调整垂直鉴权

566d6c01 · 罗承锋 · 977f9d13 · 566d6c01
Commit 566d6c01 authored Mar 15, 2022 by 罗承锋
Hide whitespace changes
Inline Side-by-side

Showing with 37 additions and 21 deletions

service-manager/src/main/java/com/winsun/intercept/AuthIntercept.java
+37 -21

No files found.
--- a/service-manager/src/main/java/com/winsun/intercept/AuthIntercept.java
+++ b/service-manager/src/main/java/com/winsun/intercept/AuthIntercept.java
@@ -4,10 +4,16 @@ import com.alibaba.fastjson.JSON;
 import com.alibaba.fastjson.JSONObject;
 import com.baomidou.mybatisplus.mapper.EntityWrapper;
 import com.netflix.discovery.converters.Auto;
+import com.winsun.auth.core.common.model.ResponseData;
 import com.winsun.auth.core.shiro.ShiroUser;
+import com.winsun.auth.model.common.Menu;
 import com.winsun.item.core.shiro.ShiroKit;
+import com.winsun.item.modular.system.dao.RelationMapper;
+import com.winsun.item.util.LoginUtils;
 import com.winsun.mapper.SysUserMapper;
+import com.winsun.tenpay.util.StringUtil;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.ModelAndView;
@@ -15,6 +21,7 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.util.List;
 import java.util.Map;
 /**
@@ -32,15 +39,39 @@ public class AuthIntercept extends HandlerInterceptorAdapter {
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        try {
            ShiroUser user = ShiroKit.getUser();
-            if (user != null) {
+            if (user == null) {
-                log.info("请求测试：" + JSON.toJSONString(user));
-            }
-            else {
                log.error("错误");
+                return false;
            }
-            Integer integer = sysUserMapper.selectCount(new EntityWrapper<>());
+            String security = request.getHeader("security");
-            log.info("总数：" + integer);
+            if (StringUtils.isBlank(security)) {
+                log.error("校验权限失败！");
+                return false;
+            }
+            List<Integer> roleList = user.getRoleList();
+            if (roleList.size() == 0) {
+                log.error("无权限");
+                return false;
+            }
+            ResponseData<String> stringResponseData = LoginUtils.pwdDecrypt(security);
+            if (!stringResponseData.isSuccess()) {
+                log.error("鉴权失败");
+                return false;
+            }
+            String data = stringResponseData.getData();
+            List<Menu> roleMenu = sysUserMapper.getRoleMenu(roleList);
+            log.info("data: {}", data);
+            for (Menu menu : roleMenu) {
+                log.info(menu.getUrl());
+                if (StringUtils.equals(menu.getUrl(), data)) {
+                    log.info("获取到相同的菜单");
+                    return true;
+                }
+            }
        }catch (Exception e) {
            e.printStackTrace();
        }
@@ -51,21 +82,6 @@ public class AuthIntercept extends HandlerInterceptorAdapter {
    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
-        try {
-            ShiroUser user = ShiroKit.getUser();
-            if (user != null) {
-                log.info(JSON.toJSONString(user));
-            }
-            else {
-                log.error("错误");
-            }
-            Integer integer = sysUserMapper.selectCount(new EntityWrapper<>());
-            log.info("总数：" + integer);
-        }catch (Exception e) {
-            e.printStackTrace();
-        }
        Map<String, Object> model = modelAndView.getModel();
        log.info("结束信息: {}", JSONObject.toJSONString(model));