package com.gkhy.assess.framework.shiro.realm;
|
|
import com.gkhy.assess.common.enums.UserIdentityEnum;
|
import com.gkhy.assess.common.exception.ApiException;
|
import com.gkhy.assess.common.utils.RequestUtil;
|
import com.gkhy.assess.common.utils.SpringContextUtils;
|
import com.gkhy.assess.framework.shiro.JwtToken;
|
import com.gkhy.assess.framework.shiro.service.SysLoginService;
|
import com.gkhy.assess.system.domain.SysUser;
|
import lombok.extern.slf4j.Slf4j;
|
import org.apache.shiro.authc.*;
|
import org.apache.shiro.authz.AuthorizationInfo;
|
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
import org.apache.shiro.cache.Cache;
|
import org.apache.shiro.realm.AuthorizingRealm;
|
import org.apache.shiro.subject.PrincipalCollection;
|
import org.apache.shiro.subject.SimplePrincipalCollection;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.stereotype.Component;
|
|
import javax.servlet.http.HttpServletRequest;
|
import java.util.HashSet;
|
import java.util.Set;
|
|
@Slf4j
|
@Component
|
public class UserRealm extends AuthorizingRealm {
|
|
@Autowired
|
private SysLoginService sysLoginService;
|
/**
|
* 授权
|
* @param principalCollection
|
* @return
|
*/
|
@Override
|
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
|
SysUser sysUser = (SysUser) principalCollection.getPrimaryPrincipal();
|
Set<String> roles=new HashSet<>();
|
Set<String> menus=new HashSet<>();
|
SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
|
if(sysUser.getIdentity().equals(UserIdentityEnum.MONITOR.getCode())){
|
info.addRole("monitor");
|
info.addStringPermission("system:assess:monitor");
|
}else if(sysUser.getIdentity().equals(UserIdentityEnum.AGENCY.getCode())){
|
info.addRole("agency");
|
info.addStringPermission("system:assess:agency");
|
}else{
|
info.addRole("expert");
|
info.addStringPermission("system:assess:expert");
|
}
|
|
return info;
|
}
|
|
/**
|
* 认证
|
* @param authenticationToken
|
* @return
|
* @throws AuthenticationException
|
*/
|
@Override
|
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
|
HttpServletRequest req = SpringContextUtils.getHttpServletRequest();
|
SysUser sysUser=null;
|
if(authenticationToken instanceof JwtToken){
|
String token= (String) authenticationToken.getCredentials();
|
if(token==null){
|
|
log.info("————————身份认证失败——————————IP地址: "+ RequestUtil.getRequestIp(req) +",URL:"+req.getRequestURI());
|
throw new AuthenticationException("token为空!");
|
}
|
sysUser=sysLoginService.validJwtToken(token);
|
if(sysUser!=null){
|
return new SimpleAuthenticationInfo(sysUser,token,this.getName());
|
}
|
}else{
|
UsernamePasswordToken upToken = (UsernamePasswordToken) authenticationToken;
|
String username = upToken.getUsername();
|
String password=new String(upToken.getPassword());
|
sysUser=sysLoginService.login(username,password);
|
if(sysUser!=null){
|
return new SimpleAuthenticationInfo(sysUser,password,this.getName());
|
}
|
}
|
|
return null;
|
}
|
|
|
/**
|
* 清理指定用户授权信息缓存
|
*/
|
public void clearCachedAuthorizationInfo(Object principal)
|
{
|
SimplePrincipalCollection principals = new SimplePrincipalCollection(principal, getName());
|
this.clearCachedAuthorizationInfo(principals);
|
}
|
|
/**
|
* 清理所有用户授权信息缓存
|
*/
|
public void clearAllCachedAuthorizationInfo()
|
{
|
Cache<Object, AuthorizationInfo> cache = getAuthorizationCache();
|
if (cache != null)
|
{
|
for (Object key : cache.keys())
|
{
|
cache.remove(key);
|
}
|
}
|
}
|
}
|
