puti
/
snd-escloud


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194
							package platform.modules.sys.shiro;

import com.xiaoleilu.hutool.log.Log;
import com.xiaoleilu.hutool.log.LogFactory;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import platform.common.Constant;
import platform.common.util.EhCacheUtils;
import platform.modules.build.entity.BuildInfo;
import platform.modules.build.entity.Company;
import platform.modules.build.service.BuildInfoService;
import platform.modules.build.service.CompanyService;
import platform.modules.government.dao.UserDao;
import platform.modules.government.entity.Street;
import platform.modules.government.entity.User;
import platform.modules.government.service.StreetService;
import platform.modules.government.service.UserService;
import platform.modules.sys.entity.Menu;
import platform.modules.sys.service.MenuService;

import javax.annotation.Resource;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;

/**
 * 身份校验核心类，包括认证和授权
 *
 * @author lhf
 */
public class AuthenticationRealm extends AuthorizingRealm {

    protected final static Log log = LogFactory.get(AuthenticationRealm.class);

    @Resource
    private UserDao userDao;

    @Resource
    private StreetService streetService;

    @Resource
    private BuildInfoService buildInfoService;

    @Resource
    private CompanyService companyService;

    @Resource
    private MenuService menuService;

    @Autowired
    private Environment environment;

    @Autowired
    private UserService userService;

    /**
     * 认证  校验用户身份是否合法
     */
    @Override
    public AuthenticationInfo doGetAuthenticationInfo(
            AuthenticationToken authenticationToken) throws AuthenticationException {

        log.info("##################执行Shiro权限认证##################");
        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;

        User record = null;
        try {
            record = userDao.findByNickNameOnly(token.getUsername());
            //record = userDao.findByLogin(token.getUsername(),Constant.UserType.COMPANY);
        } catch (Exception e) {
            e.printStackTrace();
        }

        if (record == null || record.getDel_flag()) {
            throw new UnknownAccountException();// 没找到帐号
        }
        //内网（super，政府，街道可内网登录，园区，企业不能）
        if (environment.getProperty("spring.profiles").equals(Constant.Environment.PROD_IN)) {
            if (!(record.getUser_type().equals(Constant.UserType.STREET) || record.getUser_type().equals(Constant.UserType.GOVERNMENT) || record.getUser_type().equals(Constant.UserType.SUPER))) {
                throw new UnknownAccountException();
            }
        }
        ///content/list外网（super，政府，不能外网登录）
        else if (environment.getProperty("spring.profiles").equals(Constant.Environment.PROD_OUT)) {
            /*if (record.getUser_type().equals(Constant.UserType.SUPER)) {
                throw new UnknownAccountException();
            }else */
            if (record.getUser_type().equals(Constant.UserType.GOVERNMENT)) {
                //是否可以外网登录  在部门表中配置
                if (!userService.isOutLogin(record)) {
                    throw new UnknownAccountException("");
                }
            }
        }
        //政府测试机 内外网都能登录
        else if (environment.getProperty("spring.profiles").equals(Constant.Environment.PROD_TEST)) {
            /*if (record.getUser_type().equals(Constant.UserType.SUPER)) {
                throw new UnknownAccountException();
            }else */
            /*if(record.getUser_type().equals(Constant.UserType.GOVERNMENT)) {
                if(!userService.isOutLogin(record)) {
                    throw new UnknownAccountException();
                }
            }*/
        }
        if (Objects.equals(record.getIs_register(), 0)) {
            throw new LockedAccountException(Constant.USER_REVIEWING); // 帐号审核中
        }
        if (Boolean.TRUE.equals(!record.getIs_start())) {
            throw new LockedAccountException(Constant.USER_HAS_LOCK); // 帐号锁定
        }
        if (null != record.getUser_type()) {
            if (record.getUser_type().equals(Constant.UserType.BUILD)) {
                BuildInfo buildInfo = buildInfoService.findById(record.getBuild_id());
                if (null != buildInfo) {
                    if (null == buildInfo.getIs_start() || !buildInfo.getIs_start()) {
                        throw new LockedAccountException("园区被锁定，不能登录"); // 园区被禁用
                    }
                } else {
                    throw new LockedAccountException("园区不存在，不能登录"); // 园区被禁用
                }
            } else if (record.getUser_type().equals(Constant.UserType.STREET)) {
                Street street = streetService.findById(record.getStreet_id());
                if (null != street) {
                    if (null == street.getIs_start() || !street.getIs_start()) {
                        throw new LockedAccountException("街道被锁定，不能登录"); // 街道被禁用
                    }
                } else {
                    throw new LockedAccountException("街道不存在，不能登录"); // 园区被禁用
                }

            } else if (record.getUser_type().equals(Constant.UserType.COMPANY)) {

                Company company = companyService.findById(record.getCompany_id());
                if (null != company) {
                    if (null == company.getIs_start() || !company.getIs_start()) {
                        throw new LockedAccountException("公司被锁定，不能登录"); // 公司被禁用
                    }
                } else {
                    throw new LockedAccountException("公司不存在，不能登录"); // 园区被禁用
                }
            }
        }
        //将此用户存放到登录认证info中，无需自己做密码对比，Shiro使用CredentialsMatcher会为我们进行密码对比校验
        SimpleAccount authenticationInfo = new SimpleAccount(
                record, record.getPassword(), getName());
//        return authenticationInfo;
        return new SimpleAuthenticationInfo(record, record.getPassword(), getName());
    }

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        log.info("=========执行授权===========");
        //获取主身份信息
        User user = (User) principalCollection.getPrimaryPrincipal();

        List<Menu> menus;
        if (user.getIs_admin()) {
            Menu menu = new Menu();
            menu.setUser_type(user.getUser_type());
            menus = menuService.findListByWhere(menu);
        } else {
            menus = menuService.findListMenuByUserId(user.getId(), user.getUser_type());
        }

        //单独定一个集合对象
        List<String> permissions = new ArrayList<String>();
        if (menus != null) {
            for (Menu permission : menus) {
                //将数据库中的权限标签 符放入集合
                permissions.add(permission.getPermission());
            }
        }

        //查到权限数据，返回授权信息(要包括 上边的permissions)
        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
        //将上边查询到授权信息填充到simpleAuthorizationInfo对象中
        simpleAuthorizationInfo.addStringPermissions(permissions);
        return simpleAuthorizationInfo;
    }

    /**
     * 清除所有用户授权缓存信息
     */
    public void clearCachedAuthorizationInfoAll() {
        String cacheName = super.getAuthorizationCacheName();
        EhCacheUtils.removeAll(cacheName);
    }
}