From 6e72ffca81ef90581acb0c0db8394b04a4a577a6 Mon Sep 17 00:00:00 2001
From: maxf <1107047387@qq.com>
Date: Fri, 9 Nov 2018 17:01:52 +0800
Subject: [PATCH 1/4] =?UTF-8?q?=20=E9=9B=86=E6=88=90springboot=20security?=
=?UTF-8?q?=20=E5=A4=9A=E6=96=B9=E7=99=BB=E5=BD=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
README.md | 9 +++++++--
doc/MENU.md | 2 +-
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/README.md b/README.md
index 770ce92..9a6ce2d 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,8 @@
# yexuejc-springboot
### 说明
->本分支基于 springboot 1.x
->2.x 分支基于springboot 2.x
+>基于springboot版本分别维护1.x(对应springboot1.5.16.RELEASE) 2.x(对应springboot2.0.5.RELEASE) 分支
+>master将继续同步1.x分支(后期获取会同步于2.x)
#### 项目介绍
@@ -14,6 +14,7 @@ base:功能封装
#### 最新版本
* 1.x yexuejc.springboot.version=1.1.4
+* 2.x yexuejc.springboot.version=2.0.3
* yexuejc.base.version=1.2.1
pom.xml
@@ -77,6 +78,10 @@ pom.xml
| com.yexuejc.springboot.base.interceptor.* |
拦截器 |
+
+
+ | com.yexuejc.springboot.base.security.* |
+ 多方登录集成 |
| com.yexuejc.springboot.base.http.* |
diff --git a/doc/MENU.md b/doc/MENU.md
index bcc05d7..0d41bad 100644
--- a/doc/MENU.md
+++ b/doc/MENU.md
@@ -9,7 +9,7 @@
### 内部集成
#
-* [2.0.3新增 集成security登录](SECURITY.md)
+* [(1.1.4/2.0.3)新增 集成security多方登录](SECURITY.md)
* [1.0.6新增 针对API请求安全解决方案](PARAMS_RSA_DECRYPT_ENCRYPT.md)
* [1.0.6新增 加密功能](PARAMS_RSA_DECRYPT_ENCRYPT.md)
From 641a77910c7d3af90fc7f90a600873bc7112966f Mon Sep 17 00:00:00 2001
From: maxf <1107047387@qq.com>
Date: Fri, 9 Nov 2018 17:17:14 +0800
Subject: [PATCH 2/4] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E6=96=87=E6=A1=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
README.md | 8 +++-----
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/README.md b/README.md
index 9a6ce2d..ac5f88b 100644
--- a/README.md
+++ b/README.md
@@ -36,11 +36,9 @@ pom.xml
-
- com.yexuejc.base
- yexuejc-base
- ${yexuejc.base.version}
-
+ com.yexuejc.base
+ yexuejc-base
+ ${yexuejc.base.version}
From 6fd1bb4f2cbe9f56495b75cbd0bb7d8f4fc50146 Mon Sep 17 00:00:00 2001
From: maxf <1107047387@qq.com>
Date: Fri, 9 Nov 2018 17:44:18 +0800
Subject: [PATCH 3/4] =?UTF-8?q?=E6=9B=B4=E6=96=B0=E6=96=87=E6=A1=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
doc/MENU.md | 2 +-
doc/SECURITY.md | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/doc/MENU.md b/doc/MENU.md
index 0d41bad..5b7b8d2 100644
--- a/doc/MENU.md
+++ b/doc/MENU.md
@@ -10,6 +10,6 @@
### 内部集成
#
* [(1.1.4/2.0.3)新增 集成security多方登录](SECURITY.md)
-
+单独使用例子工程:[https://github.com/yexuejc/springboot-security-login-simple](https://github.com/yexuejc/springboot-security-login-simple)
* [1.0.6新增 针对API请求安全解决方案](PARAMS_RSA_DECRYPT_ENCRYPT.md)
* [1.0.6新增 加密功能](PARAMS_RSA_DECRYPT_ENCRYPT.md)
diff --git a/doc/SECURITY.md b/doc/SECURITY.md
index f1bfdda..0ad013c 100644
--- a/doc/SECURITY.md
+++ b/doc/SECURITY.md
@@ -1,5 +1,6 @@
Security框架封装集成登录 使用指南
-------------
+单独使用例子工程:[https://github.com/yexuejc/springboot-security-login-simple](https://github.com/yexuejc/springboot-security-login-simple)
* 本项目依赖不向下传递
> **引入依赖 pom.xml**
From 6d0aa8068388c4b82c19eb67e96bb350196ba112 Mon Sep 17 00:00:00 2001
From: maxf <1107047387@qq.com>
Date: Tue, 20 Nov 2018 20:24:55 +0800
Subject: [PATCH 4/4] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=99=BB=E5=BD=95?=
=?UTF-8?q?=E5=A4=B1=E8=B4=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
pom.xml | 2 +-
.../exception/UserNotAuthoriayException.java | 28 +++++++++++
...onsumerAuthenticationProcessingFilter.java | 48 ++++++++-----------
.../base/security/UserDetailsManager.java | 4 ++
.../base/security/MySecurityConfig.java | 3 ++
.../base/security/UserServiceImpl.java | 3 ++
.../springboot/base/web/SecurityCtrl.java | 1 +
7 files changed, 60 insertions(+), 29 deletions(-)
create mode 100644 yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/exception/UserNotAuthoriayException.java
diff --git a/pom.xml b/pom.xml
index 456578a..a3545ea 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@
- 1.2.1
+ 1.2.2
https://nexus.yexuejc.club/repository/
http://maven.aliyun.com/nexus/content/groups/public
diff --git a/yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/exception/UserNotAuthoriayException.java b/yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/exception/UserNotAuthoriayException.java
new file mode 100644
index 0000000..e57e42d
--- /dev/null
+++ b/yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/exception/UserNotAuthoriayException.java
@@ -0,0 +1,28 @@
+package com.yexuejc.springboot.base.exception;
+
+import org.springframework.security.core.AuthenticationException;
+
+/**
+ * 用户无权限
+ *
+ * @author maxf
+ * @version 1.0
+ * @ClassName UserNotAuthoriayException
+ * @Description
+ * @date 2018/11/20 20:13
+ */
+public class UserNotAuthoriayException extends AuthenticationException {
+ private static final long serialVersionUID = 7752594158082817319L;
+
+ public UserNotAuthoriayException() {
+ super("用户缺少权限");
+ }
+
+ public UserNotAuthoriayException(String msg, Throwable t) {
+ super(msg, t);
+ }
+
+ public UserNotAuthoriayException(String msg) {
+ super(msg);
+ }
+}
diff --git a/yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/security/ConsumerAuthenticationProcessingFilter.java b/yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/security/ConsumerAuthenticationProcessingFilter.java
index 55367f1..eed2a24 100644
--- a/yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/security/ConsumerAuthenticationProcessingFilter.java
+++ b/yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/security/ConsumerAuthenticationProcessingFilter.java
@@ -85,23 +85,8 @@ public class ConsumerAuthenticationProcessingFilter extends AbstractAuthenticati
throw new AuthenticationServiceException(
"Authentication method not supported: " + request.getMethod());
}
- String logtype = obtainLogtype(request);
- System.out.println("登录方式:" + logtype);
- String username = "";
- String password = "";
- if (logtype == null) {
- logtype = "";
- }
- String openid = "";
- String smscode = "";
- /**第三方登录:微信 用户头像*/
- String head = "";
- String nickname = "";
- String sex = "";
- //根据不同登录方式做不同处理
- getParams(request, logtype, username, password, smscode, openid, sex, head, nickname);
- UsernamePasswordAuthenticationToken authRequest = new ConsumerToken(
- logtype, smscode, openid, username, password, head, nickname, sex);
+
+ UsernamePasswordAuthenticationToken authRequest = getParams(request);
// Allow subclasses to set the "details" property
setDetails(request, authRequest);
@@ -120,18 +105,23 @@ public class ConsumerAuthenticationProcessingFilter extends AbstractAuthenticati
/**
* 根据登录方式获取请求参数
*
- * @param request 登录请求
- * @param logtype 登录类型
- * @param username 账号
- * @param password 密码
- * @param smscode 短信验证码
- * @param openid 第三封授权id
- * @param sex 附加:性别
- * @param head 附加:头像(源头像路径)
- * @param nickname 附加:昵称
+ * @param request 登录请求
*/
- protected void getParams(HttpServletRequest request, String logtype, String username, String password,
- String smscode, String openid, String sex, String head, String nickname) {
+ protected UsernamePasswordAuthenticationToken getParams(HttpServletRequest request) {
+ String logtype = obtainLogtype(request);
+ System.out.println("登录方式:" + logtype);
+ String username = "";
+ String password = "";
+ if (logtype == null) {
+ logtype = "";
+ }
+ String openid = "";
+ String smscode = "";
+ /**第三方登录:微信 用户头像*/
+ String head = "";
+ String nickname = "";
+ String sex = "";
+ //根据不同登录方式做不同处理
switch (logtype) {
case LogTypeConsts.SMS:
//短信登录
@@ -165,6 +155,8 @@ public class ConsumerAuthenticationProcessingFilter extends AbstractAuthenticati
password = obtainPassword(request);
break;
}
+ return new ConsumerToken(
+ logtype, smscode, openid, username, password, head, nickname, sex);
}
/**
diff --git a/yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/security/UserDetailsManager.java b/yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/security/UserDetailsManager.java
index 5fb04aa..9f89b4a 100644
--- a/yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/security/UserDetailsManager.java
+++ b/yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/security/UserDetailsManager.java
@@ -1,6 +1,7 @@
package com.yexuejc.springboot.base.security;
import com.yexuejc.base.util.StrUtil;
+import com.yexuejc.springboot.base.exception.UserNotAuthoriayException;
import com.yexuejc.springboot.base.security.inte.User;
import com.yexuejc.springboot.base.security.inte.UserService;
import org.springframework.security.core.GrantedAuthority;
@@ -36,6 +37,9 @@ public class UserDetailsManager extends InMemoryUserDetailsManager {
}
// 处理用户权限
List authorities = new ArrayList<>();
+ if (StrUtil.isEmpty(consumer.getRoles())) {
+ throw new UserNotAuthoriayException("用户" + username + "缺少权限");
+ }
for (String role : consumer.getRoles()) {
authorities.add(new SimpleGrantedAuthority(role));
}
diff --git a/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/security/MySecurityConfig.java b/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/security/MySecurityConfig.java
index 59ac01d..1cfb026 100644
--- a/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/security/MySecurityConfig.java
+++ b/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/security/MySecurityConfig.java
@@ -9,6 +9,7 @@ import com.yexuejc.base.util.StrUtil;
import com.yexuejc.springboot.base.autoconfigure.MutiRedisAutoConfiguration;
import com.yexuejc.springboot.base.constant.BizConsts;
import com.yexuejc.springboot.base.exception.ThirdPartyAuthorizationException;
+import com.yexuejc.springboot.base.exception.UserNotAuthoriayException;
import com.yexuejc.springboot.base.security.inte.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
@@ -123,6 +124,8 @@ public class MySecurityConfig extends SecurityConfig {
resps.setErr(RespsConsts.CODE_FAIL, new String[]{BizConsts.BASE_PWD_IS_ERR_MSG});
} else if (exception instanceof UsernameNotFoundException) {
resps.setErr(RespsConsts.CODE_FAIL, new String[]{BizConsts.BASE_ACCOUNT_NOT_FOUND_MSG});
+ } else if (exception instanceof UserNotAuthoriayException) {
+ resps.setErr(RespsConsts.CODE_FAIL, new String[]{exception.getMessage()});
} else {
resps.setErr(RespsConsts.CODE_FAIL, new String[]{BizConsts.BASE_SYS_ERR_MSG});
}
diff --git a/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/security/UserServiceImpl.java b/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/security/UserServiceImpl.java
index 06f0c0c..22a82eb 100644
--- a/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/security/UserServiceImpl.java
+++ b/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/security/UserServiceImpl.java
@@ -52,6 +52,9 @@ public class UserServiceImpl implements UserService {
QueryWrapper queryWrapper = new QueryWrapper();
queryWrapper.eq("mobile", username);
Consumer consumer = consumerMapper.selectOne(queryWrapper);
+ ArrayList roles = new ArrayList<>();
+ roles.add("ROLE_CONSUMER");
+ consumer.setRoles(roles);
return consumer;
}
diff --git a/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/web/SecurityCtrl.java b/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/web/SecurityCtrl.java
index 19a486c..8f5ea6f 100644
--- a/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/web/SecurityCtrl.java
+++ b/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/web/SecurityCtrl.java
@@ -19,4 +19,5 @@ import org.springframework.web.bind.annotation.RestController;
@RestController
public class SecurityCtrl {
+
}