package cn.licoy.wdog.core.config.shiro;
import cn.licoy.wdog.common.exception.RequestException;
import cn.licoy.wdog.common.util.JwtUtil;
import cn.licoy.wdog.core.config.jwt.JwtToken;
import cn.licoy.wdog.core.entity.system.SysUser;
import cn.licoy.wdog.core.service.system.SysUserService;
import com.baomidou.mybatisplus.mapper.EntityWrapper;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.crazycake.shiro.RedisSessionDAO;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.List;
/**
* @author licoy.cn
* @version 2017/9/22
*/
@Slf4j
public class MyRealm extends AuthorizingRealm {
@Autowired
private SysUserService userService;
@Autowired
private CacheManager cacheManager;
@Override
public boolean supports(AuthenticationToken token) {
return token instanceof JwtToken;
}
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
log.info("Shiro权限验证执行");
JwtToken jwtToken = new JwtToken();
BeanUtils.copyProperties(principalCollection.getPrimaryPrincipal(),jwtToken);
if(jwtToken.getUsername()!=null){
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
SysUser findUser = userService.findUserByName(jwtToken.getUsername(),true);
if(findUser!=null){
if(findUser.getRoles()!=null){
findUser.getRoles().forEach(role->{
info.addRole(role.getName());
if(role.getResources()!=null){
role.getResources().forEach(v->{
if(!"".equals(v.getPermission().trim())){
info.addStringPermission(v.getPermission());
}
});
}
});
}
return info;
}
}
throw new DisabledAccountException("用户信息异常,请重新登录!");
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
JwtToken token = (JwtToken) authenticationToken;
SysUser user;
String username = token.getUsername()!=null ? token.getUsername() : JwtUtil.getUsername(token.getToken());
try {
user = userService.selectOne(new EntityWrapper<SysUser>()
.eq("username",username)
.setSqlSelect("id,username,status,password"));
}catch (RequestException e){
throw new DisabledAccountException(e.getMsg());
}
if(user==null){
throw new DisabledAccountException("用户不存在!");
}
if(user.getStatus()!=1){
throw new DisabledAccountException("用户账户已锁定,暂无法登陆!");
}
if(token.getUsername()==null) token.setUsername(user.getUsername());
String sign = JwtUtil.sign(user.getId(), user.getUsername(), user.getPassword());
if(token.getToken()==null) token.setToken(sign);
token.setUid(user.getId());
return new SimpleAuthenticationInfo(token,user.getPassword(),user.getId());
}
public void clearAuthByUserId(String uid,Boolean author, Boolean out){
//获取所有session
Cache<Object, Object> cache = cacheManager
.getCache(MyRealm.class.getName()+".authorizationCache");
cache.remove(uid);
}
public void clearAuthByUserIdCollection(List<String> userList,Boolean author, Boolean out){
Cache<Object, Object> cache = cacheManager
.getCache(MyRealm.class.getName()+".authorizationCache");
userList.forEach(cache::remove);
}
}
