zhouwentao
/
maxkey
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '18ef4c6f39'
${ noResults }
maxkey/summer-ospp/2023/pig/README.md

2223 lines
66 KiB
Raw Blame History Escape

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

# Pig整合MaxKey流程整理
## 主要工作介紹
1.pig集成maxkey中CAS的单点登录
2.pig集成maxke的组织架构信息等
## pig介绍
### pig版本
#### pig后端版本3.6
gitee地址https://gitee.com/log4j/pig.git
#### pig前端版本最新代码
gitee地址https://gitee.com/log4j/pig-ui.git
## 流程梳理
### 1.pig-auth模块
#### 1.pom.xml的更改覆盖了pig的Oauth2的token生成方案
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.pig4cloud</groupId>
<artifactId>pig</artifactId>
<version>3.6.7</version>
</parent>
<artifactId>pig-auth</artifactId>
<packaging>jar</packaging>
<description>pig 认证授权中心,基于 spring security oAuth2</description>
<dependencies>
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt</artifactId>
<version>0.7.0</version>
</dependency>
<!--注册中心客户端-->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
</dependency>
<!--配置中心客户端-->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
</dependency>
<!--断路器依赖-->
<dependency>
<groupId>com.pig4cloud</groupId>
<artifactId>pig-common-feign</artifactId>
</dependency>
<!--upms api、model 模块-->
<dependency>
<groupId>com.pig4cloud</groupId>
<artifactId>pig-upms-api</artifactId>
</dependency>
<dependency>
<groupId>com.pig4cloud</groupId>
<artifactId>pig-common-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!--freemarker-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-freemarker</artifactId>
</dependency>
<!--undertow容器-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-undertow</artifactId>
</dependency>
<!-- log -->
<dependency>
<groupId>com.pig4cloud</groupId>
<artifactId>pig-common-log</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>io.fabric8</groupId>
<artifactId>docker-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
```
#### PigTokenEndpoint中新增获取token的方法
```java
/*
* Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.pig4cloud.pig.auth.endpoint;
import cn.hutool.core.date.DatePattern;
import cn.hutool.core.date.TemporalAccessorUtil;
import cn.hutool.core.map.MapUtil;
import cn.hutool.core.util.StrUtil;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.pig4cloud.pig.admin.api.entity.SysOauthClientDetails;
import com.pig4cloud.pig.admin.api.feign.RemoteClientDetailsService;
import com.pig4cloud.pig.admin.api.vo.TokenVo;
import com.pig4cloud.pig.auth.support.handler.PigAuthenticationFailureEventHandler;
import com.pig4cloud.pig.auth.utils.RedisUtils;
import com.pig4cloud.pig.auth.utils.TokenManager;
import com.pig4cloud.pig.common.core.constant.CacheConstants;
import com.pig4cloud.pig.common.core.constant.CommonConstants;
import com.pig4cloud.pig.common.core.util.R;
import com.pig4cloud.pig.common.core.util.RetOps;
import com.pig4cloud.pig.common.core.util.SpringContextHolder;
import com.pig4cloud.pig.common.security.annotation.Inner;
import com.pig4cloud.pig.common.security.service.PigUser;
import com.pig4cloud.pig.common.security.util.OAuth2EndpointUtils;
import com.pig4cloud.pig.common.security.util.OAuth2ErrorCodesExpand;
import com.pig4cloud.pig.common.security.util.OAuthClientException;
import lombok.RequiredArgsConstructor;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.springframework.cache.CacheManager;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.security.authentication.event.LogoutSuccessEvent;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.servlet.ModelAndView;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.security.Principal;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
/**
* @author lengleng
* @date 2019/2/1 删除token端点
*/
@Slf4j
@RestController
@RequiredArgsConstructor
@RequestMapping("/token")
public class PigTokenEndpoint {
private final HttpMessageConverter<OAuth2AccessTokenResponse> accessTokenHttpResponseConverter = new OAuth2AccessTokenResponseHttpMessageConverter();
private final AuthenticationFailureHandler authenticationFailureHandler = new PigAuthenticationFailureEventHandler();
private final OAuth2AuthorizationService authorizationService;
private final RemoteClientDetailsService clientDetailsService;
private final RedisTemplate<String, Object> redisTemplate;
private final CacheManager cacheManager;
@Resource
private RedisUtils redisUtils;
@Resource
private TokenManager tokenManager;
private final static String SPRING_SESSION_PREFIX = "spring:session:sessions:%s";
private final static String PIG_TOKEN_PREFIX = "pig:token:%s:%s";
private final static String ASSCEE_TOKEN = "access_token";
private final static String REFRESH_TOKEN = "refresh_token";
private long tokenExpiration = 24 * 60 * 60 * 1000;
/**
* 认证页面
*
* @param modelAndView
* @param error 表单登录失败处理回调的错误信息
* @return ModelAndView
*/
@GetMapping("/login")
public ModelAndView require(ModelAndView modelAndView, @RequestParam(required = false) String error) {
modelAndView.setViewName("ftl/login");
modelAndView.addObject("error", error);
return modelAndView;
}
@GetMapping("/confirm_access")
public ModelAndView confirm(Principal principal, ModelAndView modelAndView,
@RequestParam(OAuth2ParameterNames.CLIENT_ID) String clientId,
@RequestParam(OAuth2ParameterNames.SCOPE) String scope,
@RequestParam(OAuth2ParameterNames.STATE) String state) {
SysOauthClientDetails clientDetails = RetOps.of(clientDetailsService.getClientDetailsById(clientId))
.getData()
.orElseThrow(() -> new OAuthClientException("clientId 不合法"));
Set<String> authorizedScopes = StringUtils.commaDelimitedListToSet(clientDetails.getScope());
modelAndView.addObject("clientId", clientId);
modelAndView.addObject("state", state);
modelAndView.addObject("scopeList", authorizedScopes);
modelAndView.addObject("principalName", principal.getName());
modelAndView.setViewName("ftl/confirm");
return modelAndView;
}
/**
* 退出并删除token
*
* @param authHeader Authorization
*/
@DeleteMapping("/logout")
public R<Boolean> logout(HttpServletRequest request, @RequestHeader(value = HttpHeaders.AUTHORIZATION, required = false) String authHeader) {
if (StrUtil.isBlank(authHeader)) {
return R.ok();
}
String sessonId = request.getSession().getId();
if (StrUtil.isBlank(sessonId)) {
return R.ok();
}
boolean isSuccess = redisUtils.deleteKey(generateSessionId(sessonId));
if (isSuccess) {
return R.ok();
} else {
return R.failed();
}
}
/**
* 校验token
*
* @param token 令牌
*/
@SneakyThrows
@GetMapping("/check_token")
public void checkToken(String token, HttpServletResponse response, HttpServletRequest request) {
ServletServerHttpResponse httpResponse = new ServletServerHttpResponse(response);
if (StrUtil.isBlank(token)) {
httpResponse.setStatusCode(HttpStatus.UNAUTHORIZED);
this.authenticationFailureHandler.onAuthenticationFailure(request, response,
new InvalidBearerTokenException(OAuth2ErrorCodesExpand.TOKEN_MISSING));
return;
}
OAuth2Authorization authorization = authorizationService.findByToken(token, OAuth2TokenType.ACCESS_TOKEN);
// 如果令牌不存在 返回401
if (authorization == null || authorization.getAccessToken() == null) {
this.authenticationFailureHandler.onAuthenticationFailure(request, response,
new InvalidBearerTokenException(OAuth2ErrorCodesExpand.INVALID_BEARER_TOKEN));
return;
}
Map<String, Object> claims = authorization.getAccessToken().getClaims();
OAuth2AccessTokenResponse sendAccessTokenResponse = OAuth2EndpointUtils.sendAccessTokenResponse(authorization,
claims);
this.accessTokenHttpResponseConverter.write(sendAccessTokenResponse, MediaType.APPLICATION_JSON, httpResponse);
}
/**
* 令牌管理调用
*
* @param token token
*/
@Inner
@DeleteMapping("/{token}")
public R<Boolean> removeToken(@PathVariable("token") String token) {
OAuth2Authorization authorization = authorizationService.findByToken(token, OAuth2TokenType.ACCESS_TOKEN);
if (authorization == null) {
return R.ok();
}
OAuth2Authorization.Token<OAuth2AccessToken> accessToken = authorization.getAccessToken();
if (accessToken == null || StrUtil.isBlank(accessToken.getToken().getTokenValue())) {
return R.ok();
}
// 清空用户信息
cacheManager.getCache(CacheConstants.USER_DETAILS).evict(authorization.getPrincipalName());
// 清空access token
authorizationService.remove(authorization);
// 处理自定义退出事件,保存相关日志
SpringContextHolder.publishEvent(new LogoutSuccessEvent(new PreAuthenticatedAuthenticationToken(
authorization.getPrincipalName(), authorization.getRegisteredClientId())));
return R.ok();
}
/**
* 查询token
*
* @param params 分页参数
* @return
*/
@Inner
@PostMapping("/page")
public R<Page> tokenList(@RequestBody Map<String, Object> params) {
// 根据分页参数获取对应数据
String key = String.format("%s::*", CacheConstants.PROJECT_OAUTH_ACCESS);
int current = MapUtil.getInt(params, CommonConstants.CURRENT);
int size = MapUtil.getInt(params, CommonConstants.SIZE);
Set<String> keys = redisTemplate.keys(key);
List<String> pages = keys.stream().skip((current - 1) * size).limit(size).collect(Collectors.toList());
Page result = new Page(current, size);
List<TokenVo> tokenVoList = redisTemplate.opsForValue().multiGet(pages).stream().map(obj -> {
OAuth2Authorization authorization = (OAuth2Authorization) obj;
TokenVo tokenVo = new TokenVo();
tokenVo.setClientId(authorization.getRegisteredClientId());
tokenVo.setId(authorization.getId());
tokenVo.setUsername(authorization.getPrincipalName());
OAuth2Authorization.Token<OAuth2AccessToken> accessToken = authorization.getAccessToken();
tokenVo.setAccessToken(accessToken.getToken().getTokenValue());
String expiresAt = TemporalAccessorUtil.format(accessToken.getToken().getExpiresAt(),
DatePattern.NORM_DATETIME_PATTERN);
tokenVo.setExpiresAt(expiresAt);
String issuedAt = TemporalAccessorUtil.format(accessToken.getToken().getIssuedAt(),
DatePattern.NORM_DATETIME_PATTERN);
tokenVo.setIssuedAt(issuedAt);
return tokenVo;
}).collect(Collectors.toList());
result.setRecords(tokenVoList);
result.setTotal(keys.size());
return R.ok(result);
}
@GetMapping("sso_login_get_token")
public R<Map<String, String>> getToken(String ticket, String service) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
PigUser pigUser = (PigUser) authentication.getPrincipal();
Map<String, String> ans = new HashMap<>();
String access_token = tokenManager.createToken(ASSCEE_TOKEN, pigUser.getName(), pigUser.getId().toString());
String refresh_token = tokenManager.createToken(REFRESH_TOKEN, pigUser.getName(), pigUser.getId().toString());
redisUtils.setValue(generateTokenKey(ASSCEE_TOKEN, pigUser.getId().toString()), access_token, tokenExpiration);
redisUtils.setValue(generateTokenKey(REFRESH_TOKEN, pigUser.getId().toString()), refresh_token, tokenExpiration);
ans.put("access_token", access_token);
ans.put("refresh_token", refresh_token);
return R.ok(ans);
}
private String generateSessionId(String sessionId) {
return String.format(SPRING_SESSION_PREFIX, sessionId);
}
private String generateTokenKey(String type, String userId) {
return String.format(PIG_TOKEN_PREFIX, type, userId);
}
}
```
#### 3.新增utils类
##### RedisUtils中操作缓存的工具类
```java
package com.pig4cloud.pig.auth.utils;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Component;
import javax.annotation.Resource;
@Component
public class RedisUtils {
@Resource
private RedisTemplate<String, Object> redisTemplate;
public boolean deleteKey(String key) {
return redisTemplate.delete(key);
}
public void setValue(String key, Object object, Long expire) {
redisTemplate.opsForValue().set(key, object, expire);
}
}
```
##### TokenMananer工具类
```java
package com.pig4cloud.pig.auth.utils;
import io.jsonwebtoken.CompressionCodecs;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import org.springframework.stereotype.Component;
import java.util.Date;
@Component
public class TokenManager {
private long tokenExpiration = 24 * 60 * 60 * 1000;
private final static String TOKEN_SIGN_KEY = "MAKKEY_PIG";
public String createToken(String subject, String username, String id) {
String token = Jwts.builder()
.setSubject(subject)
.claim("nickname", username)
.claim("id", id)
.setExpiration(new Date(System.currentTimeMillis() + tokenExpiration))
.signWith(SignatureAlgorithm.HS512, TOKEN_SIGN_KEY)
.compressWith(CompressionCodecs.GZIP).compact();
return token;
}
public String getUserFromToken(String token) {
String user = Jwts.parser().setSigningKey(TOKEN_SIGN_KEY).parseClaimsJws(token).getBody().getSubject();
return user;
}
public void removeToken(String token) {
//jwttoken无需删除客户端扔掉即可。
}
}
```
### 2.pig-common
#### pom文件的更改
主要新增 CAS的MAVEN包
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.pig4cloud</groupId>
<artifactId>pig-common</artifactId>
<version>3.6.7</version>
</parent>
<artifactId>pig-common-security</artifactId>
<packaging>jar</packaging>
<description>pig 安全工具类</description>
<dependencies>
<dependency>
<groupId>org.springframework.session</groupId>
<artifactId>spring-session-data-redis</artifactId>
</dependency>
<!-- spring security cas-->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
</dependency>
<!--工具类核心包-->
<dependency>
<groupId>com.pig4cloud</groupId>
<artifactId>pig-common-core</artifactId>
</dependency>
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-extra</artifactId>
</dependency>
<!--UPMS API-->
<dependency>
<groupId>com.pig4cloud</groupId>
<artifactId>pig-upms-api</artifactId>
</dependency>
<!--common utils-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-commons</artifactId>
</dependency>
<!--feign 工具类-->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-openfeign</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-jose</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-oauth2-authorization-server</artifactId>
<version>${spring.authorization.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
</dependency>
</dependencies>
</project>
```
#### annotation包下面
更改EnablePigResourceServer
```java
/*
* Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.pig4cloud.pig.common.security.annotation;
import com.pig4cloud.pig.common.security.component.PigResourceServerAutoConfiguration;
import com.pig4cloud.pig.common.security.component.PigResourceServerConfiguration;
import com.pig4cloud.pig.common.security.component.ResourceAuthExceptionEntryPoint;
import com.pig4cloud.pig.common.security.config.*;
import org.springframework.context.annotation.Import;
import java.lang.annotation.*;
/**
* @author lengleng
* @date 2022-06-04
* <p>
* 资源服务注解
*/
@Documented
@Inherited
@Target({ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
//@Import({ PigResourceServerAutoConfiguration.class, PigResourceServerConfiguration.class })
@Import({PigResourceServerAutoConfiguration.class, CasProperties.class, SecurityConfig.class})
public @interface EnablePigResourceServer {
}
```
#### Config包下
##### 新增CasProperties主要是CAS得配置信息配置在NACOS中
```java
package com.pig4cloud.pig.common.security.config;
import lombok.Data;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
@Data
@Component
public class CasProperties {
/**
* 秘钥
*/
@Value("${cas.key}")
private String casKey;
/**
* cas服务端地址
*/
@Value("${cas.server.host.url}")
private String casServerUrl;
/**
* cas服务端地址
*/
@Value("${cas.server.host.grant_url}")
private String casGrantingUrl;
/**
* cas服务端登录地址
*/
@Value("${cas.server.host.login_url}")
private String casServerLoginUrl;
/**
* cas服务端登出地址 并回跳到制定页面
*/
@Value("${cas.server.host.logout_url}")
private String casServerLogoutUrl;
/**
* cas客户端地址
*/
@Value("${cas.service.host.url}")
private String casServiceUrl;
/**
* cas客户端地址登录地址
*/
@Value("${cas.service.host.login_url}")
private String casServiceLoginUrl;
/**
* cas客户端地址登出地址
*/
@Value("${cas.service.host.logout_url}")
private String casServiceLogoutUrl;
}
```
##### SecurityConfig类主要是CAS的认证流程并且覆盖原本pig的认证流程
```java
package com.pig4cloud.pig.common.security.config;
import cn.hutool.core.util.ArrayUtil;
import com.pig4cloud.pig.common.security.component.PermitAllUrlProperties;
import com.pig4cloud.pig.common.security.component.PigBearerTokenExtractor;
import com.pig4cloud.pig.common.security.component.ResourceAuthExceptionEntryPoint;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
@Slf4j
@Configuration
@EnableWebSecurity // 启用web权限
@EnableGlobalMethodSecurity(prePostEnabled = true) // 启用方法验证
@RequiredArgsConstructor
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CasProperties casProperties;
@Autowired
private AuthenticationUserDetailsService casUserDetailService;
private final PermitAllUrlProperties permitAllUrl;
/**
* 定义认证用户信息获取来源,密码校验规则等
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
auth.authenticationProvider(casAuthenticationProvider());
}
/**
* 定义安全策略
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()// 配置安全策略
.antMatchers(ArrayUtil.toArray(permitAllUrl.getUrls(), String.class)).permitAll()
.anyRequest().authenticated()// 其余的所有请求都需要验证
.and().logout().permitAll()// 定义logout不需要验证
.and().formLogin();// 使用form表单登录
http.exceptionHandling()
.authenticationEntryPoint(casAuthenticationEntryPoint())
.and()
.addFilter(casAuthenticationFilter())
.addFilterBefore(casLogoutFilter(), LogoutFilter.class)
.addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class);
// 取消跨站请求伪造防护
http.csrf().disable();
// // 防止iframe 造成跨域
http.headers().frameOptions().disable();
// http.csrf().disable(); //禁用CSRF
}
/**
* 认证的入口
*/
@Bean
public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
casAuthenticationEntryPoint.setLoginUrl(casProperties.getCasServerLoginUrl());
casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
return casAuthenticationEntryPoint;
}
/**
* 指定service相关信息
*/
@Bean
public ServiceProperties serviceProperties() {
ServiceProperties serviceProperties = new ServiceProperties();
//设置cas客户端登录完整的url
serviceProperties.setService(casProperties.getCasServiceUrl() + casProperties.getCasServiceLoginUrl());
serviceProperties.setSendRenew(false);
serviceProperties.setAuthenticateAllArtifacts(true);
return serviceProperties;
}
/**
* CAS认证过滤器
*/
@Bean
public CasAuthenticationFilter casAuthenticationFilter() throws Exception {
CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
casAuthenticationFilter.setAuthenticationManager(authenticationManager());
casAuthenticationFilter.setFilterProcessesUrl(casProperties.getCasServiceUrl() + casProperties.getCasServiceLoginUrl());
casAuthenticationFilter.setServiceProperties(serviceProperties());
return casAuthenticationFilter;
}
/**
* cas 认证 Provider
*/
@Bean
public CasAuthenticationProvider casAuthenticationProvider() {
CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
casAuthenticationProvider.setAuthenticationUserDetailsService(casUserDetailService);
// //这里只是接口类型,实现的接口不一样,都可以的。
casAuthenticationProvider.setServiceProperties(serviceProperties());
casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
casAuthenticationProvider.setKey("casAuthenticationProviderKey");
return casAuthenticationProvider;
}
@Bean
public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
return new Cas20ServiceTicketValidator(casProperties.getCasGrantingUrl());
}
/**
* 单点登出过滤器
*/
@Bean
public SingleSignOutFilter singleSignOutFilter() {
SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
singleSignOutFilter.setLogoutCallbackPath(casProperties.getCasServerUrl());
singleSignOutFilter.setIgnoreInitConfiguration(true);
return singleSignOutFilter;
}
/**
* 请求单点退出过滤器
*/
@Bean
public LogoutFilter casLogoutFilter() {
LogoutFilter logoutFilter = new LogoutFilter(casProperties.getCasServerLogoutUrl(), new SecurityContextLogoutHandler());
logoutFilter.setFilterProcessesUrl(casProperties.getCasServiceLogoutUrl());
return logoutFilter;
}
}
```
#### service包
新增PigUserDetailsServiceImpl类主要功能为CAS服务认证成功方法判断用户是否存在存在获取用户信息不存在调用远程接口新增用户并同步组织架构信息
```java
/*
* Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.pig4cloud.pig.common.security.service;
import com.pig4cloud.pig.admin.api.dto.UserInfo;
import com.pig4cloud.pig.admin.api.feign.RemoteUserService;
import com.pig4cloud.pig.common.core.constant.CacheConstants;
import com.pig4cloud.pig.common.core.util.R;
import lombok.RequiredArgsConstructor;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.springframework.cache.Cache;
import org.springframework.cache.CacheManager;
import org.springframework.context.annotation.Primary;
import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import java.util.*;
/**
* 用户详细信息
*
* @author lengleng hccake
*/
@Slf4j
@Primary
@RequiredArgsConstructor
public class PigUserDetailsServiceImpl implements PigUserDetailsService, AuthenticationUserDetailsService<CasAssertionAuthenticationToken> {
private final RemoteUserService remoteUserService;
private final CacheManager cacheManager;
/**
* 用户名密码登录
*
* @param username 用户名
* @return
*/
@Override
@SneakyThrows
public UserDetails loadUserByUsername(String username) {
Cache cache = cacheManager.getCache(CacheConstants.USER_DETAILS);
if (cache != null && cache.get(username) != null) {
return (PigUser) cache.get(username).get();
}
return getUserDetails(remoteUserService.info(username), username);
}
@Override
public int getOrder() {
return Integer.MIN_VALUE;
}
@Override
public UserDetails loadUserDetails(CasAssertionAuthenticationToken token) throws UsernameNotFoundException {
log.info("getCredentials:{}", token.getCredentials());
String username = token.getName();
Cache cache = cacheManager.getCache(CacheConstants.USER_DETAILS);
if (cache != null && cache.get(username) != null) {
return (PigUser) cache.get(username).get();
}
R<UserInfo> result = remoteUserService.saveIfNotExist(token.getAssertion().getPrincipal().getAttributes());
return getUserDetails(result, username);
}
private UserDetails getUserDetails(R<UserInfo> result, String username) {
Cache cache = cacheManager.getCache(CacheConstants.USER_DETAILS);
UserDetails userDetails = getUserDetails(result);
if (cache != null) {
cache.put(username, userDetails);
}
return userDetails;
}
}
```
### pig-upms包
#### pom的更改
新增guava工具类
```java
<?xml version="1.0" encoding="UTF-8"?>
<!--
~ Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
~
~ Licensed under the Apache License, Version 2.0 (the "License");
~ you may not use this file except in compliance with the License.
~ You may obtain a copy of the License at
~
~ http://www.apache.org/licenses/LICENSE-2.0
~
~ Unless required by applicable law or agreed to in writing, software
~ distributed under the License is distributed on an "AS IS" BASIS,
~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
~ See the License for the specific language governing permissions and
~ limitations under the License.
-->
<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://maven.apache.org/POM/4.0.0"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>com.pig4cloud</groupId>
<artifactId>pig-upms</artifactId>
<version>3.6.7</version>
</parent>
<artifactId>pig-upms-biz</artifactId>
<packaging>jar</packaging>
<description>pig 通用用户权限管理系统业务处理模块</description>
<dependencies>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>29.0-jre</version>
</dependency>
<!--upms apimodel 模块-->
<dependency>
<groupId>com.pig4cloud</groupId>
<artifactId>pig-upms-api</artifactId>
</dependency>
<!--文件管理-->
<dependency>
<groupId>com.pig4cloud.plugin</groupId>
<artifactId>oss-spring-boot-starter</artifactId>
</dependency>
<!--feign 调用-->
<dependency>
<groupId>com.pig4cloud</groupId>
<artifactId>pig-common-feign</artifactId>
</dependency>
<!--安全模块-->
<dependency>
<groupId>com.pig4cloud</groupId>
<artifactId>pig-common-security</artifactId>
</dependency>
<!--日志处理-->
<dependency>
<groupId>com.pig4cloud</groupId>
<artifactId>pig-common-log</artifactId>
</dependency>
<!--接口文档-->
<dependency>
<groupId>com.pig4cloud</groupId>
<artifactId>pig-common-swagger</artifactId>
</dependency>
<!-- orm 模块-->
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>com.mysql</groupId>
<artifactId>mysql-connector-j</artifactId>
</dependency>
<!--注册中心客户端-->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-discovery</artifactId>
</dependency>
<!--配置中心客户端-->
<dependency>
<groupId>com.alibaba.cloud</groupId>
<artifactId>spring-cloud-starter-alibaba-nacos-config</artifactId>
</dependency>
<!-- 阿里云短信下发 -->
<dependency>
<groupId>io.springboot.sms</groupId>
<artifactId>aliyun-sms-spring-boot-starter</artifactId>
</dependency>
<!--xss 过滤-->
<dependency>
<groupId>com.pig4cloud</groupId>
<artifactId>pig-common-xss</artifactId>
</dependency>
<!--undertow容器-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-undertow</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>io.fabric8</groupId>
<artifactId>docker-maven-plugin</artifactId>
</plugin>
</plugins>
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
<excludes>
<exclude>**/*.xlsx</exclude>
<exclude>**/*.xls</exclude>
</excludes>
</resource>
<resource>
<directory>src/main/resources</directory>
<filtering>false</filtering>
<includes>
<include>**/*.xlsx</include>
<include>**/*.xls</include>
</includes>
</resource>
</resources>
</build>
</project>
```
#### controller包
在SysUserController中新增方法主要为提供远程调用方法判断用户是否存在添加用户信息等
```java
/*
* Copyright (c) 2020 pig4cloud Authors. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.pig4cloud.pig.admin.controller;
import cn.hutool.core.collection.CollUtil;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.metadata.IPage;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
import com.google.common.collect.Lists;
import com.pig4cloud.pig.admin.api.dto.UserDTO;
import com.pig4cloud.pig.admin.api.dto.UserInfo;
import com.pig4cloud.pig.admin.api.entity.SysUser;
import com.pig4cloud.pig.admin.api.vo.UserExcelVO;
import com.pig4cloud.pig.admin.api.vo.UserInfoVO;
import com.pig4cloud.pig.admin.api.vo.UserVO;
import com.pig4cloud.pig.admin.service.SysUserService;
import com.pig4cloud.pig.admin.utils.BeanCreator;
import com.pig4cloud.pig.common.core.exception.ErrorCodes;
import com.pig4cloud.pig.common.core.util.MsgUtils;
import com.pig4cloud.pig.common.core.util.R;
import com.pig4cloud.pig.common.log.annotation.SysLog;
import com.pig4cloud.pig.common.security.annotation.Inner;
import com.pig4cloud.pig.common.security.util.SecurityUtils;
import com.pig4cloud.pig.common.xss.core.XssCleanIgnore;
import com.pig4cloud.plugin.excel.annotation.RequestExcel;
import com.pig4cloud.plugin.excel.annotation.ResponseExcel;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.tags.Tag;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.BeanUtils;
import org.springframework.http.HttpHeaders;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.*;
import javax.validation.Valid;
import java.util.List;
import java.util.Map;
import java.util.Set;
/**
* @author lengleng
* @date 2019/2/1
*/
@Slf4j
@RestController
@RequiredArgsConstructor
@RequestMapping("/user")
@Tag(name = "用户管理模块")
@SecurityRequirement(name = HttpHeaders.AUTHORIZATION)
public class SysUserController {
private final SysUserService userService;
/**
* 获取当前用户全部信息
*
* @return 用户信息
*/
@GetMapping(value = {"/info"})
public R<UserInfoVO> info() {
String username = SecurityUtils.getUser().getUsername();
SysUser user = userService.getOne(Wrappers.<SysUser>query().lambda().eq(SysUser::getUsername, username));
if (user == null) {
return R.failed(MsgUtils.getMessage(ErrorCodes.SYS_USER_QUERY_ERROR));
}
UserInfo userInfo = userService.getUserInfo(user);
UserInfoVO vo = new UserInfoVO();
vo.setSysUser(userInfo.getSysUser());
vo.setRoles(userInfo.getRoles());
vo.setPermissions(userInfo.getPermissions());
return R.ok(vo);
}
/**
* 获取指定用户全部信息
*
* @return 用户信息
*/
@Inner
@GetMapping("/info/{username}")
public R<UserInfo> info(@PathVariable String username) {
SysUser user = userService.getOne(Wrappers.<SysUser>query().lambda().eq(SysUser::getUsername, username));
if (user == null) {
return R.failed(MsgUtils.getMessage(ErrorCodes.SYS_USER_USERINFO_EMPTY, username));
}
return R.ok(userService.getUserInfo(user));
}
@Inner
@PostMapping("/sso_save")
public R<UserInfo> save_sso(@RequestBody Map<String, Object> attributes) {
String username = (String) attributes.getOrDefault("username", "pig");
// 判断用户名是否存在
SysUser sysUser = userService.getOne(Wrappers.<SysUser>lambdaQuery().eq(SysUser::getUsername, username));
if (sysUser == null) {
SysUser sysUserByMap = BeanCreator.createSysUserByMap(attributes);
UserDTO userDTO = new UserDTO();
BeanUtils.copyProperties(sysUserByMap,userDTO);
userDTO.setPost(Lists.newArrayList(1l));
userDTO.setDeptId(6l);
userDTO.setRole(Lists.newArrayList(2l));
// 添加用户
userService.saveUser(userDTO);
}
return info(username);
}
/**
* 根据部门id查询对应的用户 id 集合
*
* @param deptIds 部门id 集合
* @return 用户 id 集合
*/
@Inner
@GetMapping("/ids")
public R<List<Long>> listUserIdByDeptIds(@RequestParam("deptIds") Set<Long> deptIds) {
return R.ok(userService.listUserIdByDeptIds(deptIds));
}
/**
* 通过ID查询用户信息
*
* @param id ID
* @return 用户信息
*/
@GetMapping("/{id:\\d+}")
public R<UserVO> user(@PathVariable Long id) {
return R.ok(userService.getUserVoById(id));
}
/**
* 判断用户是否存在
*
* @param userDTO 查询条件
* @return
*/
@Inner(false)
@GetMapping("/check/exist")
public R<Boolean> isExist(UserDTO userDTO) {
List<SysUser> sysUserList = userService.list(new QueryWrapper<>(userDTO));
if (CollUtil.isNotEmpty(sysUserList)) {
return R.ok(Boolean.TRUE, MsgUtils.getMessage(ErrorCodes.SYS_USER_EXISTING));
}
return R.ok(Boolean.FALSE);
}
/**
* 删除用户信息
*
* @param id ID
* @return R
*/
@SysLog("删除用户信息")
@DeleteMapping("/{id:\\d+}")
@PreAuthorize("@pms.hasPermission('sys_user_del')")
public R<Boolean> userDel(@PathVariable Long id) {
SysUser sysUser = userService.getById(id);
return R.ok(userService.removeUserById(sysUser));
}
/**
* 添加用户
*
* @param userDto 用户信息
* @return success/false
*/
@SysLog("添加用户")
@PostMapping
@XssCleanIgnore({"password"})
@PreAuthorize("@pms.hasPermission('sys_user_add')")
public R<Boolean> user(@RequestBody UserDTO userDto) {
return R.ok(userService.saveUser(userDto));
}
/**
* 管理员更新用户信息
*
* @param userDto 用户信息
* @return R
*/
@SysLog("更新用户信息")
@PutMapping
@XssCleanIgnore({"password"})
@PreAuthorize("@pms.hasPermission('sys_user_edit')")
public R<Boolean> updateUser(@Valid @RequestBody UserDTO userDto) {
return userService.updateUser(userDto);
}
/**
* 分页查询用户
*
* @param page 参数集
* @param userDTO 查询参数列表
* @return 用户集合
*/
@GetMapping("/page")
public R<IPage<UserVO>> getUserPage(Page page, UserDTO userDTO) {
return R.ok(userService.getUserWithRolePage(page, userDTO));
}
/**
* 个人修改个人信息
*
* @param userDto userDto
* @return success/false
*/
@SysLog("修改个人信息")
@PutMapping("/edit")
@XssCleanIgnore({"password", "newpassword1"})
public R<Boolean> updateUserInfo(@Valid @RequestBody UserDTO userDto) {
userDto.setUsername(SecurityUtils.getUser().getUsername());
return userService.updateUserInfo(userDto);
}
/**
* @param username 用户名称
* @return 上级部门用户列表
*/
@GetMapping("/ancestor/{username}")
public R<List<SysUser>> listAncestorUsers(@PathVariable String username) {
return R.ok(userService.listAncestorUsersByUsername(username));
}
/**
* 导出excel 表格
*
* @param userDTO 查询条件
* @return
*/
@ResponseExcel
@GetMapping("/export")
@PreAuthorize("@pms.hasPermission('sys_user_import_export')")
public List<UserExcelVO> export(UserDTO userDTO) {
return userService.listUser(userDTO);
}
/**
* 导入用户
*
* @param excelVOList 用户列表
* @param bindingResult 错误信息列表
* @return R
*/
@PostMapping("/import")
@PreAuthorize("@pms.hasPermission('sys_user_import_export')")
public R importUser(@RequestExcel List<UserExcelVO> excelVOList, BindingResult bindingResult) {
return userService.importUser(excelVOList, bindingResult);
}
}
```
#### utils包
新增BeanCreator方法主要创建SysUser对象工具类
```java
package com.pig4cloud.pig.admin.utils;
import com.pig4cloud.pig.admin.api.entity.SysUser;
import java.util.Map;
public class BeanCreator {
private static final String DEFAULT_PASSWORD = "pigmax123456";
public static SysUser createSysUserByMap(Map<String, Object> map) {
SysUser sysUser = new SysUser();
String username = (String) map.get("username");
String phone = (String) map.get("mobile");
String deptId = (String) map.get("departmentId");
sysUser.setUsername(username);
sysUser.setPhone(phone);
sysUser.setDeptId(Long.parseLong(deptId));
sysUser.setPassword(DEFAULT_PASSWORD);
return sysUser;
}
}
```
### vue包
主要是对pig前端页面的修改
#### api包
新增获取token的方法
```js
/*
* Copyright (c) 2018-2025, lengleng All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* Neither the name of the pig4cloud.com developer nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
* Author: lengleng (wangiegie@gmail.com)
*/
import { validatenull } from '@/util/validate'
import request from '@/router/axios'
import store from '@/store'
import qs from 'qs'
import { getStore, setStore } from '@/util/store.js'
import website from '@/config/website'
const scope = 'server'
export const loginByUsername = (username, password, code, randomStr) => {
const grant_type = 'password'
const dataObj = qs.stringify({ 'username': username, 'password': password })
const basicAuth = 'Basic ' + window.btoa(website.formLoginClient)
// 保存当前选中的 basic 认证信息
setStore({
name: 'basicAuth',
content: basicAuth,
type: 'session'
})
return request({
url: '/auth/oauth2/token',
headers: {
isToken: false,
Authorization: basicAuth
},
method: 'post',
params: { randomStr, code, grant_type, scope },
data: dataObj
})
}
export const loginByMobile = (smsForm) => {
const grant_type = 'app'
const basicAuth = 'Basic ' + window.btoa(website.smsLoginClient)
// 保存当前选中的 basic 认证信息
setStore({
name: 'basicAuth',
content: basicAuth,
type: 'session'
})
return request({
url: '/auth/oauth2/token',
headers: {
isToken: false,
'Authorization': basicAuth
},
method: 'post',
params: { phone: smsForm.phone, code: smsForm.code, grant_type, scope }
})
}
export const ssoLogin = (ticket,service) => {
return request({
url: '/auth/token/sso_login_get_token',
method: 'get',
params: { ticket, service }
})
}
export const refreshToken = refresh_token => {
const grant_type = 'refresh_token'
// 获取当前选中的 basic 认证信息
const basicAuth = getStore({ name: 'basicAuth' })
return request({
url: '/auth/oauth2/token',
headers: {
isToken: false,
Authorization: basicAuth
},
method: 'post',
params: { refresh_token, grant_type, scope }
})
}
export const getUserInfo = () => {
return request({
url: '/admin/user/info',
method: 'get'
})
}
export const logout = () => {
return request({
url: '/auth/token/logout',
method: 'delete'
})
}
/**
* 校验令牌,若有效期小于半小时自动续期
*
* 定时任务请求后端接口返回实际的有效时间,不进行本地计算避免 客户端和服务器机器时钟不一致
* @param refreshLock
*/
export const checkToken = (refreshLock, $store) => {
const token = store.getters.access_token
// 获取当前选中的 basic 认证信息
const basicAuth = getStore({ name: 'basicAuth' })
if (validatenull(token) || validatenull(basicAuth)) {
return
}
request({
url: '/auth/token/check_token',
headers: {
isToken: false,
Authorization: basicAuth
},
method: 'get',
params: { token }
}).then(response => {
const expire = response && response.data && response.data.exp
if (expire) {
const expiredPeriod = expire * 1000 - new Date().getTime()
console.log('当前token过期时间', expiredPeriod, '毫秒')
//小于半小时自动续约
if (expiredPeriod <= website.remainingTime) {
if (!refreshLock) {
refreshLock = true
$store.dispatch('RefreshToken')
.catch(() => {
clearInterval(this.refreshTime)
})
refreshLock = false
}
}
}
}).catch(error => {
console.error(error)
})
}
/**
* 注册用户
*/
export const registerUser = (userInfo) => {
return request({
url: '/admin/register/user',
method: 'post',
data: userInfo
})
}
/**
* 发送短信
*/
export const sendSmsCode = (form) => {
return request({
url: '/admin/app/sms',
method: 'post',
data: form
})
}
```
#### userlogin改造
```html
<template>
<el-form
ref="loginForm"
class="login-form"
status-icon
:rules="loginRules"
:model="loginForm"
label-width="0"
>
<el-form-item prop="username">
<el-input
v-model="loginForm.username"
auto-complete="off"
placeholder="请输入用户名"
@keyup.enter.native="handleLogin"
>
<template #prefix>
<i class="icon-yonghu"></i>
</template>
</el-input>
</el-form-item>
<el-form-item prop="password">
<el-input
v-model="loginForm.password"
size="small"
type="password"
auto-complete="off"
show-password
placeholder="请输入密码"
@keyup.enter.native="handleLogin"
>
<template #prefix>
<i class="icon-mima"></i>
</template>
</el-input>
</el-form-item>
<el-form-item v-if="website.validateCode" prop="code">
<el-input
v-model="loginForm.code"
:maxlength="code.len"
auto-complete="off"
placeholder="请输入验证码"
@keyup.enter.native="handleLogin"
>
<template #prefix>
<i class="icon-yanzhengma"></i>
</template>
<template #append>
<div class="login-code">
<span
v-if="code.type === 'text'"
class="login-code-img"
@click="refreshCode"
>{{ code.value }}</span
>
<img
v-else
:src="code.src"
class="login-code-img"
@click="refreshCode"
/>
</div>
</template>
</el-input>
</el-form-item>
<el-form-item>
<el-button
type="primary"
class="login-submit"
@click.native.prevent="handleLogin"
>登录
</el-button
>
</el-form-item>
</el-form>
</template>
<script>
import { randomLenNum } from '@/util'
import { mapGetters } from 'vuex'
// import {ssoLogin} from '@/api/login'
export default {
name: 'userlogin',
data() {
return {
loginForm: {
username: 'admin',
password: '123456',
code: '',
randomStr: ''
},
checked: false,
code: {
src: '/code',
value: '',
len: 4,
type: 'image'
},
loginRules: {
username: [
{ required: true, message: '请输入用户名', trigger: 'blur' },
{ pattern: /^([a-z\u4e00-\u9fa5\d]*?)$/, message: '请输入小写字母', trigger: 'blur' }
],
password: [
{ required: true, message: '请输入密码', trigger: 'blur' },
{ min: 6, message: '密码长度最少为6位', trigger: 'blur' }
],
code: [{ required: true, message: '请输入验证码', trigger: 'blur' }]
}
}
},
created() {
var params = new URLSearchParams(window.location.search);
var myParam = params.get('ticket');
var service = params.get('service');
if(myParam!=''&&myParam!=null){
this.ssoLogin(myParam,service)
}
},
updated(){
var params = new URLSearchParams(window.location.search);
var myParam = params.get('ticket');
var service = params.get('service');
if(myParam!=''&&myParam!=null){
this.ssoLogin(myParam,service)
}
},
computed: {
...mapGetters(['tagWel', 'website'])
},
methods: {
async ssoLogin(myParam,service){
this.$store
.dispatch('SSOLogin', myParam,service)
.then(() => {
this.$router.push({ path: this.tagWel.value })
})
.catch(() => {
this.refreshCode()
})
},
refreshCode() {
this.loginForm.code = ''
this.loginForm.randomStr = randomLenNum(this.code.len, true)
this.code.type === 'text'
? (this.code.value = randomLenNum(this.code.len))
: (this.code.src = `${this.baseUrl}/code?randomStr=${this.loginForm.randomStr}`)
},
handleLogin() {
this.$refs.loginForm.validate(valid => {
if (valid) {
this.$store
.dispatch('LoginByUsername', this.loginForm)
.then(() => {
this.$router.push({ path: this.tagWel.value })
})
.catch(() => {
this.refreshCode()
})
}
})
}
}
}
</script>
<style></style>
```
#### router改造
如果没权限返回登录页面
```js
import axios from 'axios'
import { serialize } from '@/util'
import NProgress from 'nprogress' // progress bar
import errorCode from '@/const/errorCode'
import { ElMessage, ElMessageBox } from 'element-plus'
import 'nprogress/nprogress.css'
import qs from 'qs'
import store from '@/store'
import router from '@/router/index.js'
import { baseUrl } from '@/config/env' // progress bar style
axios.defaults.timeout = 30000
// 返回其他状态吗
axios.defaults.validateStatus = function(status) {
return status >= 200 && status <= 500 // 默认的
}
// 跨域请求允许保存cookie
axios.defaults.withCredentials = true
// NProgress Configuration
NProgress.configure({
showSpinner: false
})
// HTTPrequest拦截
axios.defaults.baseURL = baseUrl
axios.interceptors.request.use(config => {
NProgress.start() // start progress bar
const isToken = (config.headers || {}).isToken === false
const token = store.getters.access_token
if (token && !isToken) {
config.headers['Authorization'] = 'Bearer ' + token// token
}
// headers中配置serialize为true开启序列化
if (config.method === 'post' && config.headers.serialize) {
config.data = serialize(config.data)
delete config.data.serialize
}
if (config.method === 'get') {
config.paramsSerializer = function(params) {
return qs.stringify(params, { arrayFormat: 'repeat' })
}
}
return config
}, error => {
return Promise.reject(error)
})
// HTTPresponse拦截
axios.interceptors.response.use(res => {
NProgress.done()
const status = Number(res.status) || 200
const message = res.data.msg || errorCode[status] || errorCode['default']
if (status == 401){
window.open("http://localhost:3000/")
}
// 后台定义 424 针对令牌过去的特殊响应码
if (status === 424) {
ElMessageBox.confirm('令牌状态已过期,请点击重新登录', '系统提示', {
confirmButtonText: '重新登录',
cancelButtonText: '取消',
type: 'warning'
}
).then(() => {
store.dispatch('LogOut').then(() => {
// 刷新登录页面,避免多次弹框
window.location.reload()
})
}).catch(() => {
})
return
}
if (status !== 200 || res.data.code === 1) {
ElMessage({
message: message,
type: 'error'
})
return Promise.reject(new Error(message))
}
return res
}, error => {
// 处理 503 网络异常
console.log(error)
if (error.response.status === 503) {
ElMessage({
message: error.response.data.msg,
type: 'error'
})
}
NProgress.done()
return Promise.reject(new Error(error))
})
export default axios
```
#### store的user改造
```js
import { setToken, setRefreshToken } from '@/util/auth'
import { getStore, setStore } from '@/util/store'
import { ssoLogin,loginByMobile, loginByUsername, getUserInfo, logout, refreshToken } from '@/api/login'
import { deepClone, encryption } from '@/util'
import { formatPath } from '@/router/avue-router'
import { getMenu } from '@/api/admin/menu'
const user = {
state: {
userInfo: getStore({
name: 'userInfo'
}) || {},
permissions: getStore({
name: 'permissions'
}) || [],
roles: [],
menu: getStore({
name: 'menu'
}) || [],
menuAll: getStore({ name: 'menuAll' }) || [],
access_token: getStore({
name: 'access_token'
}) || '',
refresh_token: getStore({
name: 'refresh_token'
}) || ''
},
actions: {
// SSO单点登陆
SSOLogin({ commit }, myParam,service) {
return new Promise((resolve, reject) => {
ssoLogin(myParam,service).then(response => {
const data = response.data.data
console.log(data)
commit('SET_ACCESS_TOKEN', data.access_token)
commit('SET_REFRESH_TOKEN', data.refresh_token)
commit('CLEAR_LOCK')
resolve()
}).catch(error => {
reject(error)
})
})
},
// 根据用户名登录
LoginByUsername({ commit }, userInfo) {
const user = encryption({
data: userInfo,
key: 'thanks,pig4cloud',
param: ['password']
})
return new Promise((resolve, reject) => {
loginByUsername(user.username, user.password, user.code, user.randomStr).then(response => {
const data = response.data
commit('SET_ACCESS_TOKEN', data.access_token)
commit('SET_REFRESH_TOKEN', data.refresh_token)
commit('CLEAR_LOCK')
resolve()
}).catch(error => {
reject(error)
})
})
},
// 根据手机号登录
LoginByPhone({ commit }, smsForm) {
return new Promise((resolve, reject) => {
loginByMobile(smsForm).then(response => {
const data = response.data
commit('SET_ACCESS_TOKEN', data.access_token)
commit('SET_REFRESH_TOKEN', data.refresh_token)
commit('CLEAR_LOCK')
resolve()
}).catch(error => {
reject(error)
})
})
},
// 刷新token
RefreshToken({ commit, state }) {
return new Promise((resolve, reject) => {
refreshToken(state.refresh_token).then(response => {
const data = response.data
commit('SET_ACCESS_TOKEN', data.access_token)
commit('SET_REFRESH_TOKEN', data.refresh_token)
commit('CLEAR_LOCK')
resolve()
}).catch(error => {
reject(error)
})
})
},
// 查询用户信息
GetUserInfo({ commit }) {
return new Promise((resolve, reject) => {
getUserInfo().then((res) => {
const data = res.data.data || {}
commit('SET_USER_INFO', data.sysUser)
commit('SET_ROLES', data.roles || [])
commit('SET_PERMISSIONS', data.permissions || [])
resolve(data)
}).catch(() => {
reject()
})
})
},
// 登出
LogOut({ commit }) {
return new Promise((resolve, reject) => {
logout().then(() => {
commit('SET_MENUALL_NULL', [])
commit('SET_MENU', [])
commit('SET_PERMISSIONS', [])
commit('SET_USER_INFO', {})
commit('SET_ACCESS_TOKEN', '')
commit('SET_REFRESH_TOKEN', '')
commit('SET_ROLES', [])
commit('DEL_ALL_TAG')
commit('CLEAR_LOCK')
resolve()
}).catch(error => {
reject(error)
})
})
},
// 注销session
FedLogOut({ commit }) {
return new Promise(resolve => {
commit('SET_MENU', [])
commit('SET_MENUALL_NULL', [])
commit('SET_PERMISSIONS', [])
commit('SET_USER_INFO', {})
commit('SET_ACCESS_TOKEN', '')
commit('SET_REFRESH_TOKEN', '')
commit('SET_ROLES', [])
commit('DEL_ALL_TAG')
commit('CLEAR_LOCK')
resolve()
})
},
// 获取系统菜单
GetMenu({ commit }, obj = {}) {
// 记录用户点击顶部信息,保证刷新的时候不丢失
commit('LIKE_TOP_MENUID', obj)
return new Promise(resolve => {
getMenu(obj.id).then((res) => {
const data = res.data.data
const menu = deepClone(data)
menu.forEach(ele => formatPath(ele, true))
commit('SET_MENUALL', menu)
commit('SET_MENU', menu)
resolve(menu)
})
})
},
//顶部菜单
GetTopMenu() {
return new Promise(resolve => {
resolve([])
})
}
},
mutations: {
SET_ACCESS_TOKEN: (state, access_token) => {
state.access_token = access_token
setToken(access_token)
setStore({
name: 'access_token',
content: state.access_token,
type: 'session'
})
},
SET_REFRESH_TOKEN: (state, rfToken) => {
state.refresh_token = rfToken
setRefreshToken(rfToken)
setStore({
name: 'refresh_token',
content: state.refresh_token,
type: 'session'
})
},
SET_USER_INFO: (state, userInfo) => {
state.userInfo = userInfo
setStore({
name: 'userInfo',
content: userInfo,
type: 'session'
})
},
SET_MENUALL: (state, menuAll) => {
const menu = state.menuAll
menuAll.forEach(ele => {
if (!menu.find(item => item.label === ele.label && item.path === ele.path)) {
menu.push(ele)
}
})
state.menuAll = menu
setStore({ name: 'menuAll', content: state.menuAll })
},
SET_MENUALL_NULL: (state) => {
state.menuAll = []
setStore({ name: 'menuAll', content: state.menuAll })
},
SET_MENU: (state, menu) => {
state.menu = menu
setStore({ name: 'menu', content: state.menu })
},
SET_ROLES: (state, roles) => {
state.roles = roles
},
SET_PERMISSIONS: (state, permissions) => {
const list = {}
for (let i = 0; i < permissions.length; i++) {
list[permissions[i]] = true
}
state.permissions = list
setStore({
name: 'permissions',
content: list,
type: 'session'
})
}
}
}
export default user
```
### Nacos配置文件新增
在application-dev.yml新增配置信息
```yml
# 配置文件加密根密码
jasypt:
encryptor:
password: pig
algorithm: PBEWithMD5AndDES
iv-generator-classname: org.jasypt.iv.NoIvGenerator
# Spring 相关
spring:
cache:
type: redis
redis:
host: pig-redis
cloud:
sentinel:
eager: true
transport:
dashboard: pig-sentinel:5003
# 暴露监控端点
management:
endpoints:
web:
exposure:
include: "*"
endpoint:
health:
show-details: ALWAYS
# feign 配置
feign:
sentinel:
enabled: true
okhttp:
enabled: true
httpclient:
enabled: false
client:
config:
default:
connectTimeout: 10000
readTimeout: 10000
compression:
request:
enabled: true
response:
enabled: true
# mybaits-plus配置
mybatis-plus:
mapper-locations: classpath:/mapper/*Mapper.xml
global-config:
banner: false
db-config:
id-type: auto
table-underline: true
logic-delete-value: 1
logic-not-delete-value: 0
configuration:
map-underscore-to-camel-case: true
# swagger 配置
swagger:
enabled: true
title: Pig Swagger API
gateway: http://${GATEWAY_HOST:pig-gateway}:${GATEWAY-PORT:9999}
token-url: ${swagger.gateway}/auth/oauth2/token
scope: server
services:
pig-upms-biz: admin
pig-codegen: gen
#cas配置
cas:
#秘钥
key: n0c9MTcwMjIwMjMxNzE2NDMwOTAskV
server:
host:
grant_url: http://sso.maxkey.top/sign/authz/cas
#cas服务端地址 这是我的cas服务端地址 需要修改成你们的cas服务端地址
url: http://sso.maxkey.top/maxkey/authz/cas
#cas服务端登录地址
login_url: http://sso.maxkey.top/maxkey/#/passport/login?redirect_uri=aHR0cDovL3Nzby5tYXhrZXkudG9wL3NpZ24vYXV0aHovY2FzLzQxMDY1ZmUzLWFlNjctNDE3Mi1hNDYwLWZkMDA3OWU4ODI5NA
#cas服务端登出地址 service参数后面跟就是需要跳转的页面/接口 这里指定的是cas客户端登录接口
logout_url: ${cas.server.host.url}/logout?service=${cas.service.host.url}${cas.service.host.login_url}
service:
host:
#cas客户端地址
url: http://localhost:8080
#cas客户端地址登录地址
login_url: /login
#cas客户端地址登出地址
logout_url: /logout
```
Reference in new issue View Git Blame Copy Permalink