package com.gkhy.assess.framework.shiro.realm; import com.gkhy.assess.common.domain.CustomerUsernamePasswordToken; import com.gkhy.assess.common.enums.UserIdentityEnum; import com.gkhy.assess.common.utils.RequestUtil; import com.gkhy.assess.common.utils.SpringContextUtils; import com.gkhy.assess.common.domain.JwtToken; import com.gkhy.assess.common.utils.StringUtils; import com.gkhy.assess.framework.shiro.service.SysLoginService; import com.gkhy.assess.system.domain.SysUser; import lombok.extern.slf4j.Slf4j; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.cache.Cache; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.subject.SimplePrincipalCollection; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import javax.servlet.http.HttpServletRequest; import java.util.HashSet; import java.util.Set; @Slf4j @Component public class UserRealm extends AuthorizingRealm { @Autowired private SysLoginService sysLoginService; /** * 授权 * @param principalCollection * @return */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { SysUser sysUser = (SysUser) principalCollection.getPrimaryPrincipal(); Set roles=new HashSet<>(); Set menus=new HashSet<>(); SimpleAuthorizationInfo info=new SimpleAuthorizationInfo(); if(sysUser.getIdentity().equals(UserIdentityEnum.MONITOR.getCode())){ info.addRole("monitor"); info.addStringPermission("system:assess:monitor"); }else if(sysUser.getIdentity().equals(UserIdentityEnum.AGENCY.getCode())){ info.addRole("agency"); info.addStringPermission("system:assess:agency"); }else{ info.addRole("expert"); info.addStringPermission("system:assess:expert"); } return info; } /** * 认证 * @param authenticationToken * @return * @throws AuthenticationException */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { HttpServletRequest req = SpringContextUtils.getHttpServletRequest(); SysUser sysUser=null; if(authenticationToken instanceof JwtToken){ String token= (String) authenticationToken.getCredentials(); if(StringUtils.isBlank(token)){ log.info("————————身份认证失败——————————IP地址: "+ RequestUtil.getRequestIp(req) +",URL:"+req.getRequestURI()); throw new AuthenticationException("token为空!"); } sysUser=sysLoginService.validJwtToken(token); if(sysUser!=null){ return new SimpleAuthenticationInfo(sysUser,token,this.getName()); } }else{ CustomerUsernamePasswordToken upToken = (CustomerUsernamePasswordToken) authenticationToken; String username = upToken.getUsername(); String password=new String(upToken.getPassword()); sysUser=sysLoginService.login(username,password,upToken.getIdentity()); if(sysUser!=null){ return new SimpleAuthenticationInfo(sysUser,password,this.getName()); } } return null; } /** * 清理指定用户授权信息缓存 */ public void clearCachedAuthorizationInfo(Object principal) { SimplePrincipalCollection principals = new SimplePrincipalCollection(principal, getName()); this.clearCachedAuthorizationInfo(principals); } /** * 清理所有用户授权信息缓存 */ public void clearAllCachedAuthorizationInfo() { Cache cache = getAuthorizationCache(); if (cache != null) { for (Object key : cache.keys()) { cache.remove(key); } } } }