Merge branch 'tmp111' into 2.x

# Conflicts: # README.md # UPDATE.md # doc/MENU.md # doc/SECURITY.md # pom.xml # yexuejc-springboot-base/pom.xml # yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/security/ConsumerAuthenticationProcessingFilter.java # yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/security/UserDetailsManager.java # yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/security/MySecurityConfig.java # yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/security/UserServiceImpl.java # yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/web/SecurityCtrl.java
2018-11-20 20:30:51 +08:00 · 2018-11-20 20:30:51 +08:00 · 4bc88cf98b
parent 56f89796a5 6d0aa80683
commit 4bc88cf98b
11 changed files with 70 additions and 44 deletions
--- a/README.md
+++ b/README.md
@ -34,11 +34,9 @@ pom.xml
    <!--推荐使用-->
    <!--https://gitee.com/incloudcode/yexuejc-base.git-->
    <dependency>
-        <dependency>
-            <groupId>com.yexuejc.base</groupId>
-            <artifactId>yexuejc-base</artifactId>
-            <version>${yexuejc.base.version}</version>
-        </dependency>
+        <groupId>com.yexuejc.base</groupId>
+        <artifactId>yexuejc-base</artifactId>
+        <version>${yexuejc.base.version}</version>
    </dependency>
 </dependencies>
 <repositories>
@ -76,6 +74,10 @@ pom.xml
    <tr>
        <td>com.yexuejc.springboot.base.interceptor.*</td>
        <td>拦截器</td>
+    </tr> 
+      <tr>
+        <td>com.yexuejc.springboot.base.security.*</td>
+        <td>多方登录集成</td>
    </tr>
    <tr>
        <td>com.yexuejc.springboot.base.http.*</td>
--- a/UPDATE.md
+++ b/UPDATE.md
@ -183,7 +183,7 @@ yexuejc.http.encrypt.private-pwd=密码
 **time：** 2018-5-4 09:54:18<br/>
 **branch：** master    <br/>
 **update：**     <br/>
-> [使用加密解密](PARAMS_RSA_DECRYPT_ENCRYPT.md)
+> [使用加密解密](doc/PARAMS_RSA_DECRYPT_ENCRYPT.md)
 >
 >1.增加json入参解密、出参加密
 #
--- a/doc/SECURITY.md
+++ b/doc/SECURITY.md
@ -1,5 +1,6 @@
 Security框架封装集成登录 使用指南
 -------------
+单独使用例子工程：[https://github.com/yexuejc/springboot-security-login-simple](https://github.com/yexuejc/springboot-security-login-simple)
 * 本项目依赖不向下传递

 > **引入依赖 pom.xml**
--- a/pom.xml
+++ b/pom.xml
@ -20,7 +20,7 @@
    </parent>

    <properties>
-        <yexuejc.base.version>1.2.1</yexuejc.base.version>
+        <yexuejc.base.version>1.2.2</yexuejc.base.version>
        <repos.yexuejc.url>https://nexus.yexuejc.club/repository/</repos.yexuejc.url>

        <repos.aliyun.url>http://maven.aliyun.com/nexus/content/groups/public</repos.aliyun.url>
@ -173,6 +173,7 @@
                <artifactId>aliyun-java-sdk-dysmsapi</artifactId>
                <version>${aliyun-java-sdk-dysmsapi.version}</version>
            </dependency>
+
            <!-- 阿里云消息服务MNS相关SDK -->
            <dependency>
                <groupId>com.aliyun.mns</groupId>
--- a/yexuejc-springboot-base/pom.xml
+++ b/yexuejc-springboot-base/pom.xml
@ -62,13 +62,6 @@
            <artifactId>aliyun-sdk-oss</artifactId>
            <optional>true</optional>
        </dependency>
-        <!-- 阿里云消息服务MNS相关SDK -->
-        <dependency>
-            <groupId>com.aliyun.mns</groupId>
-            <artifactId>aliyun-sdk-mns</artifactId>
-            <classifier>jar-with-dependencies</classifier>
-            <optional>true</optional>
-        </dependency>
        <!-- JJWT -->
        <dependency>
            <groupId>io.jsonwebtoken</groupId>
@ -105,9 +98,7 @@
            <groupId>com.h2database</groupId>
            <artifactId>h2</artifactId>
            <optional>true</optional>
-            <scope>test</scope>
        </dependency>
-
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
--- a/yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/exception/UserNotAuthoriayException.java
+++ b/yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/exception/UserNotAuthoriayException.java
@ -0,0 +1,28 @@
+package com.yexuejc.springboot.base.exception;
+
+import org.springframework.security.core.AuthenticationException;
+
+/**
+ * 用户无权限
+ *
+ * @author maxf
+ * @version 1.0
+ * @ClassName UserNotAuthoriayException
+ * @Description
+ * @date 2018/11/20 20:13
+ */
+public class UserNotAuthoriayException extends AuthenticationException {
+    private static final long serialVersionUID = 7752594158082817319L;
+
+    public UserNotAuthoriayException() {
+        super("用户缺少权限");
+    }
+
+    public UserNotAuthoriayException(String msg, Throwable t) {
+        super(msg, t);
+    }
+
+    public UserNotAuthoriayException(String msg) {
+        super(msg);
+    }
+}
--- a/yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/security/ConsumerAuthenticationProcessingFilter.java
+++ b/yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/security/ConsumerAuthenticationProcessingFilter.java
@ -85,23 +85,8 @@ public class ConsumerAuthenticationProcessingFilter extends AbstractAuthenticati
            throw new AuthenticationServiceException(
                    "Authentication method not supported: " + request.getMethod());
        }
-        String logtype = obtainLogtype(request);
-        System.out.println("登录方式：" + logtype);
-        String username = "";
-        String password = "";
-        if (logtype == null) {
-            logtype = "";
-        }
-        String openid = "";
-        String smscode = "";
-        /**第三方登录：微信 用户头像*/
-        String head = "";
-        String nickname = "";
-        String sex = "";
-        //根据不同登录方式做不同处理
-        getParams(request, logtype, username, password, smscode, openid, sex, head, nickname);
-        UsernamePasswordAuthenticationToken authRequest = new ConsumerToken(
-                logtype, smscode, openid, username, password, head, nickname, sex);
+
+        UsernamePasswordAuthenticationToken authRequest = getParams(request);

        // Allow subclasses to set the "details" property
        setDetails(request, authRequest);
@ -120,18 +105,23 @@ public class ConsumerAuthenticationProcessingFilter extends AbstractAuthenticati
    /**
     * 根据登录方式获取请求参数
     *
-     * @param request  登录请求
-     * @param logtype  登录类型
-     * @param username 账号
-     * @param password 密码
-     * @param smscode  短信验证码
-     * @param openid   第三封授权id
-     * @param sex      附加：性别
-     * @param head     附加：头像（源头像路径）
-     * @param nickname 附加：昵称
+     * @param request 登录请求
     */
-    protected void getParams(HttpServletRequest request, String logtype, String username, String password,
-                             String smscode, String openid, String sex, String head, String nickname) {
+    protected UsernamePasswordAuthenticationToken getParams(HttpServletRequest request) {
+        String logtype = obtainLogtype(request);
+        System.out.println("登录方式：" + logtype);
+        String username = "";
+        String password = "";
+        if (logtype == null) {
+            logtype = "";
+        }
+        String openid = "";
+        String smscode = "";
+        /**第三方登录：微信 用户头像*/
+        String head = "";
+        String nickname = "";
+        String sex = "";
+        //根据不同登录方式做不同处理
        switch (logtype) {
            case LogTypeConsts.SMS:
                //短信登录
@ -165,6 +155,8 @@ public class ConsumerAuthenticationProcessingFilter extends AbstractAuthenticati
                password = obtainPassword(request);
                break;
        }
+        return new ConsumerToken(
+                logtype, smscode, openid, username, password, head, nickname, sex);
    }

    /**
--- a/yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/security/UserDetailsManager.java
+++ b/yexuejc-springboot-base/src/main/java/com/yexuejc/springboot/base/security/UserDetailsManager.java
@ -1,6 +1,7 @@
 package com.yexuejc.springboot.base.security;

 import com.yexuejc.base.util.StrUtil;
+import com.yexuejc.springboot.base.exception.UserNotAuthoriayException;
 import com.yexuejc.springboot.base.security.inte.User;
 import com.yexuejc.springboot.base.security.inte.UserService;
 import org.springframework.security.core.GrantedAuthority;
@ -36,6 +37,9 @@ public class UserDetailsManager extends InMemoryUserDetailsManager {
        }
        // 处理用户权限
        List<GrantedAuthority> authorities = new ArrayList<>();
+        if (StrUtil.isEmpty(consumer.getRoles())) {
+            throw new UserNotAuthoriayException("用户" + username + "缺少权限");
+        }
        for (String role : consumer.getRoles()) {
            authorities.add(new SimpleGrantedAuthority(role));
        }
--- a/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/security/MySecurityConfig.java
+++ b/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/security/MySecurityConfig.java
@ -9,6 +9,7 @@ import com.yexuejc.base.util.StrUtil;
 import com.yexuejc.springboot.base.autoconfigure.MutiRedisAutoConfiguration;
 import com.yexuejc.springboot.base.constant.BizConsts;
 import com.yexuejc.springboot.base.exception.ThirdPartyAuthorizationException;
+import com.yexuejc.springboot.base.exception.UserNotAuthoriayException;
 import com.yexuejc.springboot.base.security.inte.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
@ -123,6 +124,8 @@ public class MySecurityConfig extends SecurityConfig {
                resps.setErr(RespsConsts.CODE_FAIL, new String[]{BizConsts.BASE_PWD_IS_ERR_MSG});
            } else if (exception instanceof UsernameNotFoundException) {
                resps.setErr(RespsConsts.CODE_FAIL, new String[]{BizConsts.BASE_ACCOUNT_NOT_FOUND_MSG});
+            } else if (exception instanceof UserNotAuthoriayException) {
+                resps.setErr(RespsConsts.CODE_FAIL, new String[]{exception.getMessage()});
            } else {
                resps.setErr(RespsConsts.CODE_FAIL, new String[]{BizConsts.BASE_SYS_ERR_MSG});
            }
--- a/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/security/UserServiceImpl.java
+++ b/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/security/UserServiceImpl.java
@ -52,6 +52,9 @@ public class UserServiceImpl implements UserService {
        QueryWrapper queryWrapper = new QueryWrapper();
        queryWrapper.eq("mobile", username);
        Consumer consumer = consumerMapper.selectOne(queryWrapper);
+        ArrayList roles =   new ArrayList<>();
+        roles.add("ROLE_CONSUMER");
+        consumer.setRoles(roles);
        return consumer;
    }

--- a/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/web/SecurityCtrl.java
+++ b/yexuejc-springboot-base/src/test/java/com/yexuejc/springboot/base/web/SecurityCtrl.java
@ -19,4 +19,5 @@ import org.springframework.web.bind.annotation.RestController;
@RestController
 public class SecurityCtrl {

+
 }