自定义注解:
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Documented
public @interface PreAuth {
/**
* 是否启用
*
* @return boolean
*/
boolean enabled() default true;
/**
* 验证用户是否授权
*
* @return String
*/
String hasPerm() default "";
}
自定义权限:
package sg.mcc.aiis.aspect;
import io.swagger.annotations.ApiModelProperty;
import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.util.ObjectUtils;
import org.springframework.util.PatternMatchUtils;
import org.springframework.util.StringUtils;
import sg.annotation.PreAuth;
import sg.constant.AuthConstant;
import sg.exception.Asserts;
import sg.mcc.aiis.centerbase.manpowerDB.vo.StaffViewVO;
import sg.mcc.aiis.feign.CenterBaseService;
import sg.mcc.aiis.feign.SysUserService;
import sg.mcc.aiis.user.model.SysUser;
import sg.mcc.aiis.util.SecurityUtil;
import javax.servlet.http.HttpServletRequest;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
/**
* 自定义权限验证
*/
@Slf4j
@Aspect
@Component
@AllArgsConstructor
public class PreAuthAspect {
@Autowired
private CenterBaseService centerBaseService;
@Autowired
private SysUserService sysUserService;
/**
* 所有权限标识
*/
private static final String ALL_PERMISSION = "*:*:*";
private final HttpServletRequest request;
//private final RedisService redisService;
@Around("@annotation(sg.annotation.PreAuth)")
public Object around(ProceedingJoinPoint point) throws Throwable {
String fromWhere = request.getHeader(AuthConstant.FROM_WHERE);
//System.out.println("around进入,fromWhere的值为:"+fromWhere);
//IHOME暂时全部放行
if (!StringUtils.isEmpty(fromWhere) && "IHOME".equals(fromWhere)) {
return point.proceed();
}
//System.out.println("进入了环绕");
MethodSignature methodSignature =(MethodSignature) point.getSignature();
// MethodSignature methodSignature = (MethodSignature) signature;
Method method = methodSignature.getMethod();
PreAuth preAuth = method.getAnnotation(PreAuth.class);
if (ObjectUtils.isEmpty(preAuth)) {
//System.out.println("直接return");
return point.proceed();
}
//System.out.println("preAuth.hasPerm()=" + preAuth.hasPerm());
boolean kkk = hasPerm(preAuth.hasPerm());
//System.out.println("kkk=" + kkk);
if (kkk) {
//System.out.println("进入权限校验");
return point.proceed();
} else {
Asserts.fail("权限验证不通过");
}
return null;
}
/**
* 验证用户是否具备某权限
*
* @param permission 权限字符串
* @return 用户是否具备某权限
*/
public boolean hasPerm(String permission) {
//System.out.println("permission的值为:" + permission);
StaffViewVO userInfo = SecurityUtil.getUsername(request, centerBaseService);
if (StringUtils.isEmpty(userInfo)) {
return false;
}
if (!StringUtils.isEmpty(userInfo) && StringUtils.isEmpty(permission)) {
return true;
}
/**
* 查询人员对象
*/
SysUser userByEmployeeCode = sysUserService.getUserByEmployeeCode(userInfo.getStaff_no());
if (null == userByEmployeeCode) {
Asserts.fail("获取当前登录用户失败,请重试!");
}
//保存当前用户信息到线程中
userInfo.setSysUser(userByEmployeeCode);
// 如果用户是超级管理员,则直接跳过权限验证
if (String.valueOf(userByEmployeeCode.getDepartId()).equals("-1")) {
userInfo.setIsSuperAdmin(true);
return true;
} else {
userInfo.setIsSuperAdmin(false);
}
//实时获取所有的菜单权限List<String>
// sysUserService.getUserAuthorities(userInfo.getStaff_no());
//暂不用缓存校验
/*Map<String, Object> data = (Map<String, Object>) redisService.get(Oauth2Constant.MATE_PERMISSION_PREFIX
+ userInfo.getAccount() + StringPool.DOT + userInfo.getRoleId());
List<String> authorities = (List<String>) data.get("permissions");*/
List<String> authorities = sysUserService.getUserAuthorities(userInfo.getStaff_no());
return hasPermissions(authorities, permission);
}
/**
* 判断是否包含权限
*
* @param authorities 权限列表
* @param permission 权限字符串
* @return 用户是否具备某权限
*/
private boolean hasPermissions(Collection<String> authorities, String permission) {
//System.out.println("authorities的值为-AIIS:" + authorities);
//System.out.println("permission的值为-AIIS:" + permission);
//逗号分隔拆分
if (!StringUtils.isEmpty(permission)) {
List<String> strings = Arrays.asList(permission.split(","));
//System.out.println("strings的值为:" + strings);
for (String onePer : strings) {
boolean b = authorities.stream().filter(StringUtils::hasText)
.anyMatch(x -> ALL_PERMISSION.contains(x) || PatternMatchUtils.simpleMatch(onePer, x));
if (b) {
//System.out.println("命中permission的值为:" + permission);
return true;
}
}
}
return authorities.stream().filter(StringUtils::hasText)
.anyMatch(x -> ALL_PERMISSION.contains(x) || PatternMatchUtils.simpleMatch(permission, x));
}
}
token安全检测工具类:查询该登录用户是否具有某个页面或按钮的配置权限
package sg.mcc.aiis.util;
import cn.hutool.core.bean.BeanUtil;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.BeanUtils;
import sg.api.CommonResult;
import sg.api.ResultCode;
import sg.constant.AuthConstant;
import sg.exception.Asserts;
import sg.mcc.aiis.centerbase.manpowerDB.vo.StaffViewVO;
import sg.mcc.aiis.context.UserContext;
import sg.mcc.aiis.feign.CenterBaseService;
import javax.servlet.http.HttpServletRequest;
/**
* token安全检测工具类
*/
@Slf4j
public class SecurityUtil {
/**
* 从HttpServletRequest获取LoginUser信息
*
* @param request HttpServletRequest
* @return LoginUser
*/
public static StaffViewVO getUsername(HttpServletRequest request, CenterBaseService centerBaseService) {
String realToken = getToken(request);
String fromWhere = request.getHeader(AuthConstant.FROM_WHERE);
// 然后根据token获取用户登录信息,这里省略获取用户信息的过程
CommonResult<StaffViewVO> result = null;
if (fromWhere.equalsIgnoreCase("PC") || fromWhere.equalsIgnoreCase("MOBILE")) {
result = centerBaseService.getStaffByView(realToken, fromWhere);
} else if (fromWhere.equalsIgnoreCase("APP")) {
result = centerBaseService.getStaffByViewForApp(realToken);
} else {
Asserts.fail(ResultCode.UNAUTHORIZED);
}
StaffViewVO loginUser = new StaffViewVO();
StaffViewVO data = result.getData();
if (BeanUtil.isNotEmpty(data)) {
BeanUtil.copyProperties(data, loginUser);
}
loginUser.setFromWhere(fromWhere);
UserContext.setUser(loginUser);
return loginUser;
}
/**
* 从HttpServletRequest里获取token
*
* @param request HttpServletRequest
* @return token
*/
public static String getHeaderToken(HttpServletRequest request) {
return request.getHeader("realToken");
}
/**
* 从HttpServletRequest里获取token
*
* @param request HttpServletRequest
* @return token
*/
public static String getToken(HttpServletRequest request) {
String headerToken = getHeaderToken(request);
if (StringUtils.isBlank(headerToken)) {
Asserts.fail("没有携带Token信息!");
}
return headerToken;
}
}