/** * Copyright (c) 2018 人人开源 All rights reserved. * * https://www.renren.io * * 版权所有，侵权必究！ */ package com.zt.core.shiro; import com.alibaba.fastjson.JSONObject; import com.zt.common.exception.ErrorCode; import com.zt.common.utils.MessageUtils; import com.zt.core.context.User; import com.zt.modules.sys.enums.UserStatus; import com.zt.security.model.SysUserToken; import com.zt.security.service.ShiroService; import org.apache.shiro.authc.*; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Lazy; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.stereotype.Component; import java.util.Date; import java.util.List; /** * 认证 * * @author Mark sunlightcs@gmail.com */ @Component public class Oauth2Realm extends AuthorizingRealm { @Lazy @Autowired private ShiroService shiroService; @Autowired private RedisTemplate redisTemplate; @Value("${spring.cache.type}") private String type; @Value("${data.tokenTimeout}") private Long tokenTimeout; @Override public boolean supports(AuthenticationToken token) { return token instanceof Oauth2Token; } /** * 授权(验证权限时调用) */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { User user = (User) principals.getPrimaryPrincipal(); // 用户权限列表 SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(); info.setStringPermissions(user.getPermissions()); return info; } /** * 认证(登录时调用) */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { String accessToken = (String) token.getPrincipal(); // 根据accessToken，查询用户信息 SysUserToken tokenEntity; if (!"redis".equals(type)){ tokenEntity = shiroService.getByToken(accessToken); } else{ String json = (String)redisTemplate.opsForValue().get(accessToken); tokenEntity = JSONObject.parseObject(json, SysUserToken.class); //User user = tokenEntity.getUser(); //List roleIdList = user.getRoleIdList(); } // token失效 if (tokenEntity == null || tokenEntity.getExpireDate().getTime() < System.currentTimeMillis()) { throw new IncorrectCredentialsException(MessageUtils.getMessage(ErrorCode.TOKEN_INVALID.getCode())); } // 当前时间 Date now = new Date(); // 过期时间 Date expireTime = new Date(now.getTime() + tokenTimeout * 60 * 1000); tokenEntity.setUpdateDate(now); tokenEntity.setExpireDate(expireTime); if ("redis".equals(type)) { String jsonString = JSONObject.toJSONString(tokenEntity); redisTemplate.opsForValue().set(token, jsonString); }else{ this.shiroService.updateTokenById(tokenEntity); } // 查询用户信息 User user = shiroService.getUser(tokenEntity.getUserId()); user.setSystemMarker(tokenEntity.getSystemMarker()); user.setRoleName(tokenEntity.getRoleName()); // 账号锁定 if (user.getStatus() == UserStatus.DISABLE.getValue()) { throw new LockedAccountException(MessageUtils.getMessage(ErrorCode.ACCOUNT_LOCK.getCode())); } SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(user, accessToken, getName()); return info; } }