6 years ago · 9c30962de9
--- a/mec-auth/mec-auth-api/src/main/java/com/ym/mec/auth/api/enums/SysUserType.java
+++ b/mec-auth/mec-auth-api/src/main/java/com/ym/mec/auth/api/enums/SysUserType.java
@@ -6,7 +6,7 @@ import com.ym.mec.common.dal.base.BaseStringEnum;
 
				 
			
 
				 public enum SysUserType implements BaseStringEnum<SysUserType> {
			
 
				 
			
 
				-	STUDENT("学生"), TEACHER("老师"), SYSTEM("系统內置");
			
 
				+	STUDENT("学生"), EDU_TEACHER("教务老师"), ADVISER("指导老师"), SYSTEM("系统內置");
			
 
				 
			
 
				 	private String desc;
			
 
				 
			
--- a/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/config/WebSecurityConfig.java
+++ b/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/config/WebSecurityConfig.java
@@ -55,7 +55,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
				 	@Override
			
 
				 	protected void configure(HttpSecurity http) throws Exception {
			
 
				 		// 表单登录 方式
			
 
				-		http
			
 
				+		http.formLogin().loginPage("/loginIn").loginPage("/smsLogin").and()
			
 
				 			.addFilterBefore(getUsernameAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
			
 
				 			.addFilterBefore(getPhoneLoginAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
			
 
				 				//.exceptionHandling().accessDeniedHandler(baseAccessDeniedHandler).authenticationEntryPoint(baseAuthenticationEntryPoint).and()// 当未登录访问资源时
			
--- a/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/provider/service/DefaultUserDetailsService.java
+++ b/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/provider/service/DefaultUserDetailsService.java
@@ -1,14 +1,13 @@
 
				 package com.ym.mec.auth.core.provider.service;
			
 
				 
			
 
				-import com.ym.mec.auth.api.dto.SysUserInfo;
			
 
				-import com.ym.mec.auth.api.entity.SysUser;
			
 
				-import com.ym.mec.auth.config.constant.SecurityConstants;
			
 
				-import com.ym.mec.auth.service.SysUserService;
			
 
				+import java.util.ArrayList;
			
 
				+import java.util.List;
			
 
				 
			
 
				 import org.apache.commons.lang3.StringUtils;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				 import org.springframework.security.core.GrantedAuthority;
			
 
				 import org.springframework.security.core.authority.AuthorityUtils;
			
 
				+import org.springframework.security.core.authority.SimpleGrantedAuthority;
			
 
				 import org.springframework.security.core.userdetails.User;
			
 
				 import org.springframework.security.core.userdetails.UserDetails;
			
 
				 import org.springframework.security.core.userdetails.UserDetailsService;
			
@@ -16,7 +15,11 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
				 import org.springframework.security.crypto.password.PasswordEncoder;
			
 
				 import org.springframework.stereotype.Service;
			
 
				 
			
 
				-import java.util.List;
			
 
				+import com.ym.mec.auth.api.dto.SysUserInfo;
			
 
				+import com.ym.mec.auth.api.entity.SysUser;
			
 
				+import com.ym.mec.auth.api.enums.SysUserType;
			
 
				+import com.ym.mec.auth.config.constant.SecurityConstants;
			
 
				+import com.ym.mec.auth.service.SysUserService;
			
 
				 
			
 
				 @Service
			
 
				 public class DefaultUserDetailsService implements UserDetailsService {
			
@@ -46,7 +49,16 @@ public class DefaultUserDetailsService implements UserDetailsService {
 
				 			throw new UsernameNotFoundException("用户不存在");
			
 
				 		}
			
 
				 
			
 
				-		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList(userInfo.getPermissions());
			
 
				+		List<GrantedAuthority> authorities = null;
			
 
				+
			
 
				+		String userType = userInfo.getSysUser().getUserType();
			
 
				+
			
 
				+		if (StringUtils.endsWithIgnoreCase(userType, SysUserType.SYSTEM.getName())) {
			
 
				+			authorities = AuthorityUtils.createAuthorityList(userInfo.getPermissions());
			
 
				+		} else {
			
 
				+			authorities = new ArrayList<GrantedAuthority>();
			
 
				+			authorities.add(new SimpleGrantedAuthority(userType.toLowerCase()));
			
 
				+		}
			
 
				 
			
 
				 		SysUser sysUser = userInfo.getSysUser();
			
 
				 
			
--- a/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/web/controller/SmsCodeController.java
+++ b/mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/web/controller/SmsCodeController.java
@@ -6,6 +6,8 @@ import io.swagger.annotations.ApiOperation;
 
				 
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				 import org.springframework.security.access.prepost.PreAuthorize;
			
 
				+import org.springframework.security.core.Authentication;
			
 
				+import org.springframework.security.core.context.SecurityContextHolder;
			
 
				 import org.springframework.web.bind.annotation.PostMapping;
			
 
				 import org.springframework.web.bind.annotation.RequestMapping;
			
 
				 import org.springframework.web.bind.annotation.RestController;
			
@@ -24,9 +26,16 @@ public class SmsCodeController extends BaseController {
 
				     @ApiOperation("发送登录短信验证码")
			
 
				     @ApiImplicitParam(name = "mobile", value = "手机号", required = true, dataType = "String")
			
 
				     @PostMapping("/sendVerifyCode")
			
 
				-    @PreAuthorize("@pcs.hasRoles('ROLE_ADMIN')")
			
 
				+    //@PreAuthorize("hasAnyAuthority('student')")
			
 
				+    @PreAuthorize("@pcs.hasPermissions('sys_user_manage')")
			
 
				     public Object sendLoginVerifyCode(String mobile) {
			
 
				         smsCodeService.sendValidCode(mobile);
			
 
				         return succeed();
			
 
				     }
			
 
				+    
			
 
				+    @PostMapping("/query")
			
 
				+    public Object query() {
			
 
				+    	Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
			
 
				+        return succeed(authentication);
			
 
				+    }
			
 
				 }
			
--- a/mec-common/src/main/java/com/ym/mec/common/exception/BasicControllerAdvice.java
+++ b/mec-common/src/main/java/com/ym/mec/common/exception/BasicControllerAdvice.java
@@ -36,7 +36,7 @@ public class BasicControllerAdvice extends BaseController {
 
				 
			
 
				 		if (e instanceof AccessDeniedException) {
			
 
				 			logger.error("Access Denied", e);
			
 
				-			return failed(HttpStatus.FORBIDDEN.value(), "授权失败，禁止访问");
			
 
				+			return failed(HttpStatus.FORBIDDEN.value(), "禁止访问");
			
 
				 		}
			
 
				 
			
 
				 		logger.error("System Error", e);
			
--- a/mec-common/src/main/java/com/ym/mec/common/redis/service/RedisCache.java
+++ b/mec-common/src/main/java/com/ym/mec/common/redis/service/RedisCache.java
@@ -3,6 +3,7 @@ package com.ym.mec.common.redis.service;
 
				 import java.util.Set;
			
 
				 import java.util.concurrent.TimeUnit;
			
 
				 
			
 
				+import org.springframework.beans.factory.annotation.Autowired;
			
 
				 import org.springframework.data.redis.core.RedisTemplate;
			
 
				 import org.springframework.data.redis.core.ValueOperations;
			
 
				 import org.springframework.stereotype.Component;
			
@@ -13,6 +14,7 @@ import com.ym.mec.common.cache.CacheException;
 
				 @Component
			
 
				 public class RedisCache implements Cache {
			
 
				 
			
 
				+	@Autowired
			
 
				 	private RedisTemplate<String, Object> redisTemplate;
			
 
				 
			
 
				 	@Override
			
--- a/mec-common/src/main/java/com/ym/mec/common/security/BaseAccessDeniedHandler.java
+++ b/mec-common/src/main/java/com/ym/mec/common/security/BaseAccessDeniedHandler.java
@@ -32,7 +32,7 @@ public class BaseAccessDeniedHandler extends OAuth2AccessDeniedHandler {
 
				 		response.setStatus(HttpServletResponse.SC_OK);
			
 
				 		PrintWriter printWriter = response.getWriter();
			
 
				 
			
 
				-		HttpResponseResult result = new HttpResponseResult(false, HttpServletResponse.SC_FORBIDDEN, null, "授权失败，禁止访问");
			
 
				+		HttpResponseResult result = new HttpResponseResult(false, HttpServletResponse.SC_FORBIDDEN, null, "禁止访问");
			
 
				 
			
 
				 		ObjectMapper objectMapper = new ObjectMapper();