package doumeemes.config.shiro;
|
|
import doumeemes.core.constants.ResponseStatus;
|
import doumeemes.core.exception.BusinessException;
|
import doumeemes.core.model.LoginUserInfo;
|
import doumeemes.core.utils.Constants;
|
import doumeemes.dao.business.model.Company;
|
import doumeemes.dao.business.model.CompanyUser;
|
import doumeemes.dao.business.model.Department;
|
import doumeemes.dao.ext.dto.QueryCompanyUserExtDTO;
|
import doumeemes.dao.ext.vo.CompanyExtListVO;
|
import doumeemes.dao.ext.vo.CompanyUserExtListVO;
|
import doumeemes.dao.ext.vo.DepartmentExtListVO;
|
import doumeemes.dao.system.model.SystemDataPermission;
|
import doumeemes.dao.system.model.SystemPermission;
|
import doumeemes.dao.system.model.SystemRole;
|
import doumeemes.dao.system.model.SystemUser;
|
import doumeemes.service.business.CompanyUserService;
|
import doumeemes.service.ext.CompanyExtService;
|
import doumeemes.service.ext.CompanyUserExtService;
|
import doumeemes.service.ext.DepartmentExtService;
|
import doumeemes.service.system.SystemDataPermissionService;
|
import doumeemes.service.system.SystemPermissionService;
|
import doumeemes.service.system.SystemRoleService;
|
import doumeemes.service.system.SystemUserService;
|
import org.apache.shiro.authc.AuthenticationException;
|
import org.apache.shiro.authc.AuthenticationInfo;
|
import org.apache.shiro.authc.AuthenticationToken;
|
import org.apache.shiro.authc.SimpleAuthenticationInfo;
|
import org.apache.shiro.authz.AuthorizationInfo;
|
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
import org.apache.shiro.realm.AuthorizingRealm;
|
import org.apache.shiro.subject.PrincipalCollection;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.context.annotation.Lazy;
|
import org.springframework.stereotype.Component;
|
|
import java.util.Date;
|
import java.util.List;
|
import java.util.Objects;
|
|
/**
|
* 自定义Realm,处理认证和权限
|
* @author Eva.Caesar Liu
|
* @date 2022/04/18 18:12
|
*/
|
@Component
|
public class ShiroRealm extends AuthorizingRealm {
|
|
@Lazy
|
@Autowired
|
private DepartmentExtService departmentExtService;
|
@Lazy
|
@Autowired
|
private SystemDataPermissionService systemDataPermissionService;
|
@Lazy
|
@Autowired
|
private CompanyExtService companyExtService;
|
@Lazy
|
@Autowired
|
private SystemUserService systemUserService;
|
@Lazy
|
@Autowired
|
private CompanyUserExtService companyUserExtService;
|
|
@Lazy
|
@Autowired
|
private SystemRoleService systemRoleService;
|
|
@Lazy
|
@Autowired
|
private SystemPermissionService systemPermissionService;
|
/**
|
* 重写supports方法,使 Shiro 能够识别自定义的 Token
|
* @param token
|
* @return
|
*/
|
@Override
|
public boolean supports(AuthenticationToken token) {
|
return token instanceof ShiroToken;
|
}
|
/**
|
* 权限处理
|
* @author Eva.Caesar Liu
|
* @date 2022/04/18 18:12
|
*/
|
@Override
|
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
|
LoginUserInfo loginUserInfo = (LoginUserInfo)principalCollection.getPrimaryPrincipal();
|
// 设置用户角色和权限
|
SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo();
|
authorizationInfo.addRoles(loginUserInfo.getRoles());
|
authorizationInfo.addStringPermissions(loginUserInfo.getPermissions());
|
return authorizationInfo;
|
}
|
|
/**
|
* 认证处理
|
* @author Eva.Caesar Liu
|
* @date 2022/04/18 18:12
|
*/
|
@Override
|
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException,BusinessException {
|
// 获取用户名
|
ShiroToken authenticationToken =(ShiroToken) token;
|
String username = authenticationToken.getPrincipal().toString();
|
boolean isDdLogin = authenticationToken.getDdLogin();
|
// 根据用户名查询用户对象
|
SystemUser queryDto = new SystemUser();
|
queryDto.setUsername(username);
|
queryDto.setDeleted(Boolean.FALSE);
|
SystemUser user = systemUserService.findOne(queryDto);
|
if (user == null) {
|
return null;
|
}
|
SystemRole role = new SystemRole();
|
SystemPermission per = new SystemPermission();
|
DepartmentExtListVO rootDepart = null,comDepart=null, depart = null;
|
List<Integer> dpList = null;
|
CompanyExtListVO com = null;
|
CompanyUserExtListVO cu =null;
|
if(Constants.equalsInteger(user.getType(),Constants.PlatType.admin)){
|
//如果是平台用户
|
role.setType(Constants.ROLETYPE.plat);
|
per.setType(Constants.PlatType.admin);
|
}else{
|
if(authenticationToken.getCompanyId() == null){
|
throw new BusinessException(ResponseStatus.BAD_REQUEST.getCode(),"对不起,该账户删除!");
|
}
|
com = companyExtService.getModelById(authenticationToken.getCompanyId());
|
if(com == null || Constants.equalsInteger( com.getDeleted(),Constants.ONE)){
|
throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该账户异常!请联系管理员");
|
}
|
if(Constants.equalsInteger( com.getStatus(),Constants.ZERO) ){
|
throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该企业已禁用!");
|
}
|
if(com.getOepnValidDate() != null && com.getOepnValidDate().before(new Date())){
|
throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该企业已过使用有效期!");
|
}
|
//如果是企业用户
|
QueryCompanyUserExtDTO c =new QueryCompanyUserExtDTO();
|
c.setUserId(user.getId());
|
c.setDeleted(Constants.ZERO);
|
c.setCompanyId(authenticationToken.getCompanyId());
|
cu = companyUserExtService.selectOne(c);
|
if(cu == null){
|
throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该企业用户不存在!");
|
}
|
if(Constants.equalsInteger(cu.getStatus(),Constants.ONE)){
|
throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该企业用户已禁用!");
|
}
|
rootDepart = departmentExtService.getModelById(c.getCompanyId(),cu.getRootDepartId());
|
comDepart = departmentExtService.getModelById(c.getCompanyId(),cu.getComDepartId());
|
depart = departmentExtService.getModelById(c.getCompanyId(),cu.getDepartmentId());
|
if(rootDepart == null || comDepart == null || depart==null){
|
throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该企业用户账户异常!");
|
}
|
role.setCompanyId(authenticationToken.getCompanyId());
|
role.setType(Constants.ROLETYPE.com);
|
per.setType(Constants.PlatType.company);
|
per.setRoleType(Constants.ROLETYPE.com);
|
per.setCompanyId(authenticationToken.getCompanyId());
|
SystemRole rt = new SystemRole();
|
rt.setType(Constants.ROLETYPE.com);
|
rt.setCompanyId(c.getCompanyId());
|
//数据部门权限集合
|
dpList =systemDataPermissionService.selectHighRole(new SystemDataPermission(),rt,user,depart);
|
|
}
|
// 获取登录用户信息
|
List<SystemRole> roles = systemRoleService.findByUserModel(user.getId(),role);
|
List<SystemPermission> permissions = systemPermissionService.findByUserModel(user.getId(),per);
|
LoginUserInfo userInfo = LoginUserInfo.from(user, roles, permissions,com,rootDepart,comDepart,depart,dpList,cu);
|
// 验证用户
|
return new SimpleAuthenticationInfo(userInfo, user.getPassword(), this.getName());
|
}
|
|
}
|
