationToken convert(Jwt source) {
String username = source.getClaims().get("username").toString();
LoginUser loginUser = commonAPI.getUserByName(username);
return new UsernamePasswordAuthenticationToken(loginUser, null, new ArrayList<>());
}
}

135
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgOAuth2AccessTokenGenerator.java Normal file
View File

@ -0,0 +1,135 @@
package org.jeecg.config.security;
import org.jeecg.common.system.util.JwtUtil;
import org.springframework.lang.Nullable;
import org.springframework.security.oauth2.core.ClaimAccessor;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.jwt.JwsHeader;
import org.springframework.security.oauth2.jwt.JwtClaimsSet;
import org.springframework.security.oauth2.jwt.JwtEncoder;
import org.springframework.security.oauth2.jwt.JwtEncoderParameters;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.token.*;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import java.time.Duration;
import java.time.Instant;
import java.time.temporal.Temporal;
import java.time.temporal.TemporalUnit;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
/**
* @author eightmonth@qq.com
* @date 2024/7/11 17:10
*/
public class JeecgOAuth2AccessTokenGenerator implements OAuth2TokenGenerator<OAuth2AccessToken> {
private final JwtEncoder jwtEncoder;
private OAuth2TokenCustomizer<OAuth2TokenClaimsContext> accessTokenCustomizer;
public JeecgOAuth2AccessTokenGenerator(JwtEncoder jwtEncoder) {
this.jwtEncoder = jwtEncoder;
}
@Nullable
@Override
public OAuth2AccessToken generate(OAuth2TokenContext context) {
if (!OAuth2TokenType.ACCESS_TOKEN.equals(context.getTokenType())) {
return null;
}
String issuer = null;
if (context.getAuthorizationServerContext() != null) {
issuer = context.getAuthorizationServerContext().getIssuer();
}
RegisteredClient registeredClient = context.getRegisteredClient();
Instant issuedAt = Instant.now();
Instant expiresAt = issuedAt.plusMillis(JwtUtil.EXPIRE_TIME);
OAuth2TokenClaimsSet.Builder claimsBuilder = OAuth2TokenClaimsSet.builder();
if (StringUtils.hasText(issuer)) {
claimsBuilder.issuer(issuer);
}
claimsBuilder
.subject(context.getPrincipal().getName())
.audience(Collections.singletonList(registeredClient.getClientId()))
.issuedAt(issuedAt)
.expiresAt(expiresAt)
.notBefore(issuedAt)
.id(UUID.randomUUID().toString());
if (!CollectionUtils.isEmpty(context.getAuthorizedScopes())) {
claimsBuilder.claim(OAuth2ParameterNames.SCOPE, context.getAuthorizedScopes());
}
if (this.accessTokenCustomizer != null) {
OAuth2TokenClaimsContext.Builder accessTokenContextBuilder = OAuth2TokenClaimsContext.with(claimsBuilder)
.registeredClient(context.getRegisteredClient())
.principal(context.getPrincipal())
.authorizationServerContext(context.getAuthorizationServerContext())
.authorizedScopes(context.getAuthorizedScopes())
.tokenType(context.getTokenType())
.authorizationGrantType(context.getAuthorizationGrantType());
if (context.getAuthorization() != null) {
accessTokenContextBuilder.authorization(context.getAuthorization());
}
if (context.getAuthorizationGrant() != null) {
accessTokenContextBuilder.authorizationGrant(context.getAuthorizationGrant());
}
OAuth2TokenClaimsContext accessTokenContext = accessTokenContextBuilder.build();
this.accessTokenCustomizer.customize(accessTokenContext);
}
OAuth2TokenClaimsSet accessTokenClaimsSet = claimsBuilder.build();
OAuth2AuthorizationGrantAuthenticationToken oAuth2ResourceOwnerBaseAuthenticationToken = context.getAuthorizationGrant();
String username = (String) oAuth2ResourceOwnerBaseAuthenticationToken.getAdditionalParameters().get("username");
String tokenValue = jwtEncoder.encode(JwtEncoderParameters.from(JwsHeader.with(SignatureAlgorithm.ES256).keyId("jeecg").build(),
JwtClaimsSet.builder().claim("username", username).expiresAt(expiresAt).build())).getTokenValue();
//此处可以做改造将tokenValue随机数换成用户信息方便后续多系统token互通认证通过解密token得到username
return new OAuth2AccessTokenClaims(OAuth2AccessToken.TokenType.BEARER, tokenValue,
accessTokenClaimsSet.getIssuedAt(), accessTokenClaimsSet.getExpiresAt(), context.getAuthorizedScopes(),
accessTokenClaimsSet.getClaims());
}
/**
* Sets the {@link OAuth2TokenCustomizer} that customizes the
* {@link OAuth2TokenClaimsContext#getClaims() claims} for the
* {@link OAuth2AccessToken}.
* @param accessTokenCustomizer the {@link OAuth2TokenCustomizer} that customizes the
* claims for the {@code OAuth2AccessToken}
*/
public void setAccessTokenCustomizer(OAuth2TokenCustomizer<OAuth2TokenClaimsContext> accessTokenCustomizer) {
Assert.notNull(accessTokenCustomizer, "accessTokenCustomizer cannot be null");
this.accessTokenCustomizer = accessTokenCustomizer;
}
private static final class OAuth2AccessTokenClaims extends OAuth2AccessToken implements ClaimAccessor {
private final Map<String, Object> claims;
private OAuth2AccessTokenClaims(TokenType tokenType, String tokenValue, Instant issuedAt, Instant expiresAt,
Set<String> scopes, Map<String, Object> claims) {
super(tokenType, tokenValue, issuedAt, expiresAt, scopes);
this.claims = claims;
}
@Override
public Map<String, Object> getClaims() {
return this.claims;
}
}
}

104
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgPermissionService.java Normal file
View File

@ -0,0 +1,104 @@
package org.jeecg.config.security;
import cn.hutool.core.util.ArrayUtil;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.api.CommonAPI;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.RedisUtil;
import org.jeecg.config.security.utils.SecureUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Service;
import org.springframework.util.PatternMatchUtils;
import org.springframework.util.StringUtils;
import java.util.Arrays;
import java.util.Objects;
import java.util.Set;
/**
* spring authorization server自定义权限处理根据@PreAuthorize注解判断当前用户是否具备权限
* @author EightMonth
* @date 2024/1/10 17:00
*/
@Service("jps")
@Slf4j
public class JeecgPermissionService {
private final String SPLIT = "::";
private final String PERM_PREFIX = "jps" + SPLIT;
@Lazy
@Autowired
private CommonAPI commonAPI;
@Autowired
private RedisUtil redisUtil;
/**
* 判断接口是否有任意xxxxxx权限
* @param permissions 权限
* @return {boolean}
*/
public boolean requiresPermissions(String... permissions) {
if (ArrayUtil.isEmpty(permissions)) {
return false;
}
LoginUser loginUser = SecureUtil.currentUser();
Object cache = redisUtil.get(buildKey("permission", loginUser.getId()));
Set<String> permissionList;
if (Objects.nonNull(cache)) {
permissionList = (Set<String>) cache;
} else {
permissionList = commonAPI.queryUserAuths(loginUser.getId());
redisUtil.set(buildKey("permission", loginUser.getId()), permissionList);
}
boolean pass = permissionList.stream().filter(StringUtils::hasText)
.anyMatch(x -> PatternMatchUtils.simpleMatch(permissions, x));
if (!pass) {
log.error("权限不足,缺少权限:"+ Arrays.toString(permissions));
}
return pass;
}
/**
* 判断接口是否有任意xxxxxx角色
* @param roles 角色
* @return {boolean}
*/
public boolean requiresRoles(String... roles) {
if (ArrayUtil.isEmpty(roles)) {
return false;
}
LoginUser loginUser = SecureUtil.currentUser();
Object cache = redisUtil.get(buildKey("role", loginUser.getUsername()));
Set<String> roleList;
if (Objects.nonNull(cache)) {
roleList = (Set<String>) cache;
} else {
roleList = commonAPI.queryUserRoles(loginUser.getUsername());
redisUtil.set(buildKey("role", loginUser.getUsername()), roleList);
}
boolean pass = roleList.stream().filter(StringUtils::hasText)
.anyMatch(x -> PatternMatchUtils.simpleMatch(roles, x));
if (!pass) {
log.error("权限不足,缺少角色:" + Arrays.toString(roles));
}
return pass;
}
/**
* 由于缓存key是以人的维度角色列表、权限列表在值中jeecg是以权限列表绑定在角色上形成的权限集合
* 权限发生变更时,需要清理全部人的权限缓存
*/
public void clearCache() {
redisUtil.removeAll(PERM_PREFIX);
}
private String buildKey(String type, String username) {
return PERM_PREFIX + type + SPLIT + username;
}
}

54
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgRedisOAuth2AuthorizationConsentService.java Normal file
View File

@ -0,0 +1,54 @@
package org.jeecg.config.security;
import lombok.RequiredArgsConstructor;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsentService;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;
import java.util.concurrent.TimeUnit;
/**
* spring authorization server 自定义redis保存授权范围信息
*/
@Component
@RequiredArgsConstructor
public class JeecgRedisOAuth2AuthorizationConsentService implements OAuth2AuthorizationConsentService {
private final RedisTemplate<String, Object> redisTemplate;
private final static Long TIMEOUT = 10L;
@Override
public void save(OAuth2AuthorizationConsent authorizationConsent) {
Assert.notNull(authorizationConsent, "authorizationConsent cannot be null");
redisTemplate.opsForValue().set(buildKey(authorizationConsent), authorizationConsent, TIMEOUT,
TimeUnit.MINUTES);
}
@Override
public void remove(OAuth2AuthorizationConsent authorizationConsent) {
Assert.notNull(authorizationConsent, "authorizationConsent cannot be null");
redisTemplate.delete(buildKey(authorizationConsent));
}
@Override
public OAuth2AuthorizationConsent findById(String registeredClientId, String principalName) {
Assert.hasText(registeredClientId, "registeredClientId cannot be empty");
Assert.hasText(principalName, "principalName cannot be empty");
return (OAuth2AuthorizationConsent) redisTemplate.opsForValue()
.get(buildKey(registeredClientId, principalName));
}
private static String buildKey(String registeredClientId, String principalName) {
return "token:consent:" + registeredClientId + ":" + principalName;
}
private static String buildKey(OAuth2AuthorizationConsent authorizationConsent) {
return buildKey(authorizationConsent.getRegisteredClientId(), authorizationConsent.getPrincipalName());
}
}

192
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgRedisOAuth2AuthorizationService.java Normal file
View File

@ -0,0 +1,192 @@
package org.jeecg.config.security;
import cn.hutool.core.collection.CollUtil;
import jakarta.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.RedisSerializer;
import org.springframework.lang.Nullable;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationCode;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;
import java.time.temporal.ChronoUnit;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.TimeUnit;
/**
* spring authorization server自定义redis保存认证信息
* @author EightMonth
*/
@Component
public class JeecgRedisOAuth2AuthorizationService implements OAuth2AuthorizationService{
private final static Long TIMEOUT = 10L;
private static final String AUTHORIZATION = "token";
private final RedisTemplate<String, Object> redisTemplate = new RedisTemplate<>();
@Autowired
private RedisConnectionFactory redisConnectionFactory;
/**
* 因为保存sas的认证信息至redis无法使用jeecg对redisTemplate的某些设置。
* 如果在使用时修改redisTemplate属性会发生线程安全问题最终容易引起系统无法正常运行。
* 所以重新建了一个redis client给到sas操作redis并且该redis实例不注入spring 容器中
*/
@PostConstruct
public void initSasRedis() {
redisTemplate.setValueSerializer(RedisSerializer.java());
redisTemplate.setConnectionFactory(redisConnectionFactory);
redisTemplate.afterPropertiesSet();
}
@Override
public void save(OAuth2Authorization authorization) {
Assert.notNull(authorization, "authorization cannot be null");
if (isState(authorization)) {
String token = authorization.getAttribute("state");
redisTemplate.opsForValue().set(buildKey(OAuth2ParameterNames.STATE, token), authorization, TIMEOUT,
TimeUnit.MINUTES);
}
if (isCode(authorization)) {
OAuth2Authorization.Token<OAuth2AuthorizationCode> authorizationCode = authorization
.getToken(OAuth2AuthorizationCode.class);
OAuth2AuthorizationCode authorizationCodeToken = authorizationCode.getToken();
long between = ChronoUnit.MINUTES.between(authorizationCodeToken.getIssuedAt(),
authorizationCodeToken.getExpiresAt());
redisTemplate.opsForValue().set(buildKey(OAuth2ParameterNames.CODE, authorizationCodeToken.getTokenValue()),
authorization, between, TimeUnit.MINUTES);
}
if (isRefreshToken(authorization)) {
OAuth2RefreshToken refreshToken = authorization.getRefreshToken().getToken();
long between = ChronoUnit.SECONDS.between(refreshToken.getIssuedAt(), refreshToken.getExpiresAt());
redisTemplate.opsForValue().set(buildKey(OAuth2ParameterNames.REFRESH_TOKEN, refreshToken.getTokenValue()),
authorization, between, TimeUnit.SECONDS);
}
if (isAccessToken(authorization)) {
OAuth2AccessToken accessToken = authorization.getAccessToken().getToken();
long between = ChronoUnit.SECONDS.between(accessToken.getIssuedAt(), accessToken.getExpiresAt());
redisTemplate.opsForValue().set(buildKey(OAuth2ParameterNames.ACCESS_TOKEN, accessToken.getTokenValue()),
authorization, between, TimeUnit.SECONDS);
// 扩展记录 access-token 、username 的关系 1::token::username::admin::xxx
String tokenUsername = String.format("%s::%s::%s", AUTHORIZATION, authorization.getPrincipalName(), accessToken.getTokenValue());
redisTemplate.opsForValue().set(tokenUsername, accessToken.getTokenValue(), between, TimeUnit.SECONDS);
}
}
@Override
public void remove(OAuth2Authorization authorization) {
Assert.notNull(authorization, "authorization cannot be null");
List<String> keys = new ArrayList<>();
if (isState(authorization)) {
String token = authorization.getAttribute("state");
keys.add(buildKey(OAuth2ParameterNames.STATE, token));
}
if (isCode(authorization)) {
OAuth2Authorization.Token<OAuth2AuthorizationCode> authorizationCode = authorization
.getToken(OAuth2AuthorizationCode.class);
OAuth2AuthorizationCode authorizationCodeToken = authorizationCode.getToken();
keys.add(buildKey(OAuth2ParameterNames.CODE, authorizationCodeToken.getTokenValue()));
}
if (isRefreshToken(authorization)) {
OAuth2RefreshToken refreshToken = authorization.getRefreshToken().getToken();
keys.add(buildKey(OAuth2ParameterNames.REFRESH_TOKEN, refreshToken.getTokenValue()));
}
if (isAccessToken(authorization)) {
OAuth2AccessToken accessToken = authorization.getAccessToken().getToken();
keys.add(buildKey(OAuth2ParameterNames.ACCESS_TOKEN, accessToken.getTokenValue()));
// 扩展记录 access-token 、username 的关系 1::token::username::admin::xxx
String key = String.format("%s::%s::%s", AUTHORIZATION, authorization.getPrincipalName(), accessToken.getTokenValue());
keys.add(key);
}
redisTemplate.delete(keys);
}
@Override
@Nullable
public OAuth2Authorization findById(String id) {
throw new UnsupportedOperationException();
}
@Override
@Nullable
public OAuth2Authorization findByToken(String token, @Nullable OAuth2TokenType tokenType) {
Assert.hasText(token, "token cannot be empty");
Assert.notNull(tokenType, "tokenType cannot be empty");
return (OAuth2Authorization) redisTemplate.opsForValue().get(buildKey(tokenType.getValue(), token));
}
private String buildKey(String type, String id) {
return String.format("%s::%s::%s", AUTHORIZATION, type, id);
}
private static boolean isState(OAuth2Authorization authorization) {
return Objects.nonNull(authorization.getAttribute("state"));
}
private static boolean isCode(OAuth2Authorization authorization) {
OAuth2Authorization.Token<OAuth2AuthorizationCode> authorizationCode = authorization
.getToken(OAuth2AuthorizationCode.class);
return Objects.nonNull(authorizationCode);
}
private static boolean isRefreshToken(OAuth2Authorization authorization) {
return Objects.nonNull(authorization.getRefreshToken());
}
private static boolean isAccessToken(OAuth2Authorization authorization) {
return Objects.nonNull(authorization.getAccessToken());
}
/**
* 扩展方法根据 username 查询是否存在存储的
* @param authentication
* @return
*/
public void removeByUsername(Authentication authentication) {
// 根据 username查询对应access-token
String authenticationName = authentication.getName();
// 扩展记录 access-token 、username 的关系 1::token::username::admin::xxx
String tokenUsernameKey = String.format("%s::%s::*", AUTHORIZATION, authenticationName);
Set<String> keys = redisTemplate.keys(tokenUsernameKey);
if (CollUtil.isEmpty(keys)) {
return;
}
List<Object> tokenList = redisTemplate.opsForValue().multiGet(keys);
for (Object token : tokenList) {
// 根据token 查询存储的 OAuth2Authorization
OAuth2Authorization authorization = this.findByToken((String) token, OAuth2TokenType.ACCESS_TOKEN);
// 根据 OAuth2Authorization 删除相关令牌
this.remove(authorization);
}
}
}

38
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/LoginType.java Normal file
View File

@ -0,0 +1,38 @@
package org.jeecg.config.security;
/**
* 登录模式
* @author EightMonth
* @date 2024/1/10 17:43
*/
public class LoginType {
/**
* 密码模式
*/
public static final String PASSWORD = "password";
/**
* 手机号+验证码模式
*/
public static final String PHONE = "phone";
/**
* app登录
*/
public static final String APP = "app";
/**
* 扫码登录
*/
public static final String SCAN = "scan";
/**
* 所有联合登录比如github\钉钉\企业微信\微信
*/
public static final String SOCIAL = "social";
public static final String SELF = "self";
}

49
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/RedisTokenValidationFilter.java Normal file
View File

@ -0,0 +1,49 @@
package org.jeecg.config.security;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.AllArgsConstructor;
import org.jeecg.common.system.util.JwtUtil;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.resource.BearerTokenErrors;
import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
import java.util.Objects;
/**
* 当用户被强退时使客户端token失效
* @author eightmonth@qq.com
* @date 2024/3/7 17:30
*/
@Component
@AllArgsConstructor
public class RedisTokenValidationFilter extends OncePerRequestFilter {
private OAuth2AuthorizationService authorizationService;
private JwtDecoder jwtDecoder;
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
// 从请求中获取token
DefaultBearerTokenResolver defaultBearerTokenResolver = new DefaultBearerTokenResolver();
String token = defaultBearerTokenResolver.resolve(request);
if (Objects.nonNull(token)) {
// 检查认证信息是否已被清除如果已被清除则令该token失效
OAuth2Authorization oAuth2Authorization = authorizationService.findByToken(token, OAuth2TokenType.ACCESS_TOKEN);
if (Objects.isNull(oAuth2Authorization)) {
throw new OAuth2AuthenticationException(BearerTokenErrors.invalidToken("认证信息已失效,请重新登录"));
}
}
filterChain.doFilter(request, response);
}
}

310
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/SecurityConfig.java Normal file
View File

@ -0,0 +1,310 @@
package org.jeecg.config.security;
import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.SecurityContext;
import lombok.AllArgsConstructor;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.system.util.JwtUtil;
import org.jeecg.config.security.app.AppGrantAuthenticationConvert;
import org.jeecg.config.security.app.AppGrantAuthenticationProvider;
import org.jeecg.config.security.password.PasswordGrantAuthenticationConvert;
import org.jeecg.config.security.password.PasswordGrantAuthenticationProvider;
import org.jeecg.config.security.phone.PhoneGrantAuthenticationConvert;
import org.jeecg.config.security.phone.PhoneGrantAuthenticationProvider;
import org.jeecg.config.security.social.SocialGrantAuthenticationConvert;
import org.jeecg.config.security.social.SocialGrantAuthenticationProvider;
import org.jeecg.config.shiro.ignore.InMemoryIgnoreAuth;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.MediaType;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.client.JdbcRegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.oauth2.server.authorization.token.*;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.CollectionUtils;
import org.springframework.web.cors.CorsConfiguration;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.util.Arrays;
import java.util.stream.Collectors;
/**
* spring authorization server核心配置
* @author eightmonth@qq.com
* @date 2024/1/2 9:29
*/
@Configuration
@EnableWebSecurity
@EnableMethodSecurity
@AllArgsConstructor
@Slf4j
public class SecurityConfig {
private JdbcTemplate jdbcTemplate;
private OAuth2AuthorizationService authorizationService;
private JeecgAuthenticationConvert jeecgAuthenticationConvert;
@Bean
@Order(1)
public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity http)
throws Exception {
// 使用新的配置方式替代弃用的applyDefaultSecurity
http.securityMatcher(new AntPathRequestMatcher("/oauth2/**"))
.authorizeHttpRequests(authorize ->
authorize.anyRequest().authenticated()
)
.csrf(csrf -> csrf.disable())
.with(new OAuth2AuthorizationServerConfigurer(), oauth2 -> {
oauth2
.tokenEndpoint(tokenEndpoint -> tokenEndpoint
.accessTokenRequestConverter(new PasswordGrantAuthenticationConvert())
.authenticationProvider(new PasswordGrantAuthenticationProvider(authorizationService, tokenGenerator()))
)
.tokenEndpoint(tokenEndpoint -> tokenEndpoint
.accessTokenRequestConverter(new PhoneGrantAuthenticationConvert())
.authenticationProvider(new PhoneGrantAuthenticationProvider(authorizationService, tokenGenerator()))
)
.tokenEndpoint(tokenEndpoint -> tokenEndpoint
.accessTokenRequestConverter(new AppGrantAuthenticationConvert())
.authenticationProvider(new AppGrantAuthenticationProvider(authorizationService, tokenGenerator()))
)
.tokenEndpoint(tokenEndpoint -> tokenEndpoint
.accessTokenRequestConverter(new SocialGrantAuthenticationConvert())
.authenticationProvider(new SocialGrantAuthenticationProvider(authorizationService, tokenGenerator()))
)
//开启OpenID Connect 1.0其中oidc为OpenID Connect的缩写。 访问 /.well-known/openid-configuration即可获取认证信息
.oidc(Customizer.withDefaults());
});
//请求接口异常处理无Token和Token无效的情况
http.exceptionHandling(exceptions -> exceptions
.authenticationEntryPoint((request, response, authException) -> {
// 记录详细的异常信息 - 未认证
log.error("接口访问失败(未认证),请求路径:{},错误信息:{}", request.getRequestURI(), authException.getMessage(), authException);
JwtUtil.responseError(response, 401, "Token格式错误或已过期");
})
.accessDeniedHandler((request, response, accessDeniedException) -> {
// 记录详细的异常信息 - token无效或权限不足
log.error("接口访问失败(token无效或权限不足),请求路径:{},错误信息:{}", request.getRequestURI(), accessDeniedException.getMessage(), accessDeniedException);
JwtUtil.responseError(response, 403, "权限不足");
})
);
return http.build();
}
@Bean
@Order(2)
public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http)
throws Exception {
http
//设置所有请求都需要认证未认证的请求都被重定向到login页面进行登录
.authorizeHttpRequests((authorize) -> authorize
.requestMatchers(InMemoryIgnoreAuth.get().stream().map(AntPathRequestMatcher::antMatcher).toList().toArray(new AntPathRequestMatcher[0])).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/cas/client/validateLogin")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/randomImage/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/checkCaptcha")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/login")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/mLogin")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/logout")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/thirdLogin/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/getEncryptedString")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/sms")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/phoneLogin")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/user/checkOnlyUser")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/user/register")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/user/phoneVerification")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/user/passwordChange")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/auth/2step-code")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/common/static/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/common/pdf/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/generic/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/getLoginQrcode/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/getQrcodeToken/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/checkAuth")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/doc.html")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.js")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.css")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.html")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.svg")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.pdf")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.jpg")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.png")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.gif")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.ico")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.ttf")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.woff")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.woff2")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/druid/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/swagger-ui.html")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/swagger**/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/webjars/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/v3/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/WW_verify*")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/annountCement/show/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/api/getUserInfo")).permitAll()
//积木报表排除
.requestMatchers(AntPathRequestMatcher.antMatcher("/jmreport/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.js.map")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/**/*.css.map")).permitAll()
//积木BI大屏和仪表盘排除
.requestMatchers(AntPathRequestMatcher.antMatcher("/drag/view")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getLoginUser")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/drag/page/queryById")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/drag/page/addVisitsNumber")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/drag/page/queryTemplateList")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/drag/share/view/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getAllChartData")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getTotalData")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/drag/mock/json/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/jimubi/view")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/jimubi/share/view/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getMapDataByCode")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getTotalDataByCompId")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/queryAllById")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/drag/onlDragDatasetHead/getDictByCodes")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/dragChannelSocket/**")).permitAll()
//大屏模板例子
.requestMatchers(AntPathRequestMatcher.antMatcher("/test/bigScreen/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/bigscreen/template1/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/bigscreen/template1/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/websocket/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/newsWebsocket/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/vxeSocket/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/test/seata/**")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/error")).permitAll()
.requestMatchers(AntPathRequestMatcher.antMatcher("/openapi/call/**")).permitAll()
// APP版本信息
.requestMatchers(AntPathRequestMatcher.antMatcher("/sys/version/app3version")).permitAll()
.anyRequest().authenticated()
)
.headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::disable))
.cors(cors -> cors
.configurationSource(req -> {
CorsConfiguration config = new CorsConfiguration();
config.applyPermitDefaultValues();
config.setAllowedMethods(Arrays.asList("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS"));
return config;
}))
.csrf(AbstractHttpConfigurer::disable)
// 配置OAuth2资源服务器并添加JWT异常处理
.oauth2ResourceServer(oauth2 -> oauth2
.jwt(jwt -> jwt.jwtAuthenticationConverter(jeecgAuthenticationConvert))
.authenticationEntryPoint((request, response, authException) -> {
// 处理JWT解析失败的情况
log.error("JWT验证失败请求路径{},错误信息:{}", request.getRequestURI(), authException.getMessage(), authException);
JwtUtil.responseError(response, 401, "Token格式错误或已过期");
})
.accessDeniedHandler((request, response, accessDeniedException) -> {
// 处理权限不足的情况
log.error("权限验证失败,请求路径:{},错误信息:{}", request.getRequestURI(), accessDeniedException.getMessage(), accessDeniedException);
JwtUtil.responseError(response, 403, "权限不足");
})
)
// 全局异常处理
.exceptionHandling(exceptions -> exceptions
.authenticationEntryPoint((request, response, authException) -> {
// 记录详细的异常信息 - 未认证
log.error("接口访问失败(未认证),请求路径:{},错误信息:{}", request.getRequestURI(), authException.getMessage(), authException);
JwtUtil.responseError(response, 401, "Token格式错误或已过期");
})
.accessDeniedHandler((request, response, accessDeniedException) -> {
// 记录详细的异常信息 - token无效或权限不足
log.error("接口访问失败(token无效或权限不足),请求路径:{},错误信息:{}", request.getRequestURI(), accessDeniedException.getMessage(), accessDeniedException);
JwtUtil.responseError(response, 403, "权限不足");
})
);
return http.build();
}
/**
* 数据库保存注册客户端信息
*/
@Bean
public RegisteredClientRepository registeredClientRepository() {
return new JdbcRegisteredClientRepository(jdbcTemplate);
}
/**
*配置 JWK为JWT(id_token)提供加密密钥,用于加密/解密或签名/验签
* JWK详细见https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key-41
*/
@Bean
@SneakyThrows
public JWKSource<SecurityContext> jwkSource() {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
// 如果不设置secureRandom会存在一个问题当应用重启后原有的token将会全部失效因为重启的keyPair与之前已经不同
SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
// 重要!生产环境需要修改!
secureRandom.setSeed("jeecg".getBytes());
keyPairGenerator.initialize(256, secureRandom);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
ECPublicKey publicKey = (ECPublicKey) keyPair.getPublic();
ECPrivateKey privateKey = (ECPrivateKey) keyPair.getPrivate();
ECKey jwk = new ECKey.Builder(Curve.P_256, publicKey)
.privateKey(privateKey)
.keyID("jeecg")
.build();
JWKSet jwkSet = new JWKSet(jwk);
return new ImmutableJWKSet<>(jwkSet);
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
/**
* 配置jwt解析器
*/
@Bean
public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
return OAuth2AuthorizationServerConfiguration.jwtDecoder(jwkSource);
}
/**
*配置token生成器
*/
@Bean
OAuth2TokenGenerator<?> tokenGenerator() {
JwtGenerator jwtGenerator = new JwtGenerator(new NimbusJwtEncoder(jwkSource()));
OAuth2AccessTokenGenerator accessTokenGenerator = new OAuth2AccessTokenGenerator();
OAuth2RefreshTokenGenerator refreshTokenGenerator = new OAuth2RefreshTokenGenerator();
return new DelegatingOAuth2TokenGenerator(
new JeecgOAuth2AccessTokenGenerator(new NimbusJwtEncoder(jwkSource())),
new OAuth2RefreshTokenGenerator()
);
}
}

81
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/app/AppGrantAuthenticationConvert.java Normal file
View File

@ -0,0 +1,81 @@
package org.jeecg.config.security.app;
import jakarta.servlet.http.HttpServletRequest;
import org.jeecg.config.security.LoginType;
import org.jeecg.config.security.password.PasswordGrantAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import java.util.HashMap;
import java.util.Map;
/**
* APP模式认证转换器
* @author EightMonth
* @date 2024/1/1
*/
public class AppGrantAuthenticationConvert implements AuthenticationConverter {
@Override
public Authentication convert(HttpServletRequest request) {
String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE);
if (!LoginType.APP.equals(grantType)) {
return null;
}
Authentication clientPrincipal = SecurityContextHolder.getContext().getAuthentication();
//从request中提取请求参数然后存入MultiValueMap<String, String>
MultiValueMap<String, String> parameters = getParameters(request);
// username (REQUIRED)
String username = parameters.getFirst(OAuth2ParameterNames.USERNAME);
if (!StringUtils.hasText(username) ||
parameters.get(OAuth2ParameterNames.USERNAME).size() != 1) {
throw new OAuth2AuthenticationException("无效请求,用户名不能为空!");
}
String password = parameters.getFirst(OAuth2ParameterNames.PASSWORD);
if (!StringUtils.hasText(password) ||
parameters.get(OAuth2ParameterNames.PASSWORD).size() != 1) {
throw new OAuth2AuthenticationException("无效请求,密码不能为空!");
}
//收集要传入PasswordGrantAuthenticationToken构造方法的参数
//该参数接下来在PasswordGrantAuthenticationProvider中使用
Map<String, Object> additionalParameters = new HashMap<>();
//遍历从request中提取的参数排除掉grant_type、client_id、code等字段参数其他参数收集到additionalParameters中
parameters.forEach((key, value) -> {
if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) &&
!key.equals(OAuth2ParameterNames.CLIENT_ID) &&
!key.equals(OAuth2ParameterNames.CODE)) {
additionalParameters.put(key, value.get(0));
}
});
//返回自定义的PasswordGrantAuthenticationToken对象
return new PasswordGrantAuthenticationToken(clientPrincipal, additionalParameters);
}
/**
*从request中提取请求参数然后存入MultiValueMap<String, String>
*/
private static MultiValueMap<String, String> getParameters(HttpServletRequest request) {
Map<String, String[]> parameterMap = request.getParameterMap();
MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>(parameterMap.size());
parameterMap.forEach((key, values) -> {
if (values.length > 0) {
for (String value : values) {
parameters.add(key, value);
}
}
});
return parameters;
}
}

320
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/app/AppGrantAuthenticationProvider.java Normal file
View File

@ -0,0 +1,320 @@
package org.jeecg.config.security.app;
import com.alibaba.fastjson.JSONObject;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.api.CommonAPI;
import org.jeecg.common.constant.CacheConstant;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.exception.JeecgBootException;
import org.jeecg.common.exception.JeecgCaptchaException;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.system.vo.SysDepartModel;
import org.jeecg.common.util.Md5Util;
import org.jeecg.common.util.PasswordUtil;
import org.jeecg.common.util.RedisUtil;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.JeecgBaseConfig;
import org.jeecg.config.security.password.PasswordGrantAuthenticationToken;
import org.jeecg.modules.base.service.BaseCommonService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.*;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import java.security.Principal;
import java.time.Instant;
import java.util.*;
import java.util.stream.Collectors;
import java.util.stream.Stream;
/**
* APP模式认证处理器负责处理该认证模式下的核心逻辑
* @author EightMonth
* @date 2024/1/1
*/
@Slf4j
public class AppGrantAuthenticationProvider implements AuthenticationProvider {
private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
private final OAuth2AuthorizationService authorizationService;
private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
@Lazy
@Autowired
private CommonAPI commonAPI;
@Autowired
private RedisUtil redisUtil;
@Autowired
private JeecgBaseConfig jeecgBaseConfig;
@Autowired
private BaseCommonService baseCommonService;
public AppGrantAuthenticationProvider(OAuth2AuthorizationService authorizationService, OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
Assert.notNull(authorizationService, "authorizationService cannot be null");
Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
this.authorizationService = authorizationService;
this.tokenGenerator = tokenGenerator;
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
AppGrantAuthenticationToken appGrantAuthenticationToken = (AppGrantAuthenticationToken) authentication;
Map<String, Object> additionalParameter = appGrantAuthenticationToken.getAdditionalParameters();
// 授权类型
AuthorizationGrantType authorizationGrantType = appGrantAuthenticationToken.getGrantType();
// 用户名
String username = (String) additionalParameter.get(OAuth2ParameterNames.USERNAME);
// 密码
String password = (String) additionalParameter.get(OAuth2ParameterNames.PASSWORD);
//请求参数权限范围
String requestScopesStr = (String)additionalParameter.getOrDefault(OAuth2ParameterNames.SCOPE, "*");
//请求参数权限范围专场集合
Set<String> requestScopeSet = Stream.of(requestScopesStr.split(" ")).collect(Collectors.toSet());
// 验证码
String captcha = (String) additionalParameter.get("captcha");
String checkKey = (String) additionalParameter.get("checkKey");
OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(appGrantAuthenticationToken);
RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
// 检查登录失败次数
if(isLoginFailOvertimes(username)){
Map<String, Object> map = new HashMap<>();
map.put("message", "该用户登录失败次数过多请于10分钟后再次登录");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
if(captcha==null){
Map<String, Object> map = new HashMap<>();
map.put("message", "验证码无效");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
String lowerCaseCaptcha = captcha.toLowerCase();
// 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
String origin = lowerCaseCaptcha+checkKey+jeecgBaseConfig.getSignatureSecret();
String realKey = Md5Util.md5Encode(origin, "utf-8");
Object checkCode = redisUtil.get(realKey);
//当进入登录页时,有一定几率出现验证码错误 #1714
if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
Map<String, Object> map = new HashMap<>();
map.put("message", "验证码错误");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
if (!registeredClient.getAuthorizationGrantTypes().contains(authorizationGrantType)) {
Map<String, Object> map = new HashMap<>();
map.put("message", "非法登录");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
// 通过用户名获取用户信息
LoginUser loginUser = commonAPI.getUserByName(username);
//update-begin---author:eightmonth ---date:2024-04-30 for【6168】master分支切sas分支登录发生错误-----------
if (Objects.isNull(loginUser) || !StringUtils.hasText(loginUser.getSalt())) {
redisUtil.del(CacheConstant.SYS_USERS_CACHE+"::"+username);
loginUser = commonAPI.getUserByName(username);
}
//update-end---author:eightmonth ---date::2024-04-30 for【6168】master分支切sas分支登录发生错误--------------
// 检查用户可行性
checkUserIsEffective(loginUser);
// 不使用spring security passwordEncoder针对密码进行匹配使用自有加密匹配针对 spring security使用noop传输
password = PasswordUtil.encrypt(username, password, loginUser.getSalt());
if (!password.equals(loginUser.getPassword())) {
addLoginFailOvertimes(username);
Map<String, Object> map = new HashMap<>();
map.put("message", "用户名或密码不正确");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
//由于在上面已验证过用户名、密码现在构建一个已认证的对象UsernamePasswordAuthenticationToken
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = UsernamePasswordAuthenticationToken.authenticated(loginUser,clientPrincipal,new ArrayList<>());
DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
.registeredClient(registeredClient)
.principal(usernamePasswordAuthenticationToken)
.authorizationServerContext(AuthorizationServerContextHolder.getContext())
.authorizationGrantType(authorizationGrantType)
.authorizedScopes(requestScopeSet)
.authorizationGrant(appGrantAuthenticationToken);
OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient)
.principalName(clientPrincipal.getName())
.authorizedScopes(requestScopeSet)
.attribute(Principal.class.getName(), username)
.authorizationGrantType(authorizationGrantType);
// ----- Access token -----
OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
if (generatedAccessToken == null) {
Map<String, Object> map = new HashMap<>();
map.put("message", "无法生成访问token请联系管理系。");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
if (generatedAccessToken instanceof ClaimAccessor) {
authorizationBuilder.token(accessToken, (metadata) -> {
metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, ((ClaimAccessor) generatedAccessToken).getClaims());
});
} else {
authorizationBuilder.accessToken(accessToken);
}
// ----- Refresh token -----
OAuth2RefreshToken refreshToken = null;
if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN) &&
// 不向公共客户端颁发刷新令牌
!clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
Map<String, Object> map = new HashMap<>();
map.put("message", "无法生成刷新token请联系管理员。");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
refreshToken = (OAuth2RefreshToken) generatedRefreshToken;
authorizationBuilder.refreshToken(refreshToken);
}
OAuth2Authorization authorization = authorizationBuilder.build();
// 保存认证信息至redis
authorizationService.save(authorization);
// 登录成功删除redis中的验证码
redisUtil.del(realKey);
redisUtil.del(CommonConstant.LOGIN_FAIL + username);
baseCommonService.addLog("用户名: " + username + ",登录成功!", CommonConstant.LOG_TYPE_1, null,loginUser);
JSONObject addition = new JSONObject(new LinkedHashMap<>());
addition.put("token", accessToken.getTokenValue());
// 设置租户
JSONObject jsonObject = commonAPI.setLoginTenant(username);
addition.putAll(jsonObject.getInnerMap());
// 设置登录用户信息
addition.put("userInfo", loginUser);
addition.put("sysAllDictItems", commonAPI.queryAllDictItems());
List<SysDepartModel> departs = commonAPI.queryUserDeparts(loginUser.getId());
addition.put("departs", departs);
if (departs == null || departs.size() == 0) {
addition.put("multi_depart", 0);
} else if (departs.size() == 1) {
commonAPI.updateUserDepart(username, departs.get(0).getOrgCode(),null);
addition.put("multi_depart", 1);
} else {
//查询当前是否有登录部门
if(oConvertUtils.isEmpty(loginUser.getOrgCode())){
commonAPI.updateUserDepart(username, departs.get(0).getOrgCode(),null);
}
addition.put("multi_depart", 2);
}
// 兼容原有shiro登录结果处理
Map<String, Object> map = new HashMap<>();
map.put("result", addition);
map.put("code", 200);
map.put("success", true);
map.put("timestamp", System.currentTimeMillis());
// 返回access_token、refresh_token以及其它信息给到前端
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken, refreshToken, map);
}
@Override
public boolean supports(Class<?> authentication) {
return AppGrantAuthenticationToken.class.isAssignableFrom(authentication);
}
private static OAuth2ClientAuthenticationToken getAuthenticatedClientElseThrowInvalidClient(Authentication authentication) {
OAuth2ClientAuthenticationToken clientPrincipal = null;
if (OAuth2ClientAuthenticationToken.class.isAssignableFrom(authentication.getPrincipal().getClass())) {
clientPrincipal = (OAuth2ClientAuthenticationToken) authentication.getPrincipal();
}
if (clientPrincipal != null && clientPrincipal.isAuthenticated()) {
return clientPrincipal;
}
throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT);
}
/**
* 登录失败超出次数5 返回true
* @param username
* @return
*/
private boolean isLoginFailOvertimes(String username){
String key = CommonConstant.LOGIN_FAIL + username;
Object failTime = redisUtil.get(key);
if(failTime!=null){
Integer val = Integer.parseInt(failTime.toString());
if(val>5){
return true;
}
}
return false;
}
/**
* 记录登录失败次数
* @param username
*/
private void addLoginFailOvertimes(String username){
String key = CommonConstant.LOGIN_FAIL + username;
Object failTime = redisUtil.get(key);
Integer val = 0;
if(failTime!=null){
val = Integer.parseInt(failTime.toString());
}
// 10分钟
redisUtil.set(key, ++val, 10);
}
/**
* 校验用户是否有效
*/
private void checkUserIsEffective(LoginUser loginUser) {
//情况1根据用户信息查询该用户不存在
if (Objects.isNull(loginUser)) {
baseCommonService.addLog("用户登录失败,用户不存在!", CommonConstant.LOG_TYPE_1, null);
throw new JeecgBootException("该用户不存在,请注册");
}
//情况2根据用户信息查询该用户已注销
//update-begin---author:王帅 Date:20200601 forif条件永远为falsebug------------
if (CommonConstant.DEL_FLAG_1.equals(loginUser.getDelFlag())) {
//update-end---author:王帅 Date:20200601 forif条件永远为falsebug------------
baseCommonService.addLog("用户登录失败,用户名:" + loginUser.getUsername() + "已注销!", CommonConstant.LOG_TYPE_1, null);
throw new JeecgBootException("该用户已注销");
}
//情况3根据用户信息查询该用户已冻结
if (CommonConstant.USER_FREEZE.equals(loginUser.getStatus())) {
baseCommonService.addLog("用户登录失败,用户名:" + loginUser.getUsername() + "已冻结!", CommonConstant.LOG_TYPE_1, null);
throw new JeecgBootException("该用户已冻结");
}
}
}

21
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/app/AppGrantAuthenticationToken.java Normal file
View File

@ -0,0 +1,21 @@
package org.jeecg.config.security.app;
import org.jeecg.config.security.LoginType;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
import java.util.Map;
/**
* APP模式认证专用token类型方法spring authorization server进行认证流转配合convert使用
* @author EightMonth
* @date 2024/1/1
*/
public class AppGrantAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
public AppGrantAuthenticationToken(Authentication clientPrincipal, Map<String, Object> additionalParameters) {
super(new AuthorizationGrantType(LoginType.APP), clientPrincipal, additionalParameters);
}
}

82
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/password/PasswordGrantAuthenticationConvert.java Normal file
View File

@ -0,0 +1,82 @@
package org.jeecg.config.security.password;
import jakarta.servlet.http.HttpServletRequest;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.config.security.LoginType;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import java.util.HashMap;
import java.util.Map;
/**
* 密码模式认证转换器
* @author EightMonth
* @date 2024/1/1
*/
public class PasswordGrantAuthenticationConvert implements AuthenticationConverter {
@Override
public Authentication convert(HttpServletRequest request) {
String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE);
if (!LoginType.PASSWORD.equals(grantType)) {
return null;
}
Authentication clientPrincipal = SecurityContextHolder.getContext().getAuthentication();
//从request中提取请求参数然后存入MultiValueMap<String, String>
MultiValueMap<String, String> parameters = getParameters(request);
// username (REQUIRED)
String username = parameters.getFirst(OAuth2ParameterNames.USERNAME);
if (!StringUtils.hasText(username) ||
parameters.get(OAuth2ParameterNames.USERNAME).size() != 1) {
throw new OAuth2AuthenticationException("无效请求,用户名不能为空!");
}
String password = parameters.getFirst(OAuth2ParameterNames.PASSWORD);
if (!StringUtils.hasText(password) ||
parameters.get(OAuth2ParameterNames.PASSWORD).size() != 1) {
throw new OAuth2AuthenticationException("无效请求,密码不能为空!");
}
//收集要传入PasswordGrantAuthenticationToken构造方法的参数
//该参数接下来在PasswordGrantAuthenticationProvider中使用
Map<String, Object> additionalParameters = new HashMap<>();
//遍历从request中提取的参数排除掉grant_type、client_id、code等字段参数其他参数收集到additionalParameters中
parameters.forEach((key, value) -> {
if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) &&
!key.equals(OAuth2ParameterNames.CLIENT_ID) &&
!key.equals(OAuth2ParameterNames.CODE)) {
additionalParameters.put(key, value.get(0));
}
});
//返回自定义的PasswordGrantAuthenticationToken对象
return new PasswordGrantAuthenticationToken(clientPrincipal, additionalParameters);
}
/**
*从request中提取请求参数然后存入MultiValueMap<String, String>
*/
private static MultiValueMap<String, String> getParameters(HttpServletRequest request) {
Map<String, String[]> parameterMap = request.getParameterMap();
MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>(parameterMap.size());
parameterMap.forEach((key, values) -> {
if (values.length > 0) {
for (String value : values) {
parameters.add(key, value);
}
}
});
return parameters;
}
}

319
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/password/PasswordGrantAuthenticationProvider.java Normal file
View File

@ -0,0 +1,319 @@
package org.jeecg.config.security.password;
import com.alibaba.fastjson.JSONObject;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.api.CommonAPI;
import org.jeecg.common.constant.CacheConstant;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.exception.JeecgBootException;
import org.jeecg.common.exception.JeecgCaptchaException;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.system.vo.SysDepartModel;
import org.jeecg.common.util.Md5Util;
import org.jeecg.common.util.PasswordUtil;
import org.jeecg.common.util.RedisUtil;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.JeecgBaseConfig;
import org.jeecg.modules.base.service.BaseCommonService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.core.*;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import java.security.Principal;
import java.time.Instant;
import java.util.*;
import java.util.stream.Collectors;
import java.util.stream.Stream;
/**
* 密码模式认证处理器,负责处理该认证模式下的核心逻辑
* @author EightMonth
* @date 2024/1/1
*/
@Slf4j
public class PasswordGrantAuthenticationProvider implements AuthenticationProvider {
private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
private final OAuth2AuthorizationService authorizationService;
private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
@Lazy
@Autowired
private CommonAPI commonAPI;
@Autowired
private RedisUtil redisUtil;
@Autowired
private JeecgBaseConfig jeecgBaseConfig;
@Autowired
private BaseCommonService baseCommonService;
public PasswordGrantAuthenticationProvider(OAuth2AuthorizationService authorizationService, OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
Assert.notNull(authorizationService, "authorizationService cannot be null");
Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
this.authorizationService = authorizationService;
this.tokenGenerator = tokenGenerator;
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
PasswordGrantAuthenticationToken passwordGrantAuthenticationToken = (PasswordGrantAuthenticationToken) authentication;
Map<String, Object> additionalParameter = passwordGrantAuthenticationToken.getAdditionalParameters();
// 授权类型
AuthorizationGrantType authorizationGrantType = passwordGrantAuthenticationToken.getGrantType();
// 用户名
String username = (String) additionalParameter.get(OAuth2ParameterNames.USERNAME);
// 密码
String password = (String) additionalParameter.get(OAuth2ParameterNames.PASSWORD);
//请求参数权限范围
String requestScopesStr = (String)additionalParameter.getOrDefault(OAuth2ParameterNames.SCOPE, "*");
//请求参数权限范围专场集合
Set<String> requestScopeSet = Stream.of(requestScopesStr.split(" ")).collect(Collectors.toSet());
// 验证码
String captcha = (String) additionalParameter.get("captcha");
String checkKey = (String) additionalParameter.get("checkKey");
OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(passwordGrantAuthenticationToken);
RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
// 检查登录失败次数
if(isLoginFailOvertimes(username)){
throw new JeecgBootException("该用户登录失败次数过多请于10分钟后再次登录");
}
if(captcha==null){
throw new JeecgBootException("验证码无效");
}
String lowerCaseCaptcha = captcha.toLowerCase();
// 加入密钥作为混淆,避免简单的拼接,被外部利用,用户自定义该密钥即可
String origin = lowerCaseCaptcha+checkKey+jeecgBaseConfig.getSignatureSecret();
String realKey = Md5Util.md5Encode(origin, "utf-8");
Object checkCode = redisUtil.get(realKey);
//当进入登录页时,有一定几率出现验证码错误 #1714
if(checkCode==null || !checkCode.toString().equals(lowerCaseCaptcha)) {
Map<String, Object> map = new HashMap<>();
map.put("message", "验证码错误");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
if (!registeredClient.getAuthorizationGrantTypes().contains(authorizationGrantType)) {
Map<String, Object> map = new HashMap<>();
map.put("message", "非法登录");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
// 通过用户名获取用户信息
LoginUser loginUser = commonAPI.getUserByName(username);
//update-begin---author:eightmonth ---date:2024-04-30 for【6168】master分支切sas分支登录发生错误-----------
if (Objects.isNull(loginUser) || !StringUtils.hasText(loginUser.getSalt())) {
redisUtil.del(CacheConstant.SYS_USERS_CACHE+"::"+username);
loginUser = commonAPI.getUserByName(username);
}
//update-end---author:eightmonth ---date::2024-04-30 for【6168】master分支切sas分支登录发生错误--------------
// 检查用户可行性
checkUserIsEffective(loginUser);
// 不使用spring security passwordEncoder针对密码进行匹配使用自有加密匹配针对 spring security使用noop传输
password = PasswordUtil.encrypt(username, password, loginUser.getSalt());
if (!password.equals(loginUser.getPassword())) {
addLoginFailOvertimes(username);
Map<String, Object> map = new HashMap<>();
map.put("message", "用户名或密码不正确");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
//由于在上面已验证过用户名、密码现在构建一个已认证的对象UsernamePasswordAuthenticationToken
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = UsernamePasswordAuthenticationToken.authenticated(loginUser,clientPrincipal,new ArrayList<>());
DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
.registeredClient(registeredClient)
.principal(usernamePasswordAuthenticationToken)
.authorizationServerContext(AuthorizationServerContextHolder.getContext())
.authorizationGrantType(authorizationGrantType)
.authorizedScopes(requestScopeSet)
.authorizationGrant(passwordGrantAuthenticationToken);
OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient)
.principalName(clientPrincipal.getName())
.authorizedScopes(requestScopeSet)
.attribute(Principal.class.getName(), username)
.authorizationGrantType(authorizationGrantType);
// ----- Access token -----
OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
if (generatedAccessToken == null) {
Map<String, Object> map = new HashMap<>();
map.put("message", "无法生成访问token请联系管理系。");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
if (generatedAccessToken instanceof ClaimAccessor) {
authorizationBuilder.token(accessToken, (metadata) -> {
metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, ((ClaimAccessor) generatedAccessToken).getClaims());
});
} else {
authorizationBuilder.accessToken(accessToken);
}
// ----- Refresh token -----
OAuth2RefreshToken refreshToken = null;
if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN) &&
// 不向公共客户端颁发刷新令牌
!clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
Map<String, Object> map = new HashMap<>();
map.put("message", "无法生成访问token请联系管理系。");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
refreshToken = (OAuth2RefreshToken) generatedRefreshToken;
authorizationBuilder.refreshToken(refreshToken);
}
OAuth2Authorization authorization = authorizationBuilder.build();
// 保存认证信息至redis
authorizationService.save(authorization);
// 登录成功删除redis中的验证码
redisUtil.del(realKey);
redisUtil.del(CommonConstant.LOGIN_FAIL + username);
baseCommonService.addLog("用户名: " + username + ",登录成功!", CommonConstant.LOG_TYPE_1, null,loginUser);
JSONObject addition = new JSONObject(new LinkedHashMap<>());
addition.put("token", accessToken.getTokenValue());
// 设置租户
JSONObject jsonObject = commonAPI.setLoginTenant(username);
addition.putAll(jsonObject.getInnerMap());
// 设置登录用户信息
addition.put("userInfo", loginUser);
addition.put("sysAllDictItems", commonAPI.queryAllDictItems());
List<SysDepartModel> departs = commonAPI.queryUserDeparts(loginUser.getId());
addition.put("departs", departs);
if (departs == null || departs.size() == 0) {
addition.put("multi_depart", 0);
} else if (departs.size() == 1) {
commonAPI.updateUserDepart(username, departs.get(0).getOrgCode(),null);
addition.put("multi_depart", 1);
} else {
//查询当前是否有登录部门
if(oConvertUtils.isEmpty(loginUser.getOrgCode())){
commonAPI.updateUserDepart(username, departs.get(0).getOrgCode(),null);
}
addition.put("multi_depart", 2);
}
// 兼容原有shiro登录结果处理
Map<String, Object> map = new HashMap<>();
map.put("result", addition);
map.put("code", 200);
map.put("success", true);
map.put("timestamp", System.currentTimeMillis());
// 返回access_token、refresh_token以及其它信息给到前端
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken, refreshToken, map);
}
@Override
public boolean supports(Class<?> authentication) {
return PasswordGrantAuthenticationToken.class.isAssignableFrom(authentication);
}
private static OAuth2ClientAuthenticationToken getAuthenticatedClientElseThrowInvalidClient(Authentication authentication) {
OAuth2ClientAuthenticationToken clientPrincipal = null;
if (OAuth2ClientAuthenticationToken.class.isAssignableFrom(authentication.getPrincipal().getClass())) {
clientPrincipal = (OAuth2ClientAuthenticationToken) authentication.getPrincipal();
}
if (clientPrincipal != null && clientPrincipal.isAuthenticated()) {
return clientPrincipal;
}
throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT);
}
/**
* 登录失败超出次数5 返回true
* @param username
* @return
*/
private boolean isLoginFailOvertimes(String username){
String key = CommonConstant.LOGIN_FAIL + username;
Object failTime = redisUtil.get(key);
if(failTime!=null){
Integer val = Integer.parseInt(failTime.toString());
if(val>5){
return true;
}
}
return false;
}
/**
* 记录登录失败次数
* @param username
*/
private void addLoginFailOvertimes(String username){
String key = CommonConstant.LOGIN_FAIL + username;
Object failTime = redisUtil.get(key);
Integer val = 0;
if(failTime!=null){
val = Integer.parseInt(failTime.toString());
}
// 10分钟
redisUtil.set(key, ++val, 10);
}
/**
* 校验用户是否有效
*/
private void checkUserIsEffective(LoginUser loginUser) {
//情况1根据用户信息查询该用户不存在
if (Objects.isNull(loginUser)) {
baseCommonService.addLog("用户登录失败,用户不存在!", CommonConstant.LOG_TYPE_1, null);
throw new JeecgBootException("该用户不存在,请注册");
}
//情况2根据用户信息查询该用户已注销
//update-begin---author:王帅 Date:20200601 forif条件永远为falsebug------------
if (CommonConstant.DEL_FLAG_1.equals(loginUser.getDelFlag())) {
//update-end---author:王帅 Date:20200601 forif条件永远为falsebug------------
baseCommonService.addLog("用户登录失败,用户名:" + loginUser.getUsername() + "已注销!", CommonConstant.LOG_TYPE_1, null);
throw new JeecgBootException("该用户已注销");
}
//情况3根据用户信息查询该用户已冻结
if (CommonConstant.USER_FREEZE.equals(loginUser.getStatus())) {
baseCommonService.addLog("用户登录失败,用户名:" + loginUser.getUsername() + "已冻结!", CommonConstant.LOG_TYPE_1, null);
throw new JeecgBootException("该用户已冻结");
}
}
}

21
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/password/PasswordGrantAuthenticationToken.java Normal file
View File

@ -0,0 +1,21 @@
package org.jeecg.config.security.password;
import org.jeecg.config.security.LoginType;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
import java.util.Map;
/**
* 密码模式认证专用token类型方法spring authorization server进行认证流转配合convert使用
* @author EightMonth
* @date 2024/1/1
*/
public class PasswordGrantAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
public PasswordGrantAuthenticationToken(Authentication clientPrincipal, Map<String, Object> additionalParameters) {
super(new AuthorizationGrantType(LoginType.PASSWORD), clientPrincipal, additionalParameters);
}
}

77
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/phone/PhoneGrantAuthenticationConvert.java Normal file
View File

@ -0,0 +1,77 @@
package org.jeecg.config.security.phone;
import jakarta.servlet.http.HttpServletRequest;
import lombok.AllArgsConstructor;
import org.jeecg.config.security.LoginType;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import java.util.HashMap;
import java.util.Map;
/**
* 手机号模式认证转换器
* @author EightMonth
* @date 2024/1/1
*/
@AllArgsConstructor
public class PhoneGrantAuthenticationConvert implements AuthenticationConverter {
@Override
public Authentication convert(HttpServletRequest request) {
String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE);
if (!LoginType.PHONE.equals(grantType)) {
return null;
}
Authentication clientPrincipal = SecurityContextHolder.getContext().getAuthentication();
//从request中提取请求参数然后存入MultiValueMap<String, String>
MultiValueMap<String, String> parameters = getParameters(request);
// 验证码
String captcha = parameters.getFirst("captcha");
if (!StringUtils.hasText(captcha)) {
throw new OAuth2AuthenticationException("无效请求,验证码不能为空!");
}
//收集要传入PhoneGrantAuthenticationToken构造方法的参数
//该参数接下来在PhoneGrantAuthenticationProvider中使用
Map<String, Object> additionalParameters = new HashMap<>();
//遍历从request中提取的参数排除掉grant_type、client_id、code等字段参数其他参数收集到additionalParameters中
parameters.forEach((key, value) -> {
if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) &&
!key.equals(OAuth2ParameterNames.CLIENT_ID) &&
!key.equals(OAuth2ParameterNames.CODE)) {
additionalParameters.put(key, value.get(0));
}
});
//返回自定义的PhoneGrantAuthenticationToken对象
return new PhoneGrantAuthenticationToken(clientPrincipal, additionalParameters);
}
/**
*从request中提取请求参数然后存入MultiValueMap<String, String>
*/
private static MultiValueMap<String, String> getParameters(HttpServletRequest request) {
Map<String, String[]> parameterMap = request.getParameterMap();
MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>(parameterMap.size());
parameterMap.forEach((key, values) -> {
if (values.length > 0) {
for (String value : values) {
parameters.add(key, value);
}
}
});
return parameters;
}
}

292
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/phone/PhoneGrantAuthenticationProvider.java Normal file
View File

@ -0,0 +1,292 @@
package org.jeecg.config.security.phone;
import com.alibaba.fastjson.JSONObject;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.api.CommonAPI;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.exception.JeecgBootException;
import org.jeecg.common.exception.JeecgCaptchaException;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.system.vo.SysDepartModel;
import org.jeecg.common.util.Md5Util;
import org.jeecg.common.util.PasswordUtil;
import org.jeecg.common.util.RedisUtil;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.JeecgBaseConfig;
import org.jeecg.config.security.password.PasswordGrantAuthenticationToken;
import org.jeecg.modules.base.service.BaseCommonService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.*;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
import org.springframework.util.Assert;
import java.security.Principal;
import java.time.Instant;
import java.util.*;
import java.util.stream.Collectors;
import java.util.stream.Stream;
/**
* 手机号模式认证处理器,负责处理该认证模式下的核心逻辑
* @author EightMonth
* @date 2024/1/1
*/
@Slf4j
public class PhoneGrantAuthenticationProvider implements AuthenticationProvider {
private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
private final OAuth2AuthorizationService authorizationService;
private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
@Lazy
@Autowired
private CommonAPI commonAPI;
@Autowired
private RedisUtil redisUtil;
@Autowired
private JeecgBaseConfig jeecgBaseConfig;
@Autowired
private BaseCommonService baseCommonService;
public PhoneGrantAuthenticationProvider(OAuth2AuthorizationService authorizationService, OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
Assert.notNull(authorizationService, "authorizationService cannot be null");
Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
this.authorizationService = authorizationService;
this.tokenGenerator = tokenGenerator;
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
PhoneGrantAuthenticationToken phoneGrantAuthenticationToken = (PhoneGrantAuthenticationToken) authentication;
Map<String, Object> additionalParameter = phoneGrantAuthenticationToken.getAdditionalParameters();
// 授权类型
AuthorizationGrantType authorizationGrantType = phoneGrantAuthenticationToken.getGrantType();
// 手机号
String phone = (String) additionalParameter.get("mobile");
if(isLoginFailOvertimes(phone)){
throw new JeecgBootException("该用户登录失败次数过多请于10分钟后再次登录");
}
//请求参数权限范围
String requestScopesStr = (String)additionalParameter.getOrDefault(OAuth2ParameterNames.SCOPE, "*");
//请求参数权限范围专场集合
Set<String> requestScopeSet = Stream.of(requestScopesStr.split(" ")).collect(Collectors.toSet());
// 验证码
String captcha = (String) additionalParameter.get("captcha");
OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(phoneGrantAuthenticationToken);
RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
// 通过手机号获取用户信息
LoginUser loginUser = commonAPI.getUserByPhone(phone);
// 检查用户可行性
checkUserIsEffective(loginUser);
String redisKey = CommonConstant.PHONE_REDIS_KEY_PRE+phone;
Object code = redisUtil.get(redisKey);
if (!captcha.equals(code)) {
//update-begin-author:taoyan date:2022-11-7 for: issues/4109 平台用户登录失败锁定用户
addLoginFailOvertimes(phone);
Map<String, Object> map = new HashMap<>();
map.put("message", "手机验证码错误");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
if (!registeredClient.getAuthorizationGrantTypes().contains(authorizationGrantType)) {
Map<String, Object> map = new HashMap<>();
map.put("message", "非法登录");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
//由于在上面已验证过用户名、密码现在构建一个已认证的对象UsernamePasswordAuthenticationToken
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = UsernamePasswordAuthenticationToken.authenticated(loginUser,clientPrincipal,new ArrayList<>());
DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
.registeredClient(registeredClient)
.principal(usernamePasswordAuthenticationToken)
.authorizationServerContext(AuthorizationServerContextHolder.getContext())
.authorizationGrantType(authorizationGrantType)
.authorizedScopes(requestScopeSet)
.authorizationGrant(phoneGrantAuthenticationToken);
OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient)
.principalName(clientPrincipal.getName())
.authorizedScopes(requestScopeSet)
.attribute(Principal.class.getName(), loginUser.getUsername())
.authorizationGrantType(authorizationGrantType);
// ----- Access token -----
OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
if (generatedAccessToken == null) {
Map<String, Object> map = new HashMap<>();
map.put("message", "无法生成刷新token请联系管理员。");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
if (generatedAccessToken instanceof ClaimAccessor) {
authorizationBuilder.token(accessToken, (metadata) -> {
metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, ((ClaimAccessor) generatedAccessToken).getClaims());
});
} else {
authorizationBuilder.accessToken(accessToken);
}
// ----- Refresh token -----
OAuth2RefreshToken refreshToken = null;
if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN) &&
// 不向公共客户端颁发刷新令牌
!clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
Map<String, Object> map = new HashMap<>();
map.put("message", "无法生成刷新token请联系管理员。");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
refreshToken = (OAuth2RefreshToken) generatedRefreshToken;
authorizationBuilder.refreshToken(refreshToken);
}
OAuth2Authorization authorization = authorizationBuilder.build();
// 保存认证信息至redis
authorizationService.save(authorization);
baseCommonService.addLog("用户名: " + loginUser.getUsername() + ",登录成功!", CommonConstant.LOG_TYPE_1, null,loginUser);
JSONObject addition = new JSONObject(new LinkedHashMap<>());
addition.put("token", accessToken.getTokenValue());
// 设置租户
JSONObject jsonObject = commonAPI.setLoginTenant(loginUser.getUsername());
addition.putAll(jsonObject.getInnerMap());
// 设置登录用户信息
addition.put("userInfo", loginUser);
addition.put("sysAllDictItems", commonAPI.queryAllDictItems());
List<SysDepartModel> departs = commonAPI.queryUserDeparts(loginUser.getId());
addition.put("departs", departs);
if (departs == null || departs.size() == 0) {
addition.put("multi_depart", 0);
} else if (departs.size() == 1) {
commonAPI.updateUserDepart(loginUser.getUsername(), departs.get(0).getOrgCode(),null);
addition.put("multi_depart", 1);
} else {
//查询当前是否有登录部门
if(oConvertUtils.isEmpty(loginUser.getOrgCode())){
commonAPI.updateUserDepart(loginUser.getUsername(), departs.get(0).getOrgCode(),null);
}
addition.put("multi_depart", 2);
}
// 兼容原有shiro登录结果处理
Map<String, Object> map = new HashMap<>();
map.put("result", addition);
map.put("code", 200);
map.put("success", true);
map.put("timestamp", System.currentTimeMillis());
// 返回access_token、refresh_token以及其它信息给到前端
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken, refreshToken, map);
}
@Override
public boolean supports(Class<?> authentication) {
return PhoneGrantAuthenticationToken.class.isAssignableFrom(authentication);
}
private static OAuth2ClientAuthenticationToken getAuthenticatedClientElseThrowInvalidClient(Authentication authentication) {
OAuth2ClientAuthenticationToken clientPrincipal = null;
if (OAuth2ClientAuthenticationToken.class.isAssignableFrom(authentication.getPrincipal().getClass())) {
clientPrincipal = (OAuth2ClientAuthenticationToken) authentication.getPrincipal();
}
if (clientPrincipal != null && clientPrincipal.isAuthenticated()) {
return clientPrincipal;
}
throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT);
}
/**
* 登录失败超出次数5 返回true
* @param username
* @return
*/
private boolean isLoginFailOvertimes(String username){
String key = CommonConstant.LOGIN_FAIL + username;
Object failTime = redisUtil.get(key);
if(failTime!=null){
Integer val = Integer.parseInt(failTime.toString());
if(val>5){
return true;
}
}
return false;
}
/**
* 记录登录失败次数
* @param username
*/
private void addLoginFailOvertimes(String username){
String key = CommonConstant.LOGIN_FAIL + username;
Object failTime = redisUtil.get(key);
Integer val = 0;
if(failTime!=null){
val = Integer.parseInt(failTime.toString());
}
// 10分钟
redisUtil.set(key, ++val, 10);
}
/**
* 校验用户是否有效
*/
private void checkUserIsEffective(LoginUser loginUser) {
//情况1根据用户信息查询该用户不存在
if (Objects.isNull(loginUser)) {
baseCommonService.addLog("用户登录失败,用户不存在!", CommonConstant.LOG_TYPE_1, null);
throw new JeecgBootException("该用户不存在,请注册");
}
//情况2根据用户信息查询该用户已注销
//update-begin---author:王帅 Date:20200601 forif条件永远为falsebug------------
if (CommonConstant.DEL_FLAG_1.equals(loginUser.getDelFlag())) {
//update-end---author:王帅 Date:20200601 forif条件永远为falsebug------------
baseCommonService.addLog("用户登录失败,用户名:" + loginUser.getUsername() + "已注销!", CommonConstant.LOG_TYPE_1, null);
throw new JeecgBootException("该用户已注销");
}
//情况3根据用户信息查询该用户已冻结
if (CommonConstant.USER_FREEZE.equals(loginUser.getStatus())) {
baseCommonService.addLog("用户登录失败,用户名:" + loginUser.getUsername() + "已冻结!", CommonConstant.LOG_TYPE_1, null);
throw new JeecgBootException("该用户已冻结");
}
}
}

21
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/phone/PhoneGrantAuthenticationToken.java Normal file
View File

@ -0,0 +1,21 @@
package org.jeecg.config.security.phone;
import org.jeecg.config.security.LoginType;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
import java.util.Map;
/**
* 手机号模式认证专用token类型方法spring authorization server进行认证流转配合convert使用
* @author EightMonth
* @date 2024/1/1
*/
public class PhoneGrantAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
public PhoneGrantAuthenticationToken(Authentication clientPrincipal, Map<String, Object> additionalParameters) {
super(new AuthorizationGrantType(LoginType.PHONE), clientPrincipal, additionalParameters);
}
}

187
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/self/SelfAuthenticationProvider.java Normal file
View File

@ -0,0 +1,187 @@
package org.jeecg.config.security.self;
import org.jeecg.common.api.CommonAPI;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.exception.JeecgBoot401Exception;
import org.jeecg.common.exception.JeecgBootException;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.RedisUtil;
import org.jeecg.config.JeecgBaseConfig;
import org.jeecg.modules.base.service.BaseCommonService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.*;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;
import java.security.Principal;
import java.time.Instant;
import java.util.*;
import java.util.stream.Collectors;
import java.util.stream.Stream;
/**
* 自用生成token处理器不对外开放外部请求无法通过该方式生成token
* @author eightmonth@qq.com
* @date 2024/3/19 11:40
*/
@Component
public class SelfAuthenticationProvider implements AuthenticationProvider {
private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
private final OAuth2AuthorizationService authorizationService;
private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
@Lazy
@Autowired
private CommonAPI commonAPI;
@Autowired
private RedisUtil redisUtil;
@Autowired
private JeecgBaseConfig jeecgBaseConfig;
@Autowired
private BaseCommonService baseCommonService;
public SelfAuthenticationProvider(OAuth2AuthorizationService authorizationService, OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
Assert.notNull(authorizationService, "authorizationService cannot be null");
Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
this.authorizationService = authorizationService;
this.tokenGenerator = tokenGenerator;
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
SelfAuthenticationToken passwordGrantAuthenticationToken = (SelfAuthenticationToken) authentication;
Map<String, Object> additionalParameter = passwordGrantAuthenticationToken.getAdditionalParameters();
// 授权类型
AuthorizationGrantType authorizationGrantType = passwordGrantAuthenticationToken.getGrantType();
// 用户名
String username = (String) additionalParameter.get(OAuth2ParameterNames.USERNAME);
//请求参数权限范围
String requestScopesStr = "*";
//请求参数权限范围专场集合
Set<String> requestScopeSet = Stream.of(requestScopesStr.split(" ")).collect(Collectors.toSet());
OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(passwordGrantAuthenticationToken);
RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
// 通过用户名获取用户信息
// LoginUser loginUser = commonAPI.getUserByName(username);
// 检查用户可行性
// checkUserIsEffective(loginUser);
//由于在上面已验证过用户名、密码现在构建一个已认证的对象UsernamePasswordAuthenticationToken
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = UsernamePasswordAuthenticationToken.authenticated(username,clientPrincipal,new ArrayList<>());
DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
.registeredClient(registeredClient)
.principal(usernamePasswordAuthenticationToken)
.authorizationGrantType(authorizationGrantType)
.authorizedScopes(requestScopeSet)
.authorizationGrant(passwordGrantAuthenticationToken);
OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient)
.principalName(clientPrincipal.getName())
.authorizedScopes(requestScopeSet)
.attribute(Principal.class.getName(), username)
.authorizationGrantType(authorizationGrantType);
// ----- Access token -----
OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
if (generatedAccessToken == null) {
throw new JeecgBoot401Exception("无法生成刷新token请联系管理员。");
}
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
if (generatedAccessToken instanceof ClaimAccessor) {
authorizationBuilder.token(accessToken, (metadata) -> {
metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, ((ClaimAccessor) generatedAccessToken).getClaims());
});
} else {
authorizationBuilder.accessToken(accessToken);
}
// ----- Refresh token -----
OAuth2RefreshToken refreshToken = null;
if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN) &&
// 不向公共客户端颁发刷新令牌
!clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
Map<String, Object> map = new HashMap<>();
map.put("message", "无法生成刷新token请联系管理员。");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
refreshToken = (OAuth2RefreshToken) generatedRefreshToken;
authorizationBuilder.refreshToken(refreshToken);
}
OAuth2Authorization authorization = authorizationBuilder.build();
// 保存认证信息至redis
authorizationService.save(authorization);
// 返回access_token、refresh_token以及其它信息给到前端
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken);
}
@Override
public boolean supports(Class<?> authentication) {
return SelfAuthenticationToken.class.isAssignableFrom(authentication);
}
private static OAuth2ClientAuthenticationToken getAuthenticatedClientElseThrowInvalidClient(Authentication authentication) {
OAuth2ClientAuthenticationToken clientPrincipal = null;
if (OAuth2ClientAuthenticationToken.class.isAssignableFrom(authentication.getPrincipal().getClass())) {
clientPrincipal = (OAuth2ClientAuthenticationToken) authentication.getPrincipal();
}
if (clientPrincipal != null && clientPrincipal.isAuthenticated()) {
return clientPrincipal;
}
throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT);
}
/**
* 校验用户是否有效
*/
private void checkUserIsEffective(LoginUser loginUser) {
//情况1根据用户信息查询该用户不存在
if (Objects.isNull(loginUser)) {
baseCommonService.addLog("用户登录失败,用户不存在!", CommonConstant.LOG_TYPE_1, null);
throw new JeecgBootException("该用户不存在,请注册");
}
//情况2根据用户信息查询该用户已注销
//update-begin---author:王帅 Date:20200601 forif条件永远为falsebug------------
if (CommonConstant.DEL_FLAG_1.equals(loginUser.getDelFlag())) {
//update-end---author:王帅 Date:20200601 forif条件永远为falsebug------------
baseCommonService.addLog("用户登录失败,用户名:" + loginUser.getUsername() + "已注销!", CommonConstant.LOG_TYPE_1, null);
throw new JeecgBootException("该用户已注销");
}
//情况3根据用户信息查询该用户已冻结
if (CommonConstant.USER_FREEZE.equals(loginUser.getStatus())) {
baseCommonService.addLog("用户登录失败,用户名:" + loginUser.getUsername() + "已冻结!", CommonConstant.LOG_TYPE_1, null);
throw new JeecgBootException("该用户已冻结");
}
}
}

19
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/self/SelfAuthenticationToken.java Normal file
View File

@ -0,0 +1,19 @@
package org.jeecg.config.security.self;
import org.jeecg.config.security.LoginType;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
import java.util.Map;
/**
* 自用生成token不支持对外请求仅为程序内部生成token
* @author eightmonth
* @date 2024/3/19 11:37
*/
public class SelfAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
public SelfAuthenticationToken(Authentication clientPrincipal, Map<String, Object> additionalParameters) {
super(new AuthorizationGrantType(LoginType.SELF), clientPrincipal, additionalParameters);
}
}

81
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/social/SocialGrantAuthenticationConvert.java Normal file
View File

@ -0,0 +1,81 @@
package org.jeecg.config.security.social;
import jakarta.servlet.http.HttpServletRequest;
import lombok.AllArgsConstructor;
import org.jeecg.config.security.LoginType;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import java.util.HashMap;
import java.util.Map;
/**
* 社交模式认证转换器配合github、企业微信、钉钉、微信登录使用
* @author EightMonth
* @date 2024/1/1
*/
@AllArgsConstructor
public class SocialGrantAuthenticationConvert implements AuthenticationConverter {
@Override
public Authentication convert(HttpServletRequest request) {
String grantType = request.getParameter(OAuth2ParameterNames.GRANT_TYPE);
if (!LoginType.SOCIAL.equals(grantType)) {
return null;
}
Authentication clientPrincipal = SecurityContextHolder.getContext().getAuthentication();
//从request中提取请求参数然后存入MultiValueMap<String, String>
MultiValueMap<String, String> parameters = getParameters(request);
String token = parameters.getFirst("token");
if (!StringUtils.hasText(token)) {
throw new OAuth2AuthenticationException("无效请求三方token不能为空");
}
String source = parameters.getFirst("thirdType");
if (!StringUtils.hasText(source)) {
throw new OAuth2AuthenticationException("无效请求,三方来源不能为空!");
}
//收集要传入PhoneGrantAuthenticationToken构造方法的参数
//该参数接下来在PhoneGrantAuthenticationProvider中使用
Map<String, Object> additionalParameters = new HashMap<>();
//遍历从request中提取的参数排除掉grant_type、client_id、code等字段参数其他参数收集到additionalParameters中
parameters.forEach((key, value) -> {
if (!key.equals(OAuth2ParameterNames.GRANT_TYPE) &&
!key.equals(OAuth2ParameterNames.CLIENT_ID) &&
!key.equals(OAuth2ParameterNames.CODE)) {
additionalParameters.put(key, value.get(0));
}
});
//返回自定义的PhoneGrantAuthenticationToken对象
return new SocialGrantAuthenticationToken(clientPrincipal, additionalParameters);
}
/**
*从request中提取请求参数然后存入MultiValueMap<String, String>
*/
private static MultiValueMap<String, String> getParameters(HttpServletRequest request) {
Map<String, String[]> parameterMap = request.getParameterMap();
MultiValueMap<String, String> parameters = new LinkedMultiValueMap<>(parameterMap.size());
parameterMap.forEach((key, values) -> {
if (values.length > 0) {
for (String value : values) {
parameters.add(key, value);
}
}
});
return parameters;
}
}

278
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/social/SocialGrantAuthenticationProvider.java Normal file
View File

@ -0,0 +1,278 @@
package org.jeecg.config.security.social;
import com.alibaba.fastjson.JSONObject;
import com.auth0.jwt.JWT;
import com.auth0.jwt.interfaces.DecodedJWT;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.api.CommonAPI;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.exception.JeecgBootException;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.system.vo.SysDepartModel;
import org.jeecg.common.util.RedisUtil;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.JeecgBaseConfig;
import org.jeecg.config.security.password.PasswordGrantAuthenticationToken;
import org.jeecg.modules.base.service.BaseCommonService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.*;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.token.DefaultOAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
import org.springframework.util.Assert;
import java.security.Principal;
import java.time.Instant;
import java.util.*;
import java.util.stream.Collectors;
import java.util.stream.Stream;
/**
* 社交模式认证处理器负责处理该认证模式下的核心逻辑配合github、企业微信、钉钉、微信登录使用
* @author EightMonth
* @date 2024/1/1
*/
@Slf4j
public class SocialGrantAuthenticationProvider implements AuthenticationProvider {
private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
private final OAuth2AuthorizationService authorizationService;
private final OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator;
@Lazy
@Autowired
private CommonAPI commonAPI;
@Autowired
private RedisUtil redisUtil;
@Autowired
private JeecgBaseConfig jeecgBaseConfig;
@Autowired
private BaseCommonService baseCommonService;
public SocialGrantAuthenticationProvider(OAuth2AuthorizationService authorizationService, OAuth2TokenGenerator<? extends OAuth2Token> tokenGenerator) {
Assert.notNull(authorizationService, "authorizationService cannot be null");
Assert.notNull(tokenGenerator, "tokenGenerator cannot be null");
this.authorizationService = authorizationService;
this.tokenGenerator = tokenGenerator;
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
SocialGrantAuthenticationToken socialGrantAuthenticationToken = (SocialGrantAuthenticationToken) authentication;
Map<String, Object> additionalParameter = socialGrantAuthenticationToken.getAdditionalParameters();
// 授权类型
AuthorizationGrantType authorizationGrantType = socialGrantAuthenticationToken.getGrantType();
// 三方token
String token = (String) additionalParameter.get("token");
// 三方来源
String source = (String) additionalParameter.get("thirdType");
//请求参数权限范围
String requestScopesStr = (String)additionalParameter.getOrDefault(OAuth2ParameterNames.SCOPE, "*");
//请求参数权限范围专场集合
Set<String> requestScopeSet = Stream.of(requestScopesStr.split(" ")).collect(Collectors.toSet());
DecodedJWT jwt = JWT.decode(token);
String username = jwt.getClaim("username").asString();
// 通过手机号获取用户信息
LoginUser loginUser = commonAPI.getUserByName(username);
// 检查用户可行性
checkUserIsEffective(loginUser);
OAuth2ClientAuthenticationToken clientPrincipal = getAuthenticatedClientElseThrowInvalidClient(socialGrantAuthenticationToken);
RegisteredClient registeredClient = clientPrincipal.getRegisteredClient();
if (!registeredClient.getAuthorizationGrantTypes().contains(authorizationGrantType)) {
Map<String, Object> map = new HashMap<>();
map.put("message", "非法登录");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
//由于在上面已验证过用户名、密码现在构建一个已认证的对象UsernamePasswordAuthenticationToken
UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = UsernamePasswordAuthenticationToken.authenticated(loginUser,clientPrincipal,new ArrayList<>());
DefaultOAuth2TokenContext.Builder tokenContextBuilder = DefaultOAuth2TokenContext.builder()
.registeredClient(registeredClient)
.principal(usernamePasswordAuthenticationToken)
.authorizationServerContext(AuthorizationServerContextHolder.getContext())
.authorizationGrantType(authorizationGrantType)
.authorizedScopes(requestScopeSet)
.authorizationGrant(socialGrantAuthenticationToken);
OAuth2Authorization.Builder authorizationBuilder = OAuth2Authorization.withRegisteredClient(registeredClient)
.principalName(clientPrincipal.getName())
.authorizedScopes(requestScopeSet)
.attribute(Principal.class.getName(), loginUser.getUsername())
.authorizationGrantType(authorizationGrantType);
// ----- Access token -----
OAuth2TokenContext tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.ACCESS_TOKEN).build();
OAuth2Token generatedAccessToken = this.tokenGenerator.generate(tokenContext);
if (generatedAccessToken == null) {
Map<String, Object> map = new HashMap<>();
map.put("message", "无法生成访问token请联系管理系。");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
OAuth2AccessToken accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,
generatedAccessToken.getTokenValue(), generatedAccessToken.getIssuedAt(),
generatedAccessToken.getExpiresAt(), tokenContext.getAuthorizedScopes());
if (generatedAccessToken instanceof ClaimAccessor) {
authorizationBuilder.token(accessToken, (metadata) -> {
metadata.put(OAuth2Authorization.Token.CLAIMS_METADATA_NAME, ((ClaimAccessor) generatedAccessToken).getClaims());
});
} else {
authorizationBuilder.accessToken(accessToken);
}
// ----- Refresh token -----
OAuth2RefreshToken refreshToken = null;
if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.REFRESH_TOKEN) &&
// 不向公共客户端颁发刷新令牌
!clientPrincipal.getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE)) {
tokenContext = tokenContextBuilder.tokenType(OAuth2TokenType.REFRESH_TOKEN).build();
OAuth2Token generatedRefreshToken = this.tokenGenerator.generate(tokenContext);
if (!(generatedRefreshToken instanceof OAuth2RefreshToken)) {
Map<String, Object> map = new HashMap<>();
map.put("message", "无法生成刷新token请联系管理员。");
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER,"fdsafas", Instant.now(), Instant.now().plusNanos(1)), null, map);
}
refreshToken = (OAuth2RefreshToken) generatedRefreshToken;
authorizationBuilder.refreshToken(refreshToken);
}
OAuth2Authorization authorization = authorizationBuilder.build();
// 保存认证信息至redis
authorizationService.save(authorization);
baseCommonService.addLog("用户名: " + loginUser.getUsername() + ",登录成功!", CommonConstant.LOG_TYPE_1, null,loginUser);
JSONObject addition = new JSONObject(new LinkedHashMap<>());
addition.put("token", accessToken.getTokenValue());
// 设置租户
JSONObject jsonObject = commonAPI.setLoginTenant(loginUser.getUsername());
addition.putAll(jsonObject.getInnerMap());
// 设置登录用户信息
addition.put("userInfo", loginUser);
addition.put("sysAllDictItems", commonAPI.queryAllDictItems());
List<SysDepartModel> departs = commonAPI.queryUserDeparts(loginUser.getId());
addition.put("departs", departs);
if (departs == null || departs.size() == 0) {
addition.put("multi_depart", 0);
} else if (departs.size() == 1) {
commonAPI.updateUserDepart(loginUser.getUsername(), departs.get(0).getOrgCode(),null);
addition.put("multi_depart", 1);
} else {
//查询当前是否有登录部门
if(oConvertUtils.isEmpty(loginUser.getOrgCode())){
commonAPI.updateUserDepart(loginUser.getUsername(), departs.get(0).getOrgCode(),null);
}
addition.put("multi_depart", 2);
}
// 兼容原有shiro登录结果处理
Map<String, Object> map = new HashMap<>();
map.put("result", addition);
map.put("code", 200);
map.put("success", true);
map.put("timestamp", System.currentTimeMillis());
// 返回access_token、refresh_token以及其它信息给到前端
return new OAuth2AccessTokenAuthenticationToken(registeredClient, clientPrincipal, accessToken, refreshToken, map);
}
@Override
public boolean supports(Class<?> authentication) {
return SocialGrantAuthenticationToken.class.isAssignableFrom(authentication);
}
private static OAuth2ClientAuthenticationToken getAuthenticatedClientElseThrowInvalidClient(Authentication authentication) {
OAuth2ClientAuthenticationToken clientPrincipal = null;
if (OAuth2ClientAuthenticationToken.class.isAssignableFrom(authentication.getPrincipal().getClass())) {
clientPrincipal = (OAuth2ClientAuthenticationToken) authentication.getPrincipal();
}
if (clientPrincipal != null && clientPrincipal.isAuthenticated()) {
return clientPrincipal;
}
throw new OAuth2AuthenticationException(OAuth2ErrorCodes.INVALID_CLIENT);
}
/**
* 登录失败超出次数5 返回true
* @param username
* @return
*/
private boolean isLoginFailOvertimes(String username){
String key = CommonConstant.LOGIN_FAIL + username;
Object failTime = redisUtil.get(key);
if(failTime!=null){
Integer val = Integer.parseInt(failTime.toString());
if(val>5){
return true;
}
}
return false;
}
/**
* 记录登录失败次数
* @param username
*/
private void addLoginFailOvertimes(String username){
String key = CommonConstant.LOGIN_FAIL + username;
Object failTime = redisUtil.get(key);
Integer val = 0;
if(failTime!=null){
val = Integer.parseInt(failTime.toString());
}
// 10分钟
redisUtil.set(key, ++val, 10);
}
/**
* 校验用户是否有效
*/
private void checkUserIsEffective(LoginUser loginUser) {
//情况1根据用户信息查询该用户不存在
if (Objects.isNull(loginUser)) {
baseCommonService.addLog("用户登录失败,用户不存在!", CommonConstant.LOG_TYPE_1, null);
throw new JeecgBootException("该用户不存在,请注册");
}
//情况2根据用户信息查询该用户已注销
//update-begin---author:王帅 Date:20200601 forif条件永远为falsebug------------
if (CommonConstant.DEL_FLAG_1.equals(loginUser.getDelFlag())) {
//update-end---author:王帅 Date:20200601 forif条件永远为falsebug------------
baseCommonService.addLog("用户登录失败,用户名:" + loginUser.getUsername() + "已注销!", CommonConstant.LOG_TYPE_1, null);
throw new JeecgBootException("该用户已注销");
}
//情况3根据用户信息查询该用户已冻结
if (CommonConstant.USER_FREEZE.equals(loginUser.getStatus())) {
baseCommonService.addLog("用户登录失败,用户名:" + loginUser.getUsername() + "已冻结!", CommonConstant.LOG_TYPE_1, null);
throw new JeecgBootException("该用户已冻结");
}
}
}

21
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/social/SocialGrantAuthenticationToken.java Normal file
View File

@ -0,0 +1,21 @@
package org.jeecg.config.security.social;
import org.jeecg.config.security.LoginType;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
import java.util.Map;
/**
* 社交模式认证专用token类型方法spring authorization server进行认证流转配合convert使用配合github、企业微信、钉钉、微信登录使用
* @author EightMonth
* @date 2024/1/1
*/
public class SocialGrantAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
public SocialGrantAuthenticationToken(Authentication clientPrincipal, Map<String, Object> additionalParameters) {
super(new AuthorizationGrantType(LoginType.SOCIAL), clientPrincipal, additionalParameters);
}
}

23
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/utils/SecureUtil.java Normal file
View File

@ -0,0 +1,23 @@
package org.jeecg.config.security.utils;
import com.alibaba.fastjson2.JSONObject;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.SpringContextUtils;
import org.springframework.security.core.context.SecurityContextHolder;
/**
* 认证信息工具类
* @author EightMonth
* @date 2024/1/10 17:03
*/
public class SecureUtil {
/**
* 通过当前认证信息获取用户信息
* @return
*/
public static LoginUser currentUser() {
String name = SecurityContextHolder.getContext().getAuthentication().getName();
return JSONObject.parseObject(name, LoginUser.class);
}
}

3
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/satoken/IgnoreAuth.java → jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/IgnoreAuth.java
View File

@ -1,4 +1,4 @@
package org.jeecg.config.satoken;
package org.jeecg.config.shiro;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
@ -16,4 +16,3 @@ import java.lang.annotation.Target;
@Retention(RetentionPolicy.RUNTIME)
public @interface IgnoreAuth {
}

112
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ignore/IgnoreAuthPostProcessor.java Normal file
View File

@ -0,0 +1,112 @@
package org.jeecg.config.shiro.ignore;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.config.shiro.IgnoreAuth;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.stereotype.Component;
import org.springframework.util.CollectionUtils;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
import java.lang.reflect.Method;
import java.util.*;
import java.util.stream.Collectors;
/**
* 在spring boot初始化时根据@RestController注解获取当前spring容器中的bean
* @author eightmonth
* @date 2024/4/18 11:35
*/
@Slf4j
@Component
@AllArgsConstructor
public class IgnoreAuthPostProcessor implements InitializingBean {
private RequestMappingHandlerMapping requestMappingHandlerMapping;
@Override
public void afterPropertiesSet() throws Exception {
long startTime = System.currentTimeMillis();
List<String> ignoreAuthUrls = new ArrayList<>();
Set<Class<?>> restControllers = requestMappingHandlerMapping.getHandlerMethods().values().stream().map(HandlerMethod::getBeanType).collect(Collectors.toSet());
for (Class<?> restController : restControllers) {
ignoreAuthUrls.addAll(postProcessRestController(restController));
}
log.info("Init Token ignoreAuthUrls Config [ 集合 ] {}", ignoreAuthUrls);
if (!CollectionUtils.isEmpty(ignoreAuthUrls)) {
InMemoryIgnoreAuth.set(ignoreAuthUrls);
}
// 计算方法的耗时
long endTime = System.currentTimeMillis();
long elapsedTime = endTime - startTime;
log.info("Init Token ignoreAuthUrls Config [ 耗时 ] " + elapsedTime + "毫秒");
}
private List<String> postProcessRestController(Class<?> clazz) {
List<String> ignoreAuthUrls = new ArrayList<>();
RequestMapping base = clazz.getAnnotation(RequestMapping.class);
String[] baseUrl = Objects.nonNull(base) ? base.value() : new String[]{};
Method[] methods = clazz.getDeclaredMethods();
for (Method method : methods) {
if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(RequestMapping.class)) {
RequestMapping requestMapping = method.getAnnotation(RequestMapping.class);
String[] uri = requestMapping.value();
ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
} else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(GetMapping.class)) {
GetMapping requestMapping = method.getAnnotation(GetMapping.class);
String[] uri = requestMapping.value();
ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
} else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(PostMapping.class)) {
PostMapping requestMapping = method.getAnnotation(PostMapping.class);
String[] uri = requestMapping.value();
ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
} else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(PutMapping.class)) {
PutMapping requestMapping = method.getAnnotation(PutMapping.class);
String[] uri = requestMapping.value();
ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
} else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(DeleteMapping.class)) {
DeleteMapping requestMapping = method.getAnnotation(DeleteMapping.class);
String[] uri = requestMapping.value();
ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
} else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(PatchMapping.class)) {
PatchMapping requestMapping = method.getAnnotation(PatchMapping.class);
String[] uri = requestMapping.value();
ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
}
}
return ignoreAuthUrls;
}
private List<String> rebuildUrl(String[] bases, String[] uris) {
List<String> urls = new ArrayList<>();
if (bases.length > 0) {
for (String base : bases) {
for (String uri : uris) {
// 如果uri包含路径占位符, 则需要将其替换为*
if (uri.matches(".*\\{.*}.*")) {
uri = uri.replaceAll("\\{.*?}", "*");
}
urls.add(prefix(base) + prefix(uri));
}
}
} else {
Arrays.stream(uris).forEach(uri -> {
urls.add(prefix(uri));
});
}
return urls;
}
private String prefix(String seg) {
return seg.startsWith("/") ? seg : "/"+seg;
}
}

11
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/satoken/ignore/InMemoryIgnoreAuth.java → jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ignore/InMemoryIgnoreAuth.java
View File

@ -1,4 +1,4 @@
package org.jeecg.config.satoken.ignore;
package org.jeecg.config.shiro.ignore;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
@ -6,8 +6,8 @@ import java.util.ArrayList;
import java.util.List;
/**
* 使用内存存储通过@IgnoreAuth注解的url配合Sa-Token进行免登录校验
* PS无法使用ThreadLocal进行存储因为ThreadLocal装载时Filter已经初始化完毕导致该类获取ThreadLocal为空
* 使用内存存储通过@IgnoreAuth注解的url配合JwtFilter进行免登录校验
* PS无法使用ThreadLocal进行存储因为ThreadLocal装载时JwtFilter已经初始化完毕导致该类获取ThreadLocal为空
* @author eightmonth
* @date 2024/4/18 15:02
*/
@ -15,7 +15,6 @@ public class InMemoryIgnoreAuth {
private static final List<String> IGNORE_AUTH_LIST = new ArrayList<>();
private static PathMatcher MATCHER = new AntPathMatcher();
public InMemoryIgnoreAuth() {}
public static void set(List<String> list) {
@ -32,11 +31,11 @@ public class InMemoryIgnoreAuth {
public static boolean contains(String url) {
for (String ignoreAuth : IGNORE_AUTH_LIST) {
if(MATCHER.match(ignoreAuth, url)){
if(MATCHER.match(ignoreAuth,url)){
return true;
}
}
return false;
}
}

18
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/config/vo/Shiro.java
View File

@ -1,18 +0,0 @@
package org.jeecg.config.vo;
/**
* @Description: TODO
* @author: scott
* @date: 2022年01月21日 14:23
*/
public class Shiro {
private String excludeUrls = "";
public String getExcludeUrls() {
return excludeUrls;
}
public void setExcludeUrls(String excludeUrls) {
this.excludeUrls = excludeUrls;
}
}

6
jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/modules/base/service/impl/BaseCommonServiceImpl.java
View File

@ -2,10 +2,10 @@ package org.jeecg.modules.base.service.impl;
import com.baomidou.mybatisplus.core.toolkit.IdWorker;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.util.LoginUserUtils;
import org.jeecg.common.api.dto.LogDTO;
import org.jeecg.common.constant.enums.ClientTerminalTypeEnum;
import org.jeecg.common.util.BrowserUtils;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.base.mapper.BaseCommonMapper;
import org.jeecg.modules.base.service.BaseCommonService;
import org.jeecg.common.system.vo.LoginUser;
@ -35,7 +35,7 @@ public class BaseCommonServiceImpl implements BaseCommonService {
logDTO.setId(String.valueOf(IdWorker.getId()));
}
//保存日志异常捕获处理防止数据太大存储失败导致业务失败JT-238
try {
try {
logDTO.setCreateTime(new Date());
baseCommonMapper.saveLog(logDTO);
} catch (Exception e) {
@ -74,7 +74,7 @@ public class BaseCommonServiceImpl implements BaseCommonService {
//获取登录用户信息
if(user==null){
try {
user = LoginUserUtils.getSessionUser();
user = SecureUtil.currentUser();
} catch (Exception e) {
//e.printStackTrace();
}

8
jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/app/controller/AiragAppController.java
View File

@ -1,6 +1,5 @@
package org.jeecg.modules.airag.app.controller;
import cn.dev33.satoken.annotation.SaCheckPermission;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
@ -11,13 +10,14 @@ import org.jeecg.common.system.query.QueryGenerator;
import org.jeecg.common.util.AssertUtils;
import org.jeecg.common.util.TokenUtils;
import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
import org.jeecg.config.satoken.IgnoreAuth;
import org.jeecg.config.shiro.IgnoreAuth;
import org.jeecg.modules.airag.app.consts.AiAppConsts;
import org.jeecg.modules.airag.app.entity.AiragApp;
import org.jeecg.modules.airag.app.service.IAiragAppService;
import org.jeecg.modules.airag.app.service.IAiragChatService;
import org.jeecg.modules.airag.app.vo.AppDebugParams;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.servlet.mvc.method.annotation.SseEmitter;
@ -67,7 +67,7 @@ public class AiragAppController extends JeecgController<AiragApp, IAiragAppServi
* @return
*/
@RequestMapping(value = "/edit", method = {RequestMethod.PUT, RequestMethod.POST})
@SaCheckPermission("airag:app:edit")
@PreAuthorize("@jps.requiresPermissions('airag:app:edit')")
public Result<String> edit(@RequestBody AiragApp airagApp) {
AssertUtils.assertNotEmpty("参数异常", airagApp);
AssertUtils.assertNotEmpty("请输入应用名称", airagApp.getName());
@ -106,7 +106,7 @@ public class AiragAppController extends JeecgController<AiragApp, IAiragAppServi
* @return
*/
@DeleteMapping(value = "/delete")
@SaCheckPermission("airag:app:delete")
@PreAuthorize("@jps.requiresPermissions('airag:app:delete')")
public Result<String> delete(HttpServletRequest request,@RequestParam(name = "id", required = true) String id) {
//update-begin---author:chenrui ---date:20250606 for[issues/8337]关于ai工作列表的数据权限问题 #8337------------
//如果是saas隔离的情况下判断当前租户id是否是当前租户下的

2
jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/app/controller/AiragChatController.java
View File

@ -6,7 +6,7 @@ import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.util.CommonUtils;
import org.jeecg.config.satoken.IgnoreAuth;
import org.jeecg.config.shiro.IgnoreAuth;
import org.jeecg.modules.airag.app.service.IAiragChatService;
import org.jeecg.modules.airag.app.vo.ChatConversation;
import org.jeecg.modules.airag.app.vo.ChatSendParams;

2
jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/app/service/impl/AiragChatServiceImpl.java
View File

@ -1081,7 +1081,7 @@ public class AiragChatServiceImpl implements IAiragChatService {
} else {
token = TokenUtils.getTokenByRequest();
}
if (TokenUtils.verifyToken(token, sysBaseApi)) {
if (TokenUtils.verifyToken(token, sysBaseApi, redisUtil)) {
return JwtUtil.getUsername(token);
}
} catch (Exception e) {

20
jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/llm/controller/AiragKnowledgeController.java
View File

@ -1,6 +1,5 @@
package org.jeecg.modules.airag.llm.controller;
import cn.dev33.satoken.annotation.SaCheckPermission;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
@ -18,6 +17,7 @@ import org.jeecg.modules.airag.llm.handler.EmbeddingHandler;
import org.jeecg.modules.airag.llm.service.IAiragKnowledgeDocService;
import org.jeecg.modules.airag.llm.service.IAiragKnowledgeService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
@ -77,7 +77,7 @@ public class AiragKnowledgeController {
* @date 2025/2/18 17:09
*/
@PostMapping(value = "/add")
@SaCheckPermission("airag:knowledge:add")
@PreAuthorize("@jps.requiresPermissions('airag:knowledge:add')")
public Result<String> add(@RequestBody AiragKnowledge airagKnowledge) {
airagKnowledge.setStatus(LLMConsts.STATUS_ENABLE);
airagKnowledgeService.save(airagKnowledge);
@ -94,7 +94,7 @@ public class AiragKnowledgeController {
*/
@Transactional(rollbackFor = Exception.class)
@RequestMapping(value = "/edit", method = {RequestMethod.PUT, RequestMethod.POST})
@SaCheckPermission("airag:knowledge:edit")
@PreAuthorize("@jps.requiresPermissions('airag:knowledge:edit')")
public Result<String> edit(@RequestBody AiragKnowledge airagKnowledge) {
AiragKnowledge airagKnowledgeEntity = airagKnowledgeService.getById(airagKnowledge.getId());
if (airagKnowledgeEntity == null) {
@ -118,7 +118,7 @@ public class AiragKnowledgeController {
* @date 2025/3/12 17:05
*/
@PutMapping(value = "/rebuild")
@SaCheckPermission("airag:knowledge:rebuild")
@PreAuthorize("@jps.requiresPermissions('airag:knowledge:rebuild')")
public Result<?> rebuild(@RequestParam("knowIds") String knowIds) {
String[] knowIdArr = knowIds.split(",");
for (String knowId : knowIdArr) {
@ -137,7 +137,7 @@ public class AiragKnowledgeController {
*/
@Transactional(rollbackFor = Exception.class)
@DeleteMapping(value = "/delete")
@SaCheckPermission("airag:knowledge:delete")
@PreAuthorize("@jps.requiresPermissions('airag:knowledge:delete')")
public Result<String> delete(HttpServletRequest request, @RequestParam(name = "id", required = true) String id) {
//update-begin---author:chenrui ---date:20250606 for[issues/8337]关于ai工作列表的数据权限问题 #8337------------
//如果是saas隔离的情况下判断当前租户id是否是当前租户下的
@ -204,7 +204,7 @@ public class AiragKnowledgeController {
* @date 2025/2/18 15:47
*/
@PostMapping(value = "/doc/edit")
@SaCheckPermission("airag:knowledge:doc:edit")
@PreAuthorize("@jps.requiresPermissions('airag:knowledge:doc:edit')")
public Result<?> addDocument(@RequestBody AiragKnowledgeDoc airagKnowledgeDoc) {
return airagKnowledgeDocService.editDocument(airagKnowledgeDoc);
}
@ -217,7 +217,7 @@ public class AiragKnowledgeController {
* @date 2025/3/20 11:29
*/
@PostMapping(value = "/doc/import/zip")
@SaCheckPermission("airag:knowledge:doc:zip")
@PreAuthorize("@jps.requiresPermissions('airag:knowledge:doc:zip')")
public Result<?> importDocumentFromZip(@RequestParam(name = "knowId", required = true) String knowId,
@RequestParam(name = "file", required = true) MultipartFile file) {
return airagKnowledgeDocService.importDocumentFromZip(knowId,file);
@ -244,7 +244,7 @@ public class AiragKnowledgeController {
* @date 2025/2/18 15:47
*/
@PutMapping(value = "/doc/rebuild")
@SaCheckPermission("airag:knowledge:doc:rebuild")
@PreAuthorize("@jps.requiresPermissions('airag:knowledge:doc:rebuild')")
public Result<?> rebuildDocument(@RequestParam("docIds") String docIds) {
return airagKnowledgeDocService.rebuildDocument(docIds);
}
@ -259,7 +259,7 @@ public class AiragKnowledgeController {
*/
@Transactional(rollbackFor = Exception.class)
@DeleteMapping(value = "/doc/deleteBatch")
@SaCheckPermission("airag:knowledge:doc:deleteBatch")
@PreAuthorize("@jps.requiresPermissions('airag:knowledge:doc:deleteBatch')")
public Result<String> deleteDocumentBatch(HttpServletRequest request, @RequestParam(name = "ids", required = true) String ids) {
List<String> idsList = Arrays.asList(ids.split(","));
//update-begin---author:chenrui ---date:20250606 for[issues/8337]关于ai工作列表的数据权限问题 #8337------------
@ -287,7 +287,7 @@ public class AiragKnowledgeController {
*/
@Transactional(rollbackFor = Exception.class)
@DeleteMapping(value = "/doc/deleteAll")
@SaCheckPermission("airag:knowledge:doc:deleteAll")
@PreAuthorize("@jps.requiresPermissions('airag:knowledge:doc:deleteAll')")
public Result<?> deleteDocumentAll(HttpServletRequest request, @RequestParam(name = "knowId") String knowId) {
//update-begin---author:chenrui ---date:20250606 for[issues/8337]关于ai工作列表的数据权限问题 #8337------------
//如果是saas隔离的情况下判断当前租户id是否是当前租户下的

8
jeecg-boot/jeecg-boot-module/jeecg-boot-module-airag/src/main/java/org/jeecg/modules/airag/llm/controller/AiragModelController.java
View File

@ -1,6 +1,5 @@
package org.jeecg.modules.airag.llm.controller;
import cn.dev33.satoken.annotation.SaCheckPermission;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
@ -23,6 +22,7 @@ import org.jeecg.modules.airag.llm.handler.AIChatHandler;
import org.jeecg.modules.airag.llm.handler.EmbeddingHandler;
import org.jeecg.modules.airag.llm.service.IAiragModelService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.servlet.ModelAndView;
@ -72,7 +72,7 @@ public class AiragModelController extends JeecgController<AiragModel, IAiragMode
* @return
*/
@PostMapping(value = "/add")
@SaCheckPermission("airag:model:add")
@PreAuthorize("@jps.requiresPermissions('airag:model:add')")
public Result<String> add(@RequestBody AiragModel airagModel) {
// 验证 模型名称/模型类型/基础模型
AssertUtils.assertNotEmpty("模型名称不能为空", airagModel.getName());
@ -94,7 +94,7 @@ public class AiragModelController extends JeecgController<AiragModel, IAiragMode
* @return
*/
@RequestMapping(value = "/edit", method = {RequestMethod.PUT, RequestMethod.POST})
@SaCheckPermission("airag:model:edit")
@PreAuthorize("@jps.requiresPermissions('airag:model:edit')")
public Result<String> edit(@RequestBody AiragModel airagModel) {
airagModelService.updateById(airagModel);
return Result.OK("编辑成功!");
@ -107,7 +107,7 @@ public class AiragModelController extends JeecgController<AiragModel, IAiragMode
* @return
*/
@DeleteMapping(value = "/delete")
@SaCheckPermission("airag:model:delete")
@PreAuthorize("@jps.requiresPermissions('airag:model:delete')")
public Result<String> delete(HttpServletRequest request, @RequestParam(name = "id", required = true) String id) {
//update-begin---author:chenrui ---date:20250606 for[issues/8337]关于ai工作列表的数据权限问题 #8337------------
//如果是saas隔离的情况下判断当前租户id是否是当前租户下的

8
jeecg-boot/jeecg-boot-module/jeecg-module-demo/src/main/java/org/jeecg/modules/demo/test/controller/JeecgDemoController.java
View File

@ -19,7 +19,7 @@ import org.jeecg.common.system.query.QueryGenerator;
import org.jeecg.common.util.DateUtils;
import org.jeecg.common.util.RedisUtil;
import org.jeecg.common.util.UUIDGenerator;
import org.jeecg.config.satoken.IgnoreAuth;
import org.jeecg.config.shiro.IgnoreAuth;
import org.jeecg.modules.demo.test.entity.JeecgDemo;
import org.jeecg.modules.demo.test.service.IJeecgDemoService;
import org.springframework.beans.factory.annotation.Autowired;
@ -473,8 +473,14 @@ public class JeecgDemoController extends JeecgController<JeecgDemo, IJeecgDemoSe
* 测试Mono对象
* @return
*/
@Operation(summary = "Mono测试")
@GetMapping(value ="/test")
public Mono<String> test() {
//解决shiro报错No SecurityManager accessible to the calling code, either bound to the org.apache.shiro
// https://blog.csdn.net/Japhet_jiu/article/details/131177210
// DefaultSecurityManager securityManager = new DefaultSecurityManager();
// SecurityUtils.setSecurityManager(securityManager);
return Mono.just("测试");
}

10
jeecg-boot/jeecg-boot-module/jeecg-module-demo/src/main/java/org/jeecg/modules/demo/test/controller/JeecgOrderMainController.java
View File

@ -5,6 +5,7 @@ import java.util.Arrays;
import java.util.List;
import java.util.Map;
import com.alibaba.fastjson.JSON;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
@ -12,10 +13,13 @@ import org.jeecg.common.api.vo.Result;
import org.jeecg.common.system.base.controller.JeecgController;
import org.jeecg.common.system.query.QueryGenerator;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.LoginUserUtils;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.demo.test.entity.JeecgDemo;
import org.jeecg.modules.demo.test.entity.JeecgOrderCustomer;
import org.jeecg.modules.demo.test.entity.JeecgOrderMain;
import org.jeecg.modules.demo.test.entity.JeecgOrderTicket;
import org.jeecg.modules.demo.test.service.IJeecgDemoService;
import org.jeecg.modules.demo.test.service.IJeecgOrderCustomerService;
import org.jeecg.modules.demo.test.service.IJeecgOrderMainService;
import org.jeecg.modules.demo.test.service.IJeecgOrderTicketService;
@ -27,9 +31,11 @@ import org.jeecgframework.poi.excel.entity.ImportParams;
import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@ -180,7 +186,7 @@ public class JeecgOrderMainController extends JeecgController<JeecgOrderMain, IJ
//Step.2 AutoPoi 导出Excel
ModelAndView mv = new ModelAndView(new JeecgEntityExcelView());
//获取当前用户
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
List<JeecgOrderMainPage> pageList = new ArrayList<JeecgOrderMainPage>();

6
jeecg-boot/jeecg-boot-module/jeecg-module-demo/src/main/java/org/jeecg/modules/demo/test/service/impl/JeecgDemoServiceImpl.java
View File

@ -1,17 +1,19 @@
package org.jeecg.modules.demo.test.service.impl;
import com.alibaba.fastjson.JSON;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
import org.jeecg.common.constant.CacheConstant;
import org.jeecg.common.system.query.QueryGenerator;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.LoginUserUtils;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.demo.test.entity.JeecgDemo;
import org.jeecg.modules.demo.test.mapper.JeecgDemoMapper;
import org.jeecg.modules.demo.test.service.IJeecgDemoService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
@ -97,7 +99,7 @@ public class JeecgDemoServiceImpl extends ServiceImpl<JeecgDemoMapper, JeecgDemo
@Override
public String getExportFields() {
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
//权限配置列导出示例
//1.配置前缀与菜单中配置的列前缀一致
List<String> noAuthList = new ArrayList<>();

16
jeecg-boot/jeecg-module-system/jeecg-system-api/jeecg-system-cloud-api/src/main/java/org/jeecg/common/system/api/ISysBaseAPI.java
View File

@ -14,7 +14,6 @@ import org.jeecg.common.system.api.factory.SysBaseAPIFallbackFactory;
import org.jeecg.common.system.vo.*;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
import org.springframework.cloud.openfeign.FeignClient;
import org.springframework.data.repository.query.Param;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.*;
@ -869,4 +868,19 @@ public interface ISysBaseAPI extends CommonAPI {
*/
@GetMapping("/sys/api/queryUserIdsByCascadeDeptIds")
List<String> queryUserIdsByCascadeDeptIds(@RequestParam("deptIds") List<String> deptIds);
@GetMapping("/sys/api/getUserByPhone")
public LoginUser getUserByPhone(@RequestParam("phone") String phone);
@GetMapping("/sys/api/queryAllDictItems")
Map<String,List<DictModel>> queryAllDictItems();
@GetMapping("/sys/api/queryUserDeparts")
List<SysDepartModel> queryUserDeparts(@RequestParam("userId") String userId);
@PostMapping("/sys/api/updateUserDepart")
void updateUserDepart(@RequestParam("username") String username,@RequestParam("orgCode") String orgCode,@RequestParam("loginTenantId") Integer loginTenantId);
@GetMapping("/sys/api/setLoginTenant")
JSONObject setLoginTenant(@RequestParam("username") String username);
}

26
jeecg-boot/jeecg-module-system/jeecg-system-api/jeecg-system-cloud-api/src/main/java/org/jeecg/common/system/api/fallback/SysBaseAPIFallback.java
View File

@ -500,4 +500,30 @@ public class SysBaseAPIFallback implements ISysBaseAPI {
public List<String> queryUserIdsByCascadeDeptIds(List<String> deptIds) {
return null;
}
@Override
public LoginUser getUserByPhone(String phone) {
return null;
}
@Override
public Map<String, List<DictModel>> queryAllDictItems() {
return Map.of();
}
@Override
public List<SysDepartModel> queryUserDeparts(String userId) {
return List.of();
}
@Override
public void updateUserDepart(String username, String orgCode, Integer loginTenantId) {
}
@Override
public JSONObject setLoginTenant(String username) {
return null;
}
}

30
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/config/init/ShiroCacheClearRunner.java Normal file
View File

@ -0,0 +1,30 @@
package org.jeecg.config.init;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.util.RedisUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.ApplicationArguments;
import org.springframework.boot.ApplicationRunner;
import org.springframework.stereotype.Component;
/**
* Shiro缓存清理
* 在应用启动时清除所有的Shiro授权缓存
* 主要用于解决重启项目,用户未重新登录,按钮权限不生效的问题
*/
@Slf4j
@Component
public class ShiroCacheClearRunner implements ApplicationRunner {
@Autowired
private RedisUtil redisUtil;
@Override
public void run(ApplicationArguments args) {
// 清空所有授权redis缓存
log.info("——— Service restart, clearing all user shiro authorization cache ——— ");
redisUtil.removeAll(CommonConstant.PREFIX_USER_SHIRO_CACHE);
}
}

2
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/config/jimureport/JimuReportTokenService.java
View File

@ -56,7 +56,7 @@ public class JimuReportTokenService implements JmReportTokenServiceI {
@Override
public Boolean verifyToken(String token) {
return TokenUtils.verifyToken(token, sysBaseApi);
return TokenUtils.verifyToken(token, sysBaseApi, redisUtil);
}
@Override

6
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/aop/TenantPackUserLogAspect.java
View File

@ -1,6 +1,6 @@
package org.jeecg.modules.aop;
import org.jeecg.common.util.LoginUserUtils;
import com.alibaba.fastjson.JSON;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.AfterThrowing;
import org.aspectj.lang.annotation.Around;
@ -10,9 +10,11 @@ import org.aspectj.lang.reflect.MethodSignature;
import org.jeecg.common.api.dto.LogDTO;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.base.service.BaseCommonService;
import org.jeecg.modules.system.entity.SysTenantPack;
import org.jeecg.modules.system.entity.SysTenantPackUser;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import jakarta.annotation.Resource;
@ -79,7 +81,7 @@ public class TenantPackUserLogAspect {
dto.setOperateType(opType);
dto.setTenantId(tenantId);
//获取登录用户信息
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
if(sysUser!=null){
dto.setUserid(sysUser.getUsername());
dto.setUsername(sysUser.getRealname());

26
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/api/controller/SystemApiController.java
View File

@ -1015,6 +1015,31 @@ public class SystemApiController {
sysBaseApi.announcementAutoRelease(dataId, currentUserName);
}
@GetMapping("/sys/api/getUserByPhone")
public LoginUser getUserByPhone(String phone) {
return sysBaseApi.getUserByPhone(phone);
}
@GetMapping("/sys/api/queryAllDictItems")
public Map<String,List<DictModel>> queryAllDictItems() {
return sysBaseApi.queryAllDictItems();
}
@GetMapping("/sys/api/queryUserDeparts")
public List<SysDepartModel> queryUserDeparts(@RequestParam("userId") String userId) {
return sysBaseApi.queryUserDeparts(userId);
}
@PostMapping("/sys/api/updateUserDepart")
public void updateUserDepart(@RequestParam("username") String username,@RequestParam("orgCode") String orgCode,@RequestParam("loginTenantId") Integer loginTenantId) {
sysBaseApi.updateUserDepart(username, orgCode, loginTenantId);
}
@GetMapping("/sys/api/setLoginTenant")
public JSONObject setLoginTenant(@RequestParam("username") String username) {
return sysBaseApi.setLoginTenant(username);
}
/**
* 根据部门编码查询公司信息
* @param orgCode 部门编码
@ -1072,4 +1097,5 @@ public class SystemApiController {
public List<String> queryUserIdsByCascadeDeptIds(@RequestParam("deptIds") List<String> deptIds){
return sysBaseApi.queryUserIdsByCascadeDeptIds(deptIds);
}
}

13
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/cas/controller/CasClientController.java
View File

@ -7,8 +7,8 @@ import jakarta.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.LoginUserUtils;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.system.util.JwtUtil;
import org.jeecg.common.util.RedisUtil;
import org.jeecg.modules.cas.util.CasServiceUtil;
import org.jeecg.modules.cas.util.XmlUtils;
@ -16,7 +16,6 @@ import org.jeecg.modules.system.entity.SysDepart;
import org.jeecg.modules.system.entity.SysUser;
import org.jeecg.modules.system.service.ISysDepartService;
import org.jeecg.modules.system.service.ISysUserService;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpEntity;
@ -79,10 +78,10 @@ public class CasClientController {
if(!result.isSuccess()) {
return result;
}
// 使用Sa-Token生成token使用username作为loginId
LoginUser loginUser = new LoginUser();
BeanUtils.copyProperties(sysUser, loginUser);
String token = LoginUserUtils.doLogin(loginUser);
String token = JwtUtil.sign(sysUser.getUsername(), sysUser.getPassword());
// 设置超时时间
redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token);
redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME*2 / 1000);
//获取用户部门信息
JSONObject obj = new JSONObject();

14
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/message/handle/impl/EmailSendMsgHandle.java
View File

@ -6,12 +6,10 @@ import org.apache.commons.lang3.ObjectUtils;
import org.jeecg.common.api.dto.message.MessageDTO;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.constant.enums.MessageTypeEnum;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.LoginUserUtils;
import org.jeecg.common.system.util.JwtUtil;
import org.jeecg.common.util.RedisUtil;
import org.jeecg.common.util.SpringContextUtils;
import org.jeecg.common.util.oConvertUtils;
import org.springframework.beans.BeanUtils;
import org.jeecg.config.StaticConfig;
import org.jeecg.modules.message.entity.SysMessage;
import org.jeecg.modules.message.handle.ISendMsgHandle;
@ -242,10 +240,12 @@ public class EmailSendMsgHandle implements ISendMsgHandle {
* @return
*/
private String getToken(SysUser user) {
// 使用封装方法:一步完成登录和设置用户信息
LoginUser loginUser = new LoginUser();
BeanUtils.copyProperties(user, loginUser);
return LoginUserUtils.doLogin(loginUser);
// 生成token
String token = JwtUtil.sign(user.getUsername(), user.getPassword());
redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token);
// 设置超时时间 1个小时
redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME * 1 / 1000);
return token;
}
/**

86
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/ngalain/controller/NgAlainController.java Normal file
View File

@ -0,0 +1,86 @@
//package org.jeecg.modules.ngalain.controller;
//
//import java.util.ArrayList;
//import java.util.List;
//import java.util.Map;
//
//import jakarta.servlet.http.HttpServletRequest;
//
//import org.apache.shiro.SecurityUtils;
//import org.jeecg.common.api.vo.Result;
//import org.jeecg.common.system.vo.DictModel;
//import org.jeecg.common.system.vo.LoginUser;
//import org.jeecg.modules.ngalain.service.NgAlainService;
//import org.jeecg.modules.system.service.ISysDictService;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.web.bind.annotation.PathVariable;
//import org.springframework.web.bind.annotation.RequestMapping;
//import org.springframework.web.bind.annotation.RequestMethod;
//import org.springframework.web.bind.annotation.ResponseBody;
//import org.springframework.web.bind.annotation.RestController;
//
//import com.alibaba.fastjson.JSONObject;
//
//import lombok.extern.slf4j.Slf4j;
//
//@Slf4j
//@RestController
//@RequestMapping("/sys/ng-alain")
//public class NgAlainController {
// @Autowired
// private NgAlainService ngAlainService;
// @Autowired
// private ISysDictService sysDictService;
//
// @RequestMapping(value = "/getAppData")
// @ResponseBody
// public JSONObject getAppData(HttpServletRequest request) throws Exception {
// String token=request.getHeader("X-Access-Token");
// JSONObject j = new JSONObject();
// LoginUser user = (LoginUser) SecurityUtils.getSubject().getPrincipal();
// JSONObject userObjcet = new JSONObject();
// userObjcet.put("name", user.getUsername());
// userObjcet.put("avatar", user.getAvatar());
// userObjcet.put("email", user.getEmail());
// userObjcet.put("token", token);
// j.put("user", userObjcet);
// j.put("menu",ngAlainService.getMenu(user.getUsername()));
// JSONObject app = new JSONObject();
// app.put("name", "jeecg-boot-angular");
// app.put("description", "jeecg+ng-alain整合版本");
// j.put("app", app);
// return j;
// }
//
// @RequestMapping(value = "/getDictItems/{dictCode}", method = RequestMethod.GET)
// public Object getDictItems(@PathVariable String dictCode) {
// log.info(" dictCode : "+ dictCode);
// Result<List<DictModel>> result = new Result<List<DictModel>>();
// List<DictModel> ls = null;
// try {
// ls = sysDictService.queryDictItemsByCode(dictCode);
// result.setSuccess(true);
// result.setResult(ls);
// } catch (Exception e) {
// log.error(e.getMessage(),e);
// result.error500("操作失败");
// return result;
// }
// List<JSONObject> dictlist=new ArrayList<>();
// for (DictModel l : ls) {
// JSONObject dict=new JSONObject();
// try {
// dict.put("value",Integer.parseInt(l.getValue()));
// } catch (NumberFormatException e) {
// dict.put("value",l.getValue());
// }
// dict.put("label",l.getText());
// dictlist.add(dict);
// }
// return dictlist;
// }
// @RequestMapping(value = "/getDictItemsByTable/{table}/{key}/{value}", method = RequestMethod.GET)
// public Object getDictItemsByTable(@PathVariable String table,@PathVariable String key,@PathVariable String value) {
// return this.ngAlainService.getDictByTable(table,key,value);
// }
//}

20
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/openapi/controller/OpenApiController.java
View File

@ -7,13 +7,11 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.google.common.collect.Lists;
import jakarta.servlet.http.HttpServletRequest;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.system.base.controller.JeecgController;
import org.jeecg.common.system.query.QueryGenerator;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.LoginUserUtils;
import org.jeecg.common.system.util.JwtUtil;
import org.jeecg.common.util.RedisUtil;
import org.jeecg.common.util.RestUtil;
import org.jeecg.modules.openapi.entity.OpenApi;
@ -26,7 +24,6 @@ import org.jeecg.modules.openapi.service.OpenApiService;
import org.jeecg.modules.openapi.swagger.*;
import org.jeecg.modules.system.entity.SysUser;
import org.jeecg.modules.system.service.ISysUserService;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
@ -36,6 +33,7 @@ import org.springframework.web.bind.annotation.*;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponentsBuilder;
import jakarta.servlet.http.HttpServletRequest;
import java.net.URI;
import java.util.*;
import java.util.stream.Collectors;
@ -165,7 +163,7 @@ public class OpenApiController extends JeecgController<OpenApi, OpenApiService>
String appkey = request.getHeader("appkey");
OpenApiAuth openApiAuth = openApiAuthService.getByAppkey(appkey);
SysUser systemUser = sysUserService.getUserByName(openApiAuth.getCreateBy());
String token = this.getToken(systemUser);
String token = this.getToken(systemUser.getUsername(), systemUser.getPassword());
httpHeaders.put("X-Access-Token", Lists.newArrayList(token));
httpHeaders.put("Content-Type",Lists.newArrayList("application/json"));
HttpEntity<String> httpEntity = new HttpEntity<>(json, httpHeaders);
@ -204,13 +202,15 @@ public class OpenApiController extends JeecgController<OpenApi, OpenApiService>
/**
* 生成接口访问令牌 Token
*
* @param USERNAME
* @param PASSWORD
* @return
*/
private String getToken(SysUser user) {
// 使用封装方法:一步完成登录和设置用户信息
LoginUser loginUser = new LoginUser();
BeanUtils.copyProperties(user, loginUser);
return LoginUserUtils.doLogin(loginUser);
private String getToken(String USERNAME, String PASSWORD) {
String token = JwtUtil.sign(USERNAME, PASSWORD);
redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token);
redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, 60);
return token;
}

2
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/openapi/controller/OpenApiIndexController.java
View File

@ -1,7 +1,7 @@
package org.jeecg.modules.openapi.controller;
import org.jeecg.common.api.vo.Result;
import org.jeecg.config.satoken.IgnoreAuth;
import org.jeecg.config.shiro.IgnoreAuth;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

7
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/oss/controller/OssFileController.java
View File

@ -2,13 +2,12 @@ package org.jeecg.modules.oss.controller;
import jakarta.servlet.http.HttpServletRequest;
import cn.dev33.satoken.annotation.SaCheckPermission;
import cn.dev33.satoken.annotation.SaCheckRole;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.system.query.QueryGenerator;
import org.jeecg.modules.oss.entity.OssFile;
import org.jeecg.modules.oss.service.IOssFileService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
@ -47,8 +46,8 @@ public class OssFileController {
@ResponseBody
@PostMapping("/upload")
//@SaCheckRole("admin")
@SaCheckPermission("system:ossFile:upload")
//@RequiresRoles("admin")
@PreAuthorize("@jps.requiresPermissions('system:ossFile:upload')")
public Result upload(@RequestParam("file") MultipartFile multipartFile) {
Result result = new Result();
try {

36
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/quartz/controller/QuartzJobController.java
View File

@ -1,13 +1,12 @@
package org.jeecg.modules.quartz.controller;
import com.alibaba.fastjson.JSON;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import io.swagger.v3.oas.annotations.tags.Tag;
import io.swagger.v3.oas.annotations.Operation;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.util.LoginUserUtils;
import cn.dev33.satoken.annotation.SaCheckPermission;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.constant.SymbolConstant;
@ -15,6 +14,7 @@ import org.jeecg.common.system.query.QueryGenerator;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.ImportExcelUtil;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.quartz.entity.QuartzJob;
import org.jeecg.modules.quartz.service.IQuartzJobService;
import org.jeecgframework.poi.excel.ExcelImportUtil;
@ -25,6 +25,8 @@ import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
import org.quartz.Scheduler;
import org.quartz.SchedulerException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;
@ -79,8 +81,8 @@ public class QuartzJobController {
* @param quartzJob
* @return
*/
//@SaCheckRole("admin")
@SaCheckPermission("system:quartzJob:add")
//@RequiresRoles("admin")
@PreAuthorize("@jps.requiresPermissions('system:quartzJob:add')")
@RequestMapping(value = "/add", method = RequestMethod.POST)
public Result<?> add(@RequestBody QuartzJob quartzJob) {
quartzJobService.saveAndScheduleJob(quartzJob);
@ -93,8 +95,8 @@ public class QuartzJobController {
* @param quartzJob
* @return
*/
//@SaCheckRole("admin")
@SaCheckPermission("system:quartzJob:edit")
//@RequiresRoles("admin")
@PreAuthorize("@jps.requiresPermissions('system:quartzJob:edit')")
@RequestMapping(value = "/edit", method ={RequestMethod.PUT, RequestMethod.POST})
public Result<?> eidt(@RequestBody QuartzJob quartzJob) {
try {
@ -112,8 +114,8 @@ public class QuartzJobController {
* @param id
* @return
*/
//@SaCheckRole("admin")
@SaCheckPermission("system:quartzJob:delete")
//@RequiresRoles("admin")
@PreAuthorize("@jps.requiresPermissions('system:quartzJob:delete')")
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
public Result<?> delete(@RequestParam(name = "id", required = true) String id) {
QuartzJob quartzJob = quartzJobService.getById(id);
@ -131,8 +133,8 @@ public class QuartzJobController {
* @param ids
* @return
*/
//@SaCheckRole("admin")
@SaCheckPermission("system:quartzJob:deleteBatch")
//@RequiresRoles("admin")
@PreAuthorize("@jps.requiresPermissions('system:quartzJob:deleteBatch')")
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
public Result<?> deleteBatch(@RequestParam(name = "ids", required = true) String ids) {
if (ids == null || "".equals(ids.trim())) {
@ -151,8 +153,8 @@ public class QuartzJobController {
* @param id
* @return
*/
//@SaCheckRole("admin")
@SaCheckPermission("system:quartzJob:pause")
//@RequiresRoles("admin")
@PreAuthorize("@jps.requiresPermissions('system:quartzJob:pause')")
@GetMapping(value = "/pause")
@Operation(summary = "停止定时任务")
public Result<Object> pauseJob(@RequestParam(name = "id") String id) {
@ -170,8 +172,8 @@ public class QuartzJobController {
* @param id
* @return
*/
//@SaCheckRole("admin")
@SaCheckPermission("system:quartzJob:resume")
//@RequiresRoles("admin")
@PreAuthorize("@jps.requiresPermissions('system:quartzJob:resume')")
@GetMapping(value = "/resume")
@Operation(summary = "启动定时任务")
public Result<Object> resumeJob(@RequestParam(name = "id") String id) {
@ -220,7 +222,7 @@ public class QuartzJobController {
mv.addObject(NormalExcelConstants.CLASS, QuartzJob.class);
//获取当前登录用户
//update-begin---author:wangshuai ---date:20211227 for[JTC-116]导出人写死了------------
LoginUser user = LoginUserUtils.getSessionUser();
LoginUser user = SecureUtil.currentUser();
mv.addObject(NormalExcelConstants.PARAMS, new ExportParams("定时任务列表数据", "导出人:"+user.getRealname(), "导出信息"));
//update-end---author:wangshuai ---date:20211227 for[JTC-116]导出人写死了------------
mv.addObject(NormalExcelConstants.DATA_LIST, pageList);
@ -277,8 +279,8 @@ public class QuartzJobController {
* @param id
* @return
*/
//@SaCheckRole("admin")
@SaCheckPermission("system:quartzJob:execute")
//@RequiresRoles("admin")
@PreAuthorize("@jps.requiresPermissions('system:quartzJob:execute')")
@GetMapping("/execute")
public Result<?> execute(@RequestParam(name = "id", required = true) String id) {
QuartzJob quartzJob = quartzJobService.getById(id);

82
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java
View File

@ -1,17 +1,17 @@
package org.jeecg.modules.system.controller;
import cn.dev33.satoken.stp.StpUtil;
import cn.hutool.core.util.RandomUtil;
import cn.hutool.core.util.StrUtil;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.aliyuncs.exceptions.ClientException;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.toolkit.IdWorker;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import io.swagger.v3.oas.annotations.Operation;
import lombok.extern.slf4j.Slf4j;
import org.apache.tomcat.util.threads.ThreadPoolExecutor;
import org.jeecg.common.util.LoginUserUtils;
import cn.dev33.satoken.annotation.SaCheckRole;
import org.apache.shiro.SecurityUtils;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.CacheConstant;
import org.jeecg.common.constant.CommonConstant;
@ -22,9 +22,11 @@ import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.*;
import org.jeecg.common.util.encryption.EncryptedString;
import org.jeecg.config.JeecgBaseConfig;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.base.service.BaseCommonService;
import org.jeecg.modules.system.entity.SysDepart;
import org.jeecg.modules.system.entity.SysRoleIndex;
import org.jeecg.modules.system.entity.SysTenant;
import org.jeecg.modules.system.entity.SysUser;
import org.jeecg.modules.system.model.SysLoginModel;
import org.jeecg.modules.system.service.*;
@ -32,7 +34,17 @@ import org.jeecg.modules.system.service.impl.SysBaseApiImpl;
import org.jeecg.modules.system.util.RandImageUtil;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.CacheManager;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.authentication.event.LogoutSuccessEvent;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.web.bind.annotation.*;
import jakarta.annotation.Resource;
@ -42,6 +54,7 @@ import java.util.*;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.SynchronousQueue;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
/**
* @Author scott
@ -70,12 +83,23 @@ public class LoginController {
private BaseCommonService baseCommonService;
@Autowired
private JeecgBaseConfig jeecgBaseConfig;
@Autowired
private OAuth2AuthorizationService authorizationService;
@Autowired
private CacheManager cacheManager;
private final String BASE_CHECK_CODES = "qwertyuiplkjhgfdsazxcvbnmQWERTYUPLKJHGFDSAZXCVBNM1234567890";
/**
* 线程池用于异步发送纪要
*/
public static ExecutorService cachedThreadPool = new ThreadPoolExecutor(0, 1024, 60L, TimeUnit.SECONDS, new SynchronousQueue<>());
public static ExecutorService cachedThreadPool = new ShiroThreadPoolExecutor(0, 1024, 60L, TimeUnit.SECONDS, new SynchronousQueue<>());
/**
* 使用spring authorization server提供的各类登录接口
* @param sysLoginModel
* @return
*/
@Operation(summary="登录接口")
@RequestMapping(value = "/login", method = RequestMethod.POST)
public Result<JSONObject> login(@RequestBody SysLoginModel sysLoginModel, HttpServletRequest request){
@ -148,8 +172,7 @@ public class LoginController {
public Result<JSONObject> getUserInfo(HttpServletRequest request){
long start = System.currentTimeMillis();
Result<JSONObject> result = new Result<JSONObject>();
// 使用Sa-Token获取登录用户名loginId现在是username
String username = StpUtil.getLoginIdAsString();
String username = JwtUtil.getUserNameByToken(request);
if(oConvertUtils.isNotEmpty(username)) {
// 根据用户名查询用户信息
SysUser sysUser = sysUserService.getUserByName(username);
@ -173,8 +196,6 @@ public class LoginController {
obj.put("userInfo",sysUser);
obj.put("sysAllDictItems", sysDictService.queryAllDictItems());
log.info("3 获取用户信息耗时 (字典数据)" + (System.currentTimeMillis() - start) + "毫秒");
result.setResult(obj);
result.success("");
}
@ -200,26 +221,33 @@ public class LoginController {
LoginUser sysUser = sysBaseApi.getUserByName(username);
if(sysUser!=null) {
asyncClearLogoutCache(token, sysUser); // 异步清理
// 使用Sa-Token退出登录
StpUtil.logout();
return Result.ok("退出登录成功!");
OAuth2Authorization authorization = authorizationService.findByToken(token, OAuth2TokenType.ACCESS_TOKEN);
// 清空用户信息
cacheManager.getCache("user_details").evict(authorization.getPrincipalName());
// 清空access token
authorizationService.remove(authorization);
return Result.ok("退出登录成功!");
}else {
return Result.error("Token无效!");
}
}
/**
* 清理用户缓存使用Sa-Token
* 清理用户缓存
*
* @param token
* @param sysUser
*/
private void asyncClearLogoutCache(String token, LoginUser sysUser) {
cachedThreadPool.execute(()->{
//清空用户登录Token缓存
redisUtil.del(CommonConstant.PREFIX_USER_TOKEN + token);
//清空用户登录Shiro权限缓存
redisUtil.del(CommonConstant.PREFIX_USER_SHIRO_CACHE + sysUser.getId());
//清空用户的缓存信息包括部门信息例如sys:cache:user::<username>
redisUtil.del(String.format("%s::%s", CacheConstant.SYS_USERS_CACHE, sysUser.getUsername()));
baseCommonService.addLog("用户名: "+sysUser.getRealname()+",退出成功!", CommonConstant.LOG_TYPE_1, null, sysUser);
log.info("【退出成功】异步清理用户缓存: {} ", sysUser.getRealname());
log.info("【退出成功操作】异步处理,退出后,清理用户缓存: "+sysUser.getRealname());
});
}
@ -287,7 +315,7 @@ public class LoginController {
Result<JSONObject> result = new Result<JSONObject>();
String username = user.getUsername();
if(oConvertUtils.isEmpty(username)) {
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
username = sysUser.getUsername();
}
@ -475,13 +503,15 @@ public class LoginController {
*/
private Result<JSONObject> userInfo(SysUser sysUser, Result<JSONObject> result, HttpServletRequest request) {
String username = sysUser.getUsername();
String syspassword = sysUser.getPassword();
// 获取用户部门信息
JSONObject obj = new JSONObject(new LinkedHashMap<>());
//1.使用sa-token生成token使用username作为loginId将用户信息存入session
LoginUser loginUser = new LoginUser();
BeanUtils.copyProperties(sysUser, loginUser);
String token = LoginUserUtils.doLogin(loginUser);
//1.生成token
String token = JwtUtil.sign(username, syspassword);
// 设置token缓存有效时间
redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token);
redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME * 2 / 1000);
obj.put("token", token);
//2.设置登录租户
@ -579,7 +609,7 @@ public class LoginController {
/**
* 切换菜单表为vue3的表
*/
@SaCheckRole({"admin"})
@PreAuthorize("@jps.requiresRoles('admin')")
@GetMapping(value = "/switchVue3Menu")
public Result<String> switchVue3Menu(HttpServletResponse response) {
Result<String> res = new Result<String>();
@ -651,11 +681,11 @@ public class LoginController {
//5. 设置登录用户信息
obj.put("userInfo", sysUser);
//6. 使用Sa-Token生成token使用username作为loginId、将用户信息存入session
LoginUser loginUser = new LoginUser();
BeanUtils.copyProperties(sysUser, loginUser);
String token = LoginUserUtils.doLogin(loginUser);
log.info("App登录成功用户名{}token={}", username, token);
//6. 生成token
String token = JwtUtil.sign(username, syspassword);
// 设置超时时间
redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token);
redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, JwtUtil.EXPIRE_TIME*2 / 1000);
//token 信息
obj.put("token", token);
@ -787,7 +817,7 @@ public class LoginController {
result.setSuccess(false);
return result;
}
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
String username = sysUser.getUsername();
LambdaQueryWrapper<SysUser> query = new LambdaQueryWrapper<>();
query.eq(SysUser::getUsername, username).eq(SysUser::getPhone, mobile);

21
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysAnnouncementController.java
View File

@ -1,5 +1,7 @@
package org.jeecg.modules.system.controller;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
@ -8,7 +10,7 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.jeecg.dingtalk.api.core.response.Response;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.jeecg.common.util.LoginUserUtils;
import org.apache.shiro.SecurityUtils;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.config.TenantContext;
import org.jeecg.common.constant.CommonConstant;
@ -20,6 +22,7 @@ import org.jeecg.common.system.util.JwtUtil;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.*;
import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.message.enums.RangeDateEnum;
import org.jeecg.modules.message.websocket.WebSocket;
import org.jeecg.modules.system.entity.SysAnnouncement;
@ -39,6 +42,7 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.CollectionUtils;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
@ -49,10 +53,7 @@ import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.*;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.SynchronousQueue;
import java.util.concurrent.ThreadPoolExecutor;
@ -378,7 +379,7 @@ public class SysAnnouncementController {
long start = System.currentTimeMillis();
Result<Map<String,Object>> result = new Result<Map<String,Object>>();
Map<String,Object> sysMsgMap = new HashMap(5);
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
String userId = sysUser.getId();
@ -423,7 +424,7 @@ public class SysAnnouncementController {
*/
@RequestMapping(value = "/getUnreadMessageCount", method = RequestMethod.GET)
public Result<Map<String, Integer>> getUnreadMessageCount(@RequestParam(required = false, defaultValue = "5") Integer pageSize, HttpServletRequest request) {
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
String userId = sysUser.getId();
// 获取上个月的第一天(只查近两个月的通知)
@ -466,7 +467,7 @@ public class SysAnnouncementController {
//导出文件名称
mv.addObject(NormalExcelConstants.FILE_NAME, "系统通告列表");
mv.addObject(NormalExcelConstants.CLASS, SysAnnouncement.class);
LoginUser user = LoginUserUtils.getSessionUser();
LoginUser user = SecureUtil.currentUser();
mv.addObject(NormalExcelConstants.PARAMS, new ExportParams("系统通告列表数据", "导出人:"+user.getRealname(), "导出信息"));
mv.addObject(NormalExcelConstants.DATA_LIST, pageList);
return mv;
@ -567,7 +568,7 @@ public class SysAnnouncementController {
boolean tokenOk = false;
try {
// 验证Token有效性
tokenOk = TokenUtils.verifyToken(request, sysBaseApi);
tokenOk = TokenUtils.verifyToken(request, sysBaseApi, redisUtil);
} catch (Exception ignored) {
}
// 判断是否传递了Token并且Token有效如果传了就不做查看限制直接返回
@ -643,7 +644,7 @@ public class SysAnnouncementController {
JSONObject obj = new JSONObject();
obj.put(WebsocketConst.MSG_CMD, WebsocketConst.CMD_USER);
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
webSocket.sendMessage(sysUser.getId(), obj.toJSONString());
// 4、性能统计耗时

12
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysAnnouncementSendController.java
View File

@ -3,10 +3,10 @@ package org.jeecg.modules.system.controller;
import java.util.Arrays;
import java.util.Date;
import com.alibaba.fastjson.JSON;
import jakarta.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.jeecg.common.util.LoginUserUtils;
import org.apache.commons.lang.StringUtils;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.constant.DataBaseConstant;
@ -14,11 +14,13 @@ import org.jeecg.common.constant.WebsocketConst;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.SqlInjectionUtil;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.message.websocket.WebSocket;
import org.jeecg.modules.system.entity.SysAnnouncementSend;
import org.jeecg.modules.system.model.AnnouncementSendModel;
import org.jeecg.modules.system.service.ISysAnnouncementSendService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
@ -195,7 +197,7 @@ public class SysAnnouncementSendController {
public Result<SysAnnouncementSend> editById(@RequestBody JSONObject json) {
Result<SysAnnouncementSend> result = new Result<SysAnnouncementSend>();
String anntId = json.getString("anntId");
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
String userId = sysUser.getId();
LambdaUpdateWrapper<SysAnnouncementSend> updateWrapper = new UpdateWrapper().lambda();
updateWrapper.set(SysAnnouncementSend::getReadFlag, CommonConstant.HAS_READ_FLAG);
@ -220,7 +222,7 @@ public class SysAnnouncementSendController {
@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
@RequestParam(name="pageSize", defaultValue="10") Integer pageSize) {
Result<IPage<AnnouncementSendModel>> result = new Result<IPage<AnnouncementSendModel>>();
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
String userId = sysUser.getId();
announcementSendModel.setUserId(userId);
announcementSendModel.setPageNo((pageNo-1)*pageSize);
@ -247,7 +249,7 @@ public class SysAnnouncementSendController {
@PutMapping(value = "/readAll")
public Result<SysAnnouncementSend> readAll() {
Result<SysAnnouncementSend> result = new Result<SysAnnouncementSend>();
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
String userId = sysUser.getId();
LambdaUpdateWrapper<SysAnnouncementSend> updateWrapper = new UpdateWrapper().lambda();
updateWrapper.set(SysAnnouncementSend::getReadFlag, CommonConstant.HAS_READ_FLAG);

5
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysAppVersionController.java
View File

@ -3,12 +3,13 @@ package org.jeecg.modules.system.controller;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import lombok.extern.slf4j.Slf4j;
import cn.dev33.satoken.annotation.SaCheckRole;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.util.RedisUtil;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.modules.jmreport.common.annotation.RequiresRoles;
import org.jeecg.modules.system.entity.SysAppVersion;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
/**
@ -57,7 +58,7 @@ public class SysAppVersionController{
* @param sysAppVersion
* @return
*/
@SaCheckRole({"admin"})
@PreAuthorize("@jps.requiresRoles('admin')")
@Operation(summary="app系统配置-保存")
@PostMapping(value = "/saveVersion")
public Result<?> saveVersion(@RequestBody SysAppVersion sysAppVersion) {

5
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysCategoryController.java
View File

@ -7,7 +7,6 @@ import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.jeecg.common.util.LoginUserUtils;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.config.TenantContext;
import org.jeecg.common.constant.CommonConstant;
@ -18,6 +17,7 @@ import org.jeecg.common.util.ImportExcelUtil;
import org.jeecg.common.util.ReflectHelper;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.system.entity.SysCategory;
import org.jeecg.modules.system.model.TreeSelectModel;
import org.jeecg.modules.system.service.ISysCategoryService;
@ -27,6 +27,7 @@ import org.jeecgframework.poi.excel.entity.ExportParams;
import org.jeecgframework.poi.excel.entity.ImportParams;
import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;
@ -237,7 +238,7 @@ public class SysCategoryController {
//导出文件名称
mv.addObject(NormalExcelConstants.FILE_NAME, "分类字典列表");
mv.addObject(NormalExcelConstants.CLASS, SysCategory.class);
LoginUser user = LoginUserUtils.getSessionUser();
LoginUser user = SecureUtil.currentUser();
mv.addObject(NormalExcelConstants.PARAMS, new ExportParams("分类字典列表数据", "导出人:"+user.getRealname(), "导出信息"));
return mv;
}

18
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysCommentController.java
View File

@ -1,12 +1,12 @@
package org.jeecg.modules.system.controller;
import com.alibaba.fastjson.JSON;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import io.swagger.v3.oas.annotations.tags.Tag;
import io.swagger.v3.oas.annotations.Operation;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.util.LoginUserUtils;
import org.jeecg.common.api.dto.DataLogDTO;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.CommonConstant;
@ -14,12 +14,14 @@ import org.jeecg.common.system.api.ISysBaseAPI;
import org.jeecg.common.system.base.controller.JeecgController;
import org.jeecg.common.system.query.QueryGenerator;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.system.entity.SysComment;
import org.jeecg.modules.system.service.ISysCommentService;
import org.jeecg.modules.system.vo.SysCommentFileVo;
import org.jeecg.modules.system.vo.SysCommentVO;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.servlet.ModelAndView;
@ -126,7 +128,7 @@ public class SysCommentController extends JeecgController<SysComment, ISysCommen
if(comment==null){
return Result.error("该评论已被删除!");
}
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
String username = sysUser.getUsername();
String admin = "admin";
//除了admin外 其他人只能删除自己的评论
@ -182,7 +184,7 @@ public class SysCommentController extends JeecgController<SysComment, ISysCommen
* @return
*/
@Operation(summary = "系统评论回复表-添加")
//@SaCheckPermission("org.jeecg.modules.demo:sys_comment:add")
//@RequiresPermissions("org.jeecg.modules.demo:sys_comment:add")
@PostMapping(value = "/add")
public Result<String> add(@RequestBody SysComment sysComment) {
sysCommentService.save(sysComment);
@ -197,7 +199,7 @@ public class SysCommentController extends JeecgController<SysComment, ISysCommen
*/
//@AutoLog(value = "系统评论回复表-编辑")
@Operation(summary = "系统评论回复表-编辑")
//@SaCheckPermission("org.jeecg.modules.demo:sys_comment:edit")
//@RequiresPermissions("org.jeecg.modules.demo:sys_comment:edit")
@RequestMapping(value = "/edit", method = {RequestMethod.PUT, RequestMethod.POST})
public Result<String> edit(@RequestBody SysComment sysComment) {
sysCommentService.updateById(sysComment);
@ -212,7 +214,7 @@ public class SysCommentController extends JeecgController<SysComment, ISysCommen
*/
//@AutoLog(value = "系统评论回复表-通过id删除")
@Operation(summary = "系统评论回复表-通过id删除")
//@SaCheckPermission("org.jeecg.modules.demo:sys_comment:delete")
//@RequiresPermissions("org.jeecg.modules.demo:sys_comment:delete")
@DeleteMapping(value = "/delete")
public Result<String> delete(@RequestParam(name = "id", required = true) String id) {
sysCommentService.removeById(id);
@ -227,7 +229,7 @@ public class SysCommentController extends JeecgController<SysComment, ISysCommen
*/
//@AutoLog(value = "系统评论回复表-批量删除")
@Operation(summary = "系统评论回复表-批量删除")
//@SaCheckPermission("org.jeecg.modules.demo:sys_comment:deleteBatch")
//@RequiresPermissions("org.jeecg.modules.demo:sys_comment:deleteBatch")
@DeleteMapping(value = "/deleteBatch")
public Result<String> deleteBatch(@RequestParam(name = "ids", required = true) String ids) {
this.sysCommentService.removeByIds(Arrays.asList(ids.split(",")));
@ -257,7 +259,7 @@ public class SysCommentController extends JeecgController<SysComment, ISysCommen
* @param request
* @param sysComment
*/
//@SaCheckPermission("org.jeecg.modules.demo:sys_comment:exportXls")
//@RequiresPermissions("org.jeecg.modules.demo:sys_comment:exportXls")
@RequestMapping(value = "/exportXls")
public ModelAndView exportXls(HttpServletRequest request, SysComment sysComment) {
return super.exportXls(request, sysComment, SysComment.class, "系统评论回复表");
@ -270,7 +272,7 @@ public class SysCommentController extends JeecgController<SysComment, ISysCommen
* @param response
* @return
*/
//@SaCheckPermission("sys_comment:importExcel")
//@RequiresPermissions("sys_comment:importExcel")
@RequestMapping(value = "/importExcel", method = RequestMethod.POST)
public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response) {
return super.importExcel(request, response, SysComment.class);

13
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDataSourceController.java
View File

@ -7,12 +7,12 @@ import com.baomidou.dynamic.datasource.DynamicRoutingDataSource;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import io.swagger.v3.oas.annotations.tags.Tag;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import cn.dev33.satoken.annotation.SaCheckPermission;
import cn.dev33.satoken.annotation.SaCheckRole;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.aspect.annotation.AutoLog;
import org.jeecg.common.config.TenantContext;
@ -27,6 +27,7 @@ import org.jeecg.modules.system.entity.SysDataSource;
import org.jeecg.modules.system.service.ISysDataSourceService;
import org.jeecg.modules.system.util.SecurityUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.servlet.ModelAndView;
@ -63,7 +64,7 @@ public class SysDataSourceController extends JeecgController<SysDataSource, ISys
*/
@AutoLog(value = "多数据源管理-分页列表查询")
@Operation(summary = "多数据源管理-分页列表查询")
@SaCheckPermission("system:datasource:list")
@PreAuthorize("@jps.requiresPermissions('system:datasource:list')")
@GetMapping(value = "/list")
public Result<?> queryPageList(
SysDataSource sysDataSource,
@ -132,7 +133,7 @@ public class SysDataSourceController extends JeecgController<SysDataSource, ISys
* @return
*/
@AutoLog(value = "多数据源管理-编辑")
@Operation(summary = "多数据源管理-编辑")
@Operation(summary = "多数据源管理-编辑")
@RequestMapping(value = "/edit", method ={RequestMethod.PUT, RequestMethod.POST})
public Result<?> edit(@RequestBody SysDataSource sysDataSource) {
//update-begin-author:taoyan date:2022-8-10 for: jdbc连接地址漏洞问题
@ -166,7 +167,7 @@ public class SysDataSourceController extends JeecgController<SysDataSource, ISys
* @return
*/
@AutoLog(value = "多数据源管理-批量删除")
@Operation(summary = "多数据源管理-批量删除")
@Operation(summary = "多数据源管理-批量删除")
@DeleteMapping(value = "/deleteBatch")
public Result<?> deleteBatch(@RequestParam(name = "ids") String ids) {
List<String> idList = Arrays.asList(ids.split(","));

27
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartController.java
View File

@ -1,21 +1,24 @@
package org.jeecg.modules.system.controller;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.jeecg.common.util.LoginUserUtils;
import cn.dev33.satoken.annotation.SaCheckPermission;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.config.TenantContext;
import org.jeecg.common.constant.CacheConstant;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.system.query.QueryGenerator;
import org.jeecg.common.system.util.JwtUtil;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.ImportExcelUtil;
import org.jeecg.common.util.RedisUtil;
import org.jeecg.common.util.YouBianCodeUtil;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.system.entity.SysDepart;
import org.jeecg.modules.system.entity.SysUser;
import org.jeecg.modules.system.excelstyle.ExcelExportSysUserStyle;
@ -35,6 +38,8 @@ import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.annotation.CacheEvict;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;
@ -75,7 +80,7 @@ public class SysDepartController {
@RequestMapping(value = "/queryMyDeptTreeList", method = RequestMethod.GET)
public Result<List<SysDepartTreeModel>> queryMyDeptTreeList() {
Result<List<SysDepartTreeModel>> result = new Result<>();
LoginUser user = LoginUserUtils.getSessionUser();
LoginUser user = SecureUtil.currentUser();
try {
if(oConvertUtils.isNotEmpty(user.getUserIdentity()) && user.getUserIdentity().equals( CommonConstant.USER_IDENTITY_2 )){
//update-begin--Author:liusq Date:20210624 for:部门查询ids为空后的前端显示问题 issues/I3UD06
@ -205,7 +210,7 @@ public class SysDepartController {
* @param sysDepart
* @return
*/
@SaCheckPermission("system:depart:add")
@PreAuthorize("@jps.requiresPermissions('system:depart:add')")
@RequestMapping(value = "/add", method = RequestMethod.POST)
@CacheEvict(value= {CacheConstant.SYS_DEPARTS_CACHE,CacheConstant.SYS_DEPART_IDS_CACHE}, allEntries=true)
public Result<SysDepart> add(@RequestBody SysDepart sysDepart, HttpServletRequest request) {
@ -231,7 +236,7 @@ public class SysDepartController {
* @param sysDepart
* @return
*/
@SaCheckPermission("system:depart:edit")
@PreAuthorize("@jps.requiresPermissions('system:depart:edit')")
@RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
@CacheEvict(value= {CacheConstant.SYS_DEPARTS_CACHE,CacheConstant.SYS_DEPART_IDS_CACHE}, allEntries=true)
public Result<SysDepart> edit(@RequestBody SysDepart sysDepart, HttpServletRequest request) {
@ -259,7 +264,7 @@ public class SysDepartController {
* @param id
* @return
*/
@SaCheckPermission("system:depart:delete")
@PreAuthorize("@jps.requiresPermissions('system:depart:delete')")
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
@CacheEvict(value= {CacheConstant.SYS_DEPARTS_CACHE,CacheConstant.SYS_DEPART_IDS_CACHE}, allEntries=true)
public Result<SysDepart> delete(@RequestParam(name="id",required=true) String id) {
@ -285,7 +290,7 @@ public class SysDepartController {
* @param ids
* @return
*/
@SaCheckPermission("system:depart:deleteBatch")
@PreAuthorize("@jps.requiresPermissions('system:depart:deleteBatch')")
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
@CacheEvict(value= {CacheConstant.SYS_DEPARTS_CACHE,CacheConstant.SYS_DEPART_IDS_CACHE}, allEntries=true)
public Result<SysDepart> deleteBatch(@RequestParam(name = "ids", required = true) String ids) {
@ -352,7 +357,7 @@ public class SysDepartController {
@RequestParam(name = "departIds", required = false) String depIds) {
Result<List<SysDepartTreeModel>> result = new Result<List<SysDepartTreeModel>>();
//部门查询myDeptSearch为1时为我的部门查询登录用户为上级时查只查负责部门下数据
LoginUser user = LoginUserUtils.getSessionUser();
LoginUser user = SecureUtil.currentUser();
String departIds = null;
if(oConvertUtils.isNotEmpty(user.getUserIdentity()) && user.getUserIdentity().equals( CommonConstant.USER_IDENTITY_2 )){
departIds = user.getDepartIds();
@ -409,7 +414,7 @@ public class SysDepartController {
//导出文件名称
mv.addObject(NormalExcelConstants.FILE_NAME, "部门列表");
mv.addObject(NormalExcelConstants.CLASS, SysDepartExportVo.class);
LoginUser user = LoginUserUtils.getSessionUser();
LoginUser user = SecureUtil.currentUser();
ExportParams exportParams = new ExportParams("导入规则:\n" +
"1、标题为第三行部门路径和部门名称的标题不允许修改否则会匹配失败第四行为数据填写范围;\n" +
"2、部门路径用英文字符/分割,部门名称为部门路径的最后一位;\n" +
@ -433,7 +438,7 @@ public class SysDepartController {
* @param response
* @return
*/
@SaCheckPermission("system:depart:importExcel")
@PreAuthorize("@jps.requiresPermissions('system:depart:importExcel')")
@RequestMapping(value = "/importExcel", method = RequestMethod.POST)
@CacheEvict(value= {CacheConstant.SYS_DEPARTS_CACHE,CacheConstant.SYS_DEPART_IDS_CACHE}, allEntries=true)
public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response) {
@ -674,7 +679,7 @@ public class SysDepartController {
//导出文件名称
mv.addObject(NormalExcelConstants.FILE_NAME, "部门列表");
mv.addObject(NormalExcelConstants.CLASS, ExportDepartVo.class);
LoginUser user = LoginUserUtils.getSessionUser();
LoginUser user = SecureUtil.currentUser();
mv.addObject(NormalExcelConstants.PARAMS, new ExportParams("部门列表数据", "导出人:"+user.getRealname(), "导出信息"));
mv.addObject(NormalExcelConstants.DATA_LIST, pageList);
return mv;

25
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartPermissionController.java
View File

@ -1,18 +1,23 @@
package org.jeecg.modules.system.controller;
import java.util.*;
import java.util.stream.Collectors;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import org.jeecg.common.util.LoginUserUtils;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.system.base.controller.JeecgController;
import org.jeecg.common.system.query.QueryGenerator;
import org.jeecg.common.aspect.annotation.AutoLog;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.base.service.BaseCommonService;
import org.jeecg.modules.system.entity.SysDepartPermission;
import org.jeecg.modules.system.entity.SysDepartRolePermission;
@ -30,10 +35,12 @@ import org.jeecg.modules.system.service.ISysPermissionDataRuleService;
import org.jeecg.modules.system.service.ISysPermissionService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.servlet.ModelAndView;
import io.swagger.v3.oas.annotations.tags.Tag;
import io.swagger.v3.oas.annotations.Operation;
import java.util.*;
import java.util.stream.Collectors;
/**
* @Description: 部门权限表
@ -259,7 +266,7 @@ public class SysDepartPermissionController extends JeecgController<SysDepartPerm
this.sysDepartRolePermissionService.saveDeptRolePermission(roleId, permissionIds, lastPermissionIds);
result.success("保存成功!");
//update-begin---author:wangshuai ---date:20220316 for[VUEN-234]部门角色授权添加敏感日志------------
LoginUser loginUser = LoginUserUtils.getSessionUser();
LoginUser loginUser = SecureUtil.currentUser();
baseCommonService.addLog("修改部门角色ID:"+roleId+"的权限配置,操作人: " +loginUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2);
//update-end---author:wangshuai ---date:20220316 for[VUEN-234]部门角色授权添加敏感日志------------
log.info("======部门角色授权成功=====耗时:" + (System.currentTimeMillis() - start) + "毫秒");

57
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDepartRoleController.java
View File

@ -1,34 +1,39 @@
package org.jeecg.modules.system.controller;
import java.util.*;
import java.util.stream.Collectors;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import org.jeecg.common.util.LoginUserUtils;
import cn.dev33.satoken.annotation.SaCheckPermission;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.system.query.QueryGenerator;
import org.jeecg.common.aspect.annotation.AutoLog;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.modules.base.service.BaseCommonService;
import org.jeecg.modules.system.entity.*;
import org.jeecg.modules.system.service.*;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.aspect.annotation.AutoLog;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.system.base.controller.JeecgController;
import org.jeecg.common.system.query.QueryGenerator;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.base.service.BaseCommonService;
import org.jeecg.modules.system.entity.SysDepartRole;
import org.jeecg.modules.system.entity.SysDepartRolePermission;
import org.jeecg.modules.system.entity.SysDepartRoleUser;
import org.jeecg.modules.system.entity.SysPermissionDataRule;
import org.jeecg.modules.system.service.*;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.servlet.ModelAndView;
import io.swagger.v3.oas.annotations.tags.Tag;
import io.swagger.v3.oas.annotations.Operation;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
/**
* @Description: 部门角色
@ -77,7 +82,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
HttpServletRequest req) {
QueryWrapper<SysDepartRole> queryWrapper = QueryGenerator.initQueryWrapper(sysDepartRole, req.getParameterMap());
Page<SysDepartRole> page = new Page<SysDepartRole>(pageNo, pageSize);
// LoginUser user = LoginUserUtils.getLoginUser();
// LoginUser user = (LoginUser) SecurityUtils.getSubject().getPrincipal();
// List<String> deptIds = null;
// if(oConvertUtils.isEmpty(deptId)){
// if(oConvertUtils.isNotEmpty(user.getUserIdentity()) && user.getUserIdentity().equals(CommonConstant.USER_IDENTITY_2) ){
@ -108,7 +113,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
* @param sysDepartRole
* @return
*/
@SaCheckPermission("system:depart:role:add")
@PreAuthorize("@jps.requiresPermissions('system:depart:role:add')")
@Operation(summary="部门角色-添加")
@PostMapping(value = "/add")
public Result<?> add(@RequestBody SysDepartRole sysDepartRole) {
@ -123,7 +128,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
* @return
*/
@Operation(summary="部门角色-编辑")
@SaCheckPermission("system:depart:role:edit")
@PreAuthorize("@jps.requiresPermissions('system:depart:role:edit')")
@RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
public Result<?> edit(@RequestBody SysDepartRole sysDepartRole) {
sysDepartRoleService.updateById(sysDepartRole);
@ -138,7 +143,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
*/
@AutoLog(value = "部门角色-通过id删除")
@Operation(summary="部门角色-通过id删除")
@SaCheckPermission("system:depart:role:delete")
@PreAuthorize("@jps.requiresPermissions('system:depart:role:delete')")
@DeleteMapping(value = "/delete")
public Result<?> delete(@RequestParam(name="id",required=true) String id) {
sysDepartRoleService.removeById(id);
@ -153,7 +158,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
*/
@AutoLog(value = "部门角色-批量删除")
@Operation(summary="部门角色-批量删除")
@SaCheckPermission("system:depart:role:deleteBatch")
@PreAuthorize("@jps.requiresPermissions('system:depart:role:deleteBatch')")
@DeleteMapping(value = "/deleteBatch")
public Result<?> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
this.sysDepartRoleService.deleteDepartRole(Arrays.asList(ids.split(",")));
@ -194,7 +199,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
* @param json
* @return
*/
@SaCheckPermission("system:depart:role:userAdd")
@PreAuthorize("@jps.requiresPermissions('system:depart:role:userAdd')")
@RequestMapping(value = "/deptRoleUserAdd", method = RequestMethod.POST)
public Result<?> deptRoleAdd(@RequestBody JSONObject json) {
String newRoleId = json.getString("newRoleId");
@ -202,7 +207,7 @@ public class SysDepartRoleController extends JeecgController<SysDepartRole, ISys
String userId = json.getString("userId");
departRoleUserService.deptRoleUserAdd(userId,newRoleId,oldRoleId);
//update-begin---author:wangshuai ---date:20220316 for[VUEN-234]部门角色分配添加敏感日志------------
LoginUser loginUser = LoginUserUtils.getSessionUser();
LoginUser loginUser = SecureUtil.currentUser();
baseCommonService.addLog("给部门用户ID"+userId+"分配角色,操作人: " +loginUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2);
//update-end---author:wangshuai ---date:20220316 for[VUEN-234]部门角色分配添加敏感日志------------
return Result.ok("添加成功!");

32
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDictController.java
View File

@ -9,8 +9,6 @@ import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.jeecg.common.util.LoginUserUtils;
import cn.dev33.satoken.annotation.SaCheckPermission;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.config.TenantContext;
import org.jeecg.common.constant.CacheConstant;
@ -22,6 +20,8 @@ import org.jeecg.common.system.vo.DictQuery;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.*;
import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
import org.jeecg.config.security.JeecgPermissionService;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.system.entity.SysDict;
import org.jeecg.modules.system.entity.SysDictItem;
import org.jeecg.modules.system.model.SysDictTree;
@ -40,6 +40,8 @@ import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.annotation.CacheEvict;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;
@ -71,7 +73,9 @@ public class SysDictController {
public RedisTemplate<String, Object> redisTemplate;
@Autowired
private RedisUtil redisUtil;
@Autowired
private JeecgPermissionService jeecgPermissionService;
@RequestMapping(value = "/list", method = RequestMethod.GET)
public Result<IPage<SysDict>> queryPageList(
SysDict sysDict,
@ -385,7 +389,7 @@ public class SysDictController {
* @param sysDict
* @return
*/
@SaCheckPermission("system:dict:add")
@PreAuthorize("@jps.requiresPermissions('system:dict:add')")
@RequestMapping(value = "/add", method = RequestMethod.POST)
public Result<SysDict> add(@RequestBody SysDict sysDict) {
Result<SysDict> result = new Result<SysDict>();
@ -406,7 +410,7 @@ public class SysDictController {
* @param sysDict
* @return
*/
@SaCheckPermission("system:dict:edit")
@PreAuthorize("@jps.requiresPermissions('system:dict:edit')")
@RequestMapping(value = "/edit", method = { RequestMethod.PUT,RequestMethod.POST })
public Result<SysDict> edit(@RequestBody SysDict sysDict) {
Result<SysDict> result = new Result<SysDict>();
@ -428,7 +432,7 @@ public class SysDictController {
* @param id
* @return
*/
@SaCheckPermission("system:dict:delete")
@PreAuthorize("@jps.requiresPermissions('system:dict:delete')")
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
@CacheEvict(value={CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
public Result<SysDict> delete(@RequestParam(name="id",required=true) String id) {
@ -447,7 +451,7 @@ public class SysDictController {
* @param ids
* @return
*/
@SaCheckPermission("system:dict:deleteBatch")
@PreAuthorize("@jps.requiresPermissions('system:dict:deleteBatch')")
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
@CacheEvict(value= {CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
public Result<SysDict> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
@ -486,7 +490,7 @@ public class SysDictController {
// redisTemplate.delete(keys6);
// redisTemplate.delete(keys7);
// springCache中的清除缓存的操作使用了“keys”
//update-begin-author:liusq date:20230404 for: [issue/4358]springCache中的清除缓存的操作使用了“keys”
redisUtil.removeAll(CacheConstant.SYS_DICT_CACHE);
redisUtil.removeAll(CacheConstant.SYS_ENABLE_DICT_CACHE);
redisUtil.removeAll(CacheConstant.SYS_DICT_TABLE_CACHE);
@ -495,6 +499,12 @@ public class SysDictController {
redisUtil.removeAll(CacheConstant.SYS_DEPART_IDS_CACHE);
redisUtil.removeAll("jmreport:cache:dict");
redisUtil.removeAll("jmreport:cache:dictTable");
//update-end-author:liusq date:20230404 for: [issue/4358]springCache中的清除缓存的操作使用了“keys”
//update-begin---author:scott ---date:2024-06-18 for【TV360X-1320】分配权限必须退出重新登录才生效造成很多用户困扰---
// 清除权限缓存
jeecgPermissionService.clearCache();
//update-end---author:scott ---date::2024-06-18 for【TV360X-1320】分配权限必须退出重新登录才生效造成很多用户困扰---
return result;
}
@ -537,7 +547,7 @@ public class SysDictController {
// 注解对象Class
mv.addObject(NormalExcelConstants.CLASS, SysDictPage.class);
// 自定义表格参数
LoginUser user = LoginUserUtils.getSessionUser();
LoginUser user = SecureUtil.currentUser();
mv.addObject(NormalExcelConstants.PARAMS, new ExportParams("数据字典列表", "导出人:"+user.getRealname(), "数据字典"));
// 导出数据列表
mv.addObject(NormalExcelConstants.DATA_LIST, pageList);
@ -551,7 +561,7 @@ public class SysDictController {
* @param
* @return
*/
@SaCheckPermission("system:dict:importExcel")
@PreAuthorize("@jps.requiresPermissions('system:dict:importExcel')")
@RequestMapping(value = "/importExcel", method = RequestMethod.POST)
public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response) {
MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
@ -690,7 +700,7 @@ public class SysDictController {
* @param ids 被删除的字典ID多个id用半角逗号分割
* @return
*/
@SaCheckPermission("system:dict:deleteRecycleBin")
@PreAuthorize("@jps.requiresPermissions('system:dict:deleteRecycleBin')")
@RequestMapping(value = "/deleteRecycleBin", method = RequestMethod.DELETE)
public Result deleteRecycleBin(@RequestParam("ids") String ids) {
try {

11
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysDictItemController.java
View File

@ -10,8 +10,6 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import io.swagger.v3.oas.annotations.tags.Tag;
import io.swagger.v3.oas.annotations.Operation;
import org.apache.commons.lang.StringUtils;
import cn.dev33.satoken.annotation.SaCheckPermission;
import cn.dev33.satoken.annotation.SaCheckRole;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.CacheConstant;
import org.jeecg.common.system.query.QueryGenerator;
@ -20,6 +18,7 @@ import org.jeecg.modules.system.entity.SysDictItem;
import org.jeecg.modules.system.service.ISysDictItemService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.annotation.CacheEvict;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@ -74,7 +73,7 @@ public class SysDictItemController {
* @功能:新增
* @return
*/
@SaCheckPermission("system:dict:item:add")
@PreAuthorize("@jps.requiresPermissions('system:dict:item:add')")
@RequestMapping(value = "/add", method = RequestMethod.POST)
@CacheEvict(value= {CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
public Result<SysDictItem> add(@RequestBody SysDictItem sysDictItem) {
@ -95,7 +94,7 @@ public class SysDictItemController {
* @param sysDictItem
* @return
*/
@SaCheckPermission("system:dict:item:edit")
@PreAuthorize("@jps.requiresPermissions('system:dict:item:edit')")
@RequestMapping(value = "/edit", method = { RequestMethod.PUT,RequestMethod.POST })
@CacheEvict(value={CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
public Result<SysDictItem> edit(@RequestBody SysDictItem sysDictItem) {
@ -119,7 +118,7 @@ public class SysDictItemController {
* @param id
* @return
*/
@SaCheckPermission("system:dict:item:delete")
@PreAuthorize("@jps.requiresPermissions('system:dict:item:delete')")
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
@CacheEvict(value={CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
public Result<SysDictItem> delete(@RequestParam(name="id",required=true) String id) {
@ -141,7 +140,7 @@ public class SysDictItemController {
* @param ids
* @return
*/
@SaCheckPermission("system:dict:item:deleteBatch")
@PreAuthorize("@jps.requiresPermissions('system:dict:item:deleteBatch')")
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
@CacheEvict(value={CacheConstant.SYS_DICT_CACHE, CacheConstant.SYS_ENABLE_DICT_CACHE}, allEntries=true)
public Result<SysDictItem> deleteBatch(@RequestParam(name="ids",required=true) String ids) {

10
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysGatewayRouteController.java
View File

@ -6,13 +6,13 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import io.swagger.v3.oas.annotations.tags.Tag;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import cn.dev33.satoken.annotation.SaCheckPermission;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.system.base.controller.JeecgController;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.modules.system.entity.SysGatewayRoute;
import org.jeecg.modules.system.service.ISysGatewayRouteService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import jakarta.servlet.http.HttpServletRequest;
@ -70,7 +70,7 @@ public class SysGatewayRouteController extends JeecgController<SysGatewayRoute,
* @param id
* @return
*/
@SaCheckPermission("system:getway:delete")
@PreAuthorize("@jps.requiresPermissions('system:getway:delete')")
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
public Result<?> delete(@RequestParam(name = "id", required = true) String id) {
sysGatewayRouteService.deleteById(id);
@ -96,7 +96,7 @@ public class SysGatewayRouteController extends JeecgController<SysGatewayRoute,
* @param jsonObject
* @return
*/
@SaCheckPermission("system:gateway:putRecycleBin")
@PreAuthorize("@jps.requiresPermissions('system:getway:putRecycleBin')")
@RequestMapping(value = "/putRecycleBin", method = RequestMethod.PUT)
public Result putRecycleBin(@RequestBody JSONObject jsonObject, HttpServletRequest request) {
try {
@ -117,7 +117,7 @@ public class SysGatewayRouteController extends JeecgController<SysGatewayRoute,
* @param ids 被删除的路由ID多个id用半角逗号分割
* @return
*/
@SaCheckPermission("system:gateway:deleteRecycleBin")
@PreAuthorize("@jps.requiresPermissions('system:getway:deleteRecycleBin')")
@RequestMapping(value = "/deleteRecycleBin", method = RequestMethod.DELETE)
public Result deleteRecycleBin(@RequestParam("ids") String ids) {
try {
@ -136,7 +136,7 @@ public class SysGatewayRouteController extends JeecgController<SysGatewayRoute,
* @param id 路由id
* @return
*/
@SaCheckPermission("system:gateway:copyRoute")
@PreAuthorize("@jps.requiresPermissions('system:getway:copyRoute')")
@RequestMapping(value = "/copyRoute", method = RequestMethod.GET)
public Result<SysGatewayRoute> copyRoute(@RequestParam(name = "id", required = true) String id, HttpServletRequest req) {
Result<SysGatewayRoute> result = new Result<>();

7
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysLogController.java
View File

@ -5,7 +5,6 @@ import java.util.Arrays;
import jakarta.servlet.http.HttpServletRequest;
import cn.dev33.satoken.annotation.SaCheckPermission;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.system.base.controller.JeecgController;
import org.jeecg.common.system.query.QueryGenerator;
@ -56,7 +55,7 @@ public class SysLogController extends JeecgController<SysLog, ISysLogService> {
* @return
*/
@RequestMapping(value = "/list", method = RequestMethod.GET)
//@SaCheckPermission("system:log:list")
//@RequiresPermissions("system:log:list")
public Result<IPage<SysLog>> queryPageList(SysLog syslog,@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
@RequestParam(name="pageSize", defaultValue="10") Integer pageSize,HttpServletRequest req) {
Result<IPage<SysLog>> result = new Result<IPage<SysLog>>();
@ -87,7 +86,7 @@ public class SysLogController extends JeecgController<SysLog, ISysLogService> {
* @return
*/
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
//@SaCheckPermission("system:log:delete")
//@RequiresPermissions("system:log:delete")
public Result<SysLog> delete(@RequestParam(name="id",required=true) String id) {
Result<SysLog> result = new Result<SysLog>();
SysLog sysLog = sysLogService.getById(id);
@ -108,7 +107,7 @@ public class SysLogController extends JeecgController<SysLog, ISysLogService> {
* @return
*/
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
//@SaCheckPermission("system:log:deleteBatch")
//@RequiresPermissions("system:log:deleteBatch")
public Result<SysRole> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
Result<SysRole> result = new Result<SysRole>();
if(ids==null || "".equals(ids.trim())) {

94
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysPermissionController.java
View File

@ -1,15 +1,14 @@
package org.jeecg.modules.system.controller;
import cn.dev33.satoken.annotation.SaCheckPermission;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import jakarta.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.SecurityUtils;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.util.LoginUserUtils;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.constant.SymbolConstant;
import org.jeecg.common.exception.JeecgBootException;
@ -17,6 +16,8 @@ import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.Md5Util;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.JeecgBaseConfig;
import org.jeecg.config.security.JeecgPermissionService;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.base.service.BaseCommonService;
import org.jeecg.modules.system.constant.DefIndexConst;
import org.jeecg.modules.system.entity.*;
@ -25,9 +26,10 @@ import org.jeecg.modules.system.model.TreeModel;
import org.jeecg.modules.system.service.*;
import org.jeecg.modules.system.util.PermissionDataUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import jakarta.servlet.http.HttpServletRequest;
import java.util.*;
import java.util.stream.Collectors;
@ -68,6 +70,9 @@ public class SysPermissionController {
@Autowired
private ISysRoleIndexService sysRoleIndexService;
@Autowired
private JeecgPermissionService jeecgPermissionService;
/**
* 子菜单
*/
@ -78,7 +83,7 @@ public class SysPermissionController {
*
* @return
*/
//@SaCheckPermission("system:permission:list")
//@RequiresPermissions("system:permission:list")
@RequestMapping(value = "/list", method = RequestMethod.GET)
public Result<List<SysPermissionTree>> list(SysPermission sysPermission, HttpServletRequest req) {
long start = System.currentTimeMillis();
@ -241,8 +246,8 @@ public class SysPermissionController {
public Result<?> getUserPermissionByToken(HttpServletRequest request) {
Result<JSONObject> result = new Result<JSONObject>();
try {
//直接获取当前用户
LoginUser loginUser = LoginUserUtils.getSessionUser();
//直接获取当前用户不适用前端token
LoginUser loginUser = SecureUtil.currentUser();
if (oConvertUtils.isEmpty(loginUser)) {
return Result.error("请登录系统!");
}
@ -354,7 +359,7 @@ public class SysPermissionController {
public Result<?> getPermCode() {
try {
// 直接获取当前用户
LoginUser loginUser = LoginUserUtils.getSessionUser();
LoginUser loginUser = SecureUtil.currentUser();
if (oConvertUtils.isEmpty(loginUser)) {
return Result.error("请登录系统!");
}
@ -395,7 +400,7 @@ public class SysPermissionController {
* @param permission
* @return
*/
@SaCheckPermission("system:permission:add")
@PreAuthorize("@jps.requiresPermissions('system:permission:add')")
@RequestMapping(value = "/add", method = RequestMethod.POST)
public Result<SysPermission> add(@RequestBody SysPermission permission) {
Result<SysPermission> result = new Result<SysPermission>();
@ -415,7 +420,7 @@ public class SysPermissionController {
* @param permission
* @return
*/
@SaCheckPermission("system:permission:edit")
@PreAuthorize("@jps.requiresPermissions('system:permission:edit')")
@RequestMapping(value = "/edit", method = { RequestMethod.PUT, RequestMethod.POST })
public Result<SysPermission> edit(@RequestBody SysPermission permission) {
Result<SysPermission> result = new Result<>();
@ -457,7 +462,7 @@ public class SysPermissionController {
* @param id
* @return
*/
@SaCheckPermission("system:permission:delete")
@PreAuthorize("@jps.requiresPermissions('system:permission:delete')")
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
public Result<SysPermission> delete(@RequestParam(name = "id", required = true) String id) {
Result<SysPermission> result = new Result<>();
@ -476,7 +481,7 @@ public class SysPermissionController {
* @param ids
* @return
*/
@SaCheckPermission("system:permission:deleteBatch")
@PreAuthorize("@jps.requiresPermissions('system:permission:deleteBatch')")
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
public Result<SysPermission> deleteBatch(@RequestParam(name = "ids", required = true) String ids) {
Result<SysPermission> result = new Result<>();
@ -584,7 +589,7 @@ public class SysPermissionController {
* @return
*/
@RequestMapping(value = "/saveRolePermission", method = RequestMethod.POST)
@SaCheckPermission("system:permission:saveRole")
@PreAuthorize("@jps.requiresPermissions('system:permission:saveRole')")
public Result<String> saveRolePermission(@RequestBody JSONObject json) {
long start = System.currentTimeMillis();
Result<String> result = new Result<>();
@ -593,12 +598,12 @@ public class SysPermissionController {
String permissionIds = json.getString("permissionIds");
String lastPermissionIds = json.getString("lastpermissionIds");
this.sysRolePermissionService.saveRolePermission(roleId, permissionIds, lastPermissionIds);
// 清除拥有该角色的所有用户的权限和角色缓存
clearRolePermissionCache(roleId);
LoginUser loginUser = LoginUserUtils.getSessionUser();
baseCommonService.addLog("修改角色ID: " +roleId+" 的权限配置,操作人: " +loginUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2);
//update-begin---author:wangshuai ---date:20220316 for[VUEN-234]用户管理角色授权添加敏感日志------------
LoginUser loginUser = SecureUtil.currentUser();
baseCommonService.addLog("修改角色ID: "+roleId+" 的权限配置,操作人: " +loginUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2);
//update-end---author:wangshuai ---date:20220316 for[VUEN-234]用户管理角色授权添加敏感日志------------
// 清除权限缓存
jeecgPermissionService.clearCache();
result.success("保存成功!");
log.info("======角色授权成功=====耗时:" + (System.currentTimeMillis() - start) + "毫秒");
} catch (Exception e) {
@ -607,47 +612,6 @@ public class SysPermissionController {
}
return result;
}
/**
* 清除拥有指定角色的所有用户的权限和角色缓存
* <p>原理:查询拥有该角色的所有用户,调用 StpInterfaceImpl.clearUserCache() 清除缓存</p>
*
* @param roleId 角色ID
*/
private void clearRolePermissionCache(String roleId) {
log.info("开始清除角色权限缓存 [ roleId={} ]", roleId);
List<String> usernameList = new ArrayList<>();
// 分页查询拥有该角色的用户(避免一次性加载大量数据)
int pageNo = 1, pageSize = 100;
while (true) {
Page<SysUser> page = new Page<>(pageNo, pageSize);
IPage<SysUser> userPage = sysUserService.getUserByRoleId(page, roleId, null, null);
if (userPage.getRecords().isEmpty()) {
break;
}
// 收集用户名
for (SysUser user : userPage.getRecords()) {
usernameList.add(user.getUsername());
}
// 判断是否还有下一页
if (pageNo >= userPage.getPages()) {
break;
}
pageNo++;
}
// 批量清除缓存
if (!usernameList.isEmpty()) {
org.jeecg.config.satoken.StpInterfaceImpl.clearUserCache(usernameList);
log.info("角色权限缓存清理完成 [ roleId={}, affectedUsers={} ]", roleId, usernameList.size());
} else {
log.info("该角色下无用户,无需清除缓存 [ roleId={} ]", roleId);
}
}
private void getTreeList(List<SysPermissionTree> treeList, List<SysPermission> metaList, SysPermissionTree temp) {
for (SysPermission permission : metaList) {
@ -955,7 +919,7 @@ public class SysPermissionController {
* @param sysPermissionDataRule
* @return
*/
@SaCheckPermission("system:permission:addRule")
@PreAuthorize("@jps.requiresPermissions('system:permission:addRule')")
@RequestMapping(value = "/addPermissionRule", method = RequestMethod.POST)
public Result<SysPermissionDataRule> addPermissionRule(@RequestBody SysPermissionDataRule sysPermissionDataRule) {
Result<SysPermissionDataRule> result = new Result<SysPermissionDataRule>();
@ -970,7 +934,7 @@ public class SysPermissionController {
return result;
}
@SaCheckPermission("system:permission:editRule")
@PreAuthorize("@jps.requiresPermissions('system:permission:editRule')")
@RequestMapping(value = "/editPermissionRule", method = { RequestMethod.PUT, RequestMethod.POST })
public Result<SysPermissionDataRule> editPermissionRule(@RequestBody SysPermissionDataRule sysPermissionDataRule) {
Result<SysPermissionDataRule> result = new Result<SysPermissionDataRule>();
@ -990,7 +954,7 @@ public class SysPermissionController {
* @param id
* @return
*/
@SaCheckPermission("system:permission:deleteRule")
@PreAuthorize("@jps.requiresPermissions('system:permission:deleteRule')")
@RequestMapping(value = "/deletePermissionRule", method = RequestMethod.DELETE)
public Result<SysPermissionDataRule> deletePermissionRule(@RequestParam(name = "id", required = true) String id) {
Result<SysPermissionDataRule> result = new Result<SysPermissionDataRule>();
@ -1047,7 +1011,7 @@ public class SysPermissionController {
* @return
*/
@RequestMapping(value = "/saveDepartPermission", method = RequestMethod.POST)
@SaCheckPermission("system:permission:saveDepart")
@PreAuthorize("@jps.requiresPermissions('system:permission:saveDepart')")
public Result<String> saveDepartPermission(@RequestBody JSONObject json) {
long start = System.currentTimeMillis();
Result<String> result = new Result<>();

5
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysPositionController.java
View File

@ -8,7 +8,6 @@ import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import io.swagger.v3.oas.annotations.tags.Tag;
import io.swagger.v3.oas.annotations.Operation;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.util.LoginUserUtils;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.aspect.annotation.AutoLog;
import org.jeecg.common.config.TenantContext;
@ -18,6 +17,7 @@ import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.ImportExcelUtil;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.system.entity.SysPosition;
import org.jeecg.modules.system.entity.SysUser;
import org.jeecg.modules.system.service.ISysPositionService;
@ -29,6 +29,7 @@ import org.jeecgframework.poi.excel.entity.ExportParams;
import org.jeecgframework.poi.excel.entity.ImportParams;
import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;
@ -249,7 +250,7 @@ public class SysPositionController {
//Step.2 AutoPoi 导出Excel
ModelAndView mv = new ModelAndView(new JeecgEntityExcelView());
List<SysPosition> pageList = sysPositionService.list(queryWrapper);
LoginUser user = LoginUserUtils.getSessionUser();
LoginUser user = SecureUtil.currentUser();
//导出文件名称
mv.addObject(NormalExcelConstants.FILE_NAME, "职务表列表");
mv.addObject(NormalExcelConstants.CLASS, SysPosition.class);

27
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysRoleController.java
View File

@ -8,13 +8,14 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
import com.alibaba.fastjson.JSON;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import cn.hutool.core.util.RandomUtil;
import com.baomidou.mybatisplus.extension.plugins.pagination.PageDTO;
import cn.dev33.satoken.annotation.SaCheckPermission;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.base.BaseMap;
import org.jeecg.common.config.TenantContext;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.constant.SymbolConstant;
@ -22,6 +23,7 @@ import org.jeecg.common.modules.redis.client.JeecgRedisClient;
import org.jeecg.common.system.query.QueryGenerator;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.base.service.BaseCommonService;
import org.jeecg.modules.system.entity.*;
import org.jeecg.modules.system.model.TreeModel;
@ -33,6 +35,8 @@ import org.jeecgframework.poi.excel.entity.ImportParams;
import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
@ -45,7 +49,6 @@ import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;
import org.springframework.web.servlet.ModelAndView;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.LoginUserUtils;
import com.alibaba.fastjson.JSONObject;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
@ -93,7 +96,7 @@ public class SysRoleController {
* @param req
* @return
*/
@SaCheckPermission("system:role:list")
@PreAuthorize("@jps.requiresPermissions('system:role:list')")
@RequestMapping(value = "/list", method = RequestMethod.GET)
public Result<IPage<SysRole>> queryPageList(SysRole role,
@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
@ -149,7 +152,7 @@ public class SysRoleController {
* @return
*/
@RequestMapping(value = "/add", method = RequestMethod.POST)
@SaCheckPermission("system:role:add")
@PreAuthorize("@jps.requiresPermissions('system:role:add')")
public Result<SysRole> add(@RequestBody SysRole role) {
Result<SysRole> result = new Result<SysRole>();
try {
@ -174,7 +177,7 @@ public class SysRoleController {
* @param role
* @return
*/
@SaCheckPermission("system:role:edit")
@PreAuthorize("@jps.requiresPermissions('system:role:edit')")
@RequestMapping(value = "/edit",method = {RequestMethod.PUT,RequestMethod.POST})
public Result<SysRole> edit(@RequestBody SysRole role) {
Result<SysRole> result = new Result<SysRole>();
@ -188,7 +191,7 @@ public class SysRoleController {
//如果是saas隔离的情况下判断当前租户id是否是当前租户下的
if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) {
//获取当前用户
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
Integer tenantId = oConvertUtils.getInt(TenantContext.getTenant(), 0);
String username = "admin";
if (!tenantId.equals(sysrole.getTenantId()) && !username.equals(sysUser.getUsername())) {
@ -211,13 +214,13 @@ public class SysRoleController {
* @param id
* @return
*/
@SaCheckPermission("system:role:delete")
@PreAuthorize("@jps.requiresPermissions('system:role:delete')")
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
public Result<?> delete(@RequestParam(name="id",required=true) String id) {
//如果是saas隔离的情况下判断当前租户id是否是当前租户下的
if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL){
//获取当前用户
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
int tenantId = oConvertUtils.getInt(TenantContext.getTenant(), 0);
Long getRoleCount = sysRoleService.getRoleCountByTenantId(id, tenantId);
String username = "admin";
@ -242,7 +245,7 @@ public class SysRoleController {
* @param ids
* @return
*/
@SaCheckPermission("system:role:deleteBatch")
@PreAuthorize("@jps.requiresPermissions('system:role:deleteBatch')")
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
public Result<SysRole> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
baseCommonService.addLog("删除角色操作角色ids" + ids, CommonConstant.LOG_TYPE_2, CommonConstant.OPERATE_TYPE_4);
@ -254,7 +257,7 @@ public class SysRoleController {
if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL){
int tenantId = oConvertUtils.getInt(TenantContext.getTenant(), 0);
String[] roleIds = ids.split(SymbolConstant.COMMA);
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
String username = "admin";
for (String id:roleIds) {
Long getRoleCount = sysRoleService.getRoleCountByTenantId(id, tenantId);
@ -321,7 +324,7 @@ public class SysRoleController {
*
* @return
*/
@SaCheckPermission("system:role:queryallNoByTenant")
@PreAuthorize("@jps.requiresPermissions('system:role:queryallNoByTenant')")
@RequestMapping(value = "/queryallNoByTenant", method = RequestMethod.GET)
public Result<List<SysRole>> queryallNoByTenant() {
Result<List<SysRole>> result = new Result<>();
@ -397,7 +400,7 @@ public class SysRoleController {
//导出文件名称
mv.addObject(NormalExcelConstants.FILE_NAME,"角色列表");
mv.addObject(NormalExcelConstants.CLASS,SysRole.class);
LoginUser user = LoginUserUtils.getSessionUser();
LoginUser user = SecureUtil.currentUser();
mv.addObject(NormalExcelConstants.PARAMS,new ExportParams("角色列表数据","导出人:"+user.getRealname(),"导出信息"));
mv.addObject(NormalExcelConstants.DATA_LIST,pageList);
return mv;

27
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysRoleIndexController.java
View File

@ -1,15 +1,13 @@
package org.jeecg.modules.system.controller;
import java.util.Arrays;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import io.swagger.v3.oas.annotations.tags.Tag;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import lombok.extern.slf4j.Slf4j;
import cn.dev33.satoken.annotation.SaCheckPermission;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.aspect.annotation.AutoLog;
import org.jeecg.common.constant.CommonConstant;
@ -21,10 +19,19 @@ import org.jeecg.common.util.RedisUtil;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.modules.base.service.BaseCommonService;
import org.jeecg.modules.system.constant.DefIndexConst;
import org.jeecg.common.aspect.annotation.AutoLog;
import org.jeecg.modules.system.entity.SysRoleIndex;
import org.jeecg.modules.system.service.ISysRoleIndexService;
import org.jeecg.modules.system.service.ISysUserService;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.system.base.controller.JeecgController;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.servlet.ModelAndView;
@ -80,7 +87,7 @@ public class SysRoleIndexController extends JeecgController<SysRoleIndex, ISysRo
* @param sysRoleIndex
* @return
*/
@SaCheckPermission("system:roleindex:add")
@PreAuthorize("@jps.requiresPermissions('system:roleindex:add')")
@AutoLog(value = "角色首页配置-添加")
@Operation(summary = "角色首页配置-添加")
@PostMapping(value = "/add")
@ -101,7 +108,7 @@ public class SysRoleIndexController extends JeecgController<SysRoleIndex, ISysRo
* @param sysRoleIndex
* @return
*/
@SaCheckPermission("system:roleindex:edit")
@PreAuthorize("@jps.requiresPermissions('system:roleindex:edit')")
@AutoLog(value = "角色首页配置-编辑")
@Operation(summary = "角色首页配置-编辑")
@RequestMapping(value = "/edit", method = {RequestMethod.PUT, RequestMethod.POST})
@ -124,7 +131,7 @@ public class SysRoleIndexController extends JeecgController<SysRoleIndex, ISysRo
*/
@AutoLog(value = "角色首页配置-通过id删除")
@Operation(summary = "角色首页配置-通过id删除")
@SaCheckPermission("system:roleindex:delete")
@PreAuthorize("@jps.requiresPermissions('system:roleindex:delete')")
@DeleteMapping(value = "/delete")
public Result<?> delete(@RequestParam(name = "id", required = true) String id) {
sysRoleIndexService.removeById(id);
@ -139,7 +146,7 @@ public class SysRoleIndexController extends JeecgController<SysRoleIndex, ISysRo
*/
@AutoLog(value = "角色首页配置-批量删除")
@Operation(summary = "角色首页配置-批量删除")
@SaCheckPermission("system:roleindex:deleteBatch")
@PreAuthorize("@jps.requiresPermissions('system:roleindex:deleteBatch')")
@DeleteMapping(value = "/deleteBatch")
public Result<?> deleteBatch(@RequestParam(name = "ids", required = true) String ids) {
baseCommonService.addLog("批量删除用户, ids " +ids ,CommonConstant.LOG_TYPE_2, 3);
@ -211,7 +218,7 @@ public class SysRoleIndexController extends JeecgController<SysRoleIndex, ISysRo
/**
* 更新默认首页配置
*/
@SaCheckPermission("system:permission:setDefIndex")
@PreAuthorize("@jps.requiresPermissions('system:permission:setDefIndex')")
@PutMapping("/updateDefIndex")
public Result<?> updateDefIndex(
@RequestParam("url") String url,

34
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTableWhiteListController.java
View File

@ -3,11 +3,10 @@ package org.jeecg.modules.system.controller;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import io.swagger.v3.oas.annotations.tags.Tag;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.servlet.http.HttpServletRequest;
import lombok.extern.slf4j.Slf4j;
import cn.dev33.satoken.annotation.SaCheckPermission;
import cn.dev33.satoken.annotation.SaCheckRole;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.aspect.annotation.AutoLog;
import org.jeecg.common.system.base.controller.JeecgController;
@ -15,6 +14,7 @@ import org.jeecg.common.system.query.QueryGenerator;
import org.jeecg.modules.system.entity.SysTableWhiteList;
import org.jeecg.modules.system.service.ISysTableWhiteListService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import jakarta.servlet.http.HttpServletRequest;
@ -43,8 +43,8 @@ public class SysTableWhiteListController extends JeecgController<SysTableWhiteLi
* @param req
* @return
*/
//@SaCheckRole("admin")
@SaCheckPermission("system:tableWhite:list")
//@RequiresRoles("admin")
@PreAuthorize("@jps.requiresPermissions('system:tableWhite:list')")
@GetMapping(value = "/list")
public Result<?> queryPageList(
SysTableWhiteList sysTableWhiteList,
@ -66,8 +66,8 @@ public class SysTableWhiteListController extends JeecgController<SysTableWhiteLi
*/
@AutoLog(value = "系统表白名单-添加")
@Operation(summary = "系统表白名单-添加")
//@SaCheckRole("admin")
@SaCheckPermission("system:tableWhite:add")
//@RequiresRoles("admin")
@PreAuthorize("@jps.requiresPermissions('system:tableWhite:add')")
@PostMapping(value = "/add")
public Result<?> add(@RequestBody SysTableWhiteList sysTableWhiteList) {
if (sysTableWhiteListService.add(sysTableWhiteList)) {
@ -84,9 +84,9 @@ public class SysTableWhiteListController extends JeecgController<SysTableWhiteLi
* @return
*/
@AutoLog(value = "系统表白名单-编辑")
@Operation(summary = "系统表白名单-编辑")
//@SaCheckRole("admin")
@SaCheckPermission("system:tableWhite:edit")
@Operation(summary = "系统表白名单-编辑")
//@RequiresRoles("admin")
@PreAuthorize("@jps.requiresPermissions('system:tableWhite:edit')")
@RequestMapping(value = "/edit", method = {RequestMethod.PUT, RequestMethod.POST})
public Result<?> edit(@RequestBody SysTableWhiteList sysTableWhiteList) {
if (sysTableWhiteListService.edit(sysTableWhiteList)) {
@ -104,8 +104,8 @@ public class SysTableWhiteListController extends JeecgController<SysTableWhiteLi
*/
@AutoLog(value = "系统表白名单-通过id删除")
@Operation(summary = "系统表白名单-通过id删除")
// @SaCheckRole("admin")
@SaCheckPermission("system:tableWhite:delete")
// @RequiresRoles("admin")
@PreAuthorize("@jps.requiresPermissions('system:tableWhite:delete')")
@DeleteMapping(value = "/delete")
public Result<?> delete(@RequestParam(name = "id") String id) {
if (sysTableWhiteListService.deleteByIds(id)) {
@ -122,9 +122,9 @@ public class SysTableWhiteListController extends JeecgController<SysTableWhiteLi
* @return
*/
@AutoLog(value = "系统表白名单-批量删除")
@Operation(summary = "系统表白名单-批量删除")
// @SaCheckRole("admin")
@SaCheckPermission("system:tableWhite:deleteBatch")
@Operation(summary = "系统表白名单-批量删除")
// @RequiresRoles("admin")
@PreAuthorize("@jps.requiresPermissions('system:tableWhite:deleteBatch')")
@DeleteMapping(value = "/deleteBatch")
public Result<?> deleteBatch(@RequestParam(name = "ids") String ids) {
if (sysTableWhiteListService.deleteByIds(ids)) {
@ -142,8 +142,8 @@ public class SysTableWhiteListController extends JeecgController<SysTableWhiteLi
*/
@AutoLog(value = "系统表白名单-通过id查询")
@Operation(summary = "系统表白名单-通过id查询")
// @SaCheckRole("admin")
@SaCheckPermission("system:tableWhite:queryById")
// @RequiresRoles("admin")
@PreAuthorize("@jps.requiresPermissions('system:tableWhite:queryById')")
@GetMapping(value = "/queryById")
public Result<?> queryById(@RequestParam(name = "id", required = true) String id) {
SysTableWhiteList sysTableWhiteList = sysTableWhiteListService.getById(id);

79
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java
View File

@ -3,13 +3,13 @@ package org.jeecg.modules.system.controller;
import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.util.RandomUtil;
import com.alibaba.fastjson.JSON;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import lombok.extern.slf4j.Slf4j;
import org.jeecg.common.util.LoginUserUtils;
import cn.dev33.satoken.annotation.SaCheckPermission;
import org.apache.shiro.SecurityUtils;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.aspect.annotation.PermissionData;
import org.jeecg.common.config.TenantContext;
@ -21,6 +21,7 @@ import org.jeecg.common.util.PasswordUtil;
import org.jeecg.common.util.TokenUtils;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.base.service.BaseCommonService;
import org.jeecg.modules.system.entity.*;
import org.jeecg.modules.system.service.ISysTenantPackService;
@ -34,6 +35,8 @@ import org.jeecg.modules.system.vo.tenant.TenantPackModel;
import org.jeecg.modules.system.vo.tenant.TenantPackUser;
import org.jeecg.modules.system.vo.tenant.TenantPackUserCount;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import jakarta.servlet.http.HttpServletRequest;
@ -74,7 +77,7 @@ public class SysTenantController {
* @param req
* @return
*/
@SaCheckPermission("system:tenant:list")
@PreAuthorize("@jps.requiresPermissions('system:tenant:list')")
@PermissionData(pageComponent = "system/TenantList")
@RequestMapping(value = "/list", method = RequestMethod.GET)
public Result<IPage<SysTenant>> queryPageList(SysTenant sysTenant,@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
@ -113,7 +116,7 @@ public class SysTenantController {
* @return
*/
@GetMapping("/recycleBinPageList")
@SaCheckPermission("system:tenant:recycleBinPageList")
@PreAuthorize("@jps.requiresPermissions('system:tenant:recycleBinPageList')")
public Result<IPage<SysTenant>> recycleBinPageList(SysTenant sysTenant,@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
@RequestParam(name="pageSize", defaultValue="10") Integer pageSize,HttpServletRequest req){
Result<IPage<SysTenant>> result = new Result<IPage<SysTenant>>();
@ -129,7 +132,7 @@ public class SysTenantController {
* @param
* @return
*/
@SaCheckPermission("system:tenant:add")
@PreAuthorize("@jps.requiresPermissions('system:tenant:add')")
@RequestMapping(value = "/add", method = RequestMethod.POST)
public Result<SysTenant> add(@RequestBody SysTenant sysTenant) {
Result<SysTenant> result = new Result();
@ -155,7 +158,7 @@ public class SysTenantController {
* @author chenrui
* @date 2025/2/6 18:24
*/
@SaCheckPermission("system:tenant:syncDefaultPack")
@PreAuthorize("@jps.requiresPermissions('system:tenant:syncDefaultPack')")
@PostMapping(value = "/syncDefaultPack")
public Result<?> syncDefaultPack(@RequestParam(name="tenantId",required=true) Integer tenantId) {
//同步默认产品包
@ -168,7 +171,7 @@ public class SysTenantController {
* @param
* @return
*/
@SaCheckPermission("system:tenant:edit")
@PreAuthorize("@jps.requiresPermissions('system:tenant:edit')")
@RequestMapping(value = "/edit", method ={RequestMethod.PUT, RequestMethod.POST})
public Result<SysTenant> edit(@RequestBody SysTenant tenant) {
Result<SysTenant> result = new Result();
@ -191,14 +194,14 @@ public class SysTenantController {
* @param id
* @return
*/
@SaCheckPermission("system:tenant:delete")
@PreAuthorize("@jps.requiresPermissions('system:tenant:delete')")
@RequestMapping(value = "/delete", method ={RequestMethod.DELETE, RequestMethod.POST})
public Result<?> delete(@RequestParam(name="id",required=true) String id) {
//------------------------------------------------------------------
//如果是saas隔离的情况下判断当前租户id是否是当前租户下的
if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) {
//获取当前用户
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();;
SysTenant sysTenant = sysTenantService.getById(id);
String username = "admin";
@ -219,7 +222,7 @@ public class SysTenantController {
* @param ids
* @return
*/
@SaCheckPermission("system:tenant:deleteBatch")
@PreAuthorize("@jps.requiresPermissions('system:tenant:deleteBatch')")
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
public Result<?> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
Result<?> result = new Result<>();
@ -234,7 +237,7 @@ public class SysTenantController {
//如果是saas隔离的情况下判断当前租户id是否是当前租户下的
if (MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL) {
//获取当前用户
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
SysTenant sysTenant = sysTenantService.getById(id);
String username = "admin";
@ -269,7 +272,7 @@ public class SysTenantController {
}
//------------------------------------------------------------------------------------------------
//获取登录用户信息
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
//是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】, admin给特权可以管理所有租户
if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL && !"admin".equals(sysUser.getUsername())){
Integer loginSessionTenant = oConvertUtils.getInt(TenantContext.getTenant());
@ -294,7 +297,7 @@ public class SysTenantController {
* 查询有效的 租户数据
* @return
*/
@SaCheckPermission("system:tenant:queryList")
@PreAuthorize("@jps.requiresPermissions('system:tenant:queryList')")
@RequestMapping(value = "/queryList", method = RequestMethod.GET)
public Result<List<SysTenant>> queryList(@RequestParam(name="ids",required=false) String ids) {
Result<List<SysTenant>> result = new Result<List<SysTenant>>();
@ -320,7 +323,7 @@ public class SysTenantController {
* @return
*/
@GetMapping(value = "/packList")
@SaCheckPermission("system:tenant:packList")
@PreAuthorize("@jps.requiresPermissions('system:tenant:packList')")
public Result<IPage<SysTenantPack>> queryPackPageList(SysTenantPack sysTenantPack,
@RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo,
@RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize,
@ -342,7 +345,7 @@ public class SysTenantController {
* @return
*/
@PostMapping(value = "/addPackPermission")
@SaCheckPermission("system:tenant:add:pack")
@PreAuthorize("@jps.requiresPermissions('system:tenant:add:pack')")
public Result<String> addPackPermission(@RequestBody SysTenantPack sysTenantPack) {
sysTenantPackService.addPackPermission(sysTenantPack);
return Result.ok("创建租户产品包成功");
@ -355,7 +358,7 @@ public class SysTenantController {
* @return
*/
@PutMapping(value = "/editPackPermission")
@SaCheckPermission("system:tenant:edit:pack")
@PreAuthorize("@jps.requiresPermissions('system:tenant:edit:pack')")
public Result<String> editPackPermission(@RequestBody SysTenantPack sysTenantPack) {
sysTenantPackService.editPackPermission(sysTenantPack);
return Result.ok("修改租户产品包成功");
@ -368,7 +371,7 @@ public class SysTenantController {
* @return
*/
@DeleteMapping("/deleteTenantPack")
@SaCheckPermission("system:tenant:delete:pack")
@PreAuthorize("@jps.requiresPermissions('system:tenant:delete:pack')")
public Result<String> deleteTenantPack(@RequestParam(value = "ids") String ids) {
sysTenantPackService.deleteTenantPack(ids);
return Result.ok("删除租户产品包成功");
@ -385,7 +388,7 @@ public class SysTenantController {
public Result<Map<String,Object>> getCurrentUserTenant() {
Result<Map<String,Object>> result = new Result<Map<String,Object>>();
try {
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
//update-begin---author:wangshuai ---date:20221223 for[QQYUN-3371]租户逻辑改造,改成关系表------------
List<Integer> tenantIdList = relationService.getTenantIdsByUserId(sysUser.getId());
Map<String,Object> map = new HashMap(5);
@ -411,7 +414,7 @@ public class SysTenantController {
* @return
*/
@PutMapping("/invitationUserJoin")
@SaCheckPermission("system:tenant:invitation:user")
@PreAuthorize("@jps.requiresPermissions('system:tenant:invitation:user')")
public Result<String> invitationUserJoin(@RequestParam("ids") String ids,@RequestParam(value = "phone", required = false) String phone, @RequestParam(value = "username", required = false) String username){
if(oConvertUtils.isEmpty(phone) && oConvertUtils.isEmpty(username)){
return Result.error("手机号和用户账号不能同时为空!");
@ -429,7 +432,7 @@ public class SysTenantController {
* @return
*/
@RequestMapping(value = "/getTenantUserList", method = RequestMethod.GET)
@SaCheckPermission("system:tenant:user:list")
@PreAuthorize("@jps.requiresPermissions('system:tenant:user:list')")
public Result<IPage<SysUser>> getTenantUserList(SysUser user,
@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
@RequestParam(name="pageSize", defaultValue="10") Integer pageSize,
@ -450,12 +453,12 @@ public class SysTenantController {
* @return
*/
@PutMapping("/leaveTenant")
@SaCheckPermission("system:tenant:leave")
@PreAuthorize("@jps.requiresPermissions('system:tenant:leave')")
public Result<String> leaveTenant(@RequestParam("userIds") String userIds,
@RequestParam("tenantId") String tenantId){
Result<String> result = new Result<>();
//是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
if(MybatisPlusSaasConfig.OPEN_SYSTEM_TENANT_CONTROL && !"admin".equals(sysUser.getUsername())){
Integer loginSessionTenant = oConvertUtils.getInt(TenantContext.getTenant());
if(loginSessionTenant!=null && !loginSessionTenant.equals(Integer.valueOf(tenantId))){
@ -501,7 +504,7 @@ public class SysTenantController {
@PostMapping("/saveTenantJoinUser")
public Result<Integer> saveTenantJoinUser(@RequestBody SysTenant sysTenant){
Result<Integer> result = new Result<>();
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
Integer tenantId = sysTenantService.saveTenantJoinUser(sysTenant, sysUser.getId());
result.setSuccess(true);
result.setMessage("创建成功");
@ -515,7 +518,7 @@ public class SysTenantController {
*/
@PostMapping("/joinTenantByHouseNumber")
public Result<Integer> joinTenantByHouseNumber(@RequestBody SysTenant sysTenant){
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
Integer tenantId = sysTenantService.joinTenantByHouseNumber(sysTenant, sysUser.getId());
Result<Integer> result = new Result<>();
if(tenantId != 0){
@ -542,7 +545,7 @@ public class SysTenantController {
* @return
*/
@GetMapping("/getUserTenantPageList")
//@SaCheckPermission("system:tenant:tenantPageList")
//@RequiresPermissions("system:tenant:tenantPageList")
public Result<IPage<SysUserTenantVo>> getUserTenantPageList(@RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo,
@RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize,
@RequestParam(name = "userTenantStatus") String userTenantStatus,
@ -550,7 +553,7 @@ public class SysTenantController {
SysUser user,
HttpServletRequest req) {
Page<SysUserTenantVo> page = new Page<SysUserTenantVo>(pageNo, pageSize);
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
String tenantId = oConvertUtils.getString(TenantContext.getTenant(), "0");
IPage<SysUserTenantVo> list = relationService.getUserTenantPageList(page, Arrays.asList(userTenantStatus.split(SymbolConstant.COMMA)), user, Integer.valueOf(tenantId));
return Result.ok(list);
@ -563,9 +566,9 @@ public class SysTenantController {
* @return
*/
@GetMapping("/getTenantListByUserId")
//@SaCheckPermission("system:tenant:getTenantListByUserId")
//@RequiresPermissions("system:tenant:getTenantListByUserId")
public Result<List<SysUserTenantVo>> getTenantListByUserId(@RequestParam(name = "userTenantStatus", required = false) String userTenantStatus) {
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
List<String> list = null;
if (oConvertUtils.isNotEmpty(userTenantStatus)) {
list = Arrays.asList(userTenantStatus.split(SymbolConstant.COMMA));
@ -579,7 +582,7 @@ public class SysTenantController {
* 更新用户租户关系状态【低代码应用专用接口】
*/
@PutMapping("/updateUserTenantStatus")
//@SaCheckPermission("system:tenant:updateUserTenantStatus")
//@RequiresPermissions("system:tenant:updateUserTenantStatus")
public Result<String> updateUserTenantStatus(@RequestBody SysUserTenant userTenant) {
String tenantId = TenantContext.getTenant();
if (oConvertUtils.isEmpty(tenantId)) {
@ -596,9 +599,9 @@ public class SysTenantController {
* @return
*/
@PutMapping("/cancelTenant")
//@SaCheckPermission("system:tenant:cancelTenant")
//@RequiresPermissions("system:tenant:cancelTenant")
public Result<String> cancelTenant(@RequestBody SysTenant sysTenant,HttpServletRequest request) {
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
SysTenant tenant = sysTenantService.getById(sysTenant.getId());
if (null == tenant) {
return Result.error("未找到当前租户信息");
@ -641,7 +644,7 @@ public class SysTenantController {
*/
@PutMapping("/cancelApplyTenant")
public Result<String> cancelApplyTenant(@RequestParam("tenantId") String tenantId){
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
sysTenantService.leaveTenant(sysUser.getId(),tenantId);
return Result.ok("取消申请成功");
}
@ -654,7 +657,7 @@ public class SysTenantController {
* @return
*/
@DeleteMapping("/deleteLogicDeleted")
@SaCheckPermission("system:tenant:deleteTenantLogic")
@PreAuthorize("@jps.requiresPermissions('system:tenant:deleteTenantLogic')")
public Result<String> deleteTenantLogic(@RequestParam("ids") String ids){
sysTenantService.deleteTenantLogic(ids);
return Result.ok("彻底删除成功");
@ -666,7 +669,7 @@ public class SysTenantController {
* @return
*/
@PutMapping("/revertTenantLogic")
@SaCheckPermission("system:tenant:revertTenantLogic")
@PreAuthorize("@jps.requiresPermissions('system:tenant:revertTenantLogic')")
public Result<String> revertTenantLogic(@RequestParam("ids") String ids){
sysTenantService.revertTenantLogic(ids);
return Result.ok("还原成功");
@ -680,7 +683,7 @@ public class SysTenantController {
*/
@DeleteMapping("/exitUserTenant")
public Result<String> exitUserTenant(@RequestBody SysTenant sysTenant,HttpServletRequest request){
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
//验证用户是否已存在
Integer count = relationService.userTenantIzExist(sysUser.getId(),sysTenant.getId());
if (count == 0) {
@ -905,7 +908,7 @@ public class SysTenantController {
public Result<IPage<SysTenant>> getTenantPageListByUserId(SysUserTenantVo sysUserTenantVo,
@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
@RequestParam(name="pageSize", defaultValue="10") Integer pageSize) {
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
List<String> list = null;
String userTenantStatus = sysUserTenantVo.getUserTenantStatus();
if (oConvertUtils.isNotEmpty(userTenantStatus)) {
@ -923,7 +926,7 @@ public class SysTenantController {
public Result<String> agreeOrRefuseJoinTenant(@RequestParam("tenantId") Integer tenantId,
@RequestParam("status") String status){
//是否开启系统管理模块的多租户数据隔离【SAAS多租户模式】
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
String userId = sysUser.getId();
SysTenant tenant = sysTenantService.getById(tenantId);
if(null == tenant){
@ -974,7 +977,7 @@ public class SysTenantController {
public Result<Map<String,Object>> getCurrentUserTenantForFile() {
Result<Map<String,Object>> result = new Result<Map<String,Object>>();
try {
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = (LoginUser) SecurityUtils.getSubject().getPrincipal();
List<SysTenant> tenantList = sysTenantService.getTenantListByUserId(sysUser.getId());
Map<String,Object> map = new HashMap<>(5);
//在开启saas租户隔离的时候并且租户数据不为空则返回租户信息

101
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserController.java
View File

@ -10,12 +10,14 @@ import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import cn.dev33.satoken.annotation.SaCheckPermission;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.aspect.annotation.PermissionData;
import org.jeecg.common.config.TenantContext;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.constant.SymbolConstant;
import org.jeecg.config.mybatis.MybatisPlusSaasConfig;
import org.jeecg.config.security.utils.SecureUtil;
import org.jeecg.modules.base.service.BaseCommonService;
import org.jeecg.common.modules.redis.client.JeecgRedisClient;
import org.jeecg.common.system.query.QueryGenerator;
import org.jeecg.common.system.util.JwtUtil;
@ -35,12 +37,17 @@ import org.jeecg.modules.system.vo.SysUserExportVo;
import org.jeecg.modules.system.vo.SysUserRoleVO;
import org.jeecg.modules.system.vo.lowapp.DepartAndUserInfo;
import org.jeecg.modules.system.vo.lowapp.UpdateDepartInfo;
import org.jeecgframework.poi.excel.ExcelImportUtil;
import org.jeecgframework.poi.excel.def.NormalExcelConstants;
import org.jeecgframework.poi.excel.entity.ExportParams;
import org.jeecgframework.poi.excel.entity.ImportParams;
import org.jeecgframework.poi.excel.view.JeecgEntityExcelView;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.multipart.MultipartHttpServletRequest;
import org.springframework.web.servlet.ModelAndView;
import jakarta.servlet.http.HttpServletRequest;
@ -135,7 +142,7 @@ public class SysUserController {
* @param req
* @return
*/
@SaCheckPermission("system:user:listAll")
@PreAuthorize("@jps.requiresPermissions('system:user:listAll')")
@RequestMapping(value = "/listAll", method = RequestMethod.GET)
public Result<IPage<SysUser>> queryAllPageList(SysUser user, @RequestParam(name = "pageNo", defaultValue = "1") Integer pageNo,
@RequestParam(name = "pageSize", defaultValue = "10") Integer pageSize, HttpServletRequest req) {
@ -143,7 +150,7 @@ public class SysUserController {
return sysUserService.queryPageList(req, queryWrapper, pageSize, pageNo);
}
@SaCheckPermission("system:user:add")
@PreAuthorize("@jps.requiresPermissions('system:user:add')")
@RequestMapping(value = "/add", method = RequestMethod.POST)
public Result<SysUser> add(@RequestBody JSONObject jsonObject) {
Result<SysUser> result = new Result<SysUser>();
@ -173,7 +180,7 @@ public class SysUserController {
return result;
}
@SaCheckPermission("system:user:edit")
@PreAuthorize("@jps.requiresPermissions('system:user:edit')")
@RequestMapping(value = "/edit", method = {RequestMethod.PUT,RequestMethod.POST})
public Result<SysUser> edit(@RequestBody JSONObject jsonObject) {
Result<SysUser> result = new Result<SysUser>();
@ -212,7 +219,7 @@ public class SysUserController {
/**
* 删除用户
*/
@SaCheckPermission("system:user:delete")
@PreAuthorize("@jps.requiresPermissions('system:user:delete')")
@RequestMapping(value = "/delete", method = RequestMethod.DELETE)
public Result<?> delete(@RequestParam(name="id",required=true) String id) {
baseCommonService.addLog("删除用户id " +id ,CommonConstant.LOG_TYPE_2, 3);
@ -228,7 +235,7 @@ public class SysUserController {
/**
* 批量删除用户
*/
@SaCheckPermission("system:user:deleteBatch")
@PreAuthorize("@jps.requiresPermissions('system:user:deleteBatch')")
@RequestMapping(value = "/deleteBatch", method = RequestMethod.DELETE)
public Result<?> deleteBatch(@RequestParam(name="ids",required=true) String ids) {
baseCommonService.addLog("批量删除用户, ids " +ids ,CommonConstant.LOG_TYPE_2, 3);
@ -247,7 +254,7 @@ public class SysUserController {
* @param jsonObject
* @return
*/
@SaCheckPermission("system:user:frozenBatch")
@PreAuthorize("@jps.requiresPermissions('system:user:frozenBatch')")
@RequestMapping(value = "/frozenBatch", method = RequestMethod.PUT)
public Result<SysUser> frozenBatch(@RequestBody JSONObject jsonObject) {
Result<SysUser> result = new Result<SysUser>();
@ -272,7 +279,7 @@ public class SysUserController {
}
@SaCheckPermission("system:user:queryById")
@PreAuthorize("@jps.requiresPermissions('system:user:queryById')")
@RequestMapping(value = "/queryById", method = RequestMethod.GET)
public Result<SysUser> queryById(@RequestParam(name = "id", required = true) String id) {
Result<SysUser> result = new Result<SysUser>();
@ -286,7 +293,7 @@ public class SysUserController {
return result;
}
@SaCheckPermission("system:user:queryUserRole")
@PreAuthorize("@jps.requiresPermissions('system:user:queryUserRole')")
@RequestMapping(value = "/queryUserRole", method = RequestMethod.GET)
public Result<List<String>> queryUserRole(@RequestParam(name = "userid", required = true) String userid) {
Result<List<String>> result = new Result<>();
@ -339,7 +346,7 @@ public class SysUserController {
/**
* 修改密码
*/
@SaCheckPermission("system:user:changepwd")
@PreAuthorize("@jps.requiresPermissions('system:user:changepwd')")
@RequestMapping(value = "/changePassword", method = RequestMethod.PUT)
public Result<?> changePassword(@RequestBody SysUser sysUser) {
SysUser u = this.sysUserService.getOne(new LambdaQueryWrapper<SysUser>().eq(SysUser::getUsername, sysUser.getUsername()));
@ -348,7 +355,7 @@ public class SysUserController {
}
sysUser.setId(u.getId());
//update-begin---author:wangshuai ---date:20220316 for[VUEN-234]修改密码添加敏感日志------------
LoginUser loginUser = LoginUserUtils.getSessionUser();
LoginUser loginUser = SecureUtil.currentUser();
baseCommonService.addLog("修改用户 "+sysUser.getUsername()+" 的密码,操作人: " +loginUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2);
//update-end---author:wangshuai ---date:20220316 for[VUEN-234]修改密码添加敏感日志------------
return sysUserService.changePassword(sysUser);
@ -463,7 +470,7 @@ public class SysUserController {
* @param request
* @param sysUser
*/
@SaCheckPermission("system:user:export")
@PreAuthorize("@jps.requiresPermissions('system:user:export')")
@RequestMapping(value = "/exportXls")
public ModelAndView exportXls(SysUser sysUser,HttpServletRequest request) {
// Step.1 组装查询条件
@ -482,7 +489,7 @@ public class SysUserController {
//导出文件名称
mv.addObject(NormalExcelConstants.FILE_NAME, "用户列表");
mv.addObject(NormalExcelConstants.CLASS, SysUserExportVo.class);
LoginUser user = LoginUserUtils.getSessionUser();
LoginUser user = SecureUtil.currentUser();
ExportParams exportParams = new ExportParams("导入规则:\n" +
"1. 用户名为必填项,仅支持新增数据导入;\n" +
"2. 多个部门、角色或负责部门请用英文分号 ; 分隔,如:财务部;研发部;\n" +
@ -506,7 +513,7 @@ public class SysUserController {
* @param response
* @return
*/
@SaCheckPermission("system:user:import")
@PreAuthorize("@jps.requiresPermissions('system:user:import')")
@RequestMapping(value = "/importExcel", method = RequestMethod.POST)
public Result<?> importExcel(HttpServletRequest request, HttpServletResponse response)throws IOException {
//return ImportOldUserUtil.importOldSysUser(request);
@ -561,14 +568,14 @@ public class SysUserController {
/**
* 首页用户重置密码
*/
@SaCheckPermission("system:user:updatepwd")
@PreAuthorize("@jps.requiresPermissions('system:user:updatepwd')")
@RequestMapping(value = "/updatePassword", method = RequestMethod.PUT)
public Result<?> updatePassword(@RequestBody JSONObject json) {
String username = json.getString("username");
String oldpassword = json.getString("oldpassword");
String password = json.getString("password");
String confirmpassword = json.getString("confirmpassword");
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
if(!sysUser.getUsername().equals(username)){
return Result.error("只允许修改自己的密码!");
}
@ -577,7 +584,7 @@ public class SysUserController {
return Result.error("用户不存在!");
}
//update-begin---author:wangshuai ---date:20220316 for[VUEN-234]修改密码添加敏感日志------------
LoginUser loginUser = LoginUserUtils.getSessionUser();
LoginUser loginUser = SecureUtil.currentUser();
baseCommonService.addLog("修改密码username " +loginUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2);
//update-end---author:wangshuai ---date:20220316 for[VUEN-234]修改密码添加敏感日志------------
return sysUserService.resetPassword(username,oldpassword,password,confirmpassword);
@ -603,7 +610,7 @@ public class SysUserController {
* @param
* @return
*/
@SaCheckPermission("system:user:addUserRole")
@PreAuthorize("@jps.requiresPermissions('system:user:addUserRole')")
@RequestMapping(value = "/addSysUserRole", method = RequestMethod.POST)
public Result<String> addSysUserRole(@RequestBody SysUserRoleVO sysUserRoleVO) {
Result<String> result = new Result<String>();
@ -635,7 +642,7 @@ public class SysUserController {
* @param
* @return
*/
@SaCheckPermission("system:user:deleteRole")
@PreAuthorize("@jps.requiresPermissions('system:user:deleteRole')")
@RequestMapping(value = "/deleteUserRole", method = RequestMethod.DELETE)
public Result<SysUserRole> deleteUserRole(@RequestParam(name="roleId") String roleId,
@RequestParam(name="userId",required=true) String userId
@ -659,7 +666,7 @@ public class SysUserController {
* @param
* @return
*/
@SaCheckPermission("system:user:deleteRoleBatch")
@PreAuthorize("@jps.requiresPermissions('system:user:deleteRoleBatch')")
@RequestMapping(value = "/deleteUserRoleBatch", method = RequestMethod.DELETE)
public Result<SysUserRole> deleteUserRoleBatch(
@RequestParam(name="roleId") String roleId,
@ -691,7 +698,7 @@ public class SysUserController {
List<String> subDepids = new ArrayList<>();
//部门id为空时查询我的部门下所有用户
if(oConvertUtils.isEmpty(depId)){
LoginUser user = LoginUserUtils.getSessionUser();
LoginUser user = SecureUtil.currentUser();
int userIdentity = user.getUserIdentity() != null?user.getUserIdentity():CommonConstant.USER_IDENTITY_1;
//update-begin---author:chenrui ---date:20250107 for[QQYUN-10775]验证码可以复用 #7674------------
if(oConvertUtils.isNotEmpty(userIdentity) && userIdentity == CommonConstant.USER_IDENTITY_2
@ -763,7 +770,7 @@ public class SysUserController {
/**
* 给指定部门添加对应的用户
*/
@SaCheckPermission("system:user:editDepartWithUser")
@PreAuthorize("@jps.requiresPermissions('system:user:editDepartWithUser')")
@RequestMapping(value = "/editSysDepartWithUser", method = RequestMethod.POST)
public Result<String> editSysDepartWithUser(@RequestBody SysDepartUsersVO sysDepartUsersVO) {
Result<String> result = new Result<String>();
@ -792,7 +799,7 @@ public class SysUserController {
/**
* 删除指定机构的用户关系
*/
@SaCheckPermission("system:user:deleteUserInDepart")
@PreAuthorize("@jps.requiresPermissions('system:user:deleteUserInDepart')")
@RequestMapping(value = "/deleteUserInDepart", method = RequestMethod.DELETE)
public Result<SysUserDepart> deleteUserInDepart(@RequestParam(name="depId") String depId,
@RequestParam(name="userId",required=true) String userId
@ -824,7 +831,7 @@ public class SysUserController {
/**
* 批量删除指定机构的用户关系
*/
@SaCheckPermission("system:user:deleteUserInDepartBatch")
@PreAuthorize("@jps.requiresPermissions('system:user:deleteUserInDepartBatch')")
@RequestMapping(value = "/deleteUserInDepartBatch", method = RequestMethod.DELETE)
public Result<SysUserDepart> deleteUserInDepartBatch(
@RequestParam(name="depId") String depId,
@ -856,7 +863,7 @@ public class SysUserController {
public Result<Map<String,Object>> getCurrentUserDeparts() {
Result<Map<String,Object>> result = new Result<Map<String,Object>>();
try {
LoginUser sysUser = LoginUserUtils.getSessionUser();
LoginUser sysUser = SecureUtil.currentUser();
List<SysDepart> list = this.sysDepartService.queryUserDeparts(sysUser.getId());
Map<String,Object> map = new HashMap(5);
map.put("list", list);
@ -1241,7 +1248,7 @@ public class SysUserController {
* @param userIds 被删除的用户ID多个id用半角逗号分割
* @return
*/
@SaCheckPermission("system:user:deleteRecycleBin")
@PreAuthorize("@jps.requiresPermissions('system:user:deleteRecycleBin')")
@RequestMapping(value = "/deleteRecycleBin", method = RequestMethod.DELETE)
public Result deleteRecycleBin(@RequestParam("userIds") String userIds) {
if (StringUtils.isNotBlank(userIds)) {
@ -1256,7 +1263,7 @@ public class SysUserController {
* @param jsonObject
* @return
*/
@SaCheckPermission("system:user:app:edit")
@PreAuthorize("@jps.requiresPermissions('system:user:app:edit')")
@RequestMapping(value = "/appEdit", method = {RequestMethod.PUT,RequestMethod.POST})
public Result<SysUser> appEdit(HttpServletRequest request,@RequestBody JSONObject jsonObject) {
Result<SysUser> result = new Result<SysUser>();
@ -1608,7 +1615,7 @@ public class SysUserController {
* @return
*/
@PostMapping("/login/setting/userEdit")
@SaCheckPermission("system:user:setting:edit")
@PreAuthorize("@jps.requiresPermissions('system:user:setting:edit')")
public Result<String> userEdit(@RequestBody SysUser sysUser, HttpServletRequest request) {
String username = JwtUtil.getUserNameByToken(request);
SysUser user = sysUserService.getById(sysUser.getId());
@ -1685,6 +1692,42 @@ public class SysUserController {
return Result.ok();
}
/**
* 添加用户【后台租户模式专用,敲敲云不要用这个】
*
* @param jsonObject
* @return
*/
@PreAuthorize("jps.requiresPermissions('system:user:addTenantUser')")
@RequestMapping(value = "/addTenantUser", method = RequestMethod.POST)
public Result<SysUser> addTenantUser(@RequestBody JSONObject jsonObject) {
Result<SysUser> result = new Result<SysUser>();
String selectedRoles = jsonObject.getString("selectedroles");
String selectedDeparts = jsonObject.getString("selecteddeparts");
try {
SysUser user = JSON.parseObject(jsonObject.toJSONString(), SysUser.class);
user.setCreateTime(new Date());//设置创建时间
String salt = oConvertUtils.randomGen(8);
user.setSalt(salt);
String passwordEncode = PasswordUtil.encrypt(user.getUsername(), user.getPassword(), salt);
user.setPassword(passwordEncode);
user.setStatus(1);
user.setDelFlag(CommonConstant.DEL_FLAG_0);
//用户表字段org_code不能在这里设置他的值
user.setOrgCode(null);
// 保存用户走一个service 保证事务
//获取租户ids
String relTenantIds = jsonObject.getString("relTenantIds");
sysUserService.saveUser(user, selectedRoles, selectedDeparts, relTenantIds, true);
baseCommonService.addLog("添加用户username " + user.getUsername(), CommonConstant.LOG_TYPE_2, 2);
result.success("添加成功!");
} catch (Exception e) {
log.error(e.getMessage(), e);
result.error500("操作失败");
}
return result;
}
/**
* 修改租户下的用户【低代码应用专用接口】
* @param sysUser
@ -1720,7 +1763,7 @@ public class SysUserController {
public Result<?> changeLoginTenantId(@RequestBody SysUser sysUser){
Result<String> result = new Result<>();
Integer tenantId = sysUser.getLoginTenantId();
LoginUser loginUser = LoginUserUtils.getSessionUser();
LoginUser loginUser = SecureUtil.currentUser();
String userId = loginUser.getId();
// 判断 指定的租户ID是不是当前登录用户的租户

133
jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java
View File

@ -1,23 +1,31 @@
package org.jeecg.modules.system.controller;
import cn.dev33.satoken.session.SaSession;
import cn.dev33.satoken.stp.StpUtil;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.jeecg.common.api.vo.Result;
import org.jeecg.common.constant.CacheConstant;
import org.jeecg.common.constant.CommonConstant;
import org.jeecg.common.system.util.JwtUtil;
import org.jeecg.common.system.vo.LoginUser;
import org.jeecg.common.util.RedisUtil;
import org.jeecg.common.util.oConvertUtils;
import org.jeecg.modules.base.service.BaseCommonService;
import org.jeecg.modules.system.service.ISysUserService;
import org.jeecg.modules.system.service.impl.SysBaseApiImpl;
import org.jeecg.modules.system.vo.SysUserOnlineVO;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cache.CacheManager;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.web.bind.annotation.*;
import jakarta.annotation.Resource;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
@ -34,58 +42,47 @@ public class SysUserOnlineController {
@Autowired
private RedisUtil redisUtil;
@Autowired
public RedisTemplate redisTemplate;
@Autowired
public ISysUserService userService;
@Autowired
private SysBaseApiImpl sysBaseApi;
@Resource
private BaseCommonService baseCommonService;
@Autowired
private OAuth2AuthorizationService authorizationService;
@Autowired
private CacheManager cacheManager;
/**
* 获取在线用户列表使用Sa-Token
*/
@RequestMapping(value = "/list", method = RequestMethod.GET)
public Result<Page<SysUserOnlineVO>> list(@RequestParam(name="username", required=false) String username,
@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,
@RequestParam(name="pageSize", defaultValue="10") Integer pageSize) {
List<SysUserOnlineVO> onlineList = new ArrayList<>();
try {
// 使用Sa-Token获取所有在线用户的session ID列表
List<String> sessionIdList = StpUtil.searchSessionId("", 0, -1, false);
for (String sessionId : sessionIdList) {
try {
// 获取session
SaSession session = StpUtil.getSessionBySessionId(sessionId);
if (session == null) {
continue;
@RequestParam(name="pageNo", defaultValue="1") Integer pageNo,@RequestParam(name="pageSize", defaultValue="10") Integer pageSize) {
Collection<String> keys = redisUtil.scan(CommonConstant.PREFIX_USER_TOKEN + "*");
List<SysUserOnlineVO> onlineList = new ArrayList<SysUserOnlineVO>();
for (String key : keys) {
String token = (String)redisUtil.get(key);
if (StringUtils.isNotEmpty(token)) {
SysUserOnlineVO online = new SysUserOnlineVO();
online.setToken(token);
//TODO 改成一次性查询
LoginUser loginUser = sysBaseApi.getUserByName(JwtUtil.getUsername(token));
if (loginUser != null && !"_reserve_user_external".equals(loginUser.getUsername())) {
//update-begin---author:wangshuai ---date:20220104 for[JTC-382]在线用户查询无效------------
//验证用户名是否与传过来的用户名相同
boolean isMatchUsername=true;
//判断用户名是否为空并且当前循环的用户不包含传过来的用户名那么就设成false
if(oConvertUtils.isNotEmpty(username) && !loginUser.getUsername().contains(username)){
isMatchUsername = false;
}
// 从session中获取用户信息
LoginUser loginUser = (LoginUser) session.get("loginUser");
if (loginUser != null && !"_reserve_user_external".equals(loginUser.getUsername())) {
// 用户名筛选
if (oConvertUtils.isEmpty(username) || loginUser.getUsername().contains(username)) {
SysUserOnlineVO online = new SysUserOnlineVO();
BeanUtils.copyProperties(loginUser, online);
// 获取该用户的tokenloginId现在是username
try {
String token = StpUtil.getTokenValueByLoginId(loginUser.getUsername());
online.setToken(token);
} catch (Exception e) {
log.debug("获取用户token失败: {}", e.getMessage());
}
onlineList.add(online);
}
if(isMatchUsername){
BeanUtils.copyProperties(loginUser, online);
onlineList.add(online);
}
} catch (Exception e) {
// 旧的Session数据可能导致反序列化失败记录debug级别日志即可
log.debug("获取session失败可能是旧数据: {}", e.getMessage());
//update-end---author:wangshuai ---date:20220104 for[JTC-382]在线用户查询无效------------
}
}
} catch (Exception e) {
log.error("获取在线用户列表失败: {}", e.getMessage(), e);
}
Collections.reverse(onlineList);
Page<SysUserOnlineVO> page = new Page<SysUserOnlineVO>(pageNo, pageSize);
@ -110,33 +107,35 @@ public class SysUserOnlineController {
}
/**
* 强退用户使用Sa-Token
* 强退用户
*/
@RequestMapping(value = "/forceLogout",method = RequestMethod.POST)
public Result<Object> forceLogout(@RequestBody SysUserOnlineVO online) {
try {
// 验证参数
if (oConvertUtils.isEmpty(online.getToken())) {
return Result.error("Token不能为空");
}
// 使用Sa-Token通过token强制退出登录
StpUtil.logoutByTokenValue(online.getToken());
// 清空用户的缓存信息(如果有用户名)
if (oConvertUtils.isNotEmpty(online.getUsername())) {
redisUtil.del(String.format("%s::%s", CacheConstant.SYS_USERS_CACHE, online.getUsername()));
}
// 记录日志
String username = oConvertUtils.isNotEmpty(online.getUsername()) ? online.getUsername() : "未知用户";
baseCommonService.addLog("强制: " + username + " 退出成功!", CommonConstant.LOG_TYPE_1, null);
log.info("强制 {} 退出成功!", username);
//用户退出逻辑
if(oConvertUtils.isEmpty(online.getToken())) {
return Result.error("退出登录失败!");
}
String username = JwtUtil.getUsername(online.getToken());
LoginUser sysUser = sysBaseApi.getUserByName(username);
if(sysUser!=null) {
baseCommonService.addLog("强制: "+sysUser.getRealname()+"退出成功!", CommonConstant.LOG_TYPE_1, null,sysUser);
log.info(" 强制 "+sysUser.getRealname()+"退出成功! ");
//清空用户登录Token缓存
redisUtil.del(CommonConstant.PREFIX_USER_TOKEN + online.getToken());
//清空用户登录Shiro权限缓存
redisUtil.del(CommonConstant.PREFIX_USER_SHIRO_CACHE + sysUser.getId());
//清空用户的缓存信息包括部门信息例如sys:cache:user::<username>
redisUtil.del(String.format("%s::%s", CacheConstant.SYS_USERS_CACHE, sysUser.getUsername()));
//调用logout
OAuth2Authorization authorization = authorizationService.findByToken(online.getToken(), OAuth2TokenType.ACCESS_TOKEN);
// 清空用户信息
cacheManager.getCache("user_details").evict(authorization.getPrincipalName());
// 清空access token
authorizationService.remove(authorization);
return Result.ok("退出登录成功!");
} catch (Exception e) {
log.error("强制退出失败: {}", e.getMessage(), e);
return Result.error("退出登录失败:" + e.getMessage());
}else {
return Result.error("Token无效!");
}
}
}

Some files were not shown because too many files have changed in this diff Show More