update

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/config/RequestUtils.java

@@ -0,0 +1,84 @@
+package com.ym.mec.auth.config;
+
+import com.alibaba.fastjson.JSONObject;
+
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+
+public class RequestUtils {
+
+    public static JSONObject getRequestJsonObject(HttpServletRequest request) throws IOException {
+        String json = getRequestJsonString(request);
+        return JSONObject.parseObject(json);
+    }
+    /***
+     * 获取 request 中 json 字符串的内容
+     *
+     * @param request
+     * @return : <code>byte[]</code>
+     * @throws IOException
+     */
+    public static String getRequestJsonString(HttpServletRequest request)
+            throws IOException {
+        String submitMehtod = request.getMethod();
+        // GET
+        if (submitMehtod.equals("GET")) {
+            return new String(request.getQueryString().getBytes("iso-8859-1"),"utf-8").replaceAll("%22", "\"");
+            // POST
+        } else {
+            return getRequestPostStr(request);
+        }
+    }
+
+    /**
+     * 描述:获取 post 请求的 byte[] 数组
+     * <pre>
+     * 举例：
+     * </pre>
+     * @param request
+     * @return
+     * @throws IOException
+     */
+    public static byte[] getRequestPostBytes(HttpServletRequest request)
+            throws IOException {
+        int contentLength = request.getContentLength();
+        if(contentLength<0){
+            return null;
+        }
+        byte buffer[] = new byte[contentLength];
+        for (int i = 0; i < contentLength;) {
+
+            int readlen = request.getInputStream().read(buffer, i,
+                    contentLength - i);
+            if (readlen == -1) {
+                break;
+            }
+            i += readlen;
+        }
+        return buffer;
+    }
+
+    /**
+     * 描述:获取 post 请求内容
+     * <pre>
+     * 举例：
+     * </pre>
+     * @param request
+     * @return
+     * @throws IOException
+     */
+    public static String getRequestPostStr(HttpServletRequest request){
+        byte buffer[] = new byte[0];
+        try {
+            buffer = getRequestPostBytes(request);
+            String charEncoding = request.getCharacterEncoding();
+            if (charEncoding == null) {
+                charEncoding = "UTF-8";
+            }
+            return new String(buffer, charEncoding);
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+        return null;
+    }
+}

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/PhoneLoginAuthenticationFilter.java

@@ -7,6 +7,9 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
+import com.ym.mec.auth.config.RequestUtils;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
@@ -36,12 +39,12 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 		}
 
 		AbstractAuthenticationToken authRequest;
-		String principal;
-		String credentials;
-
-		// 手机验证码登陆
-		principal = obtainParameter(request, SPRING_SECURITY_RESTFUL_PHONE_KEY);
-		credentials = obtainParameter(request, SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY);
+		String requestJsonString = RequestUtils.getRequestPostStr(request);
+		JSONObject jsonObject = JSON.parseObject(requestJsonString);
+		String principal = jsonObject.getString(SPRING_SECURITY_RESTFUL_PHONE_KEY);
+		String credentials = jsonObject.getString(SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY);
+		request.setAttribute("clientId",jsonObject.get("clientId"));
+		request.setAttribute("clientSecret",jsonObject.get("clientSecret"));
 
 		principal = principal.trim();
 		authRequest = new PhoneAuthenticationToken(SecurityConstants.PHONE_PRINCIPAL_PREFIX + principal, credentials);

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/UsernameAuthenticationFilter.java

@@ -1,12 +1,17 @@
 package com.ym.mec.auth.core.filter;
 
 import java.io.IOException;
+import java.util.HashMap;
+import java.util.logging.Handler;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import com.alibaba.fastjson.JSON;
+import com.alibaba.fastjson.JSONObject;
+import com.ym.mec.auth.config.RequestUtils;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -17,6 +22,7 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.util.Assert;
 
 import com.ym.mec.auth.config.constant.SecurityConstants;
+import org.springframework.web.bind.annotation.RequestBody;
 
 public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 
@@ -44,10 +50,12 @@ public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessi
 			throw new AuthenticationServiceException(
 					"Authentication method not supported: " + request.getMethod());
 		}
-
-		String username = obtainUsername(request);
-		String password = obtainPassword(request);
-
+		String requestJsonString = RequestUtils.getRequestPostStr(request);
+		JSONObject jsonObject = JSON.parseObject(requestJsonString);
+		String username = jsonObject.getString("username");
+		String password = jsonObject.getString("password");
+		request.setAttribute("clientId",jsonObject.get("clientId"));
+		request.setAttribute("clientSecret",jsonObject.get("clientSecret"));
 		if (username == null) {
 			username = "";
 		}
@@ -68,6 +76,47 @@ public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessi
 		return this.getAuthenticationManager().authenticate(authRequest);
 	}
 
+	private String getRequestJsonString(HttpServletRequest request)
+			throws IOException {
+		String submitMehtod = request.getMethod();
+		// GET
+		if (submitMehtod.equals("GET")) {
+			return new String(request.getQueryString().getBytes("iso-8859-1"),"utf-8").replaceAll("%22", "\"");
+			// POST
+		} else {
+			return getRequestPostStr(request);
+		}
+	}
+
+	private String getRequestPostStr(HttpServletRequest request)
+			throws IOException {
+		byte buffer[] = getRequestPostBytes(request);
+		String charEncoding = request.getCharacterEncoding();
+		if (charEncoding == null) {
+			charEncoding = "UTF-8";
+		}
+		return new String(buffer, charEncoding);
+	}
+
+	private byte[] getRequestPostBytes(HttpServletRequest request)
+			throws IOException {
+		int contentLength = request.getContentLength();
+		if(contentLength<0){
+			return null;
+		}
+		byte buffer[] = new byte[contentLength];
+		for (int i = 0; i < contentLength;) {
+
+			int readlen = request.getInputStream().read(buffer, i,
+					contentLength - i);
+			if (readlen == -1) {
+				break;
+			}
+			i += readlen;
+		}
+		return buffer;
+	}
+
 	@Override
 	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
 			FilterChain chain, Authentication authResult) throws IOException, ServletException {

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/handler/BaseAuthenticationSuccessEventHandler.java

@@ -1,13 +1,13 @@
 package com.ym.mec.auth.core.handler;
 
-import java.io.IOException;
-import java.util.Base64;
-import java.util.Date;
-import java.util.HashMap;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.ym.mec.auth.api.entity.SysUser;
+import com.ym.mec.auth.api.entity.SysUserLogin;
+import com.ym.mec.auth.api.entity.SysUserLoginLog;
+import com.ym.mec.auth.service.SysUserLoginLogService;
+import com.ym.mec.auth.service.SysUserLoginService;
+import com.ym.mec.auth.service.SysUserService;
+import com.ym.mec.common.entity.HttpResponseResult;
 import org.apache.commons.collections.MapUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -19,24 +19,17 @@ import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
-import org.springframework.security.oauth2.provider.ClientDetails;
-import org.springframework.security.oauth2.provider.ClientDetailsService;
-import org.springframework.security.oauth2.provider.OAuth2Authentication;
-import org.springframework.security.oauth2.provider.OAuth2Request;
-import org.springframework.security.oauth2.provider.TokenRequest;
+import org.springframework.security.oauth2.provider.*;
 import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.ym.mec.auth.api.entity.SysUser;
-import com.ym.mec.auth.api.entity.SysUserLogin;
-import com.ym.mec.auth.api.entity.SysUserLoginLog;
-import com.ym.mec.auth.config.constant.SecurityConstants;
-import com.ym.mec.auth.service.SysUserLoginLogService;
-import com.ym.mec.auth.service.SysUserLoginService;
-import com.ym.mec.auth.service.SysUserService;
-import com.ym.mec.common.entity.HttpResponseResult;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Base64;
+import java.util.Date;
+import java.util.HashMap;
 
 @Component
 public class BaseAuthenticationSuccessEventHandler extends SavedRequestAwareAuthenticationSuccessHandler {
@@ -86,8 +79,8 @@ public class BaseAuthenticationSuccessEventHandler extends SavedRequestAwareAuth
 		sysUserLoginLogService.insert(sysUserLoginLog);
 		
 		try {
-			String clientId = request.getParameter("clientId");
-			String clientSecret = request.getParameter("clientSecret");
+			String clientId = request.getAttribute("clientId").toString();
+			String clientSecret = request.getAttribute("clientSecret").toString();
 			if (clientId == null || clientSecret == null) {
 				throw new UnapprovedClientAuthenticationException("请求头中client信息为空");
 			}

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/web/controller/MenuController.java

@@ -21,7 +21,7 @@ public class MenuController extends BaseController {
 
     @ApiOperation("新增菜单")
     @PutMapping("/add")
-    public Object getMenu(SysMenu sysMenu) {
+    public Object getMenu(@RequestBody SysMenu sysMenu) {
         SysMenu menuByPermission = sysMenuService.findMenuByPermission(sysMenu.getPermission());
         if(menuByPermission != null){
             return failed("权限标识不能重复");
@@ -40,7 +40,7 @@ public class MenuController extends BaseController {
 
     @ApiOperation("根据菜单id修改菜单")
     @PutMapping("/update")
-    public Object updateMenu(SysMenu sysMenu) {
+    public Object updateMenu(@RequestBody SysMenu sysMenu) {
         SysMenu menuByPermission = sysMenuService.findMenuByPermission(sysMenu.getPermission());
         if(menuByPermission != null && !menuByPermission.getId().equals(sysMenu.getId())){
             return failed("权限标识不能重复");

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/web/controller/RoleController.java

@@ -11,6 +11,7 @@ import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 import java.util.Date;
+import java.util.HashMap;
 
 @RestController()
 @RequestMapping("role")
@@ -38,7 +39,7 @@ public class RoleController extends BaseController {
 
     @ApiOperation("修改角色")
     @PutMapping("/update")
-    public Object updateRole(SysRole sysRole) {
+    public Object updateRole(@RequestBody SysRole sysRole) {
         SysRole roleByCode = sysRoleService.findRoleByCode(sysRole.getRoleCode());
         if(roleByCode != null && !roleByCode.getId().equals(sysRole.getId())){
             return failed("权限标识已存在");
@@ -50,7 +51,7 @@ public class RoleController extends BaseController {
 
     @ApiOperation("新增角色")
     @PostMapping("/add")
-    public Object addRole(SysRole sysRole) {
+    public Object addRole(@RequestBody SysRole sysRole) {
         SysRole roleByCode = sysRoleService.findRoleByCode(sysRole.getRoleCode());
         if(roleByCode != null){
             return failed("权限标识已存在");
@@ -66,11 +67,13 @@ public class RoleController extends BaseController {
     @ApiImplicitParams({ @ApiImplicitParam(name = "roleId", value = "角色编号", required = true, dataType = "Integer"),
             @ApiImplicitParam(name = "menuIds", value = "菜单id,逗号分隔", required = true, dataType = "String") })
     @PostMapping("/addRoleMenu")
-    public Object addRoleMenu(Integer roleId,String menuIds) {
-        if(roleId == null || StringUtils.isEmpty(menuIds)){
+    public Object addRoleMenu(@RequestBody HashMap<String,String> param) {
+        String roleId = param.get("roleId");
+        String menuIds = param.get("menuIds");
+        if(StringUtils.isEmpty(roleId) || StringUtils.isEmpty(menuIds)){
             return failed(SecurityConstants.PARAM_VERIFY_EXCEPTION);
         }
-        sysRoleMenuService.batchInsert(roleId,menuIds);
+        sysRoleMenuService.batchInsert(Integer.parseInt(roleId),menuIds);
         return succeed();
     }
 
@@ -78,18 +81,20 @@ public class RoleController extends BaseController {
     @ApiImplicitParams({ @ApiImplicitParam(name = "roleId", value = "角色编号", required = true, dataType = "Integer"),
             @ApiImplicitParam(name = "menuIds", value = "菜单id,逗号分隔", required = true, dataType = "String") })
     @DeleteMapping("/delRoleMenu")
-    public Object delRoleMenu(Integer roleId,String menuIds) {
-        if(roleId == null || StringUtils.isEmpty(menuIds)){
+    public Object delRoleMenu(@RequestBody HashMap<String,String> param) {
+        String roleId = param.get("roleId");
+        String menuIds = param.get("menuIds");
+        if(StringUtils.isEmpty(roleId) || StringUtils.isEmpty(menuIds)){
             return failed(SecurityConstants.PARAM_VERIFY_EXCEPTION);
         }
-        sysRoleMenuService.batchdel(roleId,menuIds);
+        sysRoleMenuService.batchdel(Integer.parseInt(roleId),menuIds);
         return succeed();
     }
 
     @ApiOperation("根据角色编号查询拥有的菜单列表")
     @ApiImplicitParams({ @ApiImplicitParam(name = "roleId", value = "角色编号", required = true, dataType = "Integer")})
     @GetMapping("/getMenus")
-    public Object getMenus(Integer roleId) {
+    public Object getMenus(@RequestBody Integer roleId) {
         if(roleId == null){
             return failed(SecurityConstants.PARAM_VERIFY_EXCEPTION);
         }

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/web/controller/SmsCodeController.java

@@ -15,15 +15,13 @@ import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
+
 import javax.imageio.ImageIO;
 import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
 import java.awt.image.BufferedImage;
+import java.util.HashMap;
 import java.util.concurrent.TimeUnit;
 
 @RestController
@@ -42,7 +40,7 @@ public class SmsCodeController extends BaseController {
     @ApiImplicitParam(name = "mobile", value = "手机号", required = true, dataType = "String")
     @PostMapping("/sendSms")
     @PreAuthorize("@pcs.hasPermissions('sys_user_manage')")
-    public Object sendLoginVerifyCode(String mobile) {
+    public Object sendLoginVerifyCode(@RequestBody String mobile) {
         smsCodeService.sendValidCode(mobile);
         return succeed();
     }
@@ -51,7 +49,9 @@ public class SmsCodeController extends BaseController {
     @ApiImplicitParams({ @ApiImplicitParam(name = "phone", value = "手机号", required = true, dataType = "String"),
             @ApiImplicitParam(name = "code", value = "短信验证码", required = true, dataType = "String") })
     @PostMapping("/verifySmsCode")
-    public Object verifySmsCode(String phone,String code) {
+    public Object verifySmsCode(@RequestBody HashMap<String,String> param) {
+        String phone = param.get("phone");
+        String code = param.get("code");
         if(StringUtils.isEmpty(phone) || StringUtils.isEmpty(code)){
             return failed(SecurityConstants.PARAM_VERIFY_EXCEPTION);
         }
@@ -65,7 +65,9 @@ public class SmsCodeController extends BaseController {
     @ApiOperation("校验登录图形验证码")
     @ApiImplicitParams({ @ApiImplicitParam(name = "phone", value = "手机号", required = true, dataType = "String"),
             @ApiImplicitParam(name = "code", value = "验证码", required = true, dataType = "String") })
-    public Object verifyImageCode(String phone,String code){
+    public Object verifyImageCode(@RequestBody HashMap<String,String> param){
+        String phone = param.get("phone");
+        String code = param.get("code");
         if(StringUtils.isEmpty(phone) || StringUtils.isEmpty(code)){
             return failed(SecurityConstants.PARAM_VERIFY_EXCEPTION);
         }
@@ -81,11 +83,10 @@ public class SmsCodeController extends BaseController {
     @GetMapping("/getLoginImage")
     @ApiOperation("获取登录图片验证码")
     @ApiImplicitParam(name = "phone", value = "手机号", required = true, dataType = "String")
-    public void getKaptchaImage(HttpServletResponse response, HttpSession session,String phone) throws Exception {
+    public void getKaptchaImage(HttpServletResponse response,@RequestParam(value = "phone", required = true) String phone) throws Exception {
         if(StringUtils.isEmpty(phone)){
             return;
         }
-
         response.setDateHeader("Expires", 0);
 
         // Set standard HTTP/1.1 no-cache headers.