Merge branch 'master' of https://gitee.com/beijing_hongye_huicheng/lilishop
This commit is contained in:
pikachu1995@126.com
commit
013e8f8f70
@ -2,6 +2,7 @@ package cn.lili.common.security;
|
|||||||
|
|
||||||
import cn.lili.common.security.enums.UserEnums;
|
import cn.lili.common.security.enums.UserEnums;
|
||||||
import lombok.AllArgsConstructor;
|
import lombok.AllArgsConstructor;
|
||||||
|
import lombok.Builder;
|
||||||
import lombok.Data;
|
import lombok.Data;
|
||||||
import lombok.NoArgsConstructor;
|
import lombok.NoArgsConstructor;
|
||||||
|
|
||||||
@ -13,6 +14,7 @@ import java.io.Serializable;
|
|||||||
@Data
|
@Data
|
||||||
@NoArgsConstructor
|
@NoArgsConstructor
|
||||||
@AllArgsConstructor
|
@AllArgsConstructor
|
||||||
|
@Builder
|
||||||
public class AuthUser implements Serializable {
|
public class AuthUser implements Serializable {
|
||||||
|
|
||||||
private static final long serialVersionUID = 582441893336003319L;
|
private static final long serialVersionUID = 582441893336003319L;
|
||||||
@ -84,22 +86,5 @@ public class AuthUser implements Serializable {
|
|||||||
this.nickName = nickName;
|
this.nickName = nickName;
|
||||||
}
|
}
|
||||||
|
|
||||||
public AuthUser(String username, String id, String face, UserEnums manager, String nickName, Boolean isSuper) {
|
|
||||||
this.username = username;
|
|
||||||
this.id = id;
|
|
||||||
this.face = face;
|
|
||||||
this.role = manager;
|
|
||||||
this.isSuper = isSuper;
|
|
||||||
this.nickName = nickName;
|
|
||||||
}
|
|
||||||
|
|
||||||
public AuthUser(String username, String id, UserEnums manager, String nickName, Boolean isSuper, String clerkId, String face) {
|
|
||||||
this.username = username;
|
|
||||||
this.id = id;
|
|
||||||
this.role = manager;
|
|
||||||
this.isSuper = isSuper;
|
|
||||||
this.nickName = nickName;
|
|
||||||
this.clerkId = clerkId;
|
|
||||||
this.face = face;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -4,10 +4,10 @@ import cn.lili.cache.Cache;
|
|||||||
import cn.lili.cache.CachePrefix;
|
import cn.lili.cache.CachePrefix;
|
||||||
import cn.lili.common.enums.ResultCode;
|
import cn.lili.common.enums.ResultCode;
|
||||||
import cn.lili.common.exception.ServiceException;
|
import cn.lili.common.exception.ServiceException;
|
||||||
|
import cn.lili.common.properties.JWTTokenProperties;
|
||||||
import cn.lili.common.security.AuthUser;
|
import cn.lili.common.security.AuthUser;
|
||||||
import cn.lili.common.security.enums.SecurityEnum;
|
import cn.lili.common.security.enums.SecurityEnum;
|
||||||
import cn.lili.common.security.enums.UserEnums;
|
import cn.lili.common.security.enums.UserEnums;
|
||||||
import cn.lili.common.properties.JWTTokenProperties;
|
|
||||||
import com.google.gson.Gson;
|
import com.google.gson.Gson;
|
||||||
import io.jsonwebtoken.*;
|
import io.jsonwebtoken.*;
|
||||||
import io.jsonwebtoken.security.SignatureException;
|
import io.jsonwebtoken.security.SignatureException;
|
||||||
@ -34,24 +34,21 @@ public class TokenUtil {
|
|||||||
/**
|
/**
|
||||||
* 构建token
|
* 构建token
|
||||||
*
|
*
|
||||||
* @param username 主体
|
* @param authUser 私有声明
|
||||||
* @param claim 私有声明
|
|
||||||
* @param longTerm 长时间特殊token 如:移动端,微信小程序等
|
|
||||||
* @param userEnums 用户枚举
|
|
||||||
* @return TOKEN
|
* @return TOKEN
|
||||||
*/
|
*/
|
||||||
public Token createToken(String username, Object claim, boolean longTerm, UserEnums userEnums) {
|
public Token createToken(AuthUser authUser) {
|
||||||
Token token = new Token();
|
Token token = new Token();
|
||||||
//访问token
|
//访问token
|
||||||
String accessToken = createToken(username, claim, tokenProperties.getTokenExpireTime());
|
String accessToken = createToken(authUser, tokenProperties.getTokenExpireTime());
|
||||||
|
|
||||||
cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums) + accessToken, 1,
|
cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(authUser.getRole()) + accessToken, 1,
|
||||||
tokenProperties.getTokenExpireTime(), TimeUnit.MINUTES);
|
tokenProperties.getTokenExpireTime(), TimeUnit.MINUTES);
|
||||||
//刷新token生成策略:如果是长时间有效的token(用于app),则默认15天有效期刷新token。如果是普通用户登录,则刷新token为普通token2倍数
|
//刷新token生成策略:如果是长时间有效的token(用于app),则默认15天有效期刷新token。如果是普通用户登录,则刷新token为普通token2倍数
|
||||||
Long expireTime = longTerm ? 15 * 24 * 60L : tokenProperties.getTokenExpireTime() * 2;
|
Long expireTime = authUser.getLongTerm() ? 15 * 24 * 60L : tokenProperties.getTokenExpireTime() * 2;
|
||||||
String refreshToken = createToken(username, claim, expireTime);
|
String refreshToken = createToken(authUser, expireTime);
|
||||||
|
|
||||||
cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums) + refreshToken, 1, expireTime, TimeUnit.MINUTES);
|
cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(authUser.getRole()) + refreshToken, 1, expireTime, TimeUnit.MINUTES);
|
||||||
|
|
||||||
token.setAccessToken(accessToken);
|
token.setAccessToken(accessToken);
|
||||||
token.setRefreshToken(refreshToken);
|
token.setRefreshToken(refreshToken);
|
||||||
@ -62,17 +59,17 @@ public class TokenUtil {
|
|||||||
* 刷新token
|
* 刷新token
|
||||||
*
|
*
|
||||||
* @param oldRefreshToken 刷新token
|
* @param oldRefreshToken 刷新token
|
||||||
* @param userEnums 用户枚举
|
|
||||||
* @return token
|
* @return token
|
||||||
*/
|
*/
|
||||||
public Token refreshToken(String oldRefreshToken, UserEnums userEnums) {
|
public Token refreshToken(String oldRefreshToken) {
|
||||||
|
|
||||||
Claims claims;
|
Claims claims;
|
||||||
try {
|
try {
|
||||||
claims = Jwts.parser()
|
claims = Jwts.parser()
|
||||||
.setSigningKey(SecretKeyUtil.generalKeyByDecoders())
|
.setSigningKey(SecretKeyUtil.generalKeyByDecoders())
|
||||||
.parseClaimsJws(oldRefreshToken).getBody();
|
.parseClaimsJws(oldRefreshToken).getBody();
|
||||||
} catch (ExpiredJwtException | UnsupportedJwtException | MalformedJwtException | SignatureException | IllegalArgumentException e) {
|
} catch (ExpiredJwtException | UnsupportedJwtException | MalformedJwtException | SignatureException |
|
||||||
|
IllegalArgumentException e) {
|
||||||
//token 过期 认证失败等
|
//token 过期 认证失败等
|
||||||
throw new ServiceException(ResultCode.USER_AUTH_EXPIRED);
|
throw new ServiceException(ResultCode.USER_AUTH_EXPIRED);
|
||||||
}
|
}
|
||||||
@ -80,7 +77,7 @@ public class TokenUtil {
|
|||||||
//获取存储在claims中的用户信息
|
//获取存储在claims中的用户信息
|
||||||
String json = claims.get(SecurityEnum.USER_CONTEXT.getValue()).toString();
|
String json = claims.get(SecurityEnum.USER_CONTEXT.getValue()).toString();
|
||||||
AuthUser authUser = new Gson().fromJson(json, AuthUser.class);
|
AuthUser authUser = new Gson().fromJson(json, AuthUser.class);
|
||||||
|
UserEnums userEnums = authUser.getRole();
|
||||||
|
|
||||||
String username = authUser.getUsername();
|
String username = authUser.getUsername();
|
||||||
//获取是否长期有效的token
|
//获取是否长期有效的token
|
||||||
@ -91,17 +88,18 @@ public class TokenUtil {
|
|||||||
if (cache.hasKey(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums) + oldRefreshToken)) {
|
if (cache.hasKey(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums) + oldRefreshToken)) {
|
||||||
Token token = new Token();
|
Token token = new Token();
|
||||||
//访问token
|
//访问token
|
||||||
String accessToken = createToken(username, authUser, tokenProperties.getTokenExpireTime());
|
String accessToken = createToken(authUser, tokenProperties.getTokenExpireTime());
|
||||||
cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums) + accessToken, 1, tokenProperties.getTokenExpireTime(), TimeUnit.MINUTES);
|
cache.put(CachePrefix.ACCESS_TOKEN.getPrefix(userEnums) + accessToken, 1, tokenProperties.getTokenExpireTime(), TimeUnit.MINUTES);
|
||||||
|
|
||||||
//如果是信任登录设备,则刷新token长度继续延长
|
//如果是信任登录设备,则刷新token长度继续延长
|
||||||
Long expirationTime = tokenProperties.getTokenExpireTime() * 2;
|
Long expirationTime = tokenProperties.getTokenExpireTime() * 2;
|
||||||
if (longTerm) {
|
if (longTerm) {
|
||||||
expirationTime = 60 * 24 * 15L;
|
expirationTime = 60 * 24 * 15L;
|
||||||
|
authUser.setLongTerm(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
//刷新token生成策略:如果是长时间有效的token(用于app),则默认15天有效期刷新token。如果是普通用户登录,则刷新token为普通token2倍数
|
//刷新token生成策略:如果是长时间有效的token(用于app),则默认15天有效期刷新token。如果是普通用户登录,则刷新token为普通token2倍数
|
||||||
String refreshToken = createToken(username, authUser, expirationTime);
|
String refreshToken = createToken(authUser, expirationTime);
|
||||||
|
|
||||||
cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums) + refreshToken, 1, expirationTime, TimeUnit.MINUTES);
|
cache.put(CachePrefix.REFRESH_TOKEN.getPrefix(userEnums) + refreshToken, 1, expirationTime, TimeUnit.MINUTES);
|
||||||
token.setAccessToken(accessToken);
|
token.setAccessToken(accessToken);
|
||||||
@ -117,18 +115,17 @@ public class TokenUtil {
|
|||||||
/**
|
/**
|
||||||
* 生成token
|
* 生成token
|
||||||
*
|
*
|
||||||
* @param username 主体
|
* @param authUser jwt主体对象
|
||||||
* @param claim 私有神明内容
|
|
||||||
* @param expirationTime 过期时间(分钟)
|
* @param expirationTime 过期时间(分钟)
|
||||||
* @return token字符串
|
* @return token字符串
|
||||||
*/
|
*/
|
||||||
private String createToken(String username, Object claim, Long expirationTime) {
|
private String createToken(AuthUser authUser, Long expirationTime) {
|
||||||
//JWT 生成
|
//JWT 生成
|
||||||
return Jwts.builder()
|
return Jwts.builder()
|
||||||
//jwt 私有声明
|
//jwt 私有声明
|
||||||
.claim(SecurityEnum.USER_CONTEXT.getValue(), new Gson().toJson(claim))
|
.claim(SecurityEnum.USER_CONTEXT.getValue(), new Gson().toJson(authUser))
|
||||||
//JWT的主体
|
//JWT的主体
|
||||||
.setSubject(username)
|
.setSubject(authUser.getUsername())
|
||||||
//失效时间 当前时间+过期分钟
|
//失效时间 当前时间+过期分钟
|
||||||
.setExpiration(new Date(System.currentTimeMillis() + expirationTime * 60 * 1000))
|
.setExpiration(new Date(System.currentTimeMillis() + expirationTime * 60 * 1000))
|
||||||
//签名算法和密钥
|
//签名算法和密钥
|
||||||
|
|||||||
@ -23,20 +23,23 @@ public class SeatTokenGenerate extends AbstractTokenGenerate<Seat> {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Token createToken(Seat seat, Boolean longTerm) {
|
public Token createToken(Seat seat, Boolean longTerm) {
|
||||||
AuthUser authUser = new AuthUser(
|
AuthUser authUser = AuthUser.builder()
|
||||||
seat.getUsername(),
|
.username(seat.getUsername())
|
||||||
seat.getId(),
|
.id(seat.getId())
|
||||||
seat.getNickName(),
|
.nickName(seat.getNickName())
|
||||||
seat.getFace(),
|
.face(seat.getFace())
|
||||||
UserEnums.SEAT);
|
.role(UserEnums.SEAT)
|
||||||
authUser.setTenantId(seat.getTenantId());
|
.longTerm(longTerm)
|
||||||
|
.tenantId(seat.getTenantId())
|
||||||
|
.build();
|
||||||
|
|
||||||
//登陆成功生成token
|
//登陆成功生成token
|
||||||
return tokenUtil.createToken(seat.getUsername(), authUser, longTerm, UserEnums.SEAT);
|
return tokenUtil.createToken(authUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Token refreshToken(String refreshToken) {
|
public Token refreshToken(String refreshToken) {
|
||||||
return tokenUtil.refreshToken(refreshToken, UserEnums.SEAT);
|
return tokenUtil.refreshToken(refreshToken);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -57,14 +57,21 @@ public class MemberTokenGenerate extends AbstractTokenGenerate<Member> {
|
|||||||
String destination = rocketmqCustomProperties.getMemberTopic() + ":" + MemberTagsEnum.MEMBER_LOGIN.name();
|
String destination = rocketmqCustomProperties.getMemberTopic() + ":" + MemberTagsEnum.MEMBER_LOGIN.name();
|
||||||
rocketMQTemplate.asyncSend(destination, member, RocketmqSendCallbackBuilder.commonCallback());
|
rocketMQTemplate.asyncSend(destination, member, RocketmqSendCallbackBuilder.commonCallback());
|
||||||
|
|
||||||
AuthUser authUser = new AuthUser(member.getUsername(), member.getId(), member.getNickName(), member.getFace(), UserEnums.MEMBER);
|
AuthUser authUser = AuthUser.builder()
|
||||||
|
.username(member.getUsername())
|
||||||
|
.face(member.getFace())
|
||||||
|
.id(member.getId())
|
||||||
|
.role(UserEnums.MEMBER)
|
||||||
|
.nickName(member.getNickName())
|
||||||
|
.longTerm(longTerm)
|
||||||
|
.build();
|
||||||
//登陆成功生成token
|
//登陆成功生成token
|
||||||
return tokenUtil.createToken(member.getUsername(), authUser, longTerm, UserEnums.MEMBER);
|
return tokenUtil.createToken(authUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Token refreshToken(String refreshToken) {
|
public Token refreshToken(String refreshToken) {
|
||||||
return tokenUtil.refreshToken(refreshToken, UserEnums.MEMBER);
|
return tokenUtil.refreshToken(refreshToken);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -11,16 +11,16 @@ import cn.lili.common.security.enums.UserEnums;
|
|||||||
import cn.lili.common.security.token.Token;
|
import cn.lili.common.security.token.Token;
|
||||||
import cn.lili.common.security.token.TokenUtil;
|
import cn.lili.common.security.token.TokenUtil;
|
||||||
import cn.lili.common.security.token.base.AbstractTokenGenerate;
|
import cn.lili.common.security.token.base.AbstractTokenGenerate;
|
||||||
|
import cn.lili.modules.member.entity.dos.Clerk;
|
||||||
import cn.lili.modules.member.entity.dos.Member;
|
import cn.lili.modules.member.entity.dos.Member;
|
||||||
|
import cn.lili.modules.member.entity.vo.StoreUserMenuVO;
|
||||||
|
import cn.lili.modules.member.service.ClerkService;
|
||||||
|
import cn.lili.modules.member.service.StoreMenuRoleService;
|
||||||
import cn.lili.modules.store.entity.dos.Store;
|
import cn.lili.modules.store.entity.dos.Store;
|
||||||
import cn.lili.modules.store.service.StoreService;
|
import cn.lili.modules.store.service.StoreService;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
import cn.lili.modules.member.entity.dos.Clerk;
|
|
||||||
import cn.lili.modules.member.entity.vo.StoreUserMenuVO;
|
|
||||||
import cn.lili.modules.member.service.ClerkService;
|
|
||||||
import cn.lili.modules.member.service.StoreMenuRoleService;
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
@ -61,7 +61,7 @@ public class StoreTokenGenerate extends AbstractTokenGenerate<Member> {
|
|||||||
throw new ServiceException(ResultCode.CLERK_DISABLED_ERROR);
|
throw new ServiceException(ResultCode.CLERK_DISABLED_ERROR);
|
||||||
}
|
}
|
||||||
//获取当前用户权限
|
//获取当前用户权限
|
||||||
List<StoreUserMenuVO> storeUserMenuVOS = storeMenuRoleService.findAllMenu(clerk.getId(),member.getId());
|
List<StoreUserMenuVO> storeUserMenuVOS = storeMenuRoleService.findAllMenu(clerk.getId(), member.getId());
|
||||||
//缓存权限列表
|
//缓存权限列表
|
||||||
cache.put(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + member.getId(), this.permissionList(storeUserMenuVOS));
|
cache.put(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.STORE) + member.getId(), this.permissionList(storeUserMenuVOS));
|
||||||
//查询店铺信息
|
//查询店铺信息
|
||||||
@ -69,16 +69,25 @@ public class StoreTokenGenerate extends AbstractTokenGenerate<Member> {
|
|||||||
if (store == null) {
|
if (store == null) {
|
||||||
throw new ServiceException(ResultCode.STORE_NOT_OPEN);
|
throw new ServiceException(ResultCode.STORE_NOT_OPEN);
|
||||||
}
|
}
|
||||||
AuthUser authUser = new AuthUser(member.getUsername(), member.getId(), UserEnums.STORE, member.getNickName(), clerk.getIsSuper(), clerk.getId(),store.getStoreLogo());
|
//构建对象
|
||||||
|
AuthUser authUser = AuthUser.builder()
|
||||||
authUser.setStoreId(store.getId());
|
.username(member.getUsername())
|
||||||
authUser.setStoreName(store.getStoreName());
|
.id(member.getId())
|
||||||
return tokenUtil.createToken(member.getUsername(), authUser, longTerm, UserEnums.STORE);
|
.role(UserEnums.STORE)
|
||||||
|
.nickName(member.getNickName())
|
||||||
|
.isSuper(clerk.getIsSuper())
|
||||||
|
.clerkId(clerk.getId())
|
||||||
|
.face(store.getStoreLogo())
|
||||||
|
.storeId(store.getId())
|
||||||
|
.storeName(store.getStoreName())
|
||||||
|
.longTerm(longTerm)
|
||||||
|
.build();
|
||||||
|
return tokenUtil.createToken(authUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Token refreshToken(String refreshToken) {
|
public Token refreshToken(String refreshToken) {
|
||||||
return tokenUtil.refreshToken(refreshToken, UserEnums.STORE);
|
return tokenUtil.refreshToken(refreshToken);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -145,7 +154,6 @@ public class StoreTokenGenerate extends AbstractTokenGenerate<Member> {
|
|||||||
superPermissions.add("/store/passport/login*");
|
superPermissions.add("/store/passport/login*");
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
//店铺设置
|
//店铺设置
|
||||||
queryPermissions.add("/store/settings/storeSettings*");
|
queryPermissions.add("/store/settings/storeSettings*");
|
||||||
//文章接口
|
//文章接口
|
||||||
@ -154,6 +162,5 @@ public class StoreTokenGenerate extends AbstractTokenGenerate<Member> {
|
|||||||
queryPermissions.add("/store/statistics/index*");
|
queryPermissions.add("/store/statistics/index*");
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -40,18 +40,26 @@ public class ManagerTokenGenerate extends AbstractTokenGenerate<AdminUser> {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Token createToken(AdminUser adminUser, Boolean longTerm) {
|
public Token createToken(AdminUser adminUser, Boolean longTerm) {
|
||||||
AuthUser authUser = new AuthUser(adminUser.getUsername(), adminUser.getId(), adminUser.getAvatar(), UserEnums.MANAGER, adminUser.getNickName(), adminUser.getIsSuper());
|
AuthUser authUser = AuthUser.builder()
|
||||||
|
.username(adminUser.getUsername())
|
||||||
|
.id(adminUser.getId())
|
||||||
|
.face(adminUser.getAvatar())
|
||||||
|
.role(UserEnums.MANAGER)
|
||||||
|
.nickName(adminUser.getNickName())
|
||||||
|
.isSuper(adminUser.getIsSuper())
|
||||||
|
.longTerm(longTerm)
|
||||||
|
.build();
|
||||||
|
|
||||||
List<UserMenuVO> userMenuVOList = roleMenuService.findAllMenu(authUser.getId());
|
List<UserMenuVO> userMenuVOList = roleMenuService.findAllMenu(authUser.getId());
|
||||||
//缓存权限列表
|
//缓存权限列表
|
||||||
cache.put(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + authUser.getId(), this.permissionList(userMenuVOList));
|
cache.put(CachePrefix.PERMISSION_LIST.getPrefix(UserEnums.MANAGER) + authUser.getId(), this.permissionList(userMenuVOList));
|
||||||
|
|
||||||
return tokenUtil.createToken(adminUser.getUsername(), authUser, longTerm, UserEnums.MANAGER);
|
return tokenUtil.createToken(authUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Token refreshToken(String refreshToken) {
|
public Token refreshToken(String refreshToken) {
|
||||||
return tokenUtil.refreshToken(refreshToken, UserEnums.MANAGER);
|
return tokenUtil.refreshToken(refreshToken);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -0,0 +1,2 @@
|
|||||||
|
package cn.lili.controller.security;public class Cop {
|
||||||
|
}
|
||||||
Loading…
x
Reference in New Issue
Block a user