vertoryao/iot-gateway
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(菜单模块): 整理了一些权限相关代码

Browse Source
This commit is contained in:
vertoryao 2024-12-05 17:18:55 +08:00
parent 992af01f8f
commit 4948086526
5 changed files with 44 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/main/java/com/zsc/edu/gateway/framework/mybatisplus/MyMetaObjectHandler.java
View File

@ -20,23 +20,18 @@ public class MyMetaObjectHandler implements MetaObjectHandler {
@Override @Override
public void insertFill(MetaObject metaObject) { public void insertFill(MetaObject metaObject) {
UserDetailsImpl userInfo = SecurityUtil.getUserInfo();
if (userInfo.getUsername() == null) {
userInfo.setUsername( "system");
}
this.strictInsertFill(metaObject, "createTime", LocalDateTime.class, LocalDateTime.now()); this.strictInsertFill(metaObject, "createTime", LocalDateTime.class, LocalDateTime.now());
this.strictInsertFill(metaObject, "createBy", String.class, userInfo.getUsername()); SecurityUtil.getCurrentAuditor().ifPresent(username ->
this.strictInsertFill(metaObject, "createBy", String.class, username));
;
} }
@Override @Override
public void updateFill(MetaObject metaObject) { public void updateFill(MetaObject metaObject) {
UserDetailsImpl userInfo = SecurityUtil.getUserInfo();
if (userInfo.getUsername() == null) {
userInfo.setUsername( "system");
}
this.strictUpdateFill(metaObject, "updateTime", LocalDateTime::now, LocalDateTime.class); this.strictUpdateFill(metaObject, "updateTime", LocalDateTime::now, LocalDateTime.class);
this.strictUpdateFill(metaObject, "updateBy", userInfo::getUsername, String.class); SecurityUtil.getCurrentAuditor().ifPresent(username ->
this.strictInsertFill(metaObject, "updateBy", String.class, username));
} }

8
src/main/java/com/zsc/edu/gateway/framework/security/SecurityBeanConfig.java
View File

@ -13,10 +13,10 @@ import org.springframework.security.web.session.HttpSessionEventPublisher;
*/ */
@Configuration @Configuration
public class SecurityBeanConfig { public class SecurityBeanConfig {
// @Bean @Bean
// public PasswordEncoder passwordEncoder() { public PasswordEncoder passwordEncoder() {
// return PasswordEncoderFactories.createDelegatingPasswordEncoder(); return PasswordEncoderFactories.createDelegatingPasswordEncoder();
// } }
@Bean @Bean
public SessionRegistry sessionRegistry() { public SessionRegistry sessionRegistry() {

20
src/main/java/com/zsc/edu/gateway/framework/security/SecurityUtil.java
View File

@ -1,9 +1,11 @@
package com.zsc.edu.gateway.framework.security; package com.zsc.edu.gateway.framework.security;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import java.util.Objects; import java.util.Objects;
import java.util.Optional;
/** /**
* @author Yao * @author Yao
@ -18,4 +20,22 @@ public class SecurityUtil {
return (UserDetailsImpl) authentication.getPrincipal(); return (UserDetailsImpl) authentication.getPrincipal();
} }
public static Optional<String> getCurrentAuditor() {
try {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof AnonymousAuthenticationToken) {
return Optional.of("system");
} else {
if (authentication == null) {
return Optional.of("system");
}
UserDetailsImpl user = (UserDetailsImpl) authentication.getPrincipal();
return Optional.of(user.getUsername());
}
} catch (Exception ex) {
// log.error("get user Authentication failed: " + ex.getMessage(), ex);
return Optional.of("system");
}
}
} }

20
src/main/java/com/zsc/edu/gateway/framework/security/SpringSecurityConfig.java
View File

@ -8,6 +8,8 @@ import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider; import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.session.SessionRegistry; import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UserDetailsService;
@ -28,6 +30,7 @@ import javax.sql.DataSource;
* @author harry_yao * @author harry_yao
*/ */
@AllArgsConstructor @AllArgsConstructor
@EnableMethodSecurity
@Configuration @Configuration
public class SpringSecurityConfig { public class SpringSecurityConfig {
@ -42,23 +45,24 @@ public class SpringSecurityConfig {
@Resource @Resource
private final DataSource dataSource; private final DataSource dataSource;
@Bean // @Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() { // public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder(); // return new BCryptPasswordEncoder();
}; // };
@Bean @Bean
public PersistentTokenRepository persistentTokenRepository() { public PersistentTokenRepository persistentTokenRepository() {
JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl(); JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
tokenRepository.setDataSource(dataSource); tokenRepository.setDataSource(dataSource);
return tokenRepository; return tokenRepository;
} }
@Bean @Bean
AuthenticationManager authenticationManager() { AuthenticationManager authenticationManager() {
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider(); DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService); daoAuthenticationProvider.setUserDetailsService(userDetailsService);
daoAuthenticationProvider.setPasswordEncoder(bCryptPasswordEncoder()); daoAuthenticationProvider.setPasswordEncoder(securityBeanConfig.passwordEncoder());
return new ProviderManager(daoAuthenticationProvider); return new ProviderManager(daoAuthenticationProvider);
} }
@ -81,7 +85,11 @@ public class SpringSecurityConfig {
.authorizeHttpRequests(auth -> auth .authorizeHttpRequests(auth -> auth
.requestMatchers(HttpMethod.GET, "/api/rest/user/me","/api/rest/user/register","/api/rest/user/send-email").permitAll() .requestMatchers(HttpMethod.GET, "/api/rest/user/me","/api/rest/user/register","/api/rest/user/send-email").permitAll()
.requestMatchers(HttpMethod.POST, "/api/rest/user/login","/api/rest/user/register").permitAll() .requestMatchers(HttpMethod.POST, "/api/rest/user/login","/api/rest/user/register").permitAll()
.requestMatchers("/api/**").authenticated()) .requestMatchers("/api/**").authenticated()
.requestMatchers("/api/**").access((authentication, object) -> {
return new AuthorizationDecision(true);
})
)
// 不用注解直接通过判断路径实现动态访问权限 // 不用注解直接通过判断路径实现动态访问权限
// .requestMatchers("/api/**").access((authentication, object) -> { // .requestMatchers("/api/**").access((authentication, object) -> {
// //表示请求的 URL 地址和数据库的地址是否匹配上了 // //表示请求的 URL 地址和数据库的地址是否匹配上了

2
src/main/java/com/zsc/edu/gateway/modules/system/entity/Menu.java
View File

@ -27,7 +27,7 @@ public class Menu extends BaseEntity {
/** /**
* 菜单类型 * 菜单类型
*/ */
private Type type = Type.PAGE; private Type type;
/** /**
* 路由名称 * 路由名称
*/ */