| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136 |
- package com.fdkankan.manage.config;
- import cn.dev33.satoken.context.SaHolder;
- import cn.dev33.satoken.exception.NotLoginException;
- import cn.dev33.satoken.exception.NotPermissionException;
- import cn.dev33.satoken.exception.NotRoleException;
- import cn.dev33.satoken.filter.SaServletFilter;
- import cn.dev33.satoken.jwt.StpLogicJwtForMixin;
- import cn.dev33.satoken.router.SaRouter;
- import cn.dev33.satoken.stp.StpLogic;
- import cn.dev33.satoken.stp.StpUtil;
- import com.alibaba.fastjson.JSONArray;
- import com.alibaba.fastjson.JSONObject;
- import com.alibaba.nacos.common.utils.HttpMethod;
- import com.fdkankan.common.util.SecurityUtil;
- import com.fdkankan.manage.common.RedisKeyUtil;
- import com.fdkankan.manage.common.ResultCode;
- import com.fdkankan.manage.exception.BusinessException;
- import com.fdkankan.manage.common.ResultData;
- import com.fdkankan.manage.service.ISysMenuService;
- import com.fdkankan.redis.constant.RedisKey;
- import com.fdkankan.redis.util.RedisUtil;
- import lombok.extern.slf4j.Slf4j;
- import org.apache.commons.lang3.StringUtils;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import java.util.HashMap;
- import java.util.List;
- @Configuration
- @Slf4j
- public class SaTokenConfigure {
- public static HashMap<String, JSONObject> manageMenuUrl = new HashMap<>();
- public static HashMap<String, JSONObject> manageMenuId = new HashMap<>();
- @Autowired
- RedisUtil redisUtil;
- @Autowired
- ISysMenuService sysMenuService;
- // 注册Sa-Token的拦截器
- @Bean
- public SaServletFilter getSaServletFilter() {
- return new SaServletFilter()
- // 指定 拦截路由 与 放行路由
- .addInclude("/**").addExclude("/**/reMyselfPassword","/**/test/**","/**/inner/**","/**/feedback/h5/**")
- // 认证函数: 每次请求执行
- .setAuth(obj -> {
- // 登录认证 -- 拦截所有路由,并排除/user/doLogin 用于开放登录
- SaRouter.match("/**", "/service/manage/login", r ->checkLogin() );
- String menu = redisUtil.get(RedisKey.MANAGE_MENU);
- if(StringUtils.isBlank(menu)){
- SaRouter.match("/**", r -> StpUtil.checkRole("super-admin"));
- return;
- }
- JSONArray menuArray = JSONObject.parseArray(menu);
- for (Object o : menuArray) {
- JSONObject jsonObject = (JSONObject) o;
- String url = jsonObject.getString("url");
- String perm = jsonObject.getString("perms");
- if(StringUtils.isEmpty(url) || StringUtils.isEmpty(perm)){
- continue;
- }
- manageMenuId.put(jsonObject.getString("id"),jsonObject);
- manageMenuUrl.put(jsonObject.getString("url"),jsonObject);
- if(StpUtil.hasRole("super-admin")){
- continue;
- }
- SaRouter.match(url, r -> StpUtil.checkPermission(perm));
- }
- })
- // 异常处理函数:每次认证函数发生异常时执行此函数
- .setError(e -> {
- SaHolder.getResponse().setHeader("Content-Type", "application/json;charset=UTF-8");
- ResultData aj ;
- if (e instanceof NotLoginException) { // 如果是未登录异常
- NotLoginException ee = (NotLoginException) e;
- aj = ResultData.error(ResultCode.USER_NOT_LOGIN.code(),ResultCode.USER_NOT_LOGIN.message());
- }
- else if(e instanceof NotRoleException) { // 如果是角色异常
- NotRoleException ee = (NotRoleException) e;
- aj = ResultData.error(ResultCode.NOT_ROLE.code(),ResultCode.NOT_ROLE.message());
- }
- else if(e instanceof NotPermissionException) { // 如果是权限异常
- NotPermissionException ee = (NotPermissionException) e;
- aj = ResultData.error(ResultCode.NOT_PERMISSION.code(),ResultCode.NOT_PERMISSION.message());
- }
- else if(e instanceof BusinessException) { // 如果是权限异常
- BusinessException ee = (BusinessException) e;
- aj = ResultData.error(ee.getCode(),ee.getMessage());
- }
- else { // 普通异常, 输出:500 + 异常信息
- aj = ResultData.error(ResultCode.SYSTEM_ERROR.code(),ResultCode.SYSTEM_ERROR.message());
- }
- return JSONObject.toJSONString(aj);
- })
- // 前置函数:在每次认证函数之前执行
- .setBeforeAuth(r -> {
- // ---------- 设置一些安全响应头 ----------
- SaHolder.getResponse()
- .setHeader("Access-Control-Allow-Origin", "*")
- .setHeader("Access-Control-Allow-Methods", "*")
- .setHeader("Access-Control-Max-Age", "3600")
- .setHeader("Access-Control-Allow-Headers", "*")
- .setServer("4dkk");
- // 跳过对 OPTIONS 请求的检查,否则这里会鉴权失败,导致 springboot 配置的 addCorsMappings 跨域不执行
- if (SaHolder.getRequest().getMethod().equals(HttpMethod.OPTIONS.toString())) {
- SaRouter.back();
- }
- });
- }
- private void checkLogin(){
- if(!redisUtil.hasKey(String.format(RedisKeyUtil.loginToken,StpUtil.getTokenValue()))){
- throw new BusinessException(ResultCode.USER_NOT_LOGIN);
- }
- redisUtil.expire(String.format(RedisKeyUtil.loginToken,StpUtil.getTokenValue()),21600);
- StpUtil.checkLogin();
- }
- //Sa-Token 整合 jwt
- //Stateless 无状态模式 纯jwt
- //Mixin 混入模式 jwt 与 Redis 逻辑混合
- //Simple 简单模式 Token风格替换
- @Bean
- public StpLogic getStpLogicJwt() {
- return new StpLogicJwtForMixin();
- }
- }
|
