пре 5 година · 5fea015810
--- a/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/UsernameAuthenticationFilter.java
+++ b/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/UsernameAuthenticationFilter.java
@@ -2,24 +2,21 @@ package com.ym.mec.auth.core.filter;
 
				 
			
 
				 import java.io.IOException;
			
 
				 
			
 
				+import javax.servlet.FilterChain;
			
 
				+import javax.servlet.ServletException;
			
 
				+import javax.servlet.http.HttpServletRequest;
			
 
				+import javax.servlet.http.HttpServletResponse;
			
 
				+
			
 
				 import org.springframework.security.authentication.AuthenticationServiceException;
			
 
				 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
			
 
				 import org.springframework.security.core.Authentication;
			
 
				 import org.springframework.security.core.AuthenticationException;
			
 
				-import org.springframework.security.core.context.SecurityContextHolder;
			
 
				 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
			
 
				-import org.springframework.security.web.authentication.AuthenticationFailureHandler;
			
 
				-import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
			
 
				 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
			
 
				 import org.springframework.util.Assert;
			
 
				 
			
 
				 import com.ym.mec.auth.config.constant.SecurityConstants;
			
 
				 
			
 
				-import javax.servlet.FilterChain;
			
 
				-import javax.servlet.ServletException;
			
 
				-import javax.servlet.http.HttpServletRequest;
			
 
				-import javax.servlet.http.HttpServletResponse;
			
 
				-
			
 
				 public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
			
 
				 
			
 
				 	// ~ Static fields/initializers
			
--- a/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/provider/service/DefaultUserDetailsService.java
+++ b/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/provider/service/DefaultUserDetailsService.java
@@ -43,12 +43,14 @@ public class DefaultUserDetailsService implements UserDetailsService {
 
				 
			
 
				 		if (StringUtils.startsWith(username, SecurityConstants.PHONE_PRINCIPAL_PREFIX)) {
			
 
				 			userInfo = sysUserService.queryUserInfoByPhone(StringUtils.substringAfter(username, SecurityConstants.PHONE_PRINCIPAL_PREFIX));
			
 
				-		} else {
			
 
				+		} else if (StringUtils.startsWith(username, SecurityConstants.USERNAME_PRINCIPAL_PREFIX)) {
			
 
				 			userInfo = sysUserService.queryUserInfoByUsername(StringUtils.substringAfter(username, SecurityConstants.USERNAME_PRINCIPAL_PREFIX));
			
 
				+		} else {
			
 
				+			userInfo = sysUserService.queryUserInfoByUsername(username);
			
 
				 		}
			
 
				 		if (userInfo == null) {
			
 
				 			throw new UsernameNotFoundException("账户不存在");
			
 
				-		}else if(StringUtils.equals(userInfo.getSysUser().getLockFlag(),"9")){
			
 
				+		} else if (StringUtils.equals(userInfo.getSysUser().getLockFlag(), "9")) {
			
 
				 			throw new LockedException("账户被锁定");
			
 
				 		}
			
 
				 
			
--- a/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/service/PermissionCheckService.java
+++ b/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/service/PermissionCheckService.java
@@ -30,8 +30,10 @@ public class PermissionCheckService {
 
				 		Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
			
 
				 
			
 
				 		for (String perm : permissions) {
			
 
				-			if (authorities.contains(perm)) {
			
 
				-				return true;
			
 
				+			for(GrantedAuthority authority : authorities){
			
 
				+				if(StringUtils.equals(perm, authority.getAuthority())){
			
 
				+					return true;
			
 
				+				}
			
 
				 			}
			
 
				 		}