权限调整
This commit is contained in:
RuoYi
@ -10,10 +10,10 @@ import org.aspectj.lang.reflect.MethodSignature;
|
||||
import org.springframework.stereotype.Component;
|
||||
import com.ruoyi.common.annotation.DataScope;
|
||||
import com.ruoyi.common.core.domain.BaseEntity;
|
||||
import com.ruoyi.common.core.domain.entity.SysRole;
|
||||
import com.ruoyi.common.core.domain.entity.SysUser;
|
||||
import com.ruoyi.common.utils.ShiroUtils;
|
||||
import com.ruoyi.common.utils.StringUtils;
|
||||
import com.ruoyi.framework.util.ShiroUtils;
|
||||
import com.ruoyi.system.domain.SysRole;
|
||||
import com.ruoyi.system.domain.SysUser;
|
||||
|
||||
/**
|
||||
* 数据过滤处理
|
||||
|
||||
@ -15,15 +15,15 @@ import org.springframework.stereotype.Component;
|
||||
import com.alibaba.fastjson.JSONObject;
|
||||
import com.alibaba.fastjson.support.spring.PropertyPreFilters;
|
||||
import com.ruoyi.common.annotation.Log;
|
||||
import com.ruoyi.common.core.domain.entity.SysUser;
|
||||
import com.ruoyi.common.enums.BusinessStatus;
|
||||
import com.ruoyi.common.json.JSON;
|
||||
import com.ruoyi.common.utils.ServletUtils;
|
||||
import com.ruoyi.common.utils.ShiroUtils;
|
||||
import com.ruoyi.common.utils.StringUtils;
|
||||
import com.ruoyi.framework.manager.AsyncManager;
|
||||
import com.ruoyi.framework.manager.factory.AsyncFactory;
|
||||
import com.ruoyi.framework.util.ShiroUtils;
|
||||
import com.ruoyi.system.domain.SysOperLog;
|
||||
import com.ruoyi.system.domain.SysUser;
|
||||
|
||||
/**
|
||||
* 操作日志记录处理
|
||||
|
||||
@ -5,12 +5,12 @@ import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import com.ruoyi.common.constant.Constants;
|
||||
import com.ruoyi.common.utils.AddressUtils;
|
||||
import com.ruoyi.common.utils.LogUtils;
|
||||
import com.ruoyi.common.utils.ServletUtils;
|
||||
import com.ruoyi.common.utils.ShiroUtils;
|
||||
import com.ruoyi.common.utils.StringUtils;
|
||||
import com.ruoyi.common.utils.spring.SpringUtils;
|
||||
import com.ruoyi.framework.shiro.session.OnlineSession;
|
||||
import com.ruoyi.framework.util.LogUtils;
|
||||
import com.ruoyi.framework.util.ShiroUtils;
|
||||
import com.ruoyi.system.domain.SysLogininfor;
|
||||
import com.ruoyi.system.domain.SysOperLog;
|
||||
import com.ruoyi.system.domain.SysUserOnline;
|
||||
|
||||
@ -2,7 +2,6 @@ package com.ruoyi.framework.shiro.realm;
|
||||
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
import org.apache.shiro.SecurityUtils;
|
||||
import org.apache.shiro.authc.AuthenticationException;
|
||||
import org.apache.shiro.authc.AuthenticationInfo;
|
||||
import org.apache.shiro.authc.AuthenticationToken;
|
||||
@ -14,20 +13,22 @@ import org.apache.shiro.authc.UnknownAccountException;
|
||||
import org.apache.shiro.authc.UsernamePasswordToken;
|
||||
import org.apache.shiro.authz.AuthorizationInfo;
|
||||
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
||||
import org.apache.shiro.cache.Cache;
|
||||
import org.apache.shiro.realm.AuthorizingRealm;
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
import org.apache.shiro.subject.SimplePrincipalCollection;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import com.ruoyi.common.core.domain.entity.SysUser;
|
||||
import com.ruoyi.common.exception.user.CaptchaException;
|
||||
import com.ruoyi.common.exception.user.RoleBlockedException;
|
||||
import com.ruoyi.common.exception.user.UserBlockedException;
|
||||
import com.ruoyi.common.exception.user.UserNotExistsException;
|
||||
import com.ruoyi.common.exception.user.UserPasswordNotMatchException;
|
||||
import com.ruoyi.common.exception.user.UserPasswordRetryLimitExceedException;
|
||||
import com.ruoyi.common.utils.ShiroUtils;
|
||||
import com.ruoyi.framework.shiro.service.SysLoginService;
|
||||
import com.ruoyi.framework.util.ShiroUtils;
|
||||
import com.ruoyi.system.domain.SysUser;
|
||||
import com.ruoyi.system.service.ISysMenuService;
|
||||
import com.ruoyi.system.service.ISysRoleService;
|
||||
|
||||
@ -132,10 +133,26 @@ public class UserRealm extends AuthorizingRealm
|
||||
}
|
||||
|
||||
/**
|
||||
* 清理缓存权限
|
||||
* 清理指定用户授权信息缓存
|
||||
*/
|
||||
public void clearCachedAuthorizationInfo()
|
||||
public void clearCachedAuthorizationInfo(Object principal)
|
||||
{
|
||||
this.clearCachedAuthorizationInfo(SecurityUtils.getSubject().getPrincipals());
|
||||
SimplePrincipalCollection principals = new SimplePrincipalCollection(principal, getName());
|
||||
this.clearCachedAuthorizationInfo(principals);
|
||||
}
|
||||
|
||||
/**
|
||||
* 清理所有用户授权信息缓存
|
||||
*/
|
||||
public void clearAllCachedAuthorizationInfo()
|
||||
{
|
||||
Cache<Object, AuthorizationInfo> cache = getAuthorizationCache();
|
||||
if (cache != null)
|
||||
{
|
||||
for (Object key : cache.keys())
|
||||
{
|
||||
cache.remove(key);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -6,6 +6,7 @@ import org.springframework.util.StringUtils;
|
||||
import com.ruoyi.common.constant.Constants;
|
||||
import com.ruoyi.common.constant.ShiroConstants;
|
||||
import com.ruoyi.common.constant.UserConstants;
|
||||
import com.ruoyi.common.core.domain.entity.SysUser;
|
||||
import com.ruoyi.common.enums.UserStatus;
|
||||
import com.ruoyi.common.exception.user.CaptchaException;
|
||||
import com.ruoyi.common.exception.user.UserBlockedException;
|
||||
@ -15,10 +16,9 @@ import com.ruoyi.common.exception.user.UserPasswordNotMatchException;
|
||||
import com.ruoyi.common.utils.DateUtils;
|
||||
import com.ruoyi.common.utils.MessageUtils;
|
||||
import com.ruoyi.common.utils.ServletUtils;
|
||||
import com.ruoyi.common.utils.ShiroUtils;
|
||||
import com.ruoyi.framework.manager.AsyncManager;
|
||||
import com.ruoyi.framework.manager.factory.AsyncFactory;
|
||||
import com.ruoyi.framework.util.ShiroUtils;
|
||||
import com.ruoyi.system.domain.SysUser;
|
||||
import com.ruoyi.system.service.ISysUserService;
|
||||
|
||||
/**
|
||||
|
||||
@ -10,12 +10,12 @@ import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.stereotype.Component;
|
||||
import com.ruoyi.common.constant.Constants;
|
||||
import com.ruoyi.common.constant.ShiroConstants;
|
||||
import com.ruoyi.common.core.domain.entity.SysUser;
|
||||
import com.ruoyi.common.exception.user.UserPasswordNotMatchException;
|
||||
import com.ruoyi.common.exception.user.UserPasswordRetryLimitExceedException;
|
||||
import com.ruoyi.common.utils.MessageUtils;
|
||||
import com.ruoyi.framework.manager.AsyncManager;
|
||||
import com.ruoyi.framework.manager.factory.AsyncFactory;
|
||||
import com.ruoyi.system.domain.SysUser;
|
||||
|
||||
/**
|
||||
* 登录密码方法
|
||||
|
||||
@ -6,13 +6,13 @@ import org.springframework.util.StringUtils;
|
||||
import com.ruoyi.common.constant.Constants;
|
||||
import com.ruoyi.common.constant.ShiroConstants;
|
||||
import com.ruoyi.common.constant.UserConstants;
|
||||
import com.ruoyi.common.core.domain.entity.SysUser;
|
||||
import com.ruoyi.common.utils.DateUtils;
|
||||
import com.ruoyi.common.utils.MessageUtils;
|
||||
import com.ruoyi.common.utils.ServletUtils;
|
||||
import com.ruoyi.common.utils.ShiroUtils;
|
||||
import com.ruoyi.framework.manager.AsyncManager;
|
||||
import com.ruoyi.framework.manager.factory.AsyncFactory;
|
||||
import com.ruoyi.framework.util.ShiroUtils;
|
||||
import com.ruoyi.system.domain.SysUser;
|
||||
import com.ruoyi.system.service.ISysUserService;
|
||||
|
||||
/**
|
||||
|
||||
@ -0,0 +1,30 @@
|
||||
package com.ruoyi.framework.shiro.util;
|
||||
|
||||
import org.apache.shiro.SecurityUtils;
|
||||
import org.apache.shiro.mgt.RealmSecurityManager;
|
||||
import com.ruoyi.framework.shiro.realm.UserRealm;
|
||||
|
||||
/**
|
||||
* 用户授权信息
|
||||
*
|
||||
* @author ruoyi
|
||||
*/
|
||||
public class AuthorizationUtils
|
||||
{
|
||||
/**
|
||||
* 清理所有用户授权信息缓存
|
||||
*/
|
||||
public static void clearAllCachedAuthorizationInfo()
|
||||
{
|
||||
getUserRealm().clearAllCachedAuthorizationInfo();
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取自定义Realm
|
||||
*/
|
||||
public static UserRealm getUserRealm()
|
||||
{
|
||||
RealmSecurityManager rsm = (RealmSecurityManager) SecurityUtils.getSecurityManager();
|
||||
return (UserRealm) rsm.getRealms().iterator().next();
|
||||
}
|
||||
}
|
||||
@ -7,13 +7,13 @@ import org.apache.shiro.subject.Subject;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import com.ruoyi.common.constant.Constants;
|
||||
import com.ruoyi.common.core.domain.entity.SysUser;
|
||||
import com.ruoyi.common.utils.MessageUtils;
|
||||
import com.ruoyi.common.utils.ShiroUtils;
|
||||
import com.ruoyi.common.utils.StringUtils;
|
||||
import com.ruoyi.common.utils.spring.SpringUtils;
|
||||
import com.ruoyi.framework.manager.AsyncManager;
|
||||
import com.ruoyi.framework.manager.factory.AsyncFactory;
|
||||
import com.ruoyi.framework.util.ShiroUtils;
|
||||
import com.ruoyi.system.domain.SysUser;
|
||||
import com.ruoyi.system.service.ISysUserOnlineService;
|
||||
|
||||
/**
|
||||
|
||||
@ -6,8 +6,8 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import org.apache.shiro.web.filter.AccessControlFilter;
|
||||
import com.google.code.kaptcha.Constants;
|
||||
import com.ruoyi.common.constant.ShiroConstants;
|
||||
import com.ruoyi.common.utils.ShiroUtils;
|
||||
import com.ruoyi.common.utils.StringUtils;
|
||||
import com.ruoyi.framework.util.ShiroUtils;
|
||||
|
||||
/**
|
||||
* 验证码过滤器
|
||||
|
||||
@ -19,9 +19,9 @@ import org.apache.shiro.web.util.WebUtils;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import com.ruoyi.common.constant.ShiroConstants;
|
||||
import com.ruoyi.common.core.domain.AjaxResult;
|
||||
import com.ruoyi.common.core.domain.entity.SysUser;
|
||||
import com.ruoyi.common.utils.ServletUtils;
|
||||
import com.ruoyi.framework.util.ShiroUtils;
|
||||
import com.ruoyi.system.domain.SysUser;
|
||||
import com.ruoyi.common.utils.ShiroUtils;
|
||||
|
||||
/**
|
||||
* 登录帐号控制过滤器
|
||||
|
||||
@ -10,11 +10,11 @@ import org.apache.shiro.web.util.WebUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import com.ruoyi.common.constant.ShiroConstants;
|
||||
import com.ruoyi.common.core.domain.entity.SysUser;
|
||||
import com.ruoyi.common.enums.OnlineStatus;
|
||||
import com.ruoyi.common.utils.ShiroUtils;
|
||||
import com.ruoyi.framework.shiro.session.OnlineSession;
|
||||
import com.ruoyi.framework.shiro.session.OnlineSessionDAO;
|
||||
import com.ruoyi.framework.util.ShiroUtils;
|
||||
import com.ruoyi.system.domain.SysUser;
|
||||
|
||||
/**
|
||||
* 自定义访问控制
|
||||
|
||||
@ -1,136 +0,0 @@
|
||||
package com.ruoyi.framework.util;
|
||||
|
||||
import java.io.PrintWriter;
|
||||
import java.io.StringWriter;
|
||||
import java.util.Map;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import org.apache.shiro.SecurityUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import com.ruoyi.common.json.JSON;
|
||||
import com.ruoyi.common.utils.IpUtils;
|
||||
|
||||
/**
|
||||
* 处理并记录日志文件
|
||||
*
|
||||
* @author ruoyi
|
||||
*/
|
||||
public class LogUtils
|
||||
{
|
||||
public static final Logger ERROR_LOG = LoggerFactory.getLogger("sys-error");
|
||||
public static final Logger ACCESS_LOG = LoggerFactory.getLogger("sys-access");
|
||||
|
||||
/**
|
||||
* 记录访问日志 [username][jsessionid][ip][accept][UserAgent][url][params][Referer]
|
||||
*
|
||||
* @param request
|
||||
* @throws Exception
|
||||
*/
|
||||
public static void logAccess(HttpServletRequest request) throws Exception
|
||||
{
|
||||
String username = getUsername();
|
||||
String jsessionId = request.getRequestedSessionId();
|
||||
String ip = IpUtils.getIpAddr(request);
|
||||
String accept = request.getHeader("accept");
|
||||
String userAgent = request.getHeader("User-Agent");
|
||||
String url = request.getRequestURI();
|
||||
String params = getParams(request);
|
||||
|
||||
StringBuilder s = new StringBuilder();
|
||||
s.append(getBlock(username));
|
||||
s.append(getBlock(jsessionId));
|
||||
s.append(getBlock(ip));
|
||||
s.append(getBlock(accept));
|
||||
s.append(getBlock(userAgent));
|
||||
s.append(getBlock(url));
|
||||
s.append(getBlock(params));
|
||||
s.append(getBlock(request.getHeader("Referer")));
|
||||
getAccessLog().info(s.toString());
|
||||
}
|
||||
|
||||
/**
|
||||
* 记录异常错误 格式 [exception]
|
||||
*
|
||||
* @param message
|
||||
* @param e
|
||||
*/
|
||||
public static void logError(String message, Throwable e)
|
||||
{
|
||||
String username = getUsername();
|
||||
StringBuilder s = new StringBuilder();
|
||||
s.append(getBlock("exception"));
|
||||
s.append(getBlock(username));
|
||||
s.append(getBlock(message));
|
||||
ERROR_LOG.error(s.toString(), e);
|
||||
}
|
||||
|
||||
/**
|
||||
* 记录页面错误 错误日志记录 [page/eception][username][statusCode][errorMessage][servletName][uri][exceptionName][ip][exception]
|
||||
*
|
||||
* @param request
|
||||
*/
|
||||
public static void logPageError(HttpServletRequest request)
|
||||
{
|
||||
String username = getUsername();
|
||||
|
||||
Integer statusCode = (Integer) request.getAttribute("javax.servlet.error.status_code");
|
||||
String message = (String) request.getAttribute("javax.servlet.error.message");
|
||||
String uri = (String) request.getAttribute("javax.servlet.error.request_uri");
|
||||
Throwable t = (Throwable) request.getAttribute("javax.servlet.error.exception");
|
||||
|
||||
if (statusCode == null)
|
||||
{
|
||||
statusCode = 0;
|
||||
}
|
||||
|
||||
StringBuilder s = new StringBuilder();
|
||||
s.append(getBlock(t == null ? "page" : "exception"));
|
||||
s.append(getBlock(username));
|
||||
s.append(getBlock(statusCode));
|
||||
s.append(getBlock(message));
|
||||
s.append(getBlock(IpUtils.getIpAddr(request)));
|
||||
|
||||
s.append(getBlock(uri));
|
||||
s.append(getBlock(request.getHeader("Referer")));
|
||||
StringWriter sw = new StringWriter();
|
||||
|
||||
while (t != null)
|
||||
{
|
||||
t.printStackTrace(new PrintWriter(sw));
|
||||
t = t.getCause();
|
||||
}
|
||||
s.append(getBlock(sw.toString()));
|
||||
getErrorLog().error(s.toString());
|
||||
|
||||
}
|
||||
|
||||
public static String getBlock(Object msg)
|
||||
{
|
||||
if (msg == null)
|
||||
{
|
||||
msg = "";
|
||||
}
|
||||
return "[" + msg.toString() + "]";
|
||||
}
|
||||
|
||||
protected static String getParams(HttpServletRequest request) throws Exception
|
||||
{
|
||||
Map<String, String[]> params = request.getParameterMap();
|
||||
return JSON.marshal(params);
|
||||
}
|
||||
|
||||
protected static String getUsername()
|
||||
{
|
||||
return (String) SecurityUtils.getSubject().getPrincipal();
|
||||
}
|
||||
|
||||
public static Logger getAccessLog()
|
||||
{
|
||||
return ACCESS_LOG;
|
||||
}
|
||||
|
||||
public static Logger getErrorLog()
|
||||
{
|
||||
return ERROR_LOG;
|
||||
}
|
||||
}
|
||||
@ -1,96 +0,0 @@
|
||||
package com.ruoyi.framework.util;
|
||||
|
||||
import org.apache.shiro.SecurityUtils;
|
||||
import org.apache.shiro.crypto.SecureRandomNumberGenerator;
|
||||
import org.apache.shiro.mgt.RealmSecurityManager;
|
||||
import org.apache.shiro.session.Session;
|
||||
import org.apache.shiro.subject.Subject;
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
import org.apache.shiro.subject.SimplePrincipalCollection;
|
||||
import com.ruoyi.common.utils.StringUtils;
|
||||
import com.ruoyi.common.utils.bean.BeanUtils;
|
||||
import com.ruoyi.framework.shiro.realm.UserRealm;
|
||||
import com.ruoyi.system.domain.SysUser;
|
||||
|
||||
/**
|
||||
* shiro 工具类
|
||||
*
|
||||
* @author ruoyi
|
||||
*/
|
||||
public class ShiroUtils
|
||||
{
|
||||
public static Subject getSubject()
|
||||
{
|
||||
return SecurityUtils.getSubject();
|
||||
}
|
||||
|
||||
public static Session getSession()
|
||||
{
|
||||
return SecurityUtils.getSubject().getSession();
|
||||
}
|
||||
|
||||
public static void logout()
|
||||
{
|
||||
getSubject().logout();
|
||||
}
|
||||
|
||||
public static SysUser getSysUser()
|
||||
{
|
||||
SysUser user = null;
|
||||
Object obj = getSubject().getPrincipal();
|
||||
if (StringUtils.isNotNull(obj))
|
||||
{
|
||||
user = new SysUser();
|
||||
BeanUtils.copyBeanProp(user, obj);
|
||||
}
|
||||
return user;
|
||||
}
|
||||
|
||||
public static void setSysUser(SysUser user)
|
||||
{
|
||||
Subject subject = getSubject();
|
||||
PrincipalCollection principalCollection = subject.getPrincipals();
|
||||
String realmName = principalCollection.getRealmNames().iterator().next();
|
||||
PrincipalCollection newPrincipalCollection = new SimplePrincipalCollection(user, realmName);
|
||||
// 重新加载Principal
|
||||
subject.runAs(newPrincipalCollection);
|
||||
}
|
||||
|
||||
public static void clearCachedAuthorizationInfo()
|
||||
{
|
||||
RealmSecurityManager rsm = (RealmSecurityManager) SecurityUtils.getSecurityManager();
|
||||
UserRealm realm = (UserRealm) rsm.getRealms().iterator().next();
|
||||
realm.clearCachedAuthorizationInfo();
|
||||
}
|
||||
|
||||
public static Long getUserId()
|
||||
{
|
||||
return getSysUser().getUserId().longValue();
|
||||
}
|
||||
|
||||
public static String getLoginName()
|
||||
{
|
||||
return getSysUser().getLoginName();
|
||||
}
|
||||
|
||||
public static String getIp()
|
||||
{
|
||||
return getSubject().getSession().getHost();
|
||||
}
|
||||
|
||||
public static String getSessionId()
|
||||
{
|
||||
return String.valueOf(getSubject().getSession().getId());
|
||||
}
|
||||
|
||||
/**
|
||||
* 生成随机盐
|
||||
*/
|
||||
public static String randomSalt()
|
||||
{
|
||||
// 一个Byte占两个字节,此处生成的3字节,字符串长度为6
|
||||
SecureRandomNumberGenerator secureRandom = new SecureRandomNumberGenerator();
|
||||
String hex = secureRandom.nextBytes(3).toHex();
|
||||
return hex;
|
||||
}
|
||||
}
|
||||
@ -3,7 +3,7 @@ package com.ruoyi.framework.web.service;
|
||||
import java.util.List;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.stereotype.Service;
|
||||
import com.ruoyi.system.domain.SysDictData;
|
||||
import com.ruoyi.common.core.domain.entity.SysDictData;
|
||||
import com.ruoyi.system.service.ISysDictDataService;
|
||||
import com.ruoyi.system.service.ISysDictTypeService;
|
||||
|
||||
|
||||
Reference in New Issue
Block a user