3 年之前 · 186d90922b
--- a/api-common/src/main/java/api/common/pojo/param/demo/TestPageParam.java
+++ b/api-common/src/main/java/api/common/pojo/param/demo/TestPageParam.java
@@ -7,4 +7,5 @@ import lombok.Data;
 
				 public class TestPageParam extends PageVO {
			
 
				 
			
 
				     private String name;
			
 
				+    private String createUserId;
			
 
				 }
			
--- a/simulation-oauth-server/src/main/java/com/css/simulation/oauth/server/cofiguration/oauth/MyUserAuthenticationConverter.java
+++ b/simulation-oauth-server/src/main/java/com/css/simulation/oauth/server/cofiguration/oauth/MyUserAuthenticationConverter.java
@@ -17,6 +17,7 @@ public class MyUserAuthenticationConverter extends DefaultUserAuthenticationConv
 
				         Map<String, Object> response = new LinkedHashMap<>();
			
 
				         MyUserDetails myUserDetails = (MyUserDetails) authentication.getPrincipal();
			
 
				         //1 用户基本信息
			
 
				+        response.put("id", myUserDetails.getId());
			
 
				         response.put("username", authentication.getName());
			
 
				         response.put("phone", myUserDetails.getPhone());
			
 
				         response.put("isSub", myUserDetails.getIsSub());
			
--- a/simulation-oauth-server/src/main/java/com/css/simulation/oauth/server/cofiguration/security/MyUserDetails.java
+++ b/simulation-oauth-server/src/main/java/com/css/simulation/oauth/server/cofiguration/security/MyUserDetails.java
@@ -16,6 +16,7 @@ import java.util.Set;
 
				 @AllArgsConstructor
			
 
				 public class MyUserDetails implements UserDetails, Serializable {
			
 
				     private static final long serialVersionUID = -158357727659030597L;
			
 
				+    private String id;
			
 
				     private String username;
			
 
				     private String password;
			
 
				     private String phone;
			
--- a/simulation-oauth-server/src/main/java/com/css/simulation/oauth/server/cofiguration/security/MyUserDetailsService.java
+++ b/simulation-oauth-server/src/main/java/com/css/simulation/oauth/server/cofiguration/security/MyUserDetailsService.java
@@ -23,6 +23,7 @@ public class MyUserDetailsService implements UserDetailsService {
 
				         UserPO userPO = userMapper.selectByUsername(username);
			
 
				 
			
 
				         return new MyUserDetails(
			
 
				+                userPO.getId(),
			
 
				                 userPO.getUsername(),
			
 
				                 userPO.getPassword(),
			
 
				                 userPO.getPhone(),
			
--- a/simulation-resource-server/pom.xml
+++ b/simulation-resource-server/pom.xml
@@ -52,6 +52,17 @@
 
				         </dependency>
			
 
				         <!-- nacos - 结束 -->
			
 
				 
			
 
				+        <!-- 权限认证 - 开始 -->
			
 
				+        <dependency>
			
 
				+            <groupId>org.springframework.cloud</groupId>
			
 
				+            <artifactId>spring-cloud-starter-security</artifactId>
			
 
				+        </dependency>
			
 
				+        <dependency>
			
 
				+            <groupId>org.springframework.cloud</groupId>
			
 
				+            <artifactId>spring-cloud-starter-oauth2</artifactId>
			
 
				+        </dependency>
			
 
				+        <!-- 权限认证 - 结束 -->
			
 
				+
			
 
				         <!-- 数据库 - 开始 -->
			
 
				         <dependency>
			
 
				             <groupId>com.github.pagehelper</groupId>
			
--- a/simulation-resource-server/src/main/java/com/css/simulation/resource/Application.java
+++ b/simulation-resource-server/src/main/java/com/css/simulation/resource/Application.java
@@ -3,9 +3,12 @@ package com.css.simulation.resource;
 
				 import org.springframework.boot.SpringApplication;
			
 
				 import org.springframework.boot.autoconfigure.SpringBootApplication;
			
 
				 import org.springframework.cloud.openfeign.EnableFeignClients;
			
 
				+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
			
 
				+
			
 
				 
			
 
				-@EnableFeignClients
			
 
				 @SpringBootApplication
			
 
				+@EnableFeignClients
			
 
				+@EnableResourceServer
			
 
				 public class Application {
			
 
				 
			
 
				     public static void main(String[] args) {
			
--- a/simulation-resource-server/src/main/java/com/css/simulation/resource/common/config/OAuth2Config.java
+++ b/simulation-resource-server/src/main/java/com/css/simulation/resource/common/config/OAuth2Config.java
@@ -0,0 +1,53 @@
 
				+package com.css.simulation.resource.common.config;
			
 
				+
			
 
				+import com.css.simulation.resource.common.oauth.MyUserAuthenticationConverter;
			
 
				+import com.css.simulation.resource.common.oauth.OauthParameter;
			
 
				+import org.springframework.context.annotation.Configuration;
			
 
				+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
			
 
				+import org.springframework.security.config.http.SessionCreationPolicy;
			
 
				+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
			
 
				+import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
			
 
				+import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
			
 
				+import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
			
 
				+
			
 
				+import javax.annotation.Resource;
			
 
				+
			
 
				+@Configuration
			
 
				+public class OAuth2Config extends ResourceServerConfigurerAdapter {
			
 
				+
			
 
				+    @Resource
			
 
				+    private OauthParameter oauthParameter;
			
 
				+
			
 
				+    @Resource
			
 
				+    MyUserAuthenticationConverter myUserAuthenticationConverter;
			
 
				+
			
 
				+    @Override
			
 
				+    public void configure(ResourceServerSecurityConfigurer resources) {
			
 
				+        //令牌解析服务配置
			
 
				+        RemoteTokenServices services = new RemoteTokenServices();
			
 
				+        services.setCheckTokenEndpointUrl(oauthParameter.getCheckTokenEndpointUrl());  // 需要在授权服务器公开 /oauth/check_token
			
 
				+        services.setClientId(oauthParameter.getClientId());
			
 
				+        services.setClientSecret(oauthParameter.getClientSecret());
			
 
				+        //自定义令牌转换器
			
 
				+        DefaultAccessTokenConverter defaultAccessTokenConverter = new DefaultAccessTokenConverter();
			
 
				+        defaultAccessTokenConverter.setUserTokenConverter(myUserAuthenticationConverter);
			
 
				+        services.setAccessTokenConverter(defaultAccessTokenConverter);
			
 
				+
			
 
				+        resources.resourceId(oauthParameter.getResourceId())      // 资源 id
			
 
				+                .tokenServices(services)    // 使用远程服务验证令牌的服务
			
 
				+                .stateless(true);   // 无状态模式，即无需用户登录，无 session
			
 
				+    }
			
 
				+
			
 
				+    /**
			
 
				+     * 配置拦截请求，通过 scope
			
 
				+     */
			
 
				+    @Override
			
 
				+    public void configure(HttpSecurity http) throws Exception {
			
 
				+        http.csrf().disable()   // 禁用 csrf
			
 
				+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)// 无状态验证
			
 
				+                .and()
			
 
				+                .authorizeRequests().anyRequest()
			
 
				+                .access("#oauth2.hasScope('all')") // 拦截所有请求判断 scope
			
 
				+        ;
			
 
				+    }
			
 
				+}
			
--- a/simulation-resource-server/src/main/java/com/css/simulation/resource/common/exception/GlobalExceptionHandler.java
+++ b/simulation-resource-server/src/main/java/com/css/simulation/resource/common/exception/GlobalExceptionHandler.java
@@ -1,4 +1,4 @@
 
				-package com.css.simulation.resource.common.config;
			
 
				+package com.css.simulation.resource.common.exception;
			
 
				 
			
 
				 import api.common.pojo.common.ResponseBodyVO;
			
 
				 import lombok.extern.slf4j.Slf4j;
			
--- a/simulation-resource-server/src/main/java/com/css/simulation/resource/common/oauth/MyUserAuthenticationConverter.java
+++ b/simulation-resource-server/src/main/java/com/css/simulation/resource/common/oauth/MyUserAuthenticationConverter.java
@@ -0,0 +1,42 @@
 
				+package com.css.simulation.resource.common.oauth;
			
 
				+
			
 
				+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
			
 
				+import org.springframework.security.core.Authentication;
			
 
				+import org.springframework.security.core.GrantedAuthority;
			
 
				+import org.springframework.security.core.authority.AuthorityUtils;
			
 
				+import org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter;
			
 
				+import org.springframework.stereotype.Component;
			
 
				+import org.springframework.util.StringUtils;
			
 
				+
			
 
				+import java.util.*;
			
 
				+
			
 
				+@Component
			
 
				+public class MyUserAuthenticationConverter extends DefaultUserAuthenticationConverter {
			
 
				+
			
 
				+    @Override
			
 
				+    public Authentication extractAuthentication(Map<String, ?> map) {
			
 
				+        List<GrantedAuthority> list = new LinkedList<>();
			
 
				+        //解析权限
			
 
				+        if (map.containsKey(AUTHORITIES)) {
			
 
				+            Object authorities = map.get(AUTHORITIES);
			
 
				+            if (authorities instanceof String) {
			
 
				+                list = AuthorityUtils.commaSeparatedStringToAuthorityList((String) authorities);
			
 
				+            } else if (authorities instanceof Collection) {
			
 
				+                list = AuthorityUtils.commaSeparatedStringToAuthorityList(StringUtils.collectionToCommaDelimitedString((Collection) authorities));
			
 
				+            } else {
			
 
				+                throw new IllegalArgumentException("Authorities must be either a String or a Collection");
			
 
				+            }
			
 
				+        }
			
 
				+        //解析当前登录人信息
			
 
				+        MyUserDetails userDetails = new MyUserDetails();
			
 
				+        userDetails.setId((String) map.get("id"));
			
 
				+        userDetails.setUsername((String) map.get("username"));
			
 
				+        userDetails.setPhone((String) map.get("phone"));
			
 
				+        userDetails.setIsSub((String) map.get("isSub"));
			
 
				+        userDetails.setParentId((String) map.get("parentId"));
			
 
				+        return new UsernamePasswordAuthenticationToken(userDetails, "N/A", list);
			
 
				+    }
			
 
				+
			
 
				+
			
 
				+
			
 
				+}
			
--- a/simulation-resource-server/src/main/java/com/css/simulation/resource/common/oauth/MyUserDetails.java
+++ b/simulation-resource-server/src/main/java/com/css/simulation/resource/common/oauth/MyUserDetails.java
@@ -0,0 +1,59 @@
 
				+package com.css.simulation.resource.common.oauth;
			
 
				+
			
 
				+import lombok.AllArgsConstructor;
			
 
				+import lombok.Builder;
			
 
				+import lombok.Data;
			
 
				+import lombok.NoArgsConstructor;
			
 
				+import org.springframework.security.core.GrantedAuthority;
			
 
				+import org.springframework.security.core.userdetails.UserDetails;
			
 
				+
			
 
				+import java.io.Serializable;
			
 
				+import java.util.Set;
			
 
				+
			
 
				+@Data
			
 
				+@Builder
			
 
				+@NoArgsConstructor
			
 
				+@AllArgsConstructor
			
 
				+public class MyUserDetails implements UserDetails, Serializable {
			
 
				+    private static final long serialVersionUID = -158357727659030597L;
			
 
				+    private String id;
			
 
				+    private String username;
			
 
				+    private String password;
			
 
				+    private String phone;
			
 
				+    private String isSub;
			
 
				+    private String parentId;
			
 
				+    private Set<GrantedAuthority> authorities;
			
 
				+
			
 
				+
			
 
				+    /**
			
 
				+     * 默认 false 是将用户账号过期，需改成 true 不过期
			
 
				+     */
			
 
				+    @Override
			
 
				+    public boolean isAccountNonExpired() {
			
 
				+        return true;
			
 
				+    }
			
 
				+
			
 
				+    /**
			
 
				+     * 默认 false 是将用户上锁，需改成 true 不上锁
			
 
				+     */
			
 
				+    @Override
			
 
				+    public boolean isAccountNonLocked() {
			
 
				+        return true;
			
 
				+    }
			
 
				+
			
 
				+    /**
			
 
				+     * 默认 false 是用户凭证国汽，需改成 true 不过期
			
 
				+     */
			
 
				+    @Override
			
 
				+    public boolean isCredentialsNonExpired() {
			
 
				+        return true;
			
 
				+    }
			
 
				+
			
 
				+    /**
			
 
				+     * 默认 false 是将用户失效，需改成 true 不失效
			
 
				+     */
			
 
				+    @Override
			
 
				+    public boolean isEnabled() {
			
 
				+        return true;
			
 
				+    }
			
 
				+}
			
--- a/simulation-resource-server/src/main/java/com/css/simulation/resource/common/oauth/OauthParameter.java
+++ b/simulation-resource-server/src/main/java/com/css/simulation/resource/common/oauth/OauthParameter.java
@@ -0,0 +1,16 @@
 
				+package com.css.simulation.resource.common.oauth;
			
 
				+
			
 
				+import lombok.Data;
			
 
				+import org.springframework.boot.context.properties.ConfigurationProperties;
			
 
				+import org.springframework.stereotype.Component;
			
 
				+
			
 
				+@Data
			
 
				+@Component
			
 
				+@ConfigurationProperties(prefix="oauth")
			
 
				+public class OauthParameter {
			
 
				+
			
 
				+    private String resourceId;
			
 
				+    private String checkTokenEndpointUrl;
			
 
				+    private String clientId;
			
 
				+    private String clientSecret;
			
 
				+}
			
--- a/simulation-resource-server/src/main/java/com/css/simulation/resource/common/utils/AuthUtil.java
+++ b/simulation-resource-server/src/main/java/com/css/simulation/resource/common/utils/AuthUtil.java
@@ -0,0 +1,15 @@
 
				+package com.css.simulation.resource.common.utils;
			
 
				+
			
 
				+import com.css.simulation.resource.common.oauth.MyUserDetails;
			
 
				+import org.springframework.security.core.Authentication;
			
 
				+import org.springframework.security.core.context.SecurityContextHolder;
			
 
				+
			
 
				+public class AuthUtil {
			
 
				+
			
 
				+    public static String getCurrentUserId(){
			
 
				+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
			
 
				+        MyUserDetails userDetails = (MyUserDetails)authentication.getPrincipal();
			
 
				+        String userId = userDetails.getId();
			
 
				+        return userId;
			
 
				+    }
			
 
				+}
			
--- a/simulation-resource-server/src/main/java/com/css/simulation/resource/demo/service/TestService.java
+++ b/simulation-resource-server/src/main/java/com/css/simulation/resource/demo/service/TestService.java
@@ -3,6 +3,7 @@ package com.css.simulation.resource.demo.service;
 
				 import api.common.pojo.constants.DictConstants;
			
 
				 import api.common.pojo.param.demo.TestPageParam;
			
 
				 import api.common.pojo.vo.demo.TestVO;
			
 
				+import com.css.simulation.resource.common.utils.AuthUtil;
			
 
				 import com.css.simulation.resource.common.utils.PageUtil;
			
 
				 import com.css.simulation.resource.demo.mapper.TestMapper;
			
 
				 import com.css.simulation.resource.system.service.DictService;
			
@@ -24,6 +25,7 @@ public class TestService {
 
				 
			
 
				     public PageInfo<TestVO> getTestPageList(TestPageParam params) {
			
 
				         PageUtil.setPageInfo(params);
			
 
				+        params.setCreateUserId(AuthUtil.getCurrentUserId());
			
 
				         List<TestVO> list = testMapper.getTestPageList(params);
			
 
				         //字典翻译
			
 
				         Map<String, Map<String, String>> dictMapsByTypes = dictService.getDictMapsByTypes(DictConstants.LEVEL + "," + DictConstants.DRIVE_TYPE);
			
--- a/simulation-resource-server/src/main/resources/mapper/demo/TestMapper.xml
+++ b/simulation-resource-server/src/main/resources/mapper/demo/TestMapper.xml
@@ -20,7 +20,10 @@
 
				             <if test="name != null and name != ''">
			
 
				                 and t.name like CONCAT('%',#{name,jdbcType=VARCHAR},'%')
			
 
				             </if>
			
 
				-            order by create_time desc
			
 
				+            <if test="createUserId != null and createUserId != ''">
			
 
				+                and t.create_user_id like CONCAT('%',#{createUserId,jdbcType=VARCHAR},'%')
			
 
				+            </if>
			
 
				+            order by t.create_time desc
			
 
				         </where>
			
 
				     </select>