update

mec-auth/mec-auth-api/src/main/java/com/ym/mec/auth/api/dto/SysUserInfo.java

@@ -23,7 +23,7 @@ public class SysUserInfo implements Serializable {
 	/**
 	 * 角色集合
 	 */
-	private Integer[] roles;
+	private String[] roles;
 
 	public SysUser getSysUser() {
 		return sysUser;
@@ -41,11 +41,11 @@ public class SysUserInfo implements Serializable {
 		this.permissions = permissions;
 	}
 
-	public Integer[] getRoles() {
+	public String[] getRoles() {
 		return roles;
 	}
 
-	public void setRoles(Integer[] roles) {
+	public void setRoles(String[] roles) {
 		this.roles = roles;
 	}
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/config/WebSecurityConfig.java

@@ -20,20 +20,16 @@ import com.ym.mec.auth.core.filter.UsernameAuthenticationFilter;
 import com.ym.mec.auth.core.handler.BaseAuthenticationFailureEvenHandler;
 import com.ym.mec.auth.core.handler.BaseAuthenticationSuccessEventHandler;
 import com.ym.mec.auth.core.provider.PhoneAuthenticationProvider;
-import com.ym.mec.auth.core.provider.service.PhoneUserDetailService;
-import com.ym.mec.auth.core.provider.service.UsernameUserDetailsService;
+import com.ym.mec.auth.core.provider.service.DefaultUserDetailsService;
 import com.ym.mec.common.validcode.SmsCodeService;
 
 @Configuration
 @EnableWebSecurity
-@EnableGlobalMethodSecurity(prePostEnabled = true)
+@EnableGlobalMethodSecurity(prePostEnabled = true)//会拦截注解了@PreAuthrize注解的配置.
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
 	@Autowired
-	private UsernameUserDetailsService usernameUserDetailsService;
-	
-	@Autowired
-	private PhoneUserDetailService phoneUserDetailService;
+	private DefaultUserDetailsService defaultUserDetailsService;
 	
 	@Autowired
 	private PhoneAuthenticationProvider phoneAuthenticationProvider;
@@ -92,7 +88,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 	public DaoAuthenticationProvider daoAuthenticationProvider() {
 		DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
 		// 设置userDetailsService
-		provider.setUserDetailsService(usernameUserDetailsService);
+		provider.setUserDetailsService(defaultUserDetailsService);
 		// 禁止隐藏用户未找到异常
 		provider.setHideUserNotFoundExceptions(false);
 		// 使用BCrypt进行密码的hash
@@ -104,7 +100,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     public PhoneAuthenticationProvider phoneAuthenticationProvider(){
     	PhoneAuthenticationProvider provider = new PhoneAuthenticationProvider();
         // 设置userDetailsService
-        provider.setUserDetailsService(phoneUserDetailService);
+        provider.setUserDetailsService(defaultUserDetailsService);
         //provider.setSmsCodeService(smsCodeService);
 		// 禁止隐藏用户未找到异常
 		provider.setHideUserNotFoundExceptions(false);

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/config/constant/SecurityConstants.java

@@ -0,0 +1,8 @@
+package com.ym.mec.auth.config.constant;
+
+public interface SecurityConstants {
+
+	public static final String USERNAME_PRINCIPAL_PREFIX = "username:";
+
+	public static final String PHONE_PRINCIPAL_PREFIX = "phone:";
+}

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/PhoneLoginAuthenticationFilter.java

@@ -14,57 +14,56 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
+import com.ym.mec.auth.config.constant.SecurityConstants;
 import com.ym.mec.auth.config.token.PhoneAuthenticationToken;
 
 public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 
-    private static final String SPRING_SECURITY_RESTFUL_PHONE_KEY = "phone";
-    private static final String SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY = "smsCode";
+	private static final String SPRING_SECURITY_RESTFUL_PHONE_KEY = "phone";
+	private static final String SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY = "smsCode";
 
-    private static final String SPRING_SECURITY_RESTFUL_LOGIN_URL = "/smsLogin";
-    private boolean postOnly = true;
+	private static final String SPRING_SECURITY_RESTFUL_LOGIN_URL = "/smsLogin";
+	private boolean postOnly = true;
 
-    public PhoneLoginAuthenticationFilter() {
-        super(new AntPathRequestMatcher(SPRING_SECURITY_RESTFUL_LOGIN_URL, "POST"));
-    }
-    
-    @Override
-    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
-        if (postOnly && !request.getMethod().equals("POST")) {
-            throw new AuthenticationServiceException(
-                    "Authentication method not supported: " + request.getMethod());
-        }
+	public PhoneLoginAuthenticationFilter() {
+		super(new AntPathRequestMatcher(SPRING_SECURITY_RESTFUL_LOGIN_URL, "POST"));
+	}
+
+	@Override
+	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
+		if (postOnly && !request.getMethod().equals("POST")) {
+			throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
+		}
 
-        AbstractAuthenticationToken authRequest;
-        String principal;
-        String credentials;
+		AbstractAuthenticationToken authRequest;
+		String principal;
+		String credentials;
 
-        // 手机验证码登陆
-        principal = obtainParameter(request, SPRING_SECURITY_RESTFUL_PHONE_KEY);
-        credentials = obtainParameter(request, SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY);
+		// 手机验证码登陆
+		principal = obtainParameter(request, SPRING_SECURITY_RESTFUL_PHONE_KEY);
+		credentials = obtainParameter(request, SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY);
 
-        principal = principal.trim();
-        authRequest = new PhoneAuthenticationToken(principal, credentials);
+		principal = principal.trim();
+		authRequest = new PhoneAuthenticationToken(SecurityConstants.PHONE_PRINCIPAL_PREFIX + principal, credentials);
 
-        // Allow subclasses to set the "details" property
-        setDetails(request, authRequest);
-        return this.getAuthenticationManager().authenticate(authRequest);
-    }
+		// Allow subclasses to set the "details" property
+		setDetails(request, authRequest);
+		return this.getAuthenticationManager().authenticate(authRequest);
+	}
 
 	@Override
-	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
-			FilterChain chain, Authentication authResult) throws IOException, ServletException {
+	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult)
+			throws IOException, ServletException {
 		super.successfulAuthentication(request, response, chain, authResult);
 		chain.doFilter(request, response);
 	}
 
-    private void setDetails(HttpServletRequest request,
-                            AbstractAuthenticationToken authRequest) {
-        authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
-    }
+	private void setDetails(HttpServletRequest request, AbstractAuthenticationToken authRequest) {
+		authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
+	}
 
-    private String obtainParameter(HttpServletRequest request, String parameter) {
-        String result =  request.getParameter(parameter);
-        return result == null ? "" : result;
-    }
+	private String obtainParameter(HttpServletRequest request, String parameter) {
+		String result = request.getParameter(parameter);
+		return result == null ? "" : result;
+	}
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/UsernameAuthenticationFilter.java

@@ -10,6 +10,8 @@ import org.springframework.security.web.authentication.AbstractAuthenticationPro
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.util.Assert;
 
+import com.ym.mec.auth.config.constant.SecurityConstants;
+
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -57,7 +59,7 @@ public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessi
 		password = password.trim();
 
 		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
-				username, password);
+				SecurityConstants.USERNAME_PRINCIPAL_PREFIX + username, password);
 
 		// Allow subclasses to set the "details" property
 		setDetails(request, authRequest);

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/provider/PhoneAuthenticationProvider.java

@@ -1,5 +1,6 @@
 package com.ym.mec.auth.core.provider;
 
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.InternalAuthenticationServiceException;
 import org.springframework.security.core.Authentication;
@@ -8,6 +9,7 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
+import com.ym.mec.auth.config.constant.SecurityConstants;
 import com.ym.mec.auth.config.token.PhoneAuthenticationToken;
 import com.ym.mec.common.validcode.SmsCodeService;
 
@@ -27,7 +29,7 @@ public class PhoneAuthenticationProvider extends AbstractAuthenticationProvider
 			String phone = authentication.getPrincipal().toString();
 
 			// 验证码验证
-			smsCodeService.verifyValidCode(phone, smsCode);
+			smsCodeService.verifyValidCode(StringUtils.substringAfter(phone, SecurityConstants.PHONE_PRINCIPAL_PREFIX), smsCode);
 		}
 	}
 

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/provider/service/UsernameUserDetailsService.java → mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/provider/service/DefaultUserDetailsService.java

@@ -2,7 +2,9 @@ package com.ym.mec.auth.core.provider.service;
 
 import com.ym.mec.auth.api.dto.SysUserInfo;
 import com.ym.mec.auth.api.entity.SysUser;
+import com.ym.mec.auth.config.constant.SecurityConstants;
 import com.ym.mec.auth.service.SysUserService;
+
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.GrantedAuthority;
@@ -17,7 +19,7 @@ import org.springframework.stereotype.Service;
 import java.util.List;
 
 @Service
-public class UsernameUserDetailsService implements UserDetailsService {
+public class DefaultUserDetailsService implements UserDetailsService {
 
 	@Autowired
 	private PasswordEncoder passwordEncoder;
@@ -29,12 +31,18 @@ public class UsernameUserDetailsService implements UserDetailsService {
 
 	@Override
 	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
-		if(StringUtils.isBlank(username)){
+		if (StringUtils.isBlank(username)) {
 			return null;
 		}
 
-		SysUserInfo userInfo = sysUserService.queryUserInfoByUsername(username);
-		if(userInfo == null){
+		SysUserInfo userInfo = null;
+
+		if (StringUtils.startsWith(username, SecurityConstants.PHONE_PRINCIPAL_PREFIX)) {
+			userInfo = sysUserService.queryUserInfoByPhone(StringUtils.substringAfter(username, SecurityConstants.PHONE_PRINCIPAL_PREFIX));
+		} else {
+			userInfo = sysUserService.queryUserInfoByUsername(StringUtils.substringAfter(username, SecurityConstants.USERNAME_PRINCIPAL_PREFIX));
+		}
+		if (userInfo == null) {
 			throw new UsernameNotFoundException("用户不存在");
 		}
 
@@ -42,8 +50,7 @@ public class UsernameUserDetailsService implements UserDetailsService {
 
 		SysUser sysUser = userInfo.getSysUser();
 
-		return new User(username, BCRYPT + sysUser.getPassword(), StringUtils.equals(sysUser.getLockFlag(), "0"), true, true, true,
-				authorities);
+		return new User(username, BCRYPT + sysUser.getPassword(), StringUtils.equals(sysUser.getLockFlag(), "0"), true, true, true, authorities);
 	}
 
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/provider/service/PhoneUserDetailService.java

@@ -1,37 +0,0 @@
-package com.ym.mec.auth.core.provider.service;
-
-import com.ym.mec.auth.api.dto.SysUserInfo;
-import com.ym.mec.auth.api.entity.SysUser;
-import com.ym.mec.auth.service.SysUserService;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.AuthorityUtils;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.stereotype.Service;
-import java.util.List;
-
-@Service
-public class PhoneUserDetailService implements UserDetailsService {
-
-    @Autowired
-    private SysUserService sysUserService;
-
-    @Override
-    public UserDetails loadUserByUsername(String phone) throws UsernameNotFoundException {
-        SysUserInfo userInfo = sysUserService.queryUserInfoByPhone(phone);
-        if(userInfo == null){
-            return null;
-        }
-        List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList(userInfo.getPermissions());
-
-        SysUser sysUser = userInfo.getSysUser();
-
-        return new User(phone, "", StringUtils.equals(sysUser.getLockFlag(), "0"), true, true, true,
-                authorities);
-    }
-
-}

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/service/PermissionCheckService.java

@@ -0,0 +1,70 @@
+package com.ym.mec.auth.core.service;
+
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+
+import com.ym.mec.auth.api.dto.SysUserInfo;
+import com.ym.mec.auth.config.constant.SecurityConstants;
+import com.ym.mec.auth.service.SysUserService;
+
+@Component("pcs")
+public class PermissionCheckService {
+
+	@Autowired
+	private SysUserService sysUserService;
+
+	public boolean hasPermissions(String... permissions) {
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+		if (authentication == null) {
+			return false;
+		}
+
+		Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
+
+		for (String perm : permissions) {
+			if (authorities.contains(perm)) {
+				return true;
+			}
+		}
+
+		return false;
+	}
+
+	public boolean hasRoles(String... roles) {
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+		if (authentication == null) {
+			return false;
+		}
+
+		SysUserInfo userInfo = queryUserInfo(authentication.getPrincipal().toString());
+
+		List<String> rolesList = Arrays.asList(userInfo.getRoles());
+
+		for (String role : roles) {
+			if (rolesList.contains(role)) {
+				return true;
+			}
+		}
+
+		return false;
+	}
+
+	private SysUserInfo queryUserInfo(String username) {
+		SysUserInfo userInfo = null;
+
+		if (StringUtils.startsWith(username, SecurityConstants.PHONE_PRINCIPAL_PREFIX)) {
+			userInfo = sysUserService.queryUserInfoByPhone(StringUtils.substringAfter(username, SecurityConstants.PHONE_PRINCIPAL_PREFIX));
+		} else {
+			userInfo = sysUserService.queryUserInfoByUsername(StringUtils.substringAfter(username, SecurityConstants.USERNAME_PRINCIPAL_PREFIX));
+		}
+		return userInfo;
+	}
+}

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/dal/dao/SysUserRoleDao.java

@@ -13,4 +13,11 @@ public interface SysUserRoleDao extends BaseDAO<Integer, SysUserRole> {
 	 * @return
 	 */
 	List<Integer> queryRoleIdListByUserId(Integer userId);
+	
+	/**
+	 * 查询指定用户的角色编码
+	 * @param userId
+	 * @return
+	 */
+	List<String> queryRoleCodeListByUserId(Integer userId);
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/service/SysUserRoleService.java

@@ -13,4 +13,11 @@ public interface SysUserRoleService extends BaseService<Integer, SysUserRole> {
 	 * @return
 	 */
 	List<Integer> queryRoleIdListByUserId(Integer userId);
+
+	/**
+	 * 查询指定用户的角色编码
+	 * @param userId
+	 * @return
+	 */
+	List<String> queryRoleCodeListByUserId(Integer userId);
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/service/impl/SysUserRoleServiceImpl.java

@@ -26,5 +26,10 @@ public class SysUserRoleServiceImpl extends BaseServiceImpl<Integer, SysUserRole
 	public List<Integer> queryRoleIdListByUserId(Integer userId) {
 		return sysUserRoleDao.queryRoleIdListByUserId(userId);
 	}
+
+	@Override
+	public List<String> queryRoleCodeListByUserId(Integer userId) {
+		return sysUserRoleDao.queryRoleCodeListByUserId(userId);
+	}
 	
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/service/impl/SysUserServiceImpl.java

@@ -55,17 +55,19 @@ public class SysUserServiceImpl extends BaseServiceImpl<Integer, SysUser> implem
 		return getSysUserInfo(sysUser);
 	}
 
-	private SysUserInfo getSysUserInfo(SysUser sysUser){
-		if(sysUser == null){
+	private SysUserInfo getSysUserInfo(SysUser sysUser) {
+		if (sysUser == null) {
 			return null;
 		}
 		SysUserInfo userInfo = new SysUserInfo();
 		userInfo.setSysUser(sysUser);
 
-		List<Integer> roleIdList = sysUserRoleService.queryRoleIdListByUserId(sysUser.getUserId());
-		userInfo.setRoles(roleIdList.toArray(new Integer[roleIdList.size()]));
+		List<String> roleCodeList = sysUserRoleService.queryRoleCodeListByUserId(sysUser.getUserId());
+		userInfo.setRoles(roleCodeList.toArray(new String[roleCodeList.size()]));
 
+		List<Integer> roleIdList = sysUserRoleService.queryRoleIdListByUserId(sysUser.getUserId());
 		List<String> permissionList = sysRoleMenuService.queryPermissionsByRoleIdList(roleIdList);
+
 		userInfo.setPermissions(permissionList.toArray(new String[permissionList.size()]));
 
 		return userInfo;

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/web/controller/SmsCodeController.java

@@ -5,6 +5,7 @@ import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiOperation;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -23,6 +24,7 @@ public class SmsCodeController extends BaseController {
     @ApiOperation("发送登录短信验证码")
     @ApiImplicitParam(name = "mobile", value = "手机号", required = true, dataType = "String")
     @PostMapping("/sendVerifyCode")
+    @PreAuthorize("@pcs.hasRoles('ROLE_ADMIN')")
     public Object sendLoginVerifyCode(String mobile) {
         smsCodeService.sendValidCode(mobile);
         return succeed();

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/web/controller/TokenController.java

@@ -69,7 +69,7 @@ public class TokenController extends BaseController {
     }
 
 	@PostMapping(value = "/loginIn")
-	// @PreAuthorize("hasAnyAuthority('sys_user_manage')")
+	//@PreAuthorize("hasAnyAuthority('sys_user_manage')")
 	public HttpResponseResult login(String username, String password, String clientId, String clientSecret) throws IOException {
 		String url = "http://auth-server/oauth/token";
 

mec-auth/mec-auth-server/src/main/resources/config/mybatis/SysUserRoleMapper.xml

@@ -54,4 +54,8 @@
 	<select id="queryRoleIdListByUserId" resultType="int" parameterType="int">
 		SELECT ur.role_id FROM sys_user_role ur left join sys_role r on ur.role_id = r.role_id where ur.user_id = #{userId} and r.del_flag = 0
 	</select>
+	
+	<select id="queryRoleCodeListByUserId" resultType="string" parameterType="int">
+		SELECT r.role_code FROM sys_user_role ur left join sys_role r on ur.role_id = r.role_id where ur.user_id = #{userId} and r.del_flag = 0
+	</select>
 </mapper>