package doumeemes.config.shiro; import doumeemes.core.constants.ResponseStatus; import doumeemes.core.exception.BusinessException; import doumeemes.core.model.LoginUserInfo; import doumeemes.core.utils.Constants; import doumeemes.dao.business.model.Company; import doumeemes.dao.business.model.CompanyUser; import doumeemes.dao.business.model.Department; import doumeemes.dao.ext.dto.QueryCompanyUserExtDTO; import doumeemes.dao.ext.vo.CompanyExtListVO; import doumeemes.dao.ext.vo.CompanyUserExtListVO; import doumeemes.dao.ext.vo.DepartmentExtListVO; import doumeemes.dao.system.model.SystemDataPermission; import doumeemes.dao.system.model.SystemPermission; import doumeemes.dao.system.model.SystemRole; import doumeemes.dao.system.model.SystemUser; import doumeemes.service.business.CompanyUserService; import doumeemes.service.ext.CompanyExtService; import doumeemes.service.ext.CompanyUserExtService; import doumeemes.service.ext.DepartmentExtService; import doumeemes.service.system.SystemDataPermissionService; import doumeemes.service.system.SystemPermissionService; import doumeemes.service.system.SystemRoleService; import doumeemes.service.system.SystemUserService; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; import java.util.List; /** * 自定义Realm,处理认证和权限 * @author Eva.Caesar Liu * @date 2022/04/18 18:12 */ @Component public class ShiroRealm extends AuthorizingRealm { @Lazy @Autowired private DepartmentExtService departmentExtService; @Lazy @Autowired private SystemDataPermissionService systemDataPermissionService; @Lazy @Autowired private CompanyExtService companyExtService; @Lazy @Autowired private SystemUserService systemUserService; @Lazy @Autowired private CompanyUserExtService companyUserExtService; @Lazy @Autowired private SystemRoleService systemRoleService; @Lazy @Autowired private SystemPermissionService systemPermissionService; /** * 重写supports方法,使 Shiro 能够识别自定义的 Token * @param token * @return */ @Override public boolean supports(AuthenticationToken token) { return token instanceof ShiroToken; } /** * 权限处理 * @author Eva.Caesar Liu * @date 2022/04/18 18:12 */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { LoginUserInfo loginUserInfo = (LoginUserInfo)principalCollection.getPrimaryPrincipal(); // 设置用户角色和权限 SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); authorizationInfo.addRoles(loginUserInfo.getRoles()); authorizationInfo.addStringPermissions(loginUserInfo.getPermissions()); return authorizationInfo; } /** * 认证处理 * @author Eva.Caesar Liu * @date 2022/04/18 18:12 */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException,BusinessException { // 获取用户名 ShiroToken authenticationToken =(ShiroToken) token; String username = authenticationToken.getPrincipal().toString(); boolean isDdLogin = authenticationToken.getDdLogin(); // 根据用户名查询用户对象 SystemUser queryDto = new SystemUser(); queryDto.setUsername(username); queryDto.setDeleted(Boolean.FALSE); SystemUser user = systemUserService.findOne(queryDto); if (user == null) { return null; } SystemRole role = new SystemRole(); SystemPermission per = new SystemPermission(); DepartmentExtListVO rootDepart = null,comDepart=null, depart = null; List dpList = null; CompanyExtListVO com = null; CompanyUserExtListVO cu =null; if(Constants.equalsInteger(user.getType(),Constants.PlatType.admin)){ //如果是平台用户 role.setType(Constants.ROLETYPE.plat); per.setType(Constants.PlatType.admin); }else{ if(authenticationToken.getCompanyId() == null){ throw new BusinessException(ResponseStatus.BAD_REQUEST.getCode(),"对不起,该账户异常!"); } com = companyExtService.getModelById(authenticationToken.getCompanyId()); if(com == null){ throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该账户异常!"); } //如果是企业用户 QueryCompanyUserExtDTO c =new QueryCompanyUserExtDTO(); c.setUserId(user.getId()); c.setDeleted(Constants.ZERO); c.setCompanyId(authenticationToken.getCompanyId()); cu = companyUserExtService.selectOne(c); if(cu == null){ return null; } if(Constants.equalsInteger(cu.getStatus(),Constants.ONE)){ throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该企业用户已禁用!"); } rootDepart = departmentExtService.getModelById(c.getCompanyId(),cu.getRootDepartId()); comDepart = departmentExtService.getModelById(c.getCompanyId(),cu.getComDepartId()); depart = departmentExtService.getModelById(c.getCompanyId(),cu.getDepartmentId()); if(rootDepart == null || comDepart == null || depart==null){ throw new BusinessException(ResponseStatus.NOT_ALLOWED.getCode(),"对不起,该企业用户账户异常!"); } role.setCompanyId(authenticationToken.getCompanyId()); role.setType(Constants.ROLETYPE.com); per.setType(Constants.PlatType.company); per.setRoleType(Constants.ROLETYPE.com); per.setCompanyId(authenticationToken.getCompanyId()); SystemRole rt = new SystemRole(); rt.setType(Constants.ROLETYPE.com); rt.setCompanyId(c.getCompanyId()); //数据部门权限集合 dpList =systemDataPermissionService.selectHighRole(new SystemDataPermission(),rt,user,depart); } // 获取登录用户信息 List roles = systemRoleService.findByUserModel(user.getId(),role); List permissions = systemPermissionService.findByUserModel(user.getId(),per); LoginUserInfo userInfo = LoginUserInfo.from(user, roles, permissions,com,rootDepart,comDepart,depart,dpList,cu); // 验证用户 return new SimpleAuthenticationInfo(userInfo, user.getPassword(), this.getName()); } }