请结合2.0查看解决了当前问题
如何修改其他用户权限
修改用户信息没有效果等
private final CacheManager cacheManager;
private final RedisConnectionFactory redisConnectionFactory;
private final AuthenticationKeyGenerator authenticationKeyGenerator = new
DefaultAuthenticationKeyGenerator();
private final JdkSerializationStrategy serializationStrategy = new JdkSerializationStrategy();
/**
* 动态修改自身权限,无需重新登录
* @return
*/
@PostMapping("/oneselfUpdateAuth")
public R oneselfUpdateAuth() {
//获取当前用户信息
BaseUser users = SecurityUtils.getUser();
//token存放的地方
RedisTokenStore tokenStore = new RedisTokenStore(redisConnectionFactory);
//设置前缀 base_oauth:
tokenStore.setPrefix(SecurityConstants.BASE_PREFIX + SecurityConstants.OAUTH_PREFIX);
tokenStore.setAuthenticationKeyGenerator(new DefaultAuthenticationKeyGenerator() {
@Override
public String extractKey(OAuth2Authentication authentication) {
return super.extractKey(authentication) + ":" + TenantContextHolder.getTenantId();
}
});
//根据id获取用户信息
UserVO user = sysUserService.selectUserVoById(users.getId());
//获取当前用户的认证信息
Authentication authentication=SecurityContextHolder.getContext().getAuthentication();
//添加权限的地方随便测试一下
Set<GrantedAuthority> dbAuthsSet = new HashSet<>(authentication.getAuthorities());
//增加一个权限
dbAuthsSet.add(new SimpleGrantedAuthority("salaryother:warningteam:testroleid"));
Collection<? extends GrantedAuthority> authorities =dbAuthsSet;
// AuthorityUtils
// .createAuthorityList(dbAuthsSet.toArray(new String[0]));
//监测当前用户是否锁定
boolean enabled = StrUtil.equals(user.getLockFlag(), CommonConstants.STATUS_NORMAL);
// 构造security用户,SecurityConstants.BCRYPT为加密特征码
BaseUser itduUser = new BaseUser(user.getId(), user.getOrganId(), user.getTenantId(), user.getUsername(), SecurityConstants.BCRYPT + user.getPassword(), enabled,
true, true, CommonConstants.STATUS_NORMAL.equals(user.getLockFlag()), authorities);
//从缓存中获取用户信息 String USER_CACHE = "user_cache";
Cache cache = cacheManager.getCache(CacheConstants.USER_CACHE);
if (cache != null) {
//存入缓存
cache.put(user.getUsername(), itduUser);
}
if (authentication instanceof OAuth2Authentication) {
OAuth2Authentication originalOAuth2Authentication = (OAuth2Authentication) authentication;
if (!originalOAuth2Authentication.isClientOnly()) {
Authentication userAuthentication = originalOAuth2Authentication.getUserAuthentication();
if (userAuthentication instanceof UsernamePasswordAuthenticationToken) {
//替换用户信息
UsernamePasswordAuthenticationToken usernamePasswordAuthentication = new UsernamePasswordAuthenticationToken(itduUser, "N_A", authorities);
usernamePasswordAuthentication.setDetails(itduUser);
OAuth2Authentication oauth2Authentication = new OAuth2Authentication(originalOAuth2Authentication.getOAuth2Request(), usernamePasswordAuthentication);
oauth2Authentication.setDetails(itduUser);
//提取秘钥
String key = authenticationKeyGenerator.extractKey(originalOAuth2Authentication);
//这里获取auth_to_access不知道长可以去redis看 本项目用的是 base_oauth:auth_to_access:key:tenantId 每个项目用的可能不一样
byte[] serializedKey = serializationStrategy.serialize(SecurityConstants.BASE_PREFIX + SecurityConstants.OAUTH_PREFIX+ "auth_to_access:"+ key+":"+user.getTenantId());
byte[] bytes = null;
RedisConnection conn = redisConnectionFactory.getConnection();
try {
bytes = conn.get(serializedKey);
} finally {
conn.close();
}
//获取到token
OAuth2AccessToken accessToken =serializationStrategy.deserialize(bytes,OAuth2AccessToken.class);
//更新这个token权限
tokenStore.storeAccessToken(accessToken,oauth2Authentication);
}
}
}
return R.ok();
}
测试一下
@RequestMapping(value="/testRoleId")
@PreAuthorize("@ato.hasAuthority('salaryother:warningteam:testroleid')")
public R testRoleId() {
return R.ok("通过权限校验");
}
定义一个没有当前权限的用户登录获取token进行测试
调用权限更新接口
重新调用接口测试权限
ok,权限已经修改完毕,重新刷新token的话权限还是存在,这个就不测了,当然如果重新登录的话,权限一样会被更新,之后失效要想永久修改那就得修改数据库