登录调整

mec-auth/mec-auth-api/src/main/java/com/ym/mec/auth/api/dto/SysUserInfo.java

@@ -1,9 +1,10 @@
 package com.ym.mec.auth.api.dto;
 
-import java.io.Serializable;
-
 import com.ym.mec.auth.api.entity.SysUser;
 
+import java.io.Serializable;
+import java.util.List;
+
 public class SysUserInfo implements Serializable {
 
 	/**
@@ -23,7 +24,7 @@ public class SysUserInfo implements Serializable {
 	/**
 	 * 角色集合
 	 */
-	private String[] roles;
+	private List<String> roles;
 
 	public SysUser getSysUser() {
 		return sysUser;
@@ -41,11 +42,11 @@ public class SysUserInfo implements Serializable {
 		this.permissions = permissions;
 	}
 
-	public String[] getRoles() {
+	public List<String> getRoles() {
 		return roles;
 	}
 
-	public void setRoles(String[] roles) {
+	public void setRoles(List<String> roles) {
 		this.roles = roles;
 	}
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/config/WebSecurityConfig.java

@@ -63,7 +63,6 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 		http.formLogin().loginPage("/loginIn").loginPage("/smsLogin").and()
 			.addFilterBefore(getUsernameAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
 			.addFilterBefore(getPhoneLoginAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class)
-				//.exceptionHandling().accessDeniedHandler(baseAccessDeniedHandler).authenticationEntryPoint(baseAuthenticationEntryPoint).and()// 当未登录访问资源时
 				// 请求授权
 				.authorizeRequests()// 不需要权限认证的url
 				.antMatchers("/usernameLogin","/smsLogin", "/refreshToken", "/v2/api-docs").permitAll()// 任何请求
@@ -74,7 +73,8 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
 	@Override
 	public void configure(WebSecurity web) throws Exception {
-		web.ignoring().antMatchers("/usernameLogin", "/smsLogin", "/refreshToken", "/v2/api-docs","/loginIn","/user/updatePassword");
+		web.ignoring().antMatchers("/usernameLogin", "/smsLogin", "/refreshToken",
+				"/v2/api-docs","/loginIn","/user/updatePassword");
 	}
 
 	@Bean

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/PhoneLoginAuthenticationFilter.java

@@ -1,15 +1,19 @@
 package com.ym.mec.auth.core.filter;
 
 import java.io.IOException;
+import java.util.Map;
+import java.util.function.BiFunction;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import com.alibaba.fastjson.JSONObject;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationServiceException;
+import org.springframework.security.authentication.InternalAuthenticationServiceException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
@@ -20,23 +24,9 @@ import com.ym.mec.auth.config.token.PhoneAuthenticationToken;
 import com.ym.mec.common.security.SecurityConstants;
 
 public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
-
-	private static final String SPRING_SECURITY_RESTFUL_PHONE_KEY = "phone";
-	private static final String SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY = "smsCode";
-	private static final String clientIdParameter = "clientId";
-	private static final String IS_LESSEE = "isLessee";
-
-	private static final String TENANT_ID = "tenantId";
-
-	private static final String ORGAN_ID = "organId";
-	
-	private static final String DEVICE_NUM = "deviceNum";
-
-	private static final String SPRING_SECURITY_RESTFUL_LOGIN_URL = "/smsLogin";
 	private boolean postOnly = true;
-
 	public PhoneLoginAuthenticationFilter() {
-		super(new AntPathRequestMatcher(SPRING_SECURITY_RESTFUL_LOGIN_URL, "POST"));
+		super(new AntPathRequestMatcher("/smsLogin", "POST"));
 	}
 
 	@Override
@@ -44,30 +34,43 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 		if (postOnly && !request.getMethod().equals("POST")) {
 			throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
 		}
+		//拼装请求参数
+		LoginEntity loginEntity = getLoginEntity(request);
+		AbstractAuthenticationToken authRequest = new PhoneAuthenticationToken(SecurityConstants.PHONE_PRINCIPAL_PREFIX + loginEntity.getPhone(), loginEntity);
+		// Allow subclasses to set the "details" property
+		authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
+		return this.getAuthenticationManager().authenticate(authRequest);
+	}
+
+	@Override
+	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult)
+			throws IOException, ServletException {
+		super.successfulAuthentication(request, response, chain, authResult);
+		// chain.doFilter(request, response);
+	}
 
-		AbstractAuthenticationToken authRequest;
+	private String obtainParameter(HttpServletRequest request, String parameter) {
+		String result = request.getParameter(parameter);
+		return result == null ? "" : result;
+	}
+
+	private LoginEntity getLoginEntity(HttpServletRequest request){
 		// 手机验证码登陆
-		String principal = obtainParameter(request, SPRING_SECURITY_RESTFUL_PHONE_KEY);
-		String credentials = obtainParameter(request, SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY);
+		String principal = obtainParameter(request, "phone");
+		String credentials = obtainParameter(request, "smsCode");
 		// 是否是租户
-		String isLessee = obtainParameter(request, IS_LESSEE);
-		
-		String tenantId = obtainParameter(request, TENANT_ID);
-		
-		String organId = obtainParameter(request, ORGAN_ID);
-
+		String isLessee = obtainParameter(request, "isLessee");
+		String tenantId = obtainParameter(request, "tenantId");
+		String organId = obtainParameter(request, "organId");
 		boolean isRegister = StringUtils.equals("1", isLessee) || StringUtils.equals("true", isLessee);
 
-		String clientId = request.getParameter(clientIdParameter).toUpperCase();
-
+		String clientId = request.getParameter("clientId").toUpperCase();
 		if ("EDUCATION".equals(clientId)) {
 			clientId = "SYSTEM";
 		}
-		
-		String deviceNum = request.getParameter(DEVICE_NUM);
+		String deviceNum = request.getParameter("deviceNum");
 
 		principal = principal.trim();
-
 		LoginEntity loginEntity = new LoginEntity();
 		loginEntity.setClientId(clientId);
 		loginEntity.setPhone(principal);
@@ -78,28 +81,7 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 		if(StringUtils.isNotEmpty(tenantId)){
 			loginEntity.setTenantId(Integer.parseInt(tenantId));
 		}
-
-		authRequest = new PhoneAuthenticationToken(SecurityConstants.PHONE_PRINCIPAL_PREFIX + principal, loginEntity);
-
-		// Allow subclasses to set the "details" property
-		setDetails(request, authRequest);
-		return this.getAuthenticationManager().authenticate(authRequest);
-	}
-
-	@Override
-	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult)
-			throws IOException, ServletException {
-		super.successfulAuthentication(request, response, chain, authResult);
-		// chain.doFilter(request, response);
-	}
-
-	private void setDetails(HttpServletRequest request, AbstractAuthenticationToken authRequest) {
-		authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
-	}
-
-	private String obtainParameter(HttpServletRequest request, String parameter) {
-		String result = request.getParameter(parameter);
-		return result == null ? "" : result;
+		return loginEntity;
 	}
 
 }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/UsernameAuthenticationFilter.java

@@ -1,14 +1,9 @@
 package com.ym.mec.auth.core.filter;
 
-import java.io.IOException;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import com.ym.mec.auth.core.handler.TenantNotFoundException;
-import com.ym.mec.common.exception.BizException;
+import com.ym.mec.auth.api.dto.SysUserInfo;
+import com.ym.mec.auth.service.SysUserDeviceService;
+import com.ym.mec.auth.service.SysUserService;
+import com.ym.mec.common.security.SecurityConstants;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.authentication.LockedException;
@@ -20,10 +15,11 @@ import org.springframework.security.web.authentication.AbstractAuthenticationPro
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.util.Assert;
 
-import com.ym.mec.auth.api.dto.SysUserInfo;
-import com.ym.mec.auth.service.SysUserDeviceService;
-import com.ym.mec.auth.service.SysUserService;
-import com.ym.mec.common.security.SecurityConstants;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
 
 public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 
@@ -57,54 +53,35 @@ public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessi
 
 		String username = obtainUsername(request);
 		String password = obtainPassword(request);
-		if (username == null) {
-			username = "";
-		}
-
-		if (password == null) {
-			password = "";
+		if (StringUtils.isEmpty(username) || StringUtils.isEmpty(password)) {
+			throw new UsernameNotFoundException("404.9");
 		}
 
-		username = username.trim();
-		password = password.trim();
-
 		SysUserInfo userInfo = sysUserService.queryUserInfoByUsername(username);
-
-		String clientId = request.getParameter(clientIdParameter).toUpperCase();
-
 		if (userInfo == null) {
 			throw new UsernameNotFoundException("404.9");
 		}
-		Integer tenantId = userInfo.getSysUser().getTenantId();
-		if (tenantId == null || tenantId == 0) {
-			throw new TenantNotFoundException("机构信息异常，请联系管理员");
-		}
-	
-//		if (userInfo.getSysUser().getUserType() != SysUserType.SYSTEM && !StringUtils.equalsIgnoreCase(clientId, userInfo.getSysUser().getUserType().getCode())) {
-//			throw new LockedException("登录失败");
-//		}
+
+		String clientId = request.getParameter(clientIdParameter).toUpperCase();
 		if("EDUCATION".equals(clientId)){
 			clientId = "SYSTEM";
 		}
 		if (!userInfo.getSysUser().getUserType().contains(clientId)) {
 			throw new LockedException("用户不存在,请联系教务老师");
 		}
+		// 检查设备
+		String deviceNum = request.getParameter(deviceNumParameter);
+		if (StringUtils.isNotBlank(deviceNum)) {
+			sysUserDeviceService.bindDevice(clientId, userInfo.getSysUser().getId(), deviceNum);
+		}
 
 		UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(SecurityConstants.USERNAME_PRINCIPAL_PREFIX + username,
 				password);
 
 		// Allow subclasses to set the "details" property
-		setDetails(request, authRequest);
-		
-		Authentication authentication = this.getAuthenticationManager().authenticate(authRequest);
+		authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
 		
-		String deviceNum = request.getParameter(deviceNumParameter);
-		if (StringUtils.isNotBlank(deviceNum)) {
-			// 检查设备
-			sysUserDeviceService.bindDevice(clientId, userInfo.getSysUser().getId(), deviceNum);
-		}
-
-		return authentication;
+		return this.getAuthenticationManager().authenticate(authRequest);
 	}
 
 	@Override

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/handler/AuthenticationFailureListener.java

@@ -55,16 +55,8 @@ public class AuthenticationFailureListener implements ApplicationListener<Authen
                 userLogin.setLastLoginIp(hashMap.get("remoteAddress"));
                 sysUserLoginService.insert(userLogin);
             }else {
-//                userLogin.setFailCount(userLogin.getFailCount() + 1);
                 userLogin.setLastLoginTime(date);
                 userLogin.setLastLoginIp(hashMap.get("remoteAddress"));
-                /*if(userLogin.getFailCount() >= 5){
-                    userLogin.setLockTime(30);
-                    userLogin.setLockDate(date);
-                    sysUser.setLockFlag(9);
-                    sysUser.setUpdateTime(date);
-                    sysUserService.update(sysUser);
-                }*/
                 sysUserLoginService.update(userLogin);
             }
             logger.info("用户：{} 登录失败", sysUser.getPhone());

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/dal/dao/SysRoleMenuDao.java

@@ -10,10 +10,10 @@ public interface SysRoleMenuDao extends BaseDAO<Integer, SysRoleMenu> {
 
 	/**
 	 * 根据角色查询权限列表
-	 * @param roleId
+	 * @param userId
 	 * @return
 	 */
-	List<String> queryPermissionsByRoleId(Integer roleId);
+	List<String> queryPermissionsByRoleId(Integer userId);
 
 	/**
 	 * 根据角色查询权限列表

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/service/SysRoleMenuService.java

@@ -9,17 +9,10 @@ public interface SysRoleMenuService extends BaseService<Integer, SysRoleMenu> {
 
 	/**
 	 * 根据角色查询权限列表
-	 * @param roleId
-	 * @return
-	 */
-	List<String> queryPermissionsByRoleId(Integer roleId);
-
-	/**
-	 * 根据角色查询权限列表
-	 * @param roleIdList
+	 * @param userId
 	 * @return
 	 */
-	List<String> queryPermissionsByRoleIdList(List<Integer> roleIdList);
+	List<String> queryPermissionsByRoleIdList(Integer userId);
 
 	/**
 	 * 角色添加菜单访问权限

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/service/impl/SysRoleMenuServiceImpl.java

@@ -24,19 +24,8 @@ public class SysRoleMenuServiceImpl extends BaseServiceImpl<Integer, SysRoleMenu
 	}
 
 	@Override
-	public List<String> queryPermissionsByRoleId(Integer roleId) {
-		return sysRoleMenuDao.queryPermissionsByRoleId(roleId);
-	}
-
-	@Override
-	public List<String> queryPermissionsByRoleIdList(List<Integer> roleIdList) {
-
-		List<String> list = new ArrayList<String>();
-
-		for (Integer roleId : roleIdList) {
-			list.addAll(queryPermissionsByRoleId(roleId));
-		}
-		return list;
+	public List<String> queryPermissionsByRoleIdList(Integer userId) {
+		return sysRoleMenuDao.queryPermissionsByRoleId(userId);
 	}
 
 	@Override

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/service/impl/SysUserServiceImpl.java

@@ -20,6 +20,7 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 
+import java.util.Arrays;
 import java.util.Date;
 import java.util.List;
 
@@ -87,15 +88,9 @@ public class SysUserServiceImpl extends BaseServiceImpl<Integer, SysUser> implem
 		}
 		SysUserInfo userInfo = new SysUserInfo();
 		userInfo.setSysUser(sysUser);
-
-		List<String> roleCodeList = sysUserRoleService.queryRoleCodeListByUserId(sysUser.getId());
-		userInfo.setRoles(roleCodeList.toArray(new String[roleCodeList.size()]));
-
-		List<Integer> roleIdList = sysUserRoleService.queryRoleIdListByUserId(sysUser.getId());
-		List<String> permissionList = sysRoleMenuService.queryPermissionsByRoleIdList(roleIdList);
-
-		userInfo.setPermissions(permissionList.toArray(new String[permissionList.size()]));
-
+		List<String> permissionList = sysRoleMenuService.queryPermissionsByRoleIdList(sysUser.getId());
+		String[] strArray = permissionList.toArray(new String[permissionList.size()]);
+		userInfo.setPermissions(strArray);
 		return userInfo;
 	}
 

mec-auth/mec-auth-server/src/main/resources/config/mybatis/SysRoleMenuMapper.xml

@@ -57,10 +57,16 @@
 	</select>
 	
 	<select id="queryPermissionsByRoleId" resultType="string" parameterType="int">
-		SELECT m.permission_ FROM sys_role_menu rm left join sys_menu m on rm.menu_id_ = m.id_ where rm.role_id_ = #{roleId} and m.del_flag_ = 0
+		SELECT m.permission_ FROM sys_role_menu rm
+									  LEFT JOIN sys_menu m ON rm.menu_id_ = m.id_
+		WHERE rm.role_id_ IN (SELECT ur.role_id_ FROM sys_user_role ur
+														  LEFT JOIN sys_role r ON ur.role_id_ = r.id_
+							  WHERE ur.user_id_ = #{userId} AND r.del_flag_ = 0) AND m.del_flag_ = 0
 	</select>
 
 	<select id="queryMenuIdByRoleId" resultType="integer" parameterType="int">
-		SELECT m.id_ FROM sys_role_menu rm left join sys_menu m on rm.menu_id_ = m.id_ where rm.role_id_ = #{roleId} and m.del_flag_ = 0
+		SELECT m.id_ FROM sys_role_menu rm
+		LEFT JOIN sys_menu m ON rm.menu_id_ = m.id_
+		WHERE rm.role_id_ = #{roleId} AND m.del_flag_ = 0
 	</select>
 </mapper>

mec-auth/mec-auth-server/src/main/resources/config/mybatis/SysUserRoleMapper.xml

@@ -50,10 +50,15 @@
 	</select>
 
     <select id="queryRoleIdListByUserId" resultType="int" parameterType="int">
-		SELECT ur.role_id_ FROM sys_user_role ur left join sys_role r on ur.role_id_ = r.id_ where ur.user_id_ = #{userId} and r.del_flag_ = 0
+		SELECT ur.role_id_ FROM sys_user_role ur
+		LEFT JOIN sys_role r ON ur.role_id_ = r.id_
+		WHERE ur.user_id_ = #{userId} AND r.del_flag_ = 0
 	</select>
 
     <select id="queryRoleCodeListByUserId" resultType="string" parameterType="int">
-		SELECT r.role_code_ FROM sys_user_role ur left join sys_role r on ur.role_id_ = r.id_ where ur.user_id_ = #{userId} and r.del_flag_ = 0
+		SELECT r.role_code_ FROM sys_user_role ur
+		LEFT JOIN sys_role r ON ur.role_id_ = r.id_
+		WHERE ur.user_id_ = #{userId} AND r.del_flag_ = 0
+		AND r.role_code_ IS NOT NULL
 	</select>
 </mapper>

mec-common/common-core/src/main/java/com/ym/mec/common/security/SecurityConstants.java

@@ -2,9 +2,9 @@ package com.ym.mec.common.security;
 
 public interface SecurityConstants {
 
-	public static final String USERNAME_PRINCIPAL_PREFIX = "username:";
+	String USERNAME_PRINCIPAL_PREFIX = "username:";
 
-	public static final String PHONE_PRINCIPAL_PREFIX = "phone:";
+	String PHONE_PRINCIPAL_PREFIX = "phone:";
 
 	String PARAM_VERIFY_EXCEPTION = "参数校验异常";