5 years ago · 8d5ca270d4
--- a/mec-auth/mec-auth-api/src/main/java/com/ym/mec/auth/api/enums/SysUserType.java
+++ b/mec-auth/mec-auth-api/src/main/java/com/ym/mec/auth/api/enums/SysUserType.java
@@ -6,7 +6,7 @@ import com.ym.mec.common.enums.BaseEnum;
 
				 
			
 
				 public enum SysUserType implements BaseEnum<String, SysUserType> {
			
 
				 
			
 
				-	STUDENT("学生"), EDU_TEACHER("教务老师"), ADVISER("指导老师"), SYSTEM("系统內置");
			
 
				+	STUDENT("学生"), EDU_TEACHER("教务老师"), TEACHER("指导老师"), SYSTEM("系统內置");
			
 
				 
			
 
				 	private String desc;
			
 
				 
			
--- a/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/config/WebSecurityConfig.java
+++ b/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/config/WebSecurityConfig.java
@@ -1,12 +1,5 @@
 
				 package com.ym.mec.auth.config;
			
 
				 
			
 
				-import com.ym.mec.auth.core.filter.PhoneLoginAuthenticationFilter;
			
 
				-import com.ym.mec.auth.core.filter.UsernameAuthenticationFilter;
			
 
				-import com.ym.mec.auth.core.handler.BaseAuthenticationFailureEvenHandler;
			
 
				-import com.ym.mec.auth.core.handler.BaseAuthenticationSuccessEventHandler;
			
 
				-import com.ym.mec.auth.core.provider.PhoneAuthenticationProvider;
			
 
				-import com.ym.mec.auth.core.provider.service.DefaultUserDetailsService;
			
 
				-import com.ym.mec.common.validcode.SmsCodeService;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				 import org.springframework.context.annotation.Bean;
			
 
				 import org.springframework.context.annotation.Configuration;
			
@@ -22,6 +15,15 @@ import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 
				 import org.springframework.security.crypto.password.PasswordEncoder;
			
 
				 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
			
 
				 
			
 
				+import com.ym.mec.auth.core.filter.PhoneLoginAuthenticationFilter;
			
 
				+import com.ym.mec.auth.core.filter.UsernameAuthenticationFilter;
			
 
				+import com.ym.mec.auth.core.handler.BaseAuthenticationFailureEvenHandler;
			
 
				+import com.ym.mec.auth.core.handler.BaseAuthenticationSuccessEventHandler;
			
 
				+import com.ym.mec.auth.core.provider.PhoneAuthenticationProvider;
			
 
				+import com.ym.mec.auth.core.provider.service.DefaultUserDetailsService;
			
 
				+import com.ym.mec.auth.service.SysUserService;
			
 
				+import com.ym.mec.common.validcode.SmsCodeService;
			
 
				+
			
 
				 @Configuration
			
 
				 @EnableWebSecurity
			
 
				 @EnableGlobalMethodSecurity(prePostEnabled = true)//会拦截注解了@PreAuthrize注解的配置.
			
@@ -38,6 +40,9 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
				 	
			
 
				 	@Autowired
			
 
				 	private SmsCodeService smsCodeService;
			
 
				+
			
 
				+	@Autowired
			
 
				+	private SysUserService sysUserService;
			
 
				 	
			
 
				 	@Override
			
 
				 	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
			
@@ -109,6 +114,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
				 		filter.setAuthenticationManager(authenticationManagerBean());
			
 
				 		filter.setAuthenticationSuccessHandler(successEventHandler);
			
 
				 		filter.setAuthenticationFailureHandler(failureEvenHandler);
			
 
				+		filter.setSysUserService(sysUserService);
			
 
				 		return filter;
			
 
				 	}
			
 
				 
			
@@ -118,6 +124,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
				 		filter.setAuthenticationManager(authenticationManagerBean());
			
 
				 		filter.setAuthenticationSuccessHandler(successEventHandler);
			
 
				 		filter.setAuthenticationFailureHandler(failureEvenHandler);
			
 
				+		filter.setSysUserService(sysUserService);
			
 
				 		return filter;
			
 
				 	}
			
 
				 
			
--- a/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/PhoneLoginAuthenticationFilter.java
+++ b/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/PhoneLoginAuthenticationFilter.java
@@ -7,23 +7,31 @@ import javax.servlet.ServletException;
 
				 import javax.servlet.http.HttpServletRequest;
			
 
				 import javax.servlet.http.HttpServletResponse;
			
 
				 
			
 
				+import org.apache.commons.lang3.StringUtils;
			
 
				 import org.springframework.security.authentication.AbstractAuthenticationToken;
			
 
				 import org.springframework.security.authentication.AuthenticationServiceException;
			
 
				+import org.springframework.security.authentication.LockedException;
			
 
				 import org.springframework.security.core.Authentication;
			
 
				 import org.springframework.security.core.AuthenticationException;
			
 
				+import org.springframework.security.core.userdetails.UsernameNotFoundException;
			
 
				 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
			
 
				 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
			
 
				 
			
 
				+import com.ym.mec.auth.api.dto.SysUserInfo;
			
 
				 import com.ym.mec.auth.config.constant.SecurityConstants;
			
 
				 import com.ym.mec.auth.config.token.PhoneAuthenticationToken;
			
 
				+import com.ym.mec.auth.service.SysUserService;
			
 
				 
			
 
				 public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
			
 
				 
			
 
				 	private static final String SPRING_SECURITY_RESTFUL_PHONE_KEY = "phone";
			
 
				 	private static final String SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY = "smsCode";
			
 
				+	private static final String clientIdParameter = "clientId";
			
 
				 
			
 
				 	private static final String SPRING_SECURITY_RESTFUL_LOGIN_URL = "/smsLogin";
			
 
				 	private boolean postOnly = true;
			
 
				+	
			
 
				+	private SysUserService sysUserService;
			
 
				 
			
 
				 	public PhoneLoginAuthenticationFilter() {
			
 
				 		super(new AntPathRequestMatcher(SPRING_SECURITY_RESTFUL_LOGIN_URL, "POST"));
			
@@ -43,6 +51,18 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 
				 		principal = obtainParameter(request, SPRING_SECURITY_RESTFUL_PHONE_KEY);
			
 
				 		credentials = obtainParameter(request, SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY);
			
 
				 
			
 
				+		SysUserInfo userInfo = sysUserService.queryUserInfoByPhone(StringUtils.substringAfter(principal, SecurityConstants.PHONE_PRINCIPAL_PREFIX));
			
 
				+
			
 
				+		String clientId = request.getParameter(clientIdParameter);
			
 
				+
			
 
				+		if (userInfo == null) {
			
 
				+			throw new UsernameNotFoundException("用户名或密码错误");
			
 
				+		}
			
 
				+	
			
 
				+		if (!StringUtils.equalsIgnoreCase(clientId, userInfo.getSysUser().getUserType().getCode())) {
			
 
				+			throw new LockedException("用户名或密码错误");
			
 
				+		}
			
 
				+
			
 
				 		principal = principal.trim();
			
 
				 		authRequest = new PhoneAuthenticationToken(SecurityConstants.PHONE_PRINCIPAL_PREFIX + principal, credentials);
			
 
				 
			
@@ -66,4 +86,9 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 
				 		String result = request.getParameter(parameter);
			
 
				 		return result == null ? "" : result;
			
 
				 	}
			
 
				+
			
 
				+	public void setSysUserService(SysUserService sysUserService) {
			
 
				+		this.sysUserService = sysUserService;
			
 
				+	}
			
 
				+
			
 
				 }
			
--- a/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/UsernameAuthenticationFilter.java
+++ b/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/UsernameAuthenticationFilter.java
@@ -7,23 +7,31 @@ import javax.servlet.ServletException;
 
				 import javax.servlet.http.HttpServletRequest;
			
 
				 import javax.servlet.http.HttpServletResponse;
			
 
				 
			
 
				+import org.apache.commons.lang3.StringUtils;
			
 
				 import org.springframework.security.authentication.AuthenticationServiceException;
			
 
				+import org.springframework.security.authentication.LockedException;
			
 
				 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
			
 
				 import org.springframework.security.core.Authentication;
			
 
				 import org.springframework.security.core.AuthenticationException;
			
 
				+import org.springframework.security.core.userdetails.UsernameNotFoundException;
			
 
				 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
			
 
				 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
			
 
				 import org.springframework.util.Assert;
			
 
				 
			
 
				+import com.ym.mec.auth.api.dto.SysUserInfo;
			
 
				 import com.ym.mec.auth.config.constant.SecurityConstants;
			
 
				+import com.ym.mec.auth.service.SysUserService;
			
 
				 
			
 
				 public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
			
 
				 
			
 
				+	private SysUserService sysUserService;
			
 
				+
			
 
				 	// ~ Static fields/initializers
			
 
				 	// =====================================================================================
			
 
				 
			
 
				 	private String usernameParameter = "username";
			
 
				 	private String passwordParameter = "password";
			
 
				+	private String clientIdParameter = "clientId";
			
 
				 	private boolean postOnly = true;
			
 
				 
			
 
				 	// ~ Constructors
			
@@ -36,12 +44,9 @@ public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessi
 
				 	// ~ Methods
			
 
				 	// ========================================================================================================
			
 
				 
			
 
				-
			
 
				-	public Authentication attemptAuthentication(HttpServletRequest request,
			
 
				-												HttpServletResponse response) throws AuthenticationException {
			
 
				+	public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
			
 
				 		if (postOnly && !request.getMethod().equals("POST")) {
			
 
				-			throw new AuthenticationServiceException(
			
 
				-					"Authentication method not supported: " + request.getMethod());
			
 
				+			throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
			
 
				 		}
			
 
				 
			
 
				 		String username = obtainUsername(request);
			
@@ -57,8 +62,28 @@ public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessi
 
				 		username = username.trim();
			
 
				 		password = password.trim();
			
 
				 
			
 
				-		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(
			
 
				-				SecurityConstants.USERNAME_PRINCIPAL_PREFIX + username, password);
			
 
				+		SysUserInfo userInfo = null;
			
 
				+
			
 
				+		if (StringUtils.startsWith(username, SecurityConstants.PHONE_PRINCIPAL_PREFIX)) {
			
 
				+			userInfo = sysUserService.queryUserInfoByPhone(StringUtils.substringAfter(username, SecurityConstants.PHONE_PRINCIPAL_PREFIX));
			
 
				+		} else if (StringUtils.startsWith(username, SecurityConstants.USERNAME_PRINCIPAL_PREFIX)) {
			
 
				+			userInfo = sysUserService.queryUserInfoByUsername(StringUtils.substringAfter(username, SecurityConstants.USERNAME_PRINCIPAL_PREFIX));
			
 
				+		} else {
			
 
				+			userInfo = sysUserService.queryUserInfoByUsername(username);
			
 
				+		}
			
 
				+
			
 
				+		String clientId = request.getParameter(clientIdParameter);
			
 
				+
			
 
				+		if (userInfo == null) {
			
 
				+			throw new UsernameNotFoundException("用户名或密码错误");
			
 
				+		}
			
 
				+	
			
 
				+		if (!StringUtils.equalsIgnoreCase(clientId, userInfo.getSysUser().getUserType().getCode())) {
			
 
				+			throw new LockedException("用户名或密码错误");
			
 
				+		}
			
 
				+
			
 
				+		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(SecurityConstants.USERNAME_PRINCIPAL_PREFIX + username,
			
 
				+				password);
			
 
				 
			
 
				 		// Allow subclasses to set the "details" property
			
 
				 		setDetails(request, authRequest);
			
@@ -67,10 +92,10 @@ public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessi
 
				 	}
			
 
				 
			
 
				 	@Override
			
 
				-	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
			
 
				-			FilterChain chain, Authentication authResult) throws IOException, ServletException {
			
 
				+	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult)
			
 
				+			throws IOException, ServletException {
			
 
				 		super.successfulAuthentication(request, response, chain, authResult);
			
 
				-		//chain.doFilter(request, response);
			
 
				+		// chain.doFilter(request, response);
			
 
				 	}
			
 
				 
			
 
				 	/**
			
@@ -113,8 +138,7 @@ public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessi
 
				 	 * @param authRequest the authentication request object that should have its details
			
 
				 	 * set
			
 
				 	 */
			
 
				-	protected void setDetails(HttpServletRequest request,
			
 
				-			UsernamePasswordAuthenticationToken authRequest) {
			
 
				+	protected void setDetails(HttpServletRequest request, UsernamePasswordAuthenticationToken authRequest) {
			
 
				 		authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
			
 
				 	}
			
 
				 
			
@@ -161,4 +185,8 @@ public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessi
 
				 		return passwordParameter;
			
 
				 	}
			
 
				 
			
 
				+	public void setSysUserService(SysUserService sysUserService) {
			
 
				+		this.sysUserService = sysUserService;
			
 
				+	}
			
 
				+
			
 
				 }
			
--- a/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/service/impl/SysUserServiceImpl.java
+++ b/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/service/impl/SysUserServiceImpl.java
@@ -3,7 +3,6 @@ package com.ym.mec.auth.service.impl;
 
				 import java.util.Date;
			
 
				 import java.util.List;
			
 
				 
			
 
				-import com.ym.mec.auth.api.enums.UserLockFlag;
			
 
				 import com.ym.mec.auth.api.enums.YesOrNoEnum;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				 import org.springframework.stereotype.Service;