创建人，更新人取值错误修正

Signed-off-by: TanYibin <5491541@qq.com>

创建人，更新人取值错误修正
Signed-off-by: TanYibin <5491541@qq.com>
谭毅彬
1 parent 200130cf
Showing 3 changed files with 143 additions and 28 deletions
huaheng-wms-core/src/main/java/org/jeecg/config/shiro/ShiroRealm.java
huaheng-wms-core/src/main/java/org/jeecg/modules/system/controller/LoginController.java
huaheng-wms-core/src/main/java/org/jeecg/utils/HuahengJwtUtil.java
+package org.jeecg.config.shiro;
+
+import java.util.Set;
+
+import javax.annotation.Resource;
+import javax.servlet.ServletResponse;
+
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.AuthenticationInfo;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authc.SimpleAuthenticationInfo;
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.authz.SimpleAuthorizationInfo;
+import org.apache.shiro.realm.AuthorizingRealm;
+import org.apache.shiro.subject.PrincipalCollection;
+import org.jeecg.common.api.CommonAPI;
+import org.jeecg.common.system.util.JwtUtil;
+import org.jeecg.common.system.vo.LoginUser;
+import org.jeecg.common.util.RedisUtil;
+import org.jeecg.common.util.SpringContextUtils;
+import org.jeecg.common.util.oConvertUtils;
+import org.jeecg.utils.HuahengJwtUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.annotation.Lazy;
+import org.springframework.stereotype.Component;
+
+@Component
+public class ShiroRealm extends AuthorizingRealm {
+    private static final Logger log = LoggerFactory.getLogger(ShiroRealm.class);
+
+    @Lazy
+    @Resource
+    private CommonAPI commonAPI;
+
+    @Lazy
+    @Resource
+    private RedisUtil redisUtil;
+
+    public boolean supports(AuthenticationToken token) {
+        return token instanceof JwtToken;
+    }
+
+    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
+        log.info("===============Shiro权限认证开始============ [ roles、permissions]==========");
+        String username = null;
+        if (principals != null) {
+            LoginUser sysUser = (LoginUser)principals.getPrimaryPrincipal();
+            username = sysUser.getUsername();
+        }
+        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
+        Set<String> roleSet = this.commonAPI.queryUserRoles(username);
+//        System.out.println(roleSet.toString());
+        info.setRoles(roleSet);
+        Set<String> permissionSet = this.commonAPI.queryUserAuths(username);
+        info.addStringPermissions(permissionSet);
+//        System.out.println(permissionSet);
+        log.info("===============Shiro权限认证成功==============");
+        return (AuthorizationInfo)info;
+    }
+
+    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken auth) throws AuthenticationException {
+        log.debug("===============Shiro身份认证开始============doGetAuthenticationInfo==========");
+        String token = (String)auth.getCredentials();
+        if (token == null) {
+            log.info("————————身份认证失败——————————IP地址:  " + oConvertUtils.getIpAddrByRequest(SpringContextUtils.getHttpServletRequest()));
+            throw new AuthenticationException("token为空!");
+        }
+        LoginUser loginUser = null;
+        try {
+            loginUser = checkUserTokenIsEffect(token);
+        } catch (AuthenticationException e) {
+            JwtUtil.responseError((ServletResponse)SpringContextUtils.getHttpServletResponse(), Integer.valueOf(401), e.getMessage());
+            e.printStackTrace();
+            return null;
+        }
+        return (AuthenticationInfo)new SimpleAuthenticationInfo(loginUser, token, getName());
+    }
+
+    public LoginUser checkUserTokenIsEffect(String token) throws AuthenticationException {
+        String id = HuahengJwtUtil.getId(token);
+        String username = HuahengJwtUtil.getUsername(token);
+        String realname = HuahengJwtUtil.getRealname(token);
+        if (username == null) {
+            throw new AuthenticationException("token非法无效!");
+        }
+        LoginUser loginUser = new LoginUser();
+        loginUser.setId(id);
+        loginUser.setUsername(username);
+        loginUser.setRealname(realname);
+        return loginUser;
+    }
+
+    public boolean jwtTokenRefresh(String token, String userName, String passWord) {
+        String cacheToken = String.valueOf(this.redisUtil.get("prefix_user_token_" + token));
+        if (oConvertUtils.isNotEmpty(cacheToken)) {
+            if (!JwtUtil.verify(cacheToken, userName, passWord)) {
+                String newAuthorization = JwtUtil.sign(userName, passWord);
+                this.redisUtil.set("prefix_user_token_" + token, newAuthorization);
+                this.redisUtil.expire("prefix_user_token_" + token, 14400L);
+                log.debug("——————————用户在线操作，更新token保证不掉线—————————jwtTokenRefresh——————— " + token);
+            }
+            return true;
+        }
+        return false;
+    }
+
+    public void clearCache(PrincipalCollection principals) {
+        super.clearCache(principals);
+    }
+}
 \ No newline at end of file
@@ -651,32 +651,9 @@ public class LoginController {
                 obj.put("tenantList", tenantList);
             }
         }
-
-        // 暂时移除唯一登录功能
-        // 删除相同用户名称对应的key
-//        Collection<String> keys = redisTemplate.keys(CommonConstant.PREFIX_USER_TOKEN + "*");
-//        for (String key : keys) {
-//            String token = (String)redisUtil.get(key);
-//            LoginUser loginUser = sysBaseAPI.getUserByName(JwtUtil.getUsername(token));
-//            if (loginUser != null) {
-//                if (oConvertUtils.isNotEmpty(username) && loginUser.getUsername().contains(username)) {
-//                    log.info("强制  " + sysUser.getRealname() + " 退出成功！ ");
-//                    // 清空用户登录Token缓存
-//                    redisUtil.del(token);
-//                    // 清空用户登录Token缓存
-//                    redisUtil.del(CommonConstant.PREFIX_USER_TOKEN + token);
-//                    // 清空用户登录Shiro权限缓存
-//                    redisUtil.del(CommonConstant.PREFIX_USER_SHIRO_CACHE + sysUser.getId());
-//                    // 清空用户的缓存信息（包括部门信息），例如sys:cache:user::<username>
-//                    redisUtil.del(String.format("%s::%s", CacheConstant.SYS_USERS_CACHE, sysUser.getUsername()));
-//                    // 调用shiro的logout
-//                    SecurityUtils.getSubject().logout();
-//                }
-//            }
-//        }
         List<String> roles = sysBaseAPI.getRolesByUsername(username);
         // 生成token
-        String token = HuahengJwtUtil.sign(username, syspassword, warehouseCode, roles);
+        String token = HuahengJwtUtil.sign(sysUser.getId() + "", username,sysUser.getRealname(), syspassword, warehouseCode, roles);
         // 设置token缓存有效时间
         redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + token, token);
         redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + token, TOKEN_EXPIRE_TIME / 1000);
@@ -91,6 +91,32 @@ public class HuahengJwtUtil {
             return null;
         }
     }
+    
+    /**
+     * 获得token中的信息无需secret解密也能获得
+     * @return token中包含的用户名
+     */
+    public static String getRealname(String token) {
+        try {
+            DecodedJWT jwt = JWT.decode(token);
+            return jwt.getClaim("realname").asString();
+        } catch (JWTDecodeException e) {
+            return null;
+        }
+    }
+    
+    /**
+     * 获得token中的信息无需secret解密也能获得
+     * @return token中包含的用户名
+     */
+    public static String getId(String token) {
+        try {
+            DecodedJWT jwt = JWT.decode(token);
+            return jwt.getClaim("id").asString();
+        } catch (JWTDecodeException e) {
+            return null;
+        }
+    }
  
     /**
      * 获得token中的信息无需secret解密也能获得
@@ -186,11 +212,12 @@ public class HuahengJwtUtil {
      * @param  roles         用户的角色
      * @return               加密的token
      */
-    public static String sign(String username, String secret, String warehouseCode, List<String> roles) {
+    public static String sign(String id, String username, String realName, String secret, String warehouseCode, List<String> roles) {
         Date date = new Date(System.currentTimeMillis() + TOKEN_EXPIRE_TIME);
         Algorithm algorithm = Algorithm.HMAC256(secret);
         // 附带username信息
-        return JWT.create().withClaim("username", username).withClaim("warehouseCode", warehouseCode).withClaim("roles", roles).withExpiresAt(date).sign(algorithm);
+        return JWT.create().withClaim("id", id).withClaim("username", username).withClaim("realname", realName).withClaim("warehouseCode", warehouseCode).withClaim("roles", roles)
+            .withExpiresAt(date).sign(algorithm);
     }
  
     /**
@@ -258,7 +285,7 @@ public class HuahengJwtUtil {
         }
         return UNKNOWN_USER;
     }
-    
+
     /**
      * 获取当前登录用户
      * @author     TanYibin
@@ -375,6 +402,6 @@ public class HuahengJwtUtil {
                 });
             }
         }
-        return Result.ok("切换成功");
+        return Result.OK("切换成功", null);
     }
 }