refactor: 重构权限后台认证

This commit is contained in:
Captain.B 2021-06-23 13:39:57 +08:00 committed by 刘瑞斌
parent bb9c7979d4
commit c9121b9003
5 changed files with 64 additions and 17 deletions

View File

@ -29,6 +29,9 @@ public class UserModularRealmAuthenticator extends ModularRealmAuthenticator {
// 默认使用本地验证
for (Realm realm : realms) {
if (realm == null) {
continue;
}
if (realm.getName().contains(loginType)) {
typeRealms.add(realm);
}

View File

@ -0,0 +1,55 @@
package io.metersphere.security.realm;
import io.metersphere.base.domain.UserGroupPermission;
import io.metersphere.commons.user.SessionUser;
import io.metersphere.commons.utils.SessionUtils;
import io.metersphere.dto.GroupResourceDTO;
import io.metersphere.dto.UserDTO;
import io.metersphere.i18n.Translator;
import io.metersphere.service.UserService;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import javax.annotation.Resource;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
public abstract class BaseRealm extends AuthorizingRealm {
@Resource
private UserService userService;
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
return null;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
String userId = token.getUsername();
String password = String.valueOf(token.getPassword());
UserDTO user = userService.getUserDTO(userId);
if (user == null) {
throw new UnknownAccountException(Translator.get("user_not_exist"));
}
SessionUser sessionUser = SessionUser.fromUser(user);
SessionUtils.putUser(sessionUser);
return new SimpleAuthenticationInfo(userId, password, getName());
}
@Override
public boolean isPermitted(PrincipalCollection principals, String permission) {
Set<String> permissions = Objects.requireNonNull(SessionUtils.getUser()).getGroupPermissions().stream()
.map(GroupResourceDTO::getUserGroupPermissions)
.flatMap(List::stream)
.map(UserGroupPermission::getPermissionId)
.collect(Collectors.toSet());
return permissions.contains(permission);
}
}

View File

@ -12,7 +12,6 @@ import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -32,7 +31,7 @@ import java.util.stream.Collectors;
* set realm
* </p>
*/
public class LdapRealm extends AuthorizingRealm {
public class LdapRealm extends BaseRealm {
private Logger logger = LoggerFactory.getLogger(LdapRealm.class);
@Resource
@ -44,7 +43,7 @@ public class LdapRealm extends AuthorizingRealm {
}
/**
* 权限认证
* 角色认证
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
@ -95,8 +94,4 @@ public class LdapRealm extends AuthorizingRealm {
}
@Override
public boolean isPermitted(PrincipalCollection principals, String permission) {
return true;
}
}

View File

@ -13,7 +13,6 @@ import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -34,7 +33,7 @@ import java.util.stream.Collectors;
* set realm
* </p>
*/
public class LocalRealm extends AuthorizingRealm {
public class LocalRealm extends BaseRealm {
private Logger logger = LoggerFactory.getLogger(LocalRealm.class);
@Resource
@ -49,12 +48,11 @@ public class LocalRealm extends AuthorizingRealm {
}
/**
* 权限认证
* 角色认证
*/
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
String userId = (String) principals.getPrimaryPrincipal();
return getAuthorizationInfo(userId, userService);
return null;
}
public static AuthorizationInfo getAuthorizationInfo(String userId, UserService userService) {
@ -134,8 +132,4 @@ public class LocalRealm extends AuthorizingRealm {
return new SimpleAuthenticationInfo(userId, password, getName());
}
@Override
public boolean isPermitted(PrincipalCollection principals, String permission) {
return true;
}
}

@ -1 +1 @@
Subproject commit 79d2eb9f7810b95673f691970e858b05d5d07e9a
Subproject commit 77479091f8c7559b2b0300ef9419de50b9e43ce7