SpringSecurity中的User类只有用户名、密码、权限信息三个用户详情字段
/**
* Models core user information retrieved by a {@link UserDetailsService}.
* <p>
* Developers may use this class directly, subclass it, or write their own
* {@link UserDetails} implementation from scratch.
* <p>
* {@code equals} and {@code hashcode} implementations are based on the {@code username}
* property only, as the intention is that lookups of the same user principal object (in a
* user registry, for example) will match where the objects represent the same user, not
* just when all the properties (authorities, password for example) are the same.
* <p>
* Note that this implementation is not immutable. It implements the
* {@code CredentialsContainer} interface, in order to allow the password to be erased
* after authentication. This may cause side-effects if you are storing instances
* in-memory and reusing them. If so, make sure you return a copy from your
* {@code UserDetailsService} each time it is invoked.
*
* @author Ben Alex
* @author Luke Taylor
*/
public class User implements UserDetails, CredentialsContainer {
private String password;
private final String username;
private final Set<GrantedAuthority> authorities;
//省略其他代码
}
为了可以设置更多的属性,新建com.itheima.stock.security.user.LoginUserDetail
package com.itheima.stock.security.user;
import com.itheima.stock.vo.resp.PermissionRespNodeVo;
import lombok.Data;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.List;
/**
* 自定义用户详情类
*/
@Data
public class LoginUserDetail implements UserDetails {
private String username;
private String password;
private List<GrantedAuthority> authorities;
/**
* 账户没有过期
*/
private boolean isAccountNonExpired=true;
/**
* 账号没有锁定
*/
private boolean isAccountNonLocked=true;
/**
* 密码没有过期
*/
private boolean isCredentialsNonExpired=true;
/**
* 账户是否禁用
* true:没有禁用
*/
boolean isEnabled= true;
//自定义字段
/**
* 用户ID
*/
private Long id;
/**
* 电话
*/
private String phone;
/**
* 昵称
*/
private String nickName;
/**
* 真实姓名
*/
private String realName;
/**
* 性别(1.男 2.女)
*/
private Integer sex;
/**
* 账户状态(1.正常 2.锁定 )
*/
private Integer status;
/**
* 邮箱
*/
private String email;
/**
* 权限树,不包含按钮相关权限信息
*/
private List<PermissionRespNodeVo> menus;
/**
* 前端按钮权限集合
*/
private List<String> permissions;
}
新建com.itheima.stock.security.service.LoginUserDetailService
package com.itheima.stock.security.service;
import com.google.common.base.Strings;
import com.itheima.stock.mapper.SysRoleMapper;
import com.itheima.stock.mapper.SysUserMapperExt;
import com.itheima.stock.pojo.entity.SysPermission;
import com.itheima.stock.pojo.entity.SysRole;
import com.itheima.stock.pojo.entity.SysUser;
import com.itheima.stock.security.user.LoginUserDetail;
import com.itheima.stock.service.PermissionService;
import com.itheima.stock.vo.resp.PermissionRespNodeVo;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
import java.util.List;
import java.util.stream.Collectors;
/**
* 定义获取用户详情服务Bean
*/
@Service("userDetailsService")
public class LoginUserDetailService implements UserDetailsService {
@Autowired
private SysUserMapperExt sysUserMapperExt;
@Autowired
private PermissionService permissionService;
@Autowired
private SysRoleMapper sysRoleMapper;
/**
* 根据用户名获取用户详情:用户名,密码,权限集合等
*
* @param username
* @return
* @throws UsernameNotFoundException
*/
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//根据用户名查询查询数据库中用户详情
SysUser dbUser = sysUserMapperExt.findUserByUserName(username);
if (dbUser == null) {
throw new UsernameNotFoundException("用户不存在");
}
//获取指定用户的权限集合 添加获取侧边栏数据和按钮权限的结合信息
List<SysPermission> permissions = permissionService.getPermissionByUserId(dbUser.getId());
List<SysRole> roles = sysRoleMapper.getRoleByUserId(dbUser.getId());
//获取树状权限菜单数据
List<PermissionRespNodeVo> menus = permissionService.getTree(permissions, 0l, true);
//获取菜单按钮集合
List<String> authBtnPerms = permissions.stream()
.filter(per -> !Strings.isNullOrEmpty(per.getCode()) && per.getType() == 3)
.map(per -> per.getCode()).collect(Collectors.toList());
List<String> ps = new ArrayList<String>();
//获取security的权限标识
List<String> pers = permissions.stream()
.filter(per -> StringUtils.isNotBlank(per.getPerms()))
.map(per -> per.getPerms())
.collect(Collectors.toList());
ps.addAll(pers);
List<String> rs = roles.stream().map(r -> "ROLE_" + r.getName()).collect(Collectors.toList());
ps.addAll(rs);
String[] psArray = ps.toArray(new String[ps.size()]);
//将用户拥有的权限标识转化为权限对象
List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList(psArray);
//构建用户详情服务对象
LoginUserDetail userDetail = new LoginUserDetail();
//将dbUser的属性复制到userDetail
BeanUtils.copyProperties(dbUser, userDetail);
userDetail.setMenus(menus);
userDetail.setPermissions(authBtnPerms);
userDetail.setAuthorities(authorities);
return userDetail;
}
}
修改com.itheima.stock.security.filter.JwtLoginAuthenticationFilter
/**
*
* @param request
* @param response
* @param chain 过滤器链
* @param authResult 认证对象
* method.
* @throws IOException
* @throws ServletException
*/
@Override
//认证成功时的回调方法
protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException {
LoginUserDetail userDetail = (LoginUserDetail) authResult.getPrincipal();
String username = userDetail.getUsername();
Collection<GrantedAuthority> authorities = userDetail.getAuthorities();
//生成token
String tokenStr = JwtTokenUtil.createToken(username, authorities.toString());
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
response.setCharacterEncoding("UTF-8");
//构建响应实体对象
LoginRespVoExt respVoExt = new LoginRespVoExt();
BeanUtils.copyProperties(userDetail,respVoExt);
respVoExt.setAccessToken(tokenStr);
R<LoginRespVoExt> ok = R.ok(respVoExt);
response.getWriter().write(new ObjectMapper().writeValueAsString(ok));
}
@Override
//认证失败时的回调方法
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
response.setCharacterEncoding("UTF-8");
R<Object> error = R.error(ResponseCode.ERROR);
response.getWriter().write(new ObjectMapper().writeValueAsString(error));
}