From 4b92538ec84b77eadc59befe6e5b3bf60311f9fb Mon Sep 17 00:00:00 2001 From: Hccake Date: Mon, 12 Jun 2023 20:50:25 +0800 Subject: [PATCH] =?UTF-8?q?:recycle:=20=E4=B8=9A=E5=8A=A1=E6=A8=A1?= =?UTF-8?q?=E5=9D=97=E4=BD=BF=E7=94=A8=20ballcat=20=E6=8F=90=E4=BE=9B?= =?UTF-8?q?=E7=9A=84=E5=AE=89=E5=85=A8=E6=9D=83=E9=99=90=E6=B3=A8=E8=A7=A3?= =?UTF-8?q?=EF=BC=8C=E6=96=B9=E4=BE=BF=E4=B8=8E=20spring=20security=20?= =?UTF-8?q?=E8=A7=A3=E8=80=A6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit link https://github.com/ballcat-projects/ballcat/issues/205 --- ballcat-admin/ballcat-admin-core/pom.xml | 34 ++++++----- .../DefaultUserInfoCoordinatorImpl.java | 3 +- .../SpringSecurityPasswordHelper.java | 29 +++++++++ ...ingSecurityPrincipalAttributeAccessor.java | 57 +++++++++++++++++ .../SysUserDetailsServiceImpl.java | 2 +- .../springsecurity}/UserInfoCoordinator.java | 2 +- .../AnnouncementLoginEventListener.java | 8 +-- .../BallcatOAuth2TokenResponseEnhancer.java | 2 +- .../admin/upms/UpmsAutoConfiguration.java | 24 ++++++-- .../config/mybatis/FillMetaObjectHandle.java | 23 ++++--- .../config/mybatis/MybatisPlusConfig.java | 10 +-- .../admin/upms/log/LogConfiguration.java | 11 +++- ...ingAuthorizationServerLoginLogHandler.java | 4 +- .../AdminWebSocketAutoConfiguration.java | 6 +- .../UserAttributeHandshakeInterceptor.java | 11 ++-- ballcat-admin/pom.xml | 2 +- .../ballcat-i18n-controller/pom.xml | 4 +- .../i18n/controller/I18nDataController.java | 18 +++--- .../ballcat-infra-biz/pom.xml | 5 -- .../ballcat-infra-controller/pom.xml | 4 +- .../infra/controller/SysConfigController.java | 10 +-- .../infra/controller/SysDictController.java | 20 +++--- ballcat-business-log/ballcat-log-biz/pom.xml | 2 +- .../log/handler/CustomAccessLogHandler.java | 14 +++-- .../handler/CustomOperationLogHandler.java | 6 +- .../log/service/AccessLogService.java | 3 +- .../log/thread/AccessLogSaveThread.java | 4 +- .../ballcat-log-controller/pom.xml | 4 ++ .../log/controller/AccessLogController.java | 7 +-- .../log/controller/LoginLogController.java | 4 +- .../controller/OperationLogController.java | 7 +-- .../ballcat-notify-controller/pom.xml | 8 ++- .../controller/AnnouncementController.java | 24 ++++---- .../UserAnnouncementController.java | 12 ++-- .../ballcat-system-biz/pom.xml | 13 ++-- .../system/checker/AdminUserCheckerImpl.java | 6 +- .../component/AbstractPasswordHelper.java | 61 +++++++++++++++++++ .../system/component/PasswordHelper.java | 50 ++------------- .../system/mapper/SysUserRoleMapper.java | 7 +++ .../system/service/SysUserRoleService.java | 7 +++ .../service/impl/SysUserRoleServiceImpl.java | 5 ++ .../resources/mapper/SysUserRoleMapper.xml | 12 +++- .../ballcat-system-controller/pom.xml | 4 ++ .../system/controller/SysMenuController.java | 37 +++++------ .../controller/SysOrganizationController.java | 14 ++--- .../system/controller/SysRoleController.java | 18 +++--- .../system/controller/SysUserController.java | 24 ++++---- db/2ballcat-1.3.0.sql | 1 - 48 files changed, 408 insertions(+), 235 deletions(-) rename {ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/authentication => ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity}/DefaultUserInfoCoordinatorImpl.java (79%) create mode 100644 ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/SpringSecurityPasswordHelper.java create mode 100644 ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/SpringSecurityPrincipalAttributeAccessor.java rename {ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/authentication => ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity}/SysUserDetailsServiceImpl.java (98%) rename {ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/authentication => ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity}/UserInfoCoordinator.java (92%) rename {ballcat-business-notify/ballcat-notify-biz/src/main/java/org/ballcat/business/notify/listener => ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/login}/AnnouncementLoginEventListener.java (94%) rename {ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/authentication => ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/oauth2}/BallcatOAuth2TokenResponseEnhancer.java (98%) create mode 100644 ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/component/AbstractPasswordHelper.java diff --git a/ballcat-admin/ballcat-admin-core/pom.xml b/ballcat-admin/ballcat-admin-core/pom.xml index 1b1148a..8c1b9b7 100644 --- a/ballcat-admin/ballcat-admin-core/pom.xml +++ b/ballcat-admin/ballcat-admin-core/pom.xml @@ -10,10 +10,9 @@ ballcat-admin-core - - com.baomidou - mybatis-plus-boot-starter + org.ballcat + ballcat-spring-boot-starter-web @@ -37,23 +36,15 @@ org.ballcat ballcat-spring-boot-starter-redis - - org.ballcat - ballcat-spring-boot-starter-web - org.ballcat ballcat-spring-boot-starter-xss - - - org.ballcat - ballcat-spring-security-oauth2-authorization-server - provided - + + - org.ballcat - ballcat-spring-security-oauth2-resource-server + com.baomidou + mybatis-plus-boot-starter @@ -73,5 +64,18 @@ org.ballcat.business ballcat-system-controller + + + + org.ballcat + ballcat-spring-security-oauth2-authorization-server + provided + + + + org.ballcat + ballcat-spring-security-oauth2-resource-server + provided + diff --git a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/authentication/DefaultUserInfoCoordinatorImpl.java b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/DefaultUserInfoCoordinatorImpl.java similarity index 79% rename from ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/authentication/DefaultUserInfoCoordinatorImpl.java rename to ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/DefaultUserInfoCoordinatorImpl.java index 6a626de..b803f94 100644 --- a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/authentication/DefaultUserInfoCoordinatorImpl.java +++ b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/DefaultUserInfoCoordinatorImpl.java @@ -1,5 +1,6 @@ -package org.ballcat.business.system.authentication; +package org.ballcat.admin.springsecurity; +import org.ballcat.admin.springsecurity.UserInfoCoordinator; import org.ballcat.business.system.model.dto.UserInfoDTO; import java.util.Map; diff --git a/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/SpringSecurityPasswordHelper.java b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/SpringSecurityPasswordHelper.java new file mode 100644 index 0000000..9c3309b --- /dev/null +++ b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/SpringSecurityPasswordHelper.java @@ -0,0 +1,29 @@ +package org.ballcat.admin.springsecurity; + +import org.ballcat.business.system.component.AbstractPasswordHelper; +import org.ballcat.business.system.properties.SystemProperties; +import org.ballcat.security.properties.SecurityProperties; +import org.springframework.security.crypto.password.PasswordEncoder; + +/** + * 基于 SpringSecurity 的密码工具类 + * + * @author Hccake + * @since 2.0.0 + */ +public class SpringSecurityPasswordHelper extends AbstractPasswordHelper { + + private final PasswordEncoder passwordEncoder; + + public SpringSecurityPasswordHelper(SecurityProperties securityProperties, SystemProperties systemProperties, + PasswordEncoder passwordEncoder) { + super(securityProperties, systemProperties); + this.passwordEncoder = passwordEncoder; + } + + @Override + public String encode(String rawPassword) { + return passwordEncoder.encode(rawPassword); + } + +} diff --git a/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/SpringSecurityPrincipalAttributeAccessor.java b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/SpringSecurityPrincipalAttributeAccessor.java new file mode 100644 index 0000000..462df50 --- /dev/null +++ b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/SpringSecurityPrincipalAttributeAccessor.java @@ -0,0 +1,57 @@ +package org.ballcat.admin.springsecurity; + +import org.ballcat.security.core.PrincipalAttributeAccessor; +import org.ballcat.springsecurity.oauth2.userdetails.User; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; + +public class SpringSecurityPrincipalAttributeAccessor implements PrincipalAttributeAccessor { + + @Override + @SuppressWarnings("unchecked") + public A getAttribute(String name) { + User user = getUser(); + if (user != null) { + return (A) user.getAttributes().get(name); + } + return null; + } + + @Override + @SuppressWarnings("unchecked") + public Long getUserId() { + User user = getUser(); + if (user != null) { + return user.getUserId(); + } + return null; + } + + @Override + public String getName() { + User user = getUser(); + if (user != null) { + return user.getUsername(); + } + return null; + } + + private static Authentication getAuthentication() { + return SecurityContextHolder.getContext().getAuthentication(); + } + + private static User getUser() { + Authentication authentication = getAuthentication(); + if (authentication == null) { + return null; + } + Object principal = authentication.getPrincipal(); + if (principal instanceof User) { + return (User) principal; + } + else { + return null; + } + } + +} diff --git a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/authentication/SysUserDetailsServiceImpl.java b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/SysUserDetailsServiceImpl.java similarity index 98% rename from ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/authentication/SysUserDetailsServiceImpl.java rename to ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/SysUserDetailsServiceImpl.java index 25879c4..c3dcd32 100644 --- a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/authentication/SysUserDetailsServiceImpl.java +++ b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/SysUserDetailsServiceImpl.java @@ -1,4 +1,4 @@ -package org.ballcat.business.system.authentication; +package org.ballcat.admin.springsecurity; import org.ballcat.springsecurity.oauth2.constant.UserAttributeNameConstants; import org.ballcat.springsecurity.oauth2.userdetails.User; diff --git a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/authentication/UserInfoCoordinator.java b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/UserInfoCoordinator.java similarity index 92% rename from ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/authentication/UserInfoCoordinator.java rename to ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/UserInfoCoordinator.java index 317c793..16c85bb 100644 --- a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/authentication/UserInfoCoordinator.java +++ b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/UserInfoCoordinator.java @@ -1,4 +1,4 @@ -package org.ballcat.business.system.authentication; +package org.ballcat.admin.springsecurity; import org.ballcat.business.system.model.dto.UserInfoDTO; diff --git a/ballcat-business-notify/ballcat-notify-biz/src/main/java/org/ballcat/business/notify/listener/AnnouncementLoginEventListener.java b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/login/AnnouncementLoginEventListener.java similarity index 94% rename from ballcat-business-notify/ballcat-notify-biz/src/main/java/org/ballcat/business/notify/listener/AnnouncementLoginEventListener.java rename to ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/login/AnnouncementLoginEventListener.java index 27933ed..18cefa3 100644 --- a/ballcat-business-notify/ballcat-notify-biz/src/main/java/org/ballcat/business/notify/listener/AnnouncementLoginEventListener.java +++ b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/login/AnnouncementLoginEventListener.java @@ -1,4 +1,4 @@ -package org.ballcat.business.notify.listener; +package org.ballcat.admin.springsecurity.login; import org.ballcat.business.notify.enums.NotifyChannelEnum; import org.ballcat.business.notify.model.entity.Announcement; @@ -13,7 +13,6 @@ import org.springframework.context.event.EventListener; import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.authentication.event.AuthenticationSuccessEvent; -import org.springframework.stereotype.Component; import java.util.HashMap; import java.util.List; @@ -25,7 +24,6 @@ * @version 1.0 */ @Slf4j -@Component @RequiredArgsConstructor public class AnnouncementLoginEventListener { @@ -36,11 +34,11 @@ public class AnnouncementLoginEventListener { private final UserAnnouncementService userAnnouncementService; /** - * 登录成功时间监听 用户未读公告生成 + * 登录成功时监听 用户未读公告生成 * @param event 登录成功 event */ @EventListener(AuthenticationSuccessEvent.class) - public void onAuthenticationSuccessEvent(AuthenticationSuccessEvent event) throws InterruptedException { + public void onAuthenticationSuccessEvent(AuthenticationSuccessEvent event) { AbstractAuthenticationToken source = (AbstractAuthenticationToken) event.getSource(); Object details = source.getDetails(); diff --git a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/authentication/BallcatOAuth2TokenResponseEnhancer.java b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/oauth2/BallcatOAuth2TokenResponseEnhancer.java similarity index 98% rename from ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/authentication/BallcatOAuth2TokenResponseEnhancer.java rename to ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/oauth2/BallcatOAuth2TokenResponseEnhancer.java index 4adbc75..48971ca 100644 --- a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/authentication/BallcatOAuth2TokenResponseEnhancer.java +++ b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/springsecurity/oauth2/BallcatOAuth2TokenResponseEnhancer.java @@ -1,4 +1,4 @@ -package org.ballcat.business.system.authentication; +package org.ballcat.admin.springsecurity.oauth2; import org.ballcat.springsecurity.oauth2.constant.TokenAttributeNameConstants; import org.ballcat.springsecurity.oauth2.constant.UserAttributeNameConstants; diff --git a/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/UpmsAutoConfiguration.java b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/UpmsAutoConfiguration.java index b533db3..cb9a497 100644 --- a/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/UpmsAutoConfiguration.java +++ b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/UpmsAutoConfiguration.java @@ -1,12 +1,12 @@ package org.ballcat.admin.upms; +import org.ballcat.admin.springsecurity.*; +import org.ballcat.admin.springsecurity.oauth2.BallcatOAuth2TokenResponseEnhancer; import org.ballcat.admin.upms.log.LogConfiguration; -import org.ballcat.business.system.authentication.BallcatOAuth2TokenResponseEnhancer; -import org.ballcat.business.system.authentication.DefaultUserInfoCoordinatorImpl; -import org.ballcat.business.system.authentication.SysUserDetailsServiceImpl; -import org.ballcat.business.system.authentication.UserInfoCoordinator; +import org.ballcat.business.system.component.PasswordHelper; import org.ballcat.business.system.properties.SystemProperties; import org.ballcat.business.system.service.SysUserService; +import org.ballcat.security.core.PrincipalAttributeAccessor; import org.ballcat.security.properties.SecurityProperties; import org.ballcat.springsecurity.oauth2.server.authorization.web.authentication.OAuth2TokenResponseEnhancer; import org.ballcat.springsecurity.oauth2.server.resource.introspection.SpringAuthorizationServerSharedStoredOpaqueTokenIntrospector; @@ -22,6 +22,7 @@ import org.springframework.context.annotation.Import; import org.springframework.scheduling.annotation.EnableAsync; import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService; import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector; @@ -44,7 +45,7 @@ public class UpmsAutoConfiguration { * @author hccake */ @Configuration(proxyBeanMethods = false) - @ConditionalOnClass(SysUserService.class) + @ConditionalOnClass({ UserDetailsService.class, SysUserService.class }) @ConditionalOnMissingBean(UserDetailsService.class) static class UserDetailsServiceConfiguration { @@ -69,6 +70,19 @@ public UserInfoCoordinator userInfoCoordinator() { return new DefaultUserInfoCoordinatorImpl(); } + @Bean + @ConditionalOnMissingBean + public PasswordHelper passwordHelper(SecurityProperties securityProperties, SystemProperties systemProperties, + PasswordEncoder passwordEncoder) { + return new SpringSecurityPasswordHelper(securityProperties, systemProperties, passwordEncoder); + } + + @Bean + @ConditionalOnMissingBean + public PrincipalAttributeAccessor principalAttributeAccessor() { + return new SpringSecurityPrincipalAttributeAccessor(); + } + } /** diff --git a/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/config/mybatis/FillMetaObjectHandle.java b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/config/mybatis/FillMetaObjectHandle.java index 27322e0..e66a91b 100644 --- a/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/config/mybatis/FillMetaObjectHandle.java +++ b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/config/mybatis/FillMetaObjectHandle.java @@ -1,11 +1,10 @@ package org.ballcat.admin.upms.config.mybatis; import com.baomidou.mybatisplus.core.handlers.MetaObjectHandler; -import org.ballcat.common.core.constant.GlobalConstants; -import org.ballcat.springsecurity.oauth2.userdetails.User; -import org.ballcat.springsecurity.util.SecurityUtils; import lombok.extern.slf4j.Slf4j; import org.apache.ibatis.reflection.MetaObject; +import org.ballcat.common.core.constant.GlobalConstants; +import org.ballcat.security.core.PrincipalAttributeAccessor; import java.time.LocalDateTime; @@ -15,6 +14,12 @@ @Slf4j public class FillMetaObjectHandle implements MetaObjectHandler { + private final PrincipalAttributeAccessor principalAttributeAccessor; + + public FillMetaObjectHandle(PrincipalAttributeAccessor principalAttributeAccessor) { + this.principalAttributeAccessor = principalAttributeAccessor; + } + @Override public void insertFill(MetaObject metaObject) { // 逻辑删除标识 @@ -22,9 +27,9 @@ public void insertFill(MetaObject metaObject) { // 创建时间 this.strictInsertFill(metaObject, "createTime", LocalDateTime.class, LocalDateTime.now()); // 创建人 - User user = SecurityUtils.getUser(); - if (user != null) { - this.strictInsertFill(metaObject, "createBy", Long.class, user.getUserId()); + Long userId = principalAttributeAccessor.getUserId(); + if (userId != null) { + this.strictInsertFill(metaObject, "createBy", Long.class, userId); } } @@ -33,9 +38,9 @@ public void updateFill(MetaObject metaObject) { // 修改时间 this.strictUpdateFill(metaObject, "updateTime", LocalDateTime.class, LocalDateTime.now()); // 修改人 - User user = SecurityUtils.getUser(); - if (user != null) { - this.strictUpdateFill(metaObject, "updateBy", Long.class, user.getUserId()); + Long userId = principalAttributeAccessor.getUserId(); + if (userId != null) { + this.strictUpdateFill(metaObject, "updateBy", Long.class, userId); } } diff --git a/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/config/mybatis/MybatisPlusConfig.java b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/config/mybatis/MybatisPlusConfig.java index 6f1a2c1..3088315 100644 --- a/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/config/mybatis/MybatisPlusConfig.java +++ b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/config/mybatis/MybatisPlusConfig.java @@ -9,6 +9,7 @@ import com.baomidou.mybatisplus.extension.plugins.inner.PaginationInnerInterceptor; import org.ballcat.mybatisplus.injector.CustomSqlInjector; import org.ballcat.mybatisplus.methods.InsertBatchSomeColumnByCollection; +import org.ballcat.security.core.PrincipalAttributeAccessor; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -17,8 +18,9 @@ import java.util.List; /** - * @author hccake - * @date 2020/04/19 默认配置MybatisPlus分页插件,通过conditional注解达到覆盖效用 + * 默认配置MybatisPlus分页插件,通过conditional注解达到覆盖效用 + * + * @author hccake 2020/04/19 */ @Configuration public class MybatisPlusConfig { @@ -42,8 +44,8 @@ public MybatisPlusInterceptor mybatisPlusInterceptor() { */ @Bean @ConditionalOnMissingBean(MetaObjectHandler.class) - public MetaObjectHandler fillMetaObjectHandle() { - return new FillMetaObjectHandle(); + public MetaObjectHandler fillMetaObjectHandle(PrincipalAttributeAccessor principalAttributeAccessor) { + return new FillMetaObjectHandle(principalAttributeAccessor); } /** diff --git a/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/log/LogConfiguration.java b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/log/LogConfiguration.java index 8ad3d26..4fb9ffc 100644 --- a/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/log/LogConfiguration.java +++ b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/log/LogConfiguration.java @@ -10,6 +10,7 @@ import org.ballcat.business.log.service.LoginLogService; import org.ballcat.business.log.service.OperationLogService; import org.ballcat.business.log.thread.AccessLogSaveThread; +import org.ballcat.security.core.PrincipalAttributeAccessor; import org.springframework.boot.autoconfigure.condition.ConditionalOnBean; import org.springframework.boot.autoconfigure.condition.ConditionalOnClass; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; @@ -25,6 +26,12 @@ @ConditionalOnClass(LoginLogService.class) public class LogConfiguration { + private final PrincipalAttributeAccessor principalAttributeAccessor; + + public LogConfiguration(PrincipalAttributeAccessor principalAttributeAccessor) { + this.principalAttributeAccessor = principalAttributeAccessor; + } + /** * 访问日志保存 * @param accessLogService 访问日志Service @@ -34,7 +41,7 @@ public class LogConfiguration { @ConditionalOnBean(AccessLogService.class) @ConditionalOnMissingBean(AccessLogHandler.class) public AccessLogHandler customAccessLogHandler(AccessLogService accessLogService) { - return new CustomAccessLogHandler(new AccessLogSaveThread(accessLogService)); + return new CustomAccessLogHandler(new AccessLogSaveThread(accessLogService), principalAttributeAccessor); } /** @@ -46,7 +53,7 @@ public AccessLogHandler customAccessLogHandler(AccessLogService acces @ConditionalOnBean(OperationLogService.class) @ConditionalOnMissingBean(OperationLogHandler.class) public OperationLogHandler customOperationLogHandler(OperationLogService operationLogService) { - return new CustomOperationLogHandler(operationLogService); + return new CustomOperationLogHandler(operationLogService, principalAttributeAccessor); } @ConditionalOnClass(OAuth2AuthorizationServerConfigurer.class) diff --git a/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/log/SpringAuthorizationServerLoginLogHandler.java b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/log/SpringAuthorizationServerLoginLogHandler.java index 51177f0..cfb8fe7 100644 --- a/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/log/SpringAuthorizationServerLoginLogHandler.java +++ b/ballcat-admin/ballcat-admin-core/src/main/java/org/ballcat/admin/upms/log/SpringAuthorizationServerLoginLogHandler.java @@ -2,7 +2,6 @@ import org.ballcat.common.core.util.WebUtils; import org.ballcat.log.operation.enums.LogStatusEnum; -import org.ballcat.springsecurity.util.SecurityUtils; import org.ballcat.business.log.enums.LoginEventTypeEnum; import org.ballcat.business.log.model.entity.LoginLog; import org.ballcat.business.log.service.LoginLogService; @@ -14,6 +13,7 @@ import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent; import org.springframework.security.authentication.event.AuthenticationSuccessEvent; import org.springframework.security.authentication.event.LogoutSuccessEvent; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.server.authorization.OAuth2Authorization; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken; import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken; @@ -50,7 +50,7 @@ public void onAuthenticationSuccessEvent(AuthenticationSuccessEvent event) { // Oauth2登录 和表单登录 处理分开 if (isOauth2LoginRequest && source instanceof OAuth2AccessTokenAuthenticationToken) { - username = SecurityUtils.getAuthentication().getName(); + username = SecurityContextHolder.getContext().getAuthentication().getName(); } else if (!isOauth2LoginRequest && source instanceof UsernamePasswordAuthenticationToken) { username = ((UsernamePasswordAuthenticationToken) source).getName(); diff --git a/ballcat-admin/ballcat-admin-websocket/src/main/java/org/ballcat/admin/websocket/AdminWebSocketAutoConfiguration.java b/ballcat-admin/ballcat-admin-websocket/src/main/java/org/ballcat/admin/websocket/AdminWebSocketAutoConfiguration.java index 551f894..b405c32 100644 --- a/ballcat-admin/ballcat-admin-websocket/src/main/java/org/ballcat/admin/websocket/AdminWebSocketAutoConfiguration.java +++ b/ballcat-admin/ballcat-admin-websocket/src/main/java/org/ballcat/admin/websocket/AdminWebSocketAutoConfiguration.java @@ -2,6 +2,7 @@ import org.ballcat.admin.websocket.component.UserAttributeHandshakeInterceptor; import org.ballcat.admin.websocket.component.UserSessionKeyGenerator; +import org.ballcat.security.core.PrincipalAttributeAccessor; import org.ballcat.websocket.session.SessionKeyGenerator; import lombok.RequiredArgsConstructor; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; @@ -21,8 +22,9 @@ public class AdminWebSocketAutoConfiguration { @Bean @ConditionalOnMissingBean(UserAttributeHandshakeInterceptor.class) - public HandshakeInterceptor authenticationHandshakeInterceptor() { - return new UserAttributeHandshakeInterceptor(); + public HandshakeInterceptor authenticationHandshakeInterceptor( + PrincipalAttributeAccessor principalAttributeAccessor) { + return new UserAttributeHandshakeInterceptor(principalAttributeAccessor); } @Bean diff --git a/ballcat-admin/ballcat-admin-websocket/src/main/java/org/ballcat/admin/websocket/component/UserAttributeHandshakeInterceptor.java b/ballcat-admin/ballcat-admin-websocket/src/main/java/org/ballcat/admin/websocket/component/UserAttributeHandshakeInterceptor.java index 397b40f..db695cf 100644 --- a/ballcat-admin/ballcat-admin-websocket/src/main/java/org/ballcat/admin/websocket/component/UserAttributeHandshakeInterceptor.java +++ b/ballcat-admin/ballcat-admin-websocket/src/main/java/org/ballcat/admin/websocket/component/UserAttributeHandshakeInterceptor.java @@ -1,9 +1,8 @@ package org.ballcat.admin.websocket.component; -import org.ballcat.admin.websocket.constant.AdminWebSocketConstants; -import org.ballcat.springsecurity.oauth2.userdetails.User; -import org.ballcat.springsecurity.util.SecurityUtils; import lombok.RequiredArgsConstructor; +import org.ballcat.admin.websocket.constant.AdminWebSocketConstants; +import org.ballcat.security.core.PrincipalAttributeAccessor; import org.springframework.http.server.ServerHttpRequest; import org.springframework.http.server.ServerHttpResponse; import org.springframework.http.server.ServletServerHttpRequest; @@ -21,6 +20,8 @@ @RequiredArgsConstructor public class UserAttributeHandshakeInterceptor implements HandshakeInterceptor { + private final PrincipalAttributeAccessor principalAttributeAccessor; + /** * Invoked before the handshake is processed. * @param request the current request @@ -42,9 +43,9 @@ public boolean beforeHandshake(ServerHttpRequest request, ServerHttpResponse res accessToken = serverRequest.getServletRequest().getParameter(AdminWebSocketConstants.TOKEN_ATTR_NAME); } // 由于 WebSocket 握手是由 http 升级的,携带 token 已经被 Security 拦截验证了,所以可以直接获取到用户 - User user = SecurityUtils.getUser(); + Long userId = principalAttributeAccessor.getUserId(); attributes.put(AdminWebSocketConstants.TOKEN_ATTR_NAME, accessToken); - attributes.put(AdminWebSocketConstants.USER_KEY_ATTR_NAME, user.getUserId()); + attributes.put(AdminWebSocketConstants.USER_KEY_ATTR_NAME, userId); return true; } diff --git a/ballcat-admin/pom.xml b/ballcat-admin/pom.xml index 22a2338..0140eec 100644 --- a/ballcat-admin/pom.xml +++ b/ballcat-admin/pom.xml @@ -14,5 +14,5 @@ ballcat-admin-core ballcat-admin-i18n ballcat-admin-websocket - + diff --git a/ballcat-business-i18n/ballcat-i18n-controller/pom.xml b/ballcat-business-i18n/ballcat-i18n-controller/pom.xml index b08e6ae..2577930 100644 --- a/ballcat-business-i18n/ballcat-i18n-controller/pom.xml +++ b/ballcat-business-i18n/ballcat-i18n-controller/pom.xml @@ -23,8 +23,8 @@ ballcat-spring-boot-starter-easyexcel - org.springframework.security - spring-security-core + org.ballcat + ballcat-security-core org.springframework diff --git a/ballcat-business-i18n/ballcat-i18n-controller/src/main/java/org/ballcat/business/i18n/controller/I18nDataController.java b/ballcat-business-i18n/ballcat-i18n-controller/src/main/java/org/ballcat/business/i18n/controller/I18nDataController.java index a201ee3..a5422f2 100644 --- a/ballcat-business-i18n/ballcat-i18n-controller/src/main/java/org/ballcat/business/i18n/controller/I18nDataController.java +++ b/ballcat-business-i18n/ballcat-i18n-controller/src/main/java/org/ballcat/business/i18n/controller/I18nDataController.java @@ -21,7 +21,7 @@ import org.ballcat.log.operation.annotation.CreateOperationLogging; import org.ballcat.log.operation.annotation.DeleteOperationLogging; import org.ballcat.log.operation.annotation.UpdateOperationLogging; -import org.springframework.security.access.prepost.PreAuthorize; +import org.ballcat.security.annotation.Authorize; import org.springframework.util.CollectionUtils; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; @@ -52,7 +52,7 @@ public class I18nDataController { * @return R 通用返回体 */ @GetMapping("/page") - @PreAuthorize("@per.hasPermission('i18n:i18n-data:read')") + @Authorize("hasPermission('i18n:i18n-data:read')") @Operation(summary = "分页查询", description = "分页查询") public R> getI18nDataPage(@Validated PageParam pageParam, I18nDataQO i18nDataQO) { return R.ok(i18nDataService.queryPage(pageParam, i18nDataQO)); @@ -64,7 +64,7 @@ public R> getI18nDataPage(@Validated PageParam pagePa * @return R 通用返回体 */ @GetMapping("/list") - @PreAuthorize("@per.hasPermission('i18n:i18n-data:read')") + @Authorize("hasPermission('i18n:i18n-data:read')") @Operation(summary = "查询指定国际化标识的所有数据", description = "查询指定国际化标识的所有数据") public R> listByCode(@RequestParam("code") String code) { return R.ok(i18nDataService.listByCode(code)); @@ -77,7 +77,7 @@ public R> listByCode(@RequestParam("code") String code) { */ @CreateOperationLogging(msg = "新增国际化信息") @PostMapping - @PreAuthorize("@per.hasPermission('i18n:i18n-data:add')") + @Authorize("hasPermission('i18n:i18n-data:add')") @Operation(summary = "新增国际化信息", description = "新增国际化信息") public R save(@Valid @RequestBody I18nDataCreateDTO i18nDataCreateDTO) { // 转换为实体类列表 @@ -101,7 +101,7 @@ public R save(@Valid @RequestBody I18nDataCreateDTO i18nDataCreateDTO) { */ @UpdateOperationLogging(msg = "修改国际化信息") @PutMapping - @PreAuthorize("@per.hasPermission('i18n:i18n-data:edit')") + @Authorize("hasPermission('i18n:i18n-data:edit')") @Operation(summary = "修改国际化信息", description = "修改国际化信息") public R updateById(@RequestBody I18nDataDTO i18nDataDTO) { return i18nDataService.updateByCodeAndLanguageTag(i18nDataDTO) ? R.ok() @@ -116,7 +116,7 @@ public R updateById(@RequestBody I18nDataDTO i18nDataDTO) { */ @DeleteOperationLogging(msg = "通过id删除国际化信息") @DeleteMapping - @PreAuthorize("@per.hasPermission('i18n:i18n-data:del')") + @Authorize("hasPermission('i18n:i18n-data:del')") @Operation(summary = "通过id删除国际化信息", description = "通过id删除国际化信息") public R removeById(@RequestParam("code") String code, @RequestParam("languageTag") String languageTag) { return i18nDataService.removeByCodeAndLanguageTag(code, languageTag) ? R.ok() @@ -128,7 +128,7 @@ public R removeById(@RequestParam("code") String code, @RequestParam("lang * @return R 通用返回体 */ @PostMapping("/import") - @PreAuthorize("@per.hasPermission('i18n:i18n-data:import')") + @Authorize("hasPermission('i18n:i18n-data:import')") @Operation(summary = "导入国际化信息", description = "导入国际化信息") public R> importI18nData(@RequestExcel List excelVos, @RequestParam("importMode") ImportModeEnum importModeEnum) { @@ -163,7 +163,7 @@ public R> importI18nData(@RequestExcel List exce */ @ResponseExcel(name = "国际化信息", i18nHeader = true) @GetMapping("/export") - @PreAuthorize("@per.hasPermission('i18n:i18n-data:export')") + @Authorize("hasPermission('i18n:i18n-data:export')") @Operation(summary = "导出国际化信息", description = "导出国际化信息") public List exportI18nData(I18nDataQO i18nDataQO) { List list = i18nDataService.queryList(i18nDataQO); @@ -180,7 +180,7 @@ public List exportI18nData(I18nDataQO i18nDataQO) { */ @ResponseExcel(name = "国际化信息模板", i18nHeader = true) @GetMapping("/excel-template") - @PreAuthorize("@per.hasPermission('i18n:i18n-data:import')") + @Authorize("hasPermission('i18n:i18n-data:import')") @Operation(summary = "国际化信息 Excel 模板", description = "国际化信息 Excel 模板") public List excelTemplate() { List list = new ArrayList<>(); diff --git a/ballcat-business-infra/ballcat-infra-biz/pom.xml b/ballcat-business-infra/ballcat-infra-biz/pom.xml index d5134f7..9057230 100644 --- a/ballcat-business-infra/ballcat-infra-biz/pom.xml +++ b/ballcat-business-infra/ballcat-infra-biz/pom.xml @@ -37,10 +37,5 @@ spring-boot-configuration-processor true - - org.ballcat - ballcat-spring-security-oauth2-authorization-server - true - \ No newline at end of file diff --git a/ballcat-business-infra/ballcat-infra-controller/pom.xml b/ballcat-business-infra/ballcat-infra-controller/pom.xml index dfd5232..0309467 100644 --- a/ballcat-business-infra/ballcat-infra-controller/pom.xml +++ b/ballcat-business-infra/ballcat-infra-controller/pom.xml @@ -21,8 +21,8 @@ ballcat-log - org.springframework.security - spring-security-core + org.ballcat + ballcat-security-core \ No newline at end of file diff --git a/ballcat-business-infra/ballcat-infra-controller/src/main/java/org/ballcat/business/infra/controller/SysConfigController.java b/ballcat-business-infra/ballcat-infra-controller/src/main/java/org/ballcat/business/infra/controller/SysConfigController.java index debe330..82def7a 100644 --- a/ballcat-business-infra/ballcat-infra-controller/src/main/java/org/ballcat/business/infra/controller/SysConfigController.java +++ b/ballcat-business-infra/ballcat-infra-controller/src/main/java/org/ballcat/business/infra/controller/SysConfigController.java @@ -13,7 +13,7 @@ import org.ballcat.log.operation.annotation.CreateOperationLogging; import org.ballcat.log.operation.annotation.DeleteOperationLogging; import org.ballcat.log.operation.annotation.UpdateOperationLogging; -import org.springframework.security.access.prepost.PreAuthorize; +import org.ballcat.security.annotation.Authorize; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.*; @@ -37,7 +37,7 @@ public class SysConfigController { * @return R> */ @GetMapping("/page") - @PreAuthorize("@per.hasPermission('system:config:read')") + @Authorize("hasPermission('system:config:read')") @Operation(summary = "分页查询", description = "分页查询") public R> getSysConfigPage(@Validated PageParam pageParam, SysConfigQO sysConfigQO) { return R.ok(sysConfigService.queryPage(pageParam, sysConfigQO)); @@ -50,7 +50,7 @@ public R> getSysConfigPage(@Validated PageParam page */ @CreateOperationLogging(msg = "新增系统配置") @PostMapping - @PreAuthorize("@per.hasPermission('system:config:add')") + @Authorize("hasPermission('system:config:add')") @Operation(summary = "新增系统配置", description = "新增系统配置") public R save(@RequestBody SysConfig sysConfig) { return R.ok(sysConfigService.save(sysConfig)); @@ -63,7 +63,7 @@ public R save(@RequestBody SysConfig sysConfig) { */ @UpdateOperationLogging(msg = "修改系统配置") @PutMapping - @PreAuthorize("@per.hasPermission('system:config:edit')") + @Authorize("hasPermission('system:config:edit')") @Operation(summary = "修改系统配置") public R updateById(@RequestBody SysConfig sysConfig) { return R.ok(sysConfigService.updateByKey(sysConfig)); @@ -76,7 +76,7 @@ public R updateById(@RequestBody SysConfig sysConfig) { */ @DeleteOperationLogging(msg = "删除系统配置") @DeleteMapping - @PreAuthorize("@per.hasPermission('system:config:del')") + @Authorize("hasPermission('system:config:del')") @Operation(summary = "删除系统配置") public R removeById(@RequestParam("confKey") String confKey) { return R.ok(sysConfigService.removeByKey(confKey)); diff --git a/ballcat-business-infra/ballcat-infra-controller/src/main/java/org/ballcat/business/infra/controller/SysDictController.java b/ballcat-business-infra/ballcat-infra-controller/src/main/java/org/ballcat/business/infra/controller/SysDictController.java index 80234bd..2c08c48 100644 --- a/ballcat-business-infra/ballcat-infra-controller/src/main/java/org/ballcat/business/infra/controller/SysDictController.java +++ b/ballcat-business-infra/ballcat-infra-controller/src/main/java/org/ballcat/business/infra/controller/SysDictController.java @@ -19,7 +19,7 @@ import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import lombok.RequiredArgsConstructor; -import org.springframework.security.access.prepost.PreAuthorize; +import org.ballcat.security.annotation.Authorize; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; @@ -77,7 +77,7 @@ public R> invalidDictHash(@RequestBody Map dictHash * @return R> */ @GetMapping("/page") - @PreAuthorize("@per.hasPermission('system:dict:read')") + @Authorize("hasPermission('system:dict:read')") @Operation(summary = "分页查询", description = "分页查询") public R> getSysDictPage(@Validated PageParam pageParam, SysDictQO sysDictQO) { return R.ok(sysDictManager.dictPage(pageParam, sysDictQO)); @@ -90,7 +90,7 @@ public R> getSysDictPage(@Validated PageParam pagePara */ @CreateOperationLogging(msg = "新增字典表") @PostMapping - @PreAuthorize("@per.hasPermission('system:dict:add')") + @Authorize("hasPermission('system:dict:add')") @Operation(summary = "新增字典表", description = "新增字典表") public R save(@RequestBody SysDict sysDict) { return sysDictManager.dictSave(sysDict) ? R.ok() : R.failed(BaseResultCode.UPDATE_DATABASE_ERROR, "新增字典表失败"); @@ -103,7 +103,7 @@ public R save(@RequestBody SysDict sysDict) { */ @UpdateOperationLogging(msg = "修改字典表") @PutMapping - @PreAuthorize("@per.hasPermission('system:dict:edit')") + @Authorize("hasPermission('system:dict:edit')") @Operation(summary = "修改字典表", description = "修改字典表") public R updateById(@RequestBody SysDict sysDict) { return sysDictManager.updateDictById(sysDict) ? R.ok() @@ -117,7 +117,7 @@ public R updateById(@RequestBody SysDict sysDict) { */ @DeleteOperationLogging(msg = "通过id删除字典表") @DeleteMapping("/{id}") - @PreAuthorize("@per.hasPermission('system:dict:del')") + @Authorize("hasPermission('system:dict:del')") @Operation(summary = "通过id删除字典表", description = "通过id删除字典表") public R removeById(@PathVariable("id") Long id) { sysDictManager.removeDictById(id); @@ -131,7 +131,7 @@ public R removeById(@PathVariable("id") Long id) { * @return R */ @GetMapping("/item/page") - @PreAuthorize("@per.hasPermission('system:dict:read')") + @Authorize("hasPermission('system:dict:read')") @Operation(summary = "分页查询", description = "分页查询") public R> getSysDictItemPage(PageParam pageParam, @RequestParam("dictCode") String dictCode) { @@ -145,7 +145,7 @@ public R> getSysDictItemPage(PageParam pageParam, */ @CreateOperationLogging(msg = "新增字典项") @PostMapping("item") - @PreAuthorize("@per.hasPermission('system:dict:add')") + @Authorize("hasPermission('system:dict:add')") @Operation(summary = "新增字典项", description = "新增字典项") public R saveItem( @Validated({ Default.class, CreateGroup.class }) @RequestBody SysDictItemDTO sysDictItemDTO) { @@ -160,7 +160,7 @@ public R saveItem( */ @UpdateOperationLogging(msg = "修改字典项") @PutMapping("item") - @PreAuthorize("@per.hasPermission('system:dict:edit')") + @Authorize("hasPermission('system:dict:edit')") @Operation(summary = "修改字典项", description = "修改字典项") public R updateItemById( @Validated({ Default.class, UpdateGroup.class }) @RequestBody SysDictItemDTO sysDictItemDTO) { @@ -175,7 +175,7 @@ public R updateItemById( */ @DeleteOperationLogging(msg = "通过id删除字典项") @DeleteMapping("/item/{id}") - @PreAuthorize("@per.hasPermission('system:dict:del')") + @Authorize("hasPermission('system:dict:del')") @Operation(summary = "通过id删除字典项", description = "通过id删除字典项") public R removeItemById(@PathVariable("id") Long id) { return sysDictManager.removeDictItemById(id) ? R.ok() @@ -189,7 +189,7 @@ public R removeItemById(@PathVariable("id") Long id) { */ @UpdateOperationLogging(msg = "通过id修改字典项状态") @PatchMapping("/item/{id}") - @PreAuthorize("@per.hasPermission('system:dict:edit')") + @Authorize("hasPermission('system:dict:edit')") @Operation(summary = "通过id修改字典项状态", description = "通过id修改字典项状态") public R updateDictItemStatusById(@PathVariable("id") Long id, @RequestParam("status") Integer status) { sysDictManager.updateDictItemStatusById(id, status); diff --git a/ballcat-business-log/ballcat-log-biz/pom.xml b/ballcat-business-log/ballcat-log-biz/pom.xml index ad656da..628e663 100644 --- a/ballcat-business-log/ballcat-log-biz/pom.xml +++ b/ballcat-business-log/ballcat-log-biz/pom.xml @@ -33,7 +33,7 @@ org.ballcat - ballcat-spring-security-oauth2-core + ballcat-security-core jakarta.servlet diff --git a/ballcat-business-log/ballcat-log-biz/src/main/java/org/ballcat/business/log/handler/CustomAccessLogHandler.java b/ballcat-business-log/ballcat-log-biz/src/main/java/org/ballcat/business/log/handler/CustomAccessLogHandler.java index ada376e..45c6cc8 100644 --- a/ballcat-business-log/ballcat-log-biz/src/main/java/org/ballcat/business/log/handler/CustomAccessLogHandler.java +++ b/ballcat-business-log/ballcat-log-biz/src/main/java/org/ballcat/business/log/handler/CustomAccessLogHandler.java @@ -10,7 +10,7 @@ import org.ballcat.desensitize.enums.RegexDesensitizationTypeEnum; import org.ballcat.log.access.handler.AccessLogHandler; import org.ballcat.log.util.LogUtils; -import org.ballcat.springsecurity.util.SecurityUtils; +import org.ballcat.security.core.PrincipalAttributeAccessor; import org.slf4j.MDC; import org.springframework.web.servlet.HandlerMapping; @@ -35,11 +35,15 @@ public class CustomAccessLogHandler implements AccessLogHandler { private final AccessLogSaveThread accessLogSaveThread; - public CustomAccessLogHandler(AccessLogSaveThread accessLogSaveThread) { + private final PrincipalAttributeAccessor principalAttributeAccessor; + + public CustomAccessLogHandler(AccessLogSaveThread accessLogSaveThread, + PrincipalAttributeAccessor principalAttributeAccessor) { if (!accessLogSaveThread.isAlive()) { accessLogSaveThread.start(); } this.accessLogSaveThread = accessLogSaveThread; + this.principalAttributeAccessor = principalAttributeAccessor; } /** @@ -90,10 +94,8 @@ public AccessLog buildLog(HttpServletRequest request, HttpServletResponse respon } // 如果登录用户 则记录用户名和用户id - Optional.ofNullable(SecurityUtils.getUser()).ifPresent(x -> { - accessLog.setUserId(x.getUserId()); - accessLog.setUsername(x.getUsername()); - }); + accessLog.setUserId(principalAttributeAccessor.getUserId()); + accessLog.setUsername(principalAttributeAccessor.getName()); return accessLog; } diff --git a/ballcat-business-log/ballcat-log-biz/src/main/java/org/ballcat/business/log/handler/CustomOperationLogHandler.java b/ballcat-business-log/ballcat-log-biz/src/main/java/org/ballcat/business/log/handler/CustomOperationLogHandler.java index c20760b..658ed03 100644 --- a/ballcat-business-log/ballcat-log-biz/src/main/java/org/ballcat/business/log/handler/CustomOperationLogHandler.java +++ b/ballcat-business-log/ballcat-log-biz/src/main/java/org/ballcat/business/log/handler/CustomOperationLogHandler.java @@ -11,7 +11,7 @@ import org.ballcat.log.operation.annotation.OperationLogging; import org.ballcat.log.operation.enums.LogStatusEnum; import org.ballcat.log.operation.handler.AbstractOperationLogHandler; -import org.ballcat.springsecurity.util.SecurityUtils; +import org.ballcat.security.core.PrincipalAttributeAccessor; import org.slf4j.MDC; import org.springframework.http.HttpHeaders; @@ -27,6 +27,8 @@ public class CustomOperationLogHandler extends AbstractOperationLogHandler operationLog.setOperator(x.getUsername())); + operationLog.setOperator(principalAttributeAccessor.getName()); return operationLog; } diff --git a/ballcat-business-log/ballcat-log-biz/src/main/java/org/ballcat/business/log/service/AccessLogService.java b/ballcat-business-log/ballcat-log-biz/src/main/java/org/ballcat/business/log/service/AccessLogService.java index a60c01b..869e7e0 100644 --- a/ballcat-business-log/ballcat-log-biz/src/main/java/org/ballcat/business/log/service/AccessLogService.java +++ b/ballcat-business-log/ballcat-log-biz/src/main/java/org/ballcat/business/log/service/AccessLogService.java @@ -10,8 +10,7 @@ /** * 后台访问日志 * - * @author hccake - * @date 2019-10-16 16:09:25 + * @author hccake 2019-10-16 16:09:25 */ public interface AccessLogService extends ExtendService { diff --git a/ballcat-business-log/ballcat-log-biz/src/main/java/org/ballcat/business/log/thread/AccessLogSaveThread.java b/ballcat-business-log/ballcat-log-biz/src/main/java/org/ballcat/business/log/thread/AccessLogSaveThread.java index c26b6f3..d994ab1 100644 --- a/ballcat-business-log/ballcat-log-biz/src/main/java/org/ballcat/business/log/thread/AccessLogSaveThread.java +++ b/ballcat-business-log/ballcat-log-biz/src/main/java/org/ballcat/business/log/thread/AccessLogSaveThread.java @@ -9,9 +9,7 @@ import java.util.List; /** - * @author Hccake - * @version 1.0 - * @date 2019/10/16 15:30 + * @author Hccake 2019/10/16 15:30 */ @Slf4j @RequiredArgsConstructor diff --git a/ballcat-business-log/ballcat-log-controller/pom.xml b/ballcat-business-log/ballcat-log-controller/pom.xml index ef740bc..81db03a 100644 --- a/ballcat-business-log/ballcat-log-controller/pom.xml +++ b/ballcat-business-log/ballcat-log-controller/pom.xml @@ -14,6 +14,10 @@ org.ballcat ballcat-common-model + + org.ballcat + ballcat-security-core + org.ballcat.business ballcat-log-biz diff --git a/ballcat-business-log/ballcat-log-controller/src/main/java/org/ballcat/business/log/controller/AccessLogController.java b/ballcat-business-log/ballcat-log-controller/src/main/java/org/ballcat/business/log/controller/AccessLogController.java index 01a22ca..c93f484 100644 --- a/ballcat-business-log/ballcat-log-controller/src/main/java/org/ballcat/business/log/controller/AccessLogController.java +++ b/ballcat-business-log/ballcat-log-controller/src/main/java/org/ballcat/business/log/controller/AccessLogController.java @@ -9,7 +9,7 @@ import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import lombok.RequiredArgsConstructor; -import org.springframework.security.access.prepost.PreAuthorize; +import org.ballcat.security.annotation.Authorize; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; @@ -18,8 +18,7 @@ /** * 访问日志 * - * @author hccake - * @date 2019-10-16 16:09:25 + * @author hccake 2019-10-16 16:09:25 */ @RestController @RequiredArgsConstructor @@ -36,7 +35,7 @@ public class AccessLogController { * @return R */ @GetMapping("/page") - @PreAuthorize("@per.hasPermission('log:access-log:read')") + @Authorize("hasPermission('log:access-log:read')") @Operation(summary = "分页查询", description = "分页查询") public R> getAccessLogApiPage(@Validated PageParam pageParam, AccessLogQO accessLogQO) { return R.ok(accessLogService.queryPage(pageParam, accessLogQO)); diff --git a/ballcat-business-log/ballcat-log-controller/src/main/java/org/ballcat/business/log/controller/LoginLogController.java b/ballcat-business-log/ballcat-log-controller/src/main/java/org/ballcat/business/log/controller/LoginLogController.java index dc224ba..86690b7 100644 --- a/ballcat-business-log/ballcat-log-controller/src/main/java/org/ballcat/business/log/controller/LoginLogController.java +++ b/ballcat-business-log/ballcat-log-controller/src/main/java/org/ballcat/business/log/controller/LoginLogController.java @@ -9,7 +9,7 @@ import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import lombok.RequiredArgsConstructor; -import org.springframework.security.access.prepost.PreAuthorize; +import org.ballcat.security.annotation.Authorize; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; @@ -35,7 +35,7 @@ public class LoginLogController { * @return R 通用返回体 */ @GetMapping("/page") - @PreAuthorize("@per.hasPermission('log:login-log:read')") + @Authorize("hasPermission('log:login-log:read')") @Operation(summary = "分页查询", description = "分页查询") public R> getLoginLogPage(@Validated PageParam pageParam, LoginLogQO loginLogQO) { return R.ok(loginLogService.queryPage(pageParam, loginLogQO)); diff --git a/ballcat-business-log/ballcat-log-controller/src/main/java/org/ballcat/business/log/controller/OperationLogController.java b/ballcat-business-log/ballcat-log-controller/src/main/java/org/ballcat/business/log/controller/OperationLogController.java index f8555d7..7497162 100644 --- a/ballcat-business-log/ballcat-log-controller/src/main/java/org/ballcat/business/log/controller/OperationLogController.java +++ b/ballcat-business-log/ballcat-log-controller/src/main/java/org/ballcat/business/log/controller/OperationLogController.java @@ -9,7 +9,7 @@ import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import lombok.RequiredArgsConstructor; -import org.springframework.security.access.prepost.PreAuthorize; +import org.ballcat.security.annotation.Authorize; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.RequestMapping; @@ -18,8 +18,7 @@ /** * 操作日志 * - * @author hccake - * @date 2019-10-15 20:42:32 + * @author hccake 2019-10-15 20:42:32 */ @RestController @RequiredArgsConstructor @@ -36,7 +35,7 @@ public class OperationLogController { * @return R */ @GetMapping("/page") - @PreAuthorize("@per.hasPermission('log:operation-log:read')") + @Authorize("hasPermission('log:operation-log:read')") @Operation(summary = "分页查询", description = "分页查询") public R> getOperationLogAdminPage(@Validated PageParam pageParam, OperationLogQO operationLogQO) { diff --git a/ballcat-business-notify/ballcat-notify-controller/pom.xml b/ballcat-business-notify/ballcat-notify-controller/pom.xml index b227271..c2cbdc2 100644 --- a/ballcat-business-notify/ballcat-notify-controller/pom.xml +++ b/ballcat-business-notify/ballcat-notify-controller/pom.xml @@ -10,13 +10,17 @@ ballcat-notify-controller + + org.ballcat.business + ballcat-notify-biz + org.ballcat ballcat-log - org.ballcat.business - ballcat-notify-biz + org.ballcat + ballcat-security-core diff --git a/ballcat-business-notify/ballcat-notify-controller/src/main/java/org/ballcat/business/notify/controller/AnnouncementController.java b/ballcat-business-notify/ballcat-notify-controller/src/main/java/org/ballcat/business/notify/controller/AnnouncementController.java index a81fb67..8b6d006 100644 --- a/ballcat-business-notify/ballcat-notify-controller/src/main/java/org/ballcat/business/notify/controller/AnnouncementController.java +++ b/ballcat-business-notify/ballcat-notify-controller/src/main/java/org/ballcat/business/notify/controller/AnnouncementController.java @@ -7,7 +7,7 @@ import org.ballcat.common.model.domain.PageResult; import org.ballcat.common.model.result.BaseResultCode; import org.ballcat.common.model.result.R; -import org.ballcat.springsecurity.util.SecurityUtils; +import org.ballcat.security.annotation.Authorize; import org.ballcat.business.notify.model.dto.AnnouncementDTO; import org.ballcat.business.notify.model.entity.Announcement; import org.ballcat.business.notify.model.qo.AnnouncementQO; @@ -16,7 +16,7 @@ import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import lombok.RequiredArgsConstructor; -import org.springframework.security.access.prepost.PreAuthorize; +import org.ballcat.security.core.PrincipalAttributeAccessor; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; @@ -46,6 +46,8 @@ public class AnnouncementController { private final AnnouncementService announcementService; + private final PrincipalAttributeAccessor principalAttributeAccessor; + /** * 分页查询 * @param pageParam 分页对象 @@ -53,7 +55,7 @@ public class AnnouncementController { * @return R 通用返回体 */ @GetMapping("/page") - @PreAuthorize("@per.hasPermission('notify:announcement:read')") + @Authorize("hasPermission('notify:announcement:read')") @Operation(summary = "分页查询", description = "分页查询") public R> getAnnouncementPage(@Validated PageParam pageParam, AnnouncementQO announcementQO) { @@ -67,7 +69,7 @@ public R> getAnnouncementPage(@Validated PagePara */ @CreateOperationLogging(msg = "新增公告信息") @PostMapping - @PreAuthorize("@per.hasPermission('notify:announcement:add')") + @Authorize("hasPermission('notify:announcement:add')") @Operation(summary = "新增公告信息", description = "新增公告信息") public R save(@Valid @RequestBody AnnouncementDTO announcementDTO) { return announcementService.addAnnouncement(announcementDTO) ? R.ok() @@ -81,7 +83,7 @@ public R save(@Valid @RequestBody AnnouncementDTO announcementDTO) { */ @UpdateOperationLogging(msg = "修改公告信息") @PutMapping - @PreAuthorize("@per.hasPermission('notify:announcement:edit')") + @Authorize("hasPermission('notify:announcement:edit')") @Operation(summary = "修改公告信息", description = "修改公告信息") public R updateById(@Valid @RequestBody AnnouncementDTO announcementDTO) { return announcementService.updateAnnouncement(announcementDTO) ? R.ok() @@ -95,7 +97,7 @@ public R updateById(@Valid @RequestBody AnnouncementDTO announcementDTO) { */ @DeleteOperationLogging(msg = "通过id删除公告信息") @DeleteMapping("/{id}") - @PreAuthorize("@per.hasPermission('notify:announcement:del')") + @Authorize("hasPermission('notify:announcement:del')") @Operation(summary = "通过id删除公告信息", description = "通过id删除公告信息") public R removeById(@PathVariable("id") Long id) { return announcementService.removeById(id) ? R.ok() @@ -108,7 +110,7 @@ public R removeById(@PathVariable("id") Long id) { */ @UpdateOperationLogging(msg = "发布公告信息") @PatchMapping("/publish/{announcementId}") - @PreAuthorize("@per.hasPermission('notify:announcement:edit')") + @Authorize("hasPermission('notify:announcement:edit')") @Operation(summary = "发布公告信息", description = "发布公告信息") public R enableAnnouncement(@PathVariable("announcementId") Long announcementId) { return announcementService.publish(announcementId) ? R.ok() @@ -121,7 +123,7 @@ public R enableAnnouncement(@PathVariable("announcementId") Long announcem */ @UpdateOperationLogging(msg = "关闭公告信息") @PatchMapping("/close/{announcementId}") - @PreAuthorize("@per.hasPermission('notify:announcement:edit')") + @Authorize("hasPermission('notify:announcement:edit')") @Operation(summary = "关闭公告信息", description = "关闭公告信息") public R disableAnnouncement(@PathVariable("announcementId") Long announcementId) { return announcementService.close(announcementId) ? R.ok() @@ -129,7 +131,7 @@ public R disableAnnouncement(@PathVariable("announcementId") Long announce } @UpdateOperationLogging(msg = "公告内容图片上传", recordParams = false) - @PreAuthorize("@per.hasPermission('notify:announcement:edit')") + @Authorize("hasPermission('notify:announcement:edit')") @PostMapping("/image") @Operation(summary = "公告内容图片上传", description = "公告内容图片上传") public R> uploadImages(@RequestParam("files") List files) { @@ -138,10 +140,10 @@ public R> uploadImages(@RequestParam("files") List f } @GetMapping("/user") - @PreAuthorize("@per.hasPermission('notify:userannouncement:read')") + @Authorize("hasPermission('notify:userannouncement:read')") @Operation(summary = "用户公告信息", description = "用户公告信息") public R> getUserAnnouncements() { - Long userId = SecurityUtils.getUser().getUserId(); + Long userId = principalAttributeAccessor.getUserId(); return R.ok(announcementService.listActiveAnnouncements(userId)); } diff --git a/ballcat-business-notify/ballcat-notify-controller/src/main/java/org/ballcat/business/notify/controller/UserAnnouncementController.java b/ballcat-business-notify/ballcat-notify-controller/src/main/java/org/ballcat/business/notify/controller/UserAnnouncementController.java index 139a312..721e171 100644 --- a/ballcat-business-notify/ballcat-notify-controller/src/main/java/org/ballcat/business/notify/controller/UserAnnouncementController.java +++ b/ballcat-business-notify/ballcat-notify-controller/src/main/java/org/ballcat/business/notify/controller/UserAnnouncementController.java @@ -3,14 +3,14 @@ import org.ballcat.common.model.domain.PageParam; import org.ballcat.common.model.domain.PageResult; import org.ballcat.common.model.result.R; -import org.ballcat.springsecurity.util.SecurityUtils; +import org.ballcat.security.annotation.Authorize; +import org.ballcat.security.core.PrincipalAttributeAccessor; import org.ballcat.business.notify.model.qo.UserAnnouncementQO; import org.ballcat.business.notify.model.vo.UserAnnouncementPageVO; import org.ballcat.business.notify.service.UserAnnouncementService; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import lombok.RequiredArgsConstructor; -import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PatchMapping; @@ -31,6 +31,8 @@ public class UserAnnouncementController { private final UserAnnouncementService userAnnouncementService; + private final PrincipalAttributeAccessor principalAttributeAccessor; + /** * 分页查询 * @param pageParam 分页参数 @@ -38,7 +40,7 @@ public class UserAnnouncementController { * @return R 通用返回体 */ @GetMapping("/page") - @PreAuthorize("@per.hasPermission('notify:userannouncement:read')") + @Authorize("hasPermission('notify:userannouncement:read')") @Operation(summary = "分页查询", description = "分页查询") public R> getUserAnnouncementPage(@Validated PageParam pageParam, UserAnnouncementQO userAnnouncementQO) { @@ -46,10 +48,10 @@ public R> getUserAnnouncementPage(@Validated } @PatchMapping("/read/{announcementId}") - @PreAuthorize("@per.hasPermission('notify:userannouncement:read')") + @Authorize("hasPermission('notify:userannouncement:read')") @Operation(summary = "用户公告已读上报", description = "用户公告已读上报") public R readAnnouncement(@PathVariable("announcementId") Long announcementId) { - Long userId = SecurityUtils.getUser().getUserId(); + Long userId = principalAttributeAccessor.getUserId(); userAnnouncementService.readAnnouncement(userId, announcementId); return R.ok(); } diff --git a/ballcat-business-system/ballcat-system-biz/pom.xml b/ballcat-business-system/ballcat-system-biz/pom.xml index f89ed40..1695460 100644 --- a/ballcat-business-system/ballcat-system-biz/pom.xml +++ b/ballcat-business-system/ballcat-system-biz/pom.xml @@ -20,29 +20,24 @@ org.ballcat - ballcat-redis + ballcat-common-util org.ballcat - ballcat-mybatis-plus + ballcat-redis org.ballcat - ballcat-security-core + ballcat-mybatis-plus org.ballcat - ballcat-spring-security-oauth2-core + ballcat-security-core org.springframework.boot spring-boot-configuration-processor true - - org.ballcat - ballcat-spring-security-oauth2-authorization-server - true - diff --git a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/checker/AdminUserCheckerImpl.java b/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/checker/AdminUserCheckerImpl.java index 7509938..23d81ee 100644 --- a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/checker/AdminUserCheckerImpl.java +++ b/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/checker/AdminUserCheckerImpl.java @@ -3,7 +3,7 @@ import lombok.RequiredArgsConstructor; import org.ballcat.business.system.model.entity.SysUser; import org.ballcat.business.system.properties.SystemProperties; -import org.ballcat.springsecurity.util.SecurityUtils; +import org.ballcat.security.core.PrincipalAttributeAccessor; import org.springframework.stereotype.Service; import org.springframework.util.StringUtils; @@ -18,6 +18,8 @@ public class AdminUserCheckerImpl implements AdminUserChecker { private final SystemProperties systemProperties; + private final PrincipalAttributeAccessor principalAttributeAccessor; + @Override public boolean isAdminUser(SysUser user) { SystemProperties.Administrator administrator = systemProperties.getAdministrator(); @@ -32,7 +34,7 @@ public boolean isAdminUser(SysUser user) { public boolean hasModifyPermission(SysUser targetUser) { // 如果需要修改的用户是超级管理员,则只能本人修改 if (this.isAdminUser(targetUser)) { - return SecurityUtils.getUser().getUsername().equals(targetUser.getUsername()); + return principalAttributeAccessor.getName().equals(targetUser.getUsername()); } return true; } diff --git a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/component/AbstractPasswordHelper.java b/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/component/AbstractPasswordHelper.java new file mode 100644 index 0000000..52f2423 --- /dev/null +++ b/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/component/AbstractPasswordHelper.java @@ -0,0 +1,61 @@ +package org.ballcat.business.system.component; + +import org.ballcat.business.system.properties.SystemProperties; +import org.ballcat.common.core.exception.BusinessException; +import org.ballcat.common.util.AesUtils; +import org.ballcat.security.properties.SecurityProperties; +import org.springframework.util.StringUtils; + +import java.nio.charset.StandardCharsets; +import java.security.GeneralSecurityException; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +/** + * 密码相关的操作的辅助类 + * + * @author hccake + */ +public abstract class AbstractPasswordHelper implements PasswordHelper { + + private final String passwordSecretKey; + + private final Pattern passwordPattern; + + public AbstractPasswordHelper(SecurityProperties securityProperties, SystemProperties systemProperties) { + this.passwordSecretKey = securityProperties.getPasswordSecretKey(); + String passwordRule = systemProperties.getPasswordRule(); + this.passwordPattern = StringUtils.hasText(passwordRule) ? Pattern.compile(passwordRule) : null; + } + + /** + * 将前端传递过来的密文解密为明文 + * @param aesPass AES加密后的密文 + * @return 明文密码 + */ + public String decodeAes(String aesPass) { + try { + final byte[] secretKeyBytes = passwordSecretKey.getBytes(); + final byte[] passBytes = java.util.Base64.getDecoder().decode(aesPass); + final byte[] bytes = AesUtils.cbcDecrypt(passBytes, secretKeyBytes, secretKeyBytes); + return new String(bytes, StandardCharsets.UTF_8); + } + catch (GeneralSecurityException ex) { + throw new BusinessException(400, "密码密文解密异常!"); + } + } + + /** + * 校验密码是否符合规则 + * @param rawPassword 明文密码 + * @return 符合返回 true + */ + public boolean validateRule(String rawPassword) { + if (passwordPattern == null) { + return true; + } + Matcher matcher = passwordPattern.matcher(rawPassword); + return matcher.matches(); + } + +} diff --git a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/component/PasswordHelper.java b/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/component/PasswordHelper.java index e45eed8..9e4b662 100644 --- a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/component/PasswordHelper.java +++ b/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/component/PasswordHelper.java @@ -1,73 +1,31 @@ package org.ballcat.business.system.component; -import org.ballcat.business.system.properties.SystemProperties; -import org.ballcat.common.core.exception.BusinessException; -import org.ballcat.security.properties.SecurityProperties; -import org.ballcat.springsecurity.util.PasswordUtils; -import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.stereotype.Component; -import org.springframework.util.StringUtils; - -import java.security.GeneralSecurityException; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - /** * 密码相关的操作的辅助类 * * @author hccake */ -@Component -public class PasswordHelper { - - private final SecurityProperties securityProperties; - - private final PasswordEncoder passwordEncoder; - - private final Pattern passwordPattern; - - public PasswordHelper(SecurityProperties securityProperties, SystemProperties systemProperties, - PasswordEncoder passwordEncoder) { - this.securityProperties = securityProperties; - this.passwordEncoder = passwordEncoder; - String passwordRule = systemProperties.getPasswordRule(); - this.passwordPattern = StringUtils.hasText(passwordRule) ? Pattern.compile(passwordRule) : null; - } +public interface PasswordHelper { /** * 密码加密,单向加密,不可逆 * @param rawPassword 明文密码 * @return 加密后的密文 */ - public String encode(String rawPassword) { - return passwordEncoder.encode(rawPassword); - } + String encode(String rawPassword); /** * 将前端传递过来的密文解密为明文 * @param aesPass AES加密后的密文 * @return 明文密码 */ - public String decodeAes(String aesPass) { - try { - return PasswordUtils.decodeAES(aesPass, securityProperties.getPasswordSecretKey()); - } - catch (GeneralSecurityException ex) { - throw new BusinessException(400, "密码密文解密异常!"); - } - } + String decodeAes(String aesPass); /** * 校验密码是否符合规则 * @param rawPassword 明文密码 * @return 符合返回 true */ - public boolean validateRule(String rawPassword) { - if (passwordPattern == null) { - return true; - } - Matcher matcher = passwordPattern.matcher(rawPassword); - return matcher.matches(); - } + boolean validateRule(String rawPassword); } diff --git a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/mapper/SysUserRoleMapper.java b/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/mapper/SysUserRoleMapper.java index d13ff2f..0d026fb 100644 --- a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/mapper/SysUserRoleMapper.java +++ b/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/mapper/SysUserRoleMapper.java @@ -100,4 +100,11 @@ default boolean deleteUserRole(Long userId, String roleCode) { */ IPage queryUserPageByRoleCode(IPage page, @Param("qo") RoleBindUserQO roleCode); + /** + * 通过用户ID,查询角色codes + * @param userId 用户ID + * @return 用户拥有的角色code集合 + */ + List selectRoleCodeByUserId(Long userId); + } diff --git a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/service/SysUserRoleService.java b/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/service/SysUserRoleService.java index 4538617..6570178 100644 --- a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/service/SysUserRoleService.java +++ b/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/service/SysUserRoleService.java @@ -63,4 +63,11 @@ public interface SysUserRoleService extends ExtendService { */ boolean unbindRoleUser(Long userId, String roleCode); + /** + * 通过用户ID,查询角色Code列表 + * @param userId 用户ID + * @return List + */ + List listRoleCodes(Long userId); + } diff --git a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/service/impl/SysUserRoleServiceImpl.java b/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/service/impl/SysUserRoleServiceImpl.java index 73cbb0e..1378d9a 100644 --- a/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/service/impl/SysUserRoleServiceImpl.java +++ b/ballcat-business-system/ballcat-system-biz/src/main/java/org/ballcat/business/system/service/impl/SysUserRoleServiceImpl.java @@ -138,4 +138,9 @@ public boolean unbindRoleUser(Long userId, String roleCode) { return !baseMapper.existsRoleBind(userId, roleCode) || baseMapper.deleteUserRole(userId, roleCode); } + @Override + public List listRoleCodes(Long userId) { + return baseMapper.selectRoleCodeByUserId(userId); + } + } diff --git a/ballcat-business-system/ballcat-system-biz/src/main/resources/mapper/SysUserRoleMapper.xml b/ballcat-business-system/ballcat-system-biz/src/main/resources/mapper/SysUserRoleMapper.xml index f25deb3..e9f5319 100644 --- a/ballcat-business-system/ballcat-system-biz/src/main/resources/mapper/SysUserRoleMapper.xml +++ b/ballcat-business-system/ballcat-system-biz/src/main/resources/mapper/SysUserRoleMapper.xml @@ -1,7 +1,7 @@ - + - + + + diff --git a/ballcat-business-system/ballcat-system-controller/pom.xml b/ballcat-business-system/ballcat-system-controller/pom.xml index 8c751c1..ece7416 100644 --- a/ballcat-business-system/ballcat-system-controller/pom.xml +++ b/ballcat-business-system/ballcat-system-controller/pom.xml @@ -18,5 +18,9 @@ org.ballcat ballcat-log + + org.ballcat + ballcat-security-core + diff --git a/ballcat-business-system/ballcat-system-controller/src/main/java/org/ballcat/business/system/controller/SysMenuController.java b/ballcat-business-system/ballcat-system-controller/src/main/java/org/ballcat/business/system/controller/SysMenuController.java index 54efe3c..fe4fc9c 100644 --- a/ballcat-business-system/ballcat-system-controller/src/main/java/org/ballcat/business/system/controller/SysMenuController.java +++ b/ballcat-business-system/ballcat-system-controller/src/main/java/org/ballcat/business/system/controller/SysMenuController.java @@ -3,6 +3,7 @@ import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; import org.ballcat.business.system.converter.SysMenuConverter; import org.ballcat.business.system.enums.SysMenuType; import org.ballcat.business.system.model.dto.SysMenuCreateDTO; @@ -13,15 +14,15 @@ import org.ballcat.business.system.model.vo.SysMenuPageVO; import org.ballcat.business.system.model.vo.SysMenuRouterVO; import org.ballcat.business.system.service.SysMenuService; +import org.ballcat.business.system.service.SysUserRoleService; import org.ballcat.common.model.result.BaseResultCode; import org.ballcat.common.model.result.R; +import org.ballcat.common.util.Assert; import org.ballcat.log.operation.annotation.CreateOperationLogging; import org.ballcat.log.operation.annotation.DeleteOperationLogging; import org.ballcat.log.operation.annotation.UpdateOperationLogging; -import org.ballcat.springsecurity.oauth2.constant.UserAttributeNameConstants; -import org.ballcat.springsecurity.oauth2.userdetails.User; -import org.ballcat.springsecurity.util.SecurityUtils; -import org.springframework.security.access.prepost.PreAuthorize; +import org.ballcat.security.annotation.Authorize; +import org.ballcat.security.core.PrincipalAttributeAccessor; import org.springframework.util.CollectionUtils; import org.springframework.web.bind.annotation.*; @@ -34,6 +35,7 @@ * * @author hccake 2021-04-06 17:59:51 */ +@Slf4j @RestController @RequiredArgsConstructor @RequestMapping("/system/menu") @@ -42,6 +44,10 @@ public class SysMenuController { private final SysMenuService sysMenuService; + private final SysUserRoleService userRoleService; + + private final PrincipalAttributeAccessor principalAttributeAccessor; + /** * 返回当前用户的路由集合 * @return 当前用户的路由 @@ -50,16 +56,11 @@ public class SysMenuController { @Operation(summary = "动态路由", description = "动态路由") public R> getUserPermission() { // 获取角色Code - User user = SecurityUtils.getUser(); - Map attributes = user.getAttributes(); - - Object rolesObject = attributes.get(UserAttributeNameConstants.ROLE_CODES); - if (!(rolesObject instanceof Collection)) { - return R.ok(new ArrayList<>()); - } + Long userId = principalAttributeAccessor.getUserId(); + Assert.notNull(userId, () -> new SecurityException("获取登录用户信息失败!")); - @SuppressWarnings("unchecked") - Collection roleCodes = (Collection) rolesObject; + // 获取用户角色 + List roleCodes = userRoleService.listRoleCodes(userId); if (CollectionUtils.isEmpty(roleCodes)) { return R.ok(new ArrayList<>()); } @@ -84,7 +85,7 @@ public R> getUserPermission() { * @return R 通用返回体 */ @GetMapping("/list") - @PreAuthorize("@per.hasPermission('system:menu:read')") + @Authorize("hasPermission('system:menu:read')") @Operation(summary = "查询菜单列表", description = "查询菜单列表") public R> getSysMenuPage(SysMenuQO sysMenuQO) { List sysMenus = sysMenuService.listOrderBySort(sysMenuQO); @@ -102,7 +103,7 @@ public R> getSysMenuPage(SysMenuQO sysMenuQO) { * @return R 通用返回体 */ @GetMapping("/grant-list") - @PreAuthorize("@per.hasPermission('system:menu:read')") + @Authorize("hasPermission('system:menu:read')") @Operation(summary = "查询授权菜单列表", description = "查询授权菜单列表") public R> getSysMenuGrantList() { List sysMenus = sysMenuService.list(); @@ -122,7 +123,7 @@ public R> getSysMenuGrantList() { */ @CreateOperationLogging(msg = "新增菜单权限") @PostMapping - @PreAuthorize("@per.hasPermission('system:menu:add')") + @Authorize("hasPermission('system:menu:add')") @Operation(summary = "新增菜单权限", description = "新增菜单权限") public R save(@Valid @RequestBody SysMenuCreateDTO sysMenuCreateDTO) { return sysMenuService.create(sysMenuCreateDTO) ? R.ok() @@ -136,7 +137,7 @@ public R save(@Valid @RequestBody SysMenuCreateDTO sysMenuCreateDTO) { */ @UpdateOperationLogging(msg = "修改菜单权限") @PutMapping - @PreAuthorize("@per.hasPermission('system:menu:edit')") + @Authorize("hasPermission('system:menu:edit')") @Operation(summary = "修改菜单权限", description = "修改菜单权限") public R updateById(@RequestBody SysMenuUpdateDTO sysMenuUpdateDTO) { sysMenuService.update(sysMenuUpdateDTO); @@ -150,7 +151,7 @@ public R updateById(@RequestBody SysMenuUpdateDTO sysMenuUpdateDTO) { */ @DeleteOperationLogging(msg = "通过id删除菜单权限") @DeleteMapping("/{id}") - @PreAuthorize("@per.hasPermission('system:menu:del')") + @Authorize("hasPermission('system:menu:del')") @Operation(summary = "通过id删除菜单权限", description = "通过id删除菜单权限") public R removeById(@PathVariable("id") Long id) { return sysMenuService.removeById(id) ? R.ok() : R.failed(BaseResultCode.UPDATE_DATABASE_ERROR, "通过id删除菜单权限失败"); diff --git a/ballcat-business-system/ballcat-system-controller/src/main/java/org/ballcat/business/system/controller/SysOrganizationController.java b/ballcat-business-system/ballcat-system-controller/src/main/java/org/ballcat/business/system/controller/SysOrganizationController.java index c2d0adb..069f83a 100644 --- a/ballcat-business-system/ballcat-system-controller/src/main/java/org/ballcat/business/system/controller/SysOrganizationController.java +++ b/ballcat-business-system/ballcat-system-controller/src/main/java/org/ballcat/business/system/controller/SysOrganizationController.java @@ -15,7 +15,7 @@ import org.ballcat.log.operation.annotation.CreateOperationLogging; import org.ballcat.log.operation.annotation.DeleteOperationLogging; import org.ballcat.log.operation.annotation.UpdateOperationLogging; -import org.springframework.security.access.prepost.PreAuthorize; +import org.ballcat.security.annotation.Authorize; import org.springframework.util.CollectionUtils; import org.springframework.web.bind.annotation.*; @@ -42,7 +42,7 @@ public class SysOrganizationController { * @return R 通用返回体 */ @GetMapping("/list") - @PreAuthorize("@per.hasPermission('system:organization:read')") + @Authorize("hasPermission('system:organization:read')") @Operation(summary = "组织架构列表查询") public R> listOrganization() { List list = sysOrganizationService.list(); @@ -62,7 +62,7 @@ public R> listOrganization() { * @return R 通用返回体 */ @GetMapping("/tree") - @PreAuthorize("@per.hasPermission('system:organization:read')") + @Authorize("hasPermission('system:organization:read')") @Operation(summary = "组织架构树查询") public R> getOrganizationTree(SysOrganizationQO qo) { return R.ok(sysOrganizationService.listTree(qo)); @@ -75,7 +75,7 @@ public R> getOrganizationTree(SysOrganizationQO qo) { */ @CreateOperationLogging(msg = "新增组织架构") @PostMapping - @PreAuthorize("@per.hasPermission('system:organization:add')") + @Authorize("hasPermission('system:organization:add')") @Operation(summary = "新增组织架构") public R save(@RequestBody SysOrganizationDTO sysOrganizationDTO) { return sysOrganizationService.create(sysOrganizationDTO) ? R.ok() @@ -89,7 +89,7 @@ public R save(@RequestBody SysOrganizationDTO sysOrganizationDTO) { */ @UpdateOperationLogging(msg = "修改组织架构") @PutMapping - @PreAuthorize("@per.hasPermission('system:organization:edit')") + @Authorize("hasPermission('system:organization:edit')") @Operation(summary = "修改组织架构") public R updateById(@RequestBody SysOrganizationDTO sysOrganizationDTO) { return sysOrganizationService.update(sysOrganizationDTO) ? R.ok() @@ -103,7 +103,7 @@ public R updateById(@RequestBody SysOrganizationDTO sysOrganizationDTO) { */ @DeleteOperationLogging(msg = "通过id删除组织架构") @DeleteMapping("/{id}") - @PreAuthorize("@per.hasPermission('system:organization:del')") + @Authorize("hasPermission('system:organization:del')") @Operation(summary = "通过id删除组织架构") public R removeById(@PathVariable("id") Long id) { return sysOrganizationService.removeById(id) ? R.ok() @@ -116,7 +116,7 @@ public R removeById(@PathVariable("id") Long id) { */ @UpdateOperationLogging(msg = "校正组织机构层级和深度") @PatchMapping("/revised") - @PreAuthorize("@per.hasPermission('system:organization:revised')") + @Authorize("hasPermission('system:organization:revised')") @Operation(summary = "校正组织机构层级和深度") public R revisedHierarchyAndPath() { return sysOrganizationService.revisedHierarchyAndPath() ? R.ok() diff --git a/ballcat-business-system/ballcat-system-controller/src/main/java/org/ballcat/business/system/controller/SysRoleController.java b/ballcat-business-system/ballcat-system-controller/src/main/java/org/ballcat/business/system/controller/SysRoleController.java index 442de28..63ee0c3 100644 --- a/ballcat-business-system/ballcat-system-controller/src/main/java/org/ballcat/business/system/controller/SysRoleController.java +++ b/ballcat-business-system/ballcat-system-controller/src/main/java/org/ballcat/business/system/controller/SysRoleController.java @@ -24,7 +24,7 @@ import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import lombok.RequiredArgsConstructor; -import org.springframework.security.access.prepost.PreAuthorize; +import org.ballcat.security.annotation.Authorize; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; @@ -63,7 +63,7 @@ public class SysRoleController { * @return PageResult 分页结果 */ @GetMapping("/page") - @PreAuthorize("@per.hasPermission('system:role:read')") + @Authorize("hasPermission('system:role:read')") public R> getRolePage(@Validated PageParam pageParam, SysRoleQO sysRoleQo) { return R.ok(sysRoleService.queryPage(pageParam, sysRoleQo)); } @@ -74,7 +74,7 @@ public R> getRolePage(@Validated PageParam pageParam, * @return 角色信息 */ @GetMapping("/{id}") - @PreAuthorize("@per.hasPermission('system:role:read')") + @Authorize("hasPermission('system:role:read')") public R getById(@PathVariable("id") Long id) { return R.ok(sysRoleService.getById(id)); } @@ -86,7 +86,7 @@ public R getById(@PathVariable("id") Long id) { */ @CreateOperationLogging(msg = "新增系统角色") @PostMapping - @PreAuthorize("@per.hasPermission('system:role:add')") + @Authorize("hasPermission('system:role:add')") @Operation(summary = "新增系统角色", description = "新增系统角色") public R save(@Valid @RequestBody SysRole sysRole) { return sysRoleService.save(sysRole) ? R.ok() : R.failed(BaseResultCode.UPDATE_DATABASE_ERROR, "新建角色失败"); @@ -99,7 +99,7 @@ public R save(@Valid @RequestBody SysRole sysRole) { */ @UpdateOperationLogging(msg = "修改系统角色") @PutMapping - @PreAuthorize("@per.hasPermission('system:role:edit')") + @Authorize("hasPermission('system:role:edit')") @Operation(summary = "修改系统角色", description = "修改系统角色") public R update(@Valid @RequestBody SysRoleUpdateDTO roleUpdateDTO) { SysRole sysRole = SysRoleConverter.INSTANCE.dtoToPo(roleUpdateDTO); @@ -113,7 +113,7 @@ public R update(@Valid @RequestBody SysRoleUpdateDTO roleUpdateDTO) { */ @DeleteMapping("/{id}") @DeleteOperationLogging(msg = "通过id删除系统角色") - @PreAuthorize("@per.hasPermission('system:role:del')") + @Authorize("hasPermission('system:role:del')") @Operation(summary = "通过id删除系统角色", description = "通过id删除系统角色") public R removeById(@PathVariable("id") Long id) { SysRole oldRole = sysRoleService.getById(id); @@ -143,7 +143,7 @@ public R> listRoles() { */ @PutMapping("/permission/code/{roleCode}") @UpdateOperationLogging(msg = "更新角色权限") - @PreAuthorize("@per.hasPermission('system:role:grant')") + @Authorize("hasPermission('system:role:grant')") @Operation(summary = "更新角色权限", description = "更新角色权限") public R savePermissionIds(@PathVariable("roleCode") String roleCode, @RequestBody Long[] permissionIds) { return R.ok(sysRoleMenuService.saveRoleMenus(roleCode, permissionIds)); @@ -176,7 +176,7 @@ public R>> listSelectData() { * @return R */ @GetMapping("/user/page") - @PreAuthorize("@per.hasPermission('system:role:grant')") + @Authorize("hasPermission('system:role:grant')") @Operation(summary = "查看已授权指定角色的用户列表", description = "查看已授权指定角色的用户列表") public R> queryUserPageByRoleCode(PageParam pageParam, @Valid RoleBindUserQO roleBindUserQO) { @@ -188,7 +188,7 @@ public R> queryUserPageByRoleCode(PageParam pageParam * @return R */ @DeleteMapping("/user") - @PreAuthorize("@per.hasPermission('system:role:grant')") + @Authorize("hasPermission('system:role:grant')") @Operation(summary = "解绑与用户绑定关系", description = "解绑与用户绑定关系") public R unbindRoleUser(@RequestParam("userId") Long userId, @RequestParam("roleCode") String roleCode) { return R.ok(sysUserRoleService.unbindRoleUser(userId, roleCode)); diff --git a/ballcat-business-system/ballcat-system-controller/src/main/java/org/ballcat/business/system/controller/SysUserController.java b/ballcat-business-system/ballcat-system-controller/src/main/java/org/ballcat/business/system/controller/SysUserController.java index 2ff5013..bf2ac10 100644 --- a/ballcat-business-system/ballcat-system-controller/src/main/java/org/ballcat/business/system/controller/SysUserController.java +++ b/ballcat-business-system/ballcat-system-controller/src/main/java/org/ballcat/business/system/controller/SysUserController.java @@ -28,7 +28,7 @@ import io.swagger.v3.oas.annotations.tags.Tag; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import org.springframework.security.access.prepost.PreAuthorize; +import org.ballcat.security.annotation.Authorize; import org.springframework.util.CollectionUtils; import org.springframework.validation.annotation.Validated; import org.springframework.web.bind.annotation.DeleteMapping; @@ -75,7 +75,7 @@ public class SysUserController { * @return 用户集合 */ @GetMapping("/page") - @PreAuthorize("@per.hasPermission('system:user:read')") + @Authorize("hasPermission('system:user:read')") @Operation(summary = "分页查询系统用户") public R> getUserPage(@Validated PageParam pageParam, SysUserQO qo) { return R.ok(sysUserService.queryPage(pageParam, qo)); @@ -86,7 +86,7 @@ public R> getUserPage(@Validated PageParam pageParam, * @return 用户SelectData */ @GetMapping("/select") - @PreAuthorize("@per.hasPermission('system:user:read')") + @Authorize("hasPermission('system:user:read')") @Operation(summary = "获取用户下拉列表数据") public R>> listSelectData( @RequestParam(value = "userTypes", required = false) List userTypes) { @@ -99,7 +99,7 @@ public R>> listSelectData( * @return SysUserInfo */ @GetMapping("/{userId}") - @PreAuthorize("@per.hasPermission('system:user:read')") + @Authorize("hasPermission('system:user:read')") @Operation(summary = "获取指定用户的基本信息") public R getSysUserInfo(@PathVariable("userId") Long userId) { SysUser sysUser = sysUserService.getById(userId); @@ -117,7 +117,7 @@ public R getSysUserInfo(@PathVariable("userId") Long userId) { */ @PostMapping @CreateOperationLogging(msg = "新增系统用户") - @PreAuthorize("@per.hasPermission('system:user:add')") + @Authorize("hasPermission('system:user:add')") @Operation(summary = "新增系统用户", description = "新增系统用户") public R addSysUser(@Validated({ Default.class, CreateGroup.class }) @RequestBody SysUserDTO sysUserDTO) { SysUser user = sysUserService.getByUsername(sysUserDTO.getUsername()); @@ -146,7 +146,7 @@ public R addSysUser(@Validated({ Default.class, CreateGroup.class }) @Requ */ @PutMapping @UpdateOperationLogging(msg = "修改系统用户") - @PreAuthorize("@per.hasPermission('system:user:edit')") + @Authorize("hasPermission('system:user:edit')") @Operation(summary = "修改系统用户", description = "修改系统用户") public R updateUserInfo(@Validated({ Default.class, UpdateGroup.class }) @RequestBody SysUserDTO sysUserDto) { return sysUserService.updateSysUser(sysUserDto) ? R.ok() @@ -158,7 +158,7 @@ public R updateUserInfo(@Validated({ Default.class, UpdateGroup.class }) @ */ @DeleteMapping("/{userId}") @DeleteOperationLogging(msg = "通过id删除系统用户") - @PreAuthorize("@per.hasPermission('system:user:del')") + @Authorize("hasPermission('system:user:del')") @Operation(summary = "通过id删除系统用户", description = "通过id删除系统用户") public R deleteByUserId(@PathVariable("userId") Long userId) { return sysUserService.deleteByUserId(userId) ? R.ok() @@ -170,7 +170,7 @@ public R deleteByUserId(@PathVariable("userId") Long userId) { * @param userId userId */ @GetMapping("/scope/{userId}") - @PreAuthorize("@per.hasPermission('system:user:grant')") + @Authorize("hasPermission('system:user:grant')") public R getUserRoleIds(@PathVariable("userId") Long userId) { List roleList = sysUserRoleService.listRoles(userId); @@ -193,7 +193,7 @@ public R getUserRoleIds(@PathVariable("userId") Long userId) { */ @PutMapping("/scope/{userId}") @UpdateOperationLogging(msg = "系统用户授权") - @PreAuthorize("@per.hasPermission('system:user:grant')") + @Authorize("hasPermission('system:user:grant')") @Operation(summary = "系统用户授权", description = "系统用户授权") public R updateUserScope(@PathVariable("userId") Long userId, @RequestBody SysUserScope sysUserScope) { return sysUserService.updateUserScope(userId, sysUserScope) ? R.ok() @@ -205,7 +205,7 @@ public R updateUserScope(@PathVariable("userId") Long userId, @RequestBody */ @PutMapping("/pass/{userId}") @UpdateOperationLogging(msg = "修改系统用户密码") - @PreAuthorize("@per.hasPermission('system:user:pass')") + @Authorize("hasPermission('system:user:pass')") @Operation(summary = "修改系统用户密码", description = "修改系统用户密码") public R updateUserPass(@PathVariable("userId") Long userId, @RequestBody SysUserPassDTO sysUserPassDTO) { String pass = sysUserPassDTO.getPass(); @@ -230,7 +230,7 @@ public R updateUserPass(@PathVariable("userId") Long userId, @RequestBody */ @PutMapping("/status") @UpdateOperationLogging(msg = "批量修改用户状态") - @PreAuthorize("@per.hasPermission('system:user:edit')") + @Authorize("hasPermission('system:user:edit')") @Operation(summary = "批量修改用户状态", description = "批量修改用户状态") public R updateUserStatus(@NotEmpty(message = "用户ID不能为空") @RequestBody List userIds, @NotNull(message = "用户状态不能为空") @RequestParam("status") Integer status) { @@ -244,7 +244,7 @@ public R updateUserStatus(@NotEmpty(message = "用户ID不能为空") @Req } @UpdateOperationLogging(msg = "修改系统用户头像") - @PreAuthorize("@per.hasPermission('system:user:edit')") + @Authorize("hasPermission('system:user:edit')") @PostMapping("/avatar") @Operation(summary = "修改系统用户头像", description = "修改系统用户头像") public R updateAvatar(@RequestParam("file") MultipartFile file, @RequestParam("userId") Long userId) { diff --git a/db/2ballcat-1.3.0.sql b/db/2ballcat-1.3.0.sql index f3b2fa8..fcb6c02 100644 --- a/db/2ballcat-1.3.0.sql +++ b/db/2ballcat-1.3.0.sql @@ -614,7 +614,6 @@ INSERT INTO `sys_user_role` VALUES (1, 1, 'ROLE_ADMIN'); INSERT INTO `sys_user_role` VALUES (6, 10, 'ROLE_SALES_EXECUTIVE'); INSERT INTO `sys_user_role` VALUES (4, 1, 'ROLE_TEST'); - /* IMPORTANT: If using PostgreSQL, update ALL columns defined with 'blob' to 'text',