package platform.modules.sys.shiro; import com.xiaoleilu.hutool.log.Log; import com.xiaoleilu.hutool.log.LogFactory; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.core.env.Environment; import platform.common.Constant; import platform.common.util.EhCacheUtils; import platform.modules.build.entity.BuildInfo; import platform.modules.build.entity.Company; import platform.modules.build.service.BuildInfoService; import platform.modules.build.service.CompanyService; import platform.modules.government.dao.UserDao; import platform.modules.government.entity.Street; import platform.modules.government.entity.User; import platform.modules.government.service.StreetService; import platform.modules.government.service.UserService; import platform.modules.sys.entity.Menu; import platform.modules.sys.service.MenuService; import javax.annotation.Resource; import java.util.ArrayList; import java.util.List; import java.util.Objects; /** * 身份校验核心类,包括认证和授权 * * @author lhf */ public class AuthenticationRealm extends AuthorizingRealm { protected final static Log log = LogFactory.get(AuthenticationRealm.class); @Resource private UserDao userDao; @Resource private StreetService streetService; @Resource private BuildInfoService buildInfoService; @Resource private CompanyService companyService; @Resource private MenuService menuService; @Autowired private Environment environment; @Autowired private UserService userService; /** * 认证 校验用户身份是否合法 */ @Override public AuthenticationInfo doGetAuthenticationInfo( AuthenticationToken authenticationToken) throws AuthenticationException { log.info("##################执行Shiro权限认证##################"); UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken; User record = null; try { record = userDao.findByNickNameOnly(token.getUsername()); //record = userDao.findByLogin(token.getUsername(),Constant.UserType.COMPANY); } catch (Exception e) { e.printStackTrace(); } if (record == null || record.getDel_flag()) { throw new UnknownAccountException();// 没找到帐号 } //内网(super,政府,街道可内网登录,园区,企业不能) if (environment.getProperty("spring.profiles").equals(Constant.Environment.PROD_IN)) { if (!(record.getUser_type().equals(Constant.UserType.STREET) || record.getUser_type().equals(Constant.UserType.GOVERNMENT) || record.getUser_type().equals(Constant.UserType.SUPER))) { throw new UnknownAccountException(); } } //外网(super,政府,不能外网登录) else if (environment.getProperty("spring.profiles").equals(Constant.Environment.PROD_OUT)) { /*if (record.getUser_type().equals(Constant.UserType.SUPER)) { throw new UnknownAccountException(); }else */ if (record.getUser_type().equals(Constant.UserType.GOVERNMENT)) { //是否可以外网登录 在部门表中配置 if (!userService.isOutLogin(record)) { throw new UnknownAccountException(""); } } } //政府测试机 内外网都能登录 else if (environment.getProperty("spring.profiles").equals(Constant.Environment.PROD_TEST)) { /*if (record.getUser_type().equals(Constant.UserType.SUPER)) { throw new UnknownAccountException(); }else */ /*if(record.getUser_type().equals(Constant.UserType.GOVERNMENT)) { if(!userService.isOutLogin(record)) { throw new UnknownAccountException(); } }*/ } if (Objects.equals(record.getIs_register(), 0)) { throw new LockedAccountException(Constant.USER_REVIEWING); // 帐号审核中 } if (Boolean.TRUE.equals(!record.getIs_start())) { throw new LockedAccountException(Constant.USER_HAS_LOCK); // 帐号锁定 } if (null != record.getUser_type()) { if (record.getUser_type().equals(Constant.UserType.BUILD)) { BuildInfo buildInfo = buildInfoService.findById(record.getBuild_id()); if (null != buildInfo) { if (null == buildInfo.getIs_start() || !buildInfo.getIs_start()) { throw new LockedAccountException("园区被锁定,不能登录"); // 园区被禁用 } } else { throw new LockedAccountException("园区不存在,不能登录"); // 园区被禁用 } } else if (record.getUser_type().equals(Constant.UserType.STREET)) { Street street = streetService.findById(record.getStreet_id()); if (null != street) { if (null == street.getIs_start() || !street.getIs_start()) { throw new LockedAccountException("街道被锁定,不能登录"); // 街道被禁用 } } else { throw new LockedAccountException("街道不存在,不能登录"); // 园区被禁用 } } else if (record.getUser_type().equals(Constant.UserType.COMPANY)) { Company company = companyService.findById(record.getCompany_id()); if (null != company) { if (null == company.getIs_start() || !company.getIs_start()) { throw new LockedAccountException("公司被锁定,不能登录"); // 公司被禁用 } } else { throw new LockedAccountException("公司不存在,不能登录"); // 园区被禁用 } } } //将此用户存放到登录认证info中,无需自己做密码对比,Shiro使用CredentialsMatcher会为我们进行密码对比校验 SimpleAccount authenticationInfo = new SimpleAccount( record, record.getPassword(), getName()); // return authenticationInfo; return new SimpleAuthenticationInfo(record, record.getPassword(), getName()); } @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { log.info("=========执行授权==========="); //获取主身份信息 User user = (User) principalCollection.getPrimaryPrincipal(); List menus; if (user.getIs_admin()) { Menu menu = new Menu(); menu.setUser_type(user.getUser_type()); menus = menuService.findListByWhere(menu); } else { menus = menuService.findListMenuByUserId(user.getId(), user.getUser_type()); } //单独定一个集合对象 List permissions = new ArrayList(); if (menus != null) { for (Menu permission : menus) { //将数据库中的权限标签 符放入集合 permissions.add(permission.getPermission()); } } //查到权限数据,返回授权信息(要包括 上边的permissions) SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(); //将上边查询到授权信息填充到simpleAuthorizationInfo对象中 simpleAuthorizationInfo.addStringPermissions(permissions); return simpleAuthorizationInfo; } /** * 清除所有用户授权缓存信息 */ public void clearCachedAuthorizationInfoAll() { String cacheName = super.getAuthorizationCacheName(); EhCacheUtils.removeAll(cacheName); } }