refactor: 重构权限后台认证
This commit is contained in:
parent
bb9c7979d4
commit
c9121b9003
|
@ -29,6 +29,9 @@ public class UserModularRealmAuthenticator extends ModularRealmAuthenticator {
|
|||
|
||||
// 默认使用本地验证
|
||||
for (Realm realm : realms) {
|
||||
if (realm == null) {
|
||||
continue;
|
||||
}
|
||||
if (realm.getName().contains(loginType)) {
|
||||
typeRealms.add(realm);
|
||||
}
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
package io.metersphere.security.realm;
|
||||
|
||||
import io.metersphere.base.domain.UserGroupPermission;
|
||||
import io.metersphere.commons.user.SessionUser;
|
||||
import io.metersphere.commons.utils.SessionUtils;
|
||||
import io.metersphere.dto.GroupResourceDTO;
|
||||
import io.metersphere.dto.UserDTO;
|
||||
import io.metersphere.i18n.Translator;
|
||||
import io.metersphere.service.UserService;
|
||||
import org.apache.shiro.authc.*;
|
||||
import org.apache.shiro.authz.AuthorizationInfo;
|
||||
import org.apache.shiro.realm.AuthorizingRealm;
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.Set;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
public abstract class BaseRealm extends AuthorizingRealm {
|
||||
@Resource
|
||||
private UserService userService;
|
||||
|
||||
@Override
|
||||
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
|
||||
UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
|
||||
|
||||
String userId = token.getUsername();
|
||||
String password = String.valueOf(token.getPassword());
|
||||
UserDTO user = userService.getUserDTO(userId);
|
||||
if (user == null) {
|
||||
throw new UnknownAccountException(Translator.get("user_not_exist"));
|
||||
}
|
||||
SessionUser sessionUser = SessionUser.fromUser(user);
|
||||
SessionUtils.putUser(sessionUser);
|
||||
return new SimpleAuthenticationInfo(userId, password, getName());
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isPermitted(PrincipalCollection principals, String permission) {
|
||||
Set<String> permissions = Objects.requireNonNull(SessionUtils.getUser()).getGroupPermissions().stream()
|
||||
.map(GroupResourceDTO::getUserGroupPermissions)
|
||||
.flatMap(List::stream)
|
||||
.map(UserGroupPermission::getPermissionId)
|
||||
.collect(Collectors.toSet());
|
||||
|
||||
return permissions.contains(permission);
|
||||
}
|
||||
}
|
|
@ -12,7 +12,6 @@ import org.apache.shiro.SecurityUtils;
|
|||
import org.apache.shiro.authc.*;
|
||||
import org.apache.shiro.authz.AuthorizationInfo;
|
||||
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
||||
import org.apache.shiro.realm.AuthorizingRealm;
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
@ -32,7 +31,7 @@ import java.util.stream.Collectors;
|
|||
* set realm
|
||||
* </p>
|
||||
*/
|
||||
public class LdapRealm extends AuthorizingRealm {
|
||||
public class LdapRealm extends BaseRealm {
|
||||
|
||||
private Logger logger = LoggerFactory.getLogger(LdapRealm.class);
|
||||
@Resource
|
||||
|
@ -44,7 +43,7 @@ public class LdapRealm extends AuthorizingRealm {
|
|||
}
|
||||
|
||||
/**
|
||||
* 权限认证
|
||||
* 角色认证
|
||||
*/
|
||||
@Override
|
||||
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
|
||||
|
@ -95,8 +94,4 @@ public class LdapRealm extends AuthorizingRealm {
|
|||
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isPermitted(PrincipalCollection principals, String permission) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -13,7 +13,6 @@ import org.apache.shiro.SecurityUtils;
|
|||
import org.apache.shiro.authc.*;
|
||||
import org.apache.shiro.authz.AuthorizationInfo;
|
||||
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
||||
import org.apache.shiro.realm.AuthorizingRealm;
|
||||
import org.apache.shiro.subject.PrincipalCollection;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
@ -34,7 +33,7 @@ import java.util.stream.Collectors;
|
|||
* set realm
|
||||
* </p>
|
||||
*/
|
||||
public class LocalRealm extends AuthorizingRealm {
|
||||
public class LocalRealm extends BaseRealm {
|
||||
|
||||
private Logger logger = LoggerFactory.getLogger(LocalRealm.class);
|
||||
@Resource
|
||||
|
@ -49,12 +48,11 @@ public class LocalRealm extends AuthorizingRealm {
|
|||
}
|
||||
|
||||
/**
|
||||
* 权限认证
|
||||
* 角色认证
|
||||
*/
|
||||
@Override
|
||||
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
|
||||
String userId = (String) principals.getPrimaryPrincipal();
|
||||
return getAuthorizationInfo(userId, userService);
|
||||
return null;
|
||||
}
|
||||
|
||||
public static AuthorizationInfo getAuthorizationInfo(String userId, UserService userService) {
|
||||
|
@ -134,8 +132,4 @@ public class LocalRealm extends AuthorizingRealm {
|
|||
return new SimpleAuthenticationInfo(userId, password, getName());
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isPermitted(PrincipalCollection principals, String permission) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit 79d2eb9f7810b95673f691970e858b05d5d07e9a
|
||||
Subproject commit 77479091f8c7559b2b0300ef9419de50b9e43ce7
|
Loading…
Reference in New Issue