탐색 도움말
로그인
teachcloud
/
server
2
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
소스 검색

鉴权修改

wangliang 4 년 전
부모
a715fdab0f
커밋
2180e0fa48
1개의 변경된 파일80개의 추가작업 그리고 4개의 파일을 삭제
분할 보기 변경상태 보기
  1. 80 4
      distributed-print/src/main/java/com/qmth/distributed/print/auth/DistributedPrintAuthenticationService.java

+ 80 - 4
distributed-print/src/main/java/com/qmth/distributed/print/auth/DistributedPrintAuthenticationService.java
파일 보기 

@@ -3,15 +3,36 @@ package com.qmth.distributed.print.auth;
 
 import com.qmth.boot.core.security.model.AccessEntity;
 
 import com.qmth.boot.core.security.service.AuthorizationService;
 
 import com.qmth.boot.tools.signature.SignatureType;
 
+import com.qmth.distributed.print.business.bean.auth.AuthBean;
 
+import com.qmth.distributed.print.business.entity.SysUser;
 
+import com.qmth.distributed.print.business.entity.TBSession;
 
+import com.qmth.distributed.print.business.enums.PrivilegePropertyEnum;
 
+import com.qmth.distributed.print.business.enums.RoleTypeEnum;
 
+import com.qmth.distributed.print.business.service.CacheService;
 
+import com.qmth.distributed.print.business.service.TBSessionService;
 
+import com.qmth.distributed.print.business.util.ServletUtil;
 
+import com.qmth.distributed.print.common.contant.SystemConstant;
 
+import com.qmth.distributed.print.common.enums.ExceptionResultEnum;
 
+import org.slf4j.Logger;
 
+import org.slf4j.LoggerFactory;
 
 import org.springframework.stereotype.Component;
 
 
-import java.util.Arrays;
 
+import javax.annotation.Resource;
 
+import javax.servlet.http.HttpServletRequest;
 
+import javax.servlet.http.HttpServletResponse;
 
 import java.util.List;
 
+import java.util.Objects;
 
+import java.util.Set;
 
 
 @Component
 
 public class DistributedPrintAuthenticationService implements AuthorizationService {
 
+    private final static Logger log = LoggerFactory.getLogger(DistributedPrintAuthenticationService.class);
 
 
-    List<String> list = Arrays.asList("/api/admin/test", "/api/exam/test");
 
+    @Resource
 
+    TBSessionService tbSessionService;
 
+
 
+    @Resource
 
+    CacheService cacheService;
 
 
     @Override
 
     public AccessEntity findByIdentity(String identity, SignatureType signatureType, String path) {
 
@@ -20,11 +41,66 @@ public class DistributedPrintAuthenticationService implements AuthorizationServi
 
 
     @Override
 
     public boolean hasPermission(AccessEntity accessEntity, String path) {
 
-        for (String s : list) {
 
-            if (s.contains(path)) {
 
+        if (Objects.nonNull(accessEntity) && Objects.nonNull(accessEntity.getIdentity())) {
 
+            TBSession tbSession = tbSessionService.getById(accessEntity.getIdentity());
 
+            List<String> privilegeUrl = cacheService.privilegeUrlCache(PrivilegePropertyEnum.NO_AUTH);
 
+            //无需鉴权的url
 
+            int noAuthCount = Objects.nonNull(privilegeUrl) ? (int) privilegeUrl.stream().filter(s -> s.equalsIgnoreCase(path)).count() : 0;
 
+            if (noAuthCount > 0) {
 
                 return true;
 
             }
 
+            Long userId = Long.parseLong(tbSession.getIdentity());
 
+            SysUser sysUser = cacheService.userCache(userId);
 
+            HttpServletRequest request = ServletUtil.getRequest();
 
+            HttpServletResponse response = ServletUtil.getResponse();
 
+            request.setAttribute(SystemConstant.SESSION, tbSession);
 
+            request.setAttribute(SystemConstant.USER, sysUser);
 
+            return authFootCommon(userId, SystemConstant.USER_OAUTH_CACHE, path, request, response);
 
         }
 
         return false;
 
     }
 
+
 
+    /**
 
+     * 鉴权尾公用
 
+     *
 
+     * @param userId
 
+     * @param type
 
+     * @param path
 
+     * @param request
 
+     * @param response
 
+     * @return
 
+     */
 
+    public boolean authFootCommon(Long userId,
 
+                                  String type,
 
+                                  String path,
 
+                                  HttpServletRequest request,
 
+                                  HttpServletResponse response) {
 
+        //验证权限
 
+        AuthBean authBean = type.contains(SystemConstant.USER_OAUTH_CACHE) ? authBean = cacheService.userAuthCache(userId) : null;
 
+        if (Objects.isNull(authBean)) {
 
+            throw ExceptionResultEnum.ROLE_ENABLE_AUTHORIZATION.exception();
 
+        }
 
+        request.setAttribute(SystemConstant.SCHOOL, authBean.getSchool());
 
+        request.setAttribute(SystemConstant.ORG, authBean.getOrg());
 
+
 
+        //超级系统管理员拥有所有权限
 
+        int count = Objects.nonNull(authBean) ? (int) authBean.getRoleList().stream().filter(s -> s.getType() == RoleTypeEnum.ADMIN).count() : 0;
 
+        if (count > 0) {
 
+            return true;
 
+        }
 
+        //系统公用接口不拦截
 
+        List<String> sysUrls = cacheService.privilegeUrlCache(PrivilegePropertyEnum.SYS);
 
+        int sysCount = Objects.nonNull(sysUrls) ? (int) sysUrls.stream().filter(s -> s.equalsIgnoreCase(path)).count() : 0;
 
+        if (sysCount > 0) {
 
+            return true;
 
+        }
 
+        Set<String> urls = authBean.getUrls();
 
+        int privilegeCount = Objects.nonNull(urls) ? (int) urls.stream().filter(s -> s.equalsIgnoreCase(path)).count() : 0;
 
+        if (privilegeCount == 0) {
 
+            log.warn("Authorization faile: url cannot access");
 
+            throw ExceptionResultEnum.UN_AUTHORIZATION.exception();
 
+        }
 
+        response.setStatus(ExceptionResultEnum.SUCCESS.getCode());
 
+        return true;
 
+    }
 
 }