From 1992b00aa2ebc3cd0584b9d418cb14f7b3f3eadc Mon Sep 17 00:00:00 2001 From: Bunny Date: Mon, 21 Jul 2025 17:17:22 +0800 Subject: [PATCH] =?UTF-8?q?:wrench:=20=E4=BF=AE=E6=94=B9=E9=AA=8C=E8=AF=81?= =?UTF-8?q?=E8=AF=B7=E6=B1=82=E9=80=BB=E8=BE=91=E5=92=8C=E6=B7=BB=E5=8A=A0?= =?UTF-8?q?=E6=B3=A8=E9=87=8A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../exception/GlobalExceptionHandler.java | 32 +++++++++-- .../com/auth/common/utils/JwtTokenUtil.java | 1 + .../com/auth/dao/base/entity/UserEntity.java | 17 ++---- .../dao/base/view/UserRolePermission.java | 38 +++++++++++++ .../main/resources/mapper/v1/UserMapper.xml | 31 ++--------- .../com/auth/model/base/vo/package-info.java | 1 - .../config/SecurityWebConfiguration.java | 55 ++++++------------- .../filter/JwtAuthenticationFilter.java | 25 ++++++--- .../security/service/DbUserDetailService.java | 19 ------- .../service/impl/DbUserDetailServiceImpl.java | 48 ++-------------- .../impl/InMemoryUserDetailsService.java | 4 -- .../main/resources/application-security.yml | 9 +-- .../base/ServiceBaseMainApplication.java | 2 +- .../base/controller/CheckController.java | 40 ++++++++++++++ 14 files changed, 160 insertions(+), 162 deletions(-) delete mode 100644 auth-model/model-base/src/main/java/com/auth/model/base/vo/package-info.java delete mode 100644 auth-module/module-security/src/main/java/com/auth/module/security/service/impl/InMemoryUserDetailsService.java create mode 100644 auth-services/service-base/src/main/java/com/auth/service/base/controller/CheckController.java diff --git a/auth-common/src/main/java/com/auth/common/exception/GlobalExceptionHandler.java b/auth-common/src/main/java/com/auth/common/exception/GlobalExceptionHandler.java index 4928eaa..e7943f8 100644 --- a/auth-common/src/main/java/com/auth/common/exception/GlobalExceptionHandler.java +++ b/auth-common/src/main/java/com/auth/common/exception/GlobalExceptionHandler.java @@ -1,16 +1,19 @@ package com.auth.common.exception; +import com.auth.common.context.BaseContext; import com.auth.common.model.common.result.Result; import com.auth.common.model.common.result.ResultCodeEnum; import lombok.extern.slf4j.Slf4j; import org.springframework.context.support.DefaultMessageSourceResolvable; +import org.springframework.security.authorization.AuthorizationDeniedException; import org.springframework.util.StringUtils; import org.springframework.web.bind.MethodArgumentNotValidException; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.RestControllerAdvice; -import java.sql.SQLIntegrityConstraintViolationException; +import java.nio.file.AccessDeniedException; +import java.sql.SQLException; import java.util.regex.Matcher; import java.util.regex.Pattern; import java.util.stream.Collectors; @@ -69,9 +72,9 @@ public class GlobalExceptionHandler { // 表单验证字段 @ExceptionHandler(MethodArgumentNotValidException.class) public Result handleValidationExceptions(MethodArgumentNotValidException ex) { + log.error("表单验证失败,用户Id:{}", BaseContext.getUserId()); String errorMessage = ex.getBindingResult().getFieldErrors().stream() .map(DefaultMessageSourceResolvable::getDefaultMessage) - .distinct() .collect(Collectors.joining(", ")); return Result.error(null, 201, errorMessage); } @@ -85,10 +88,28 @@ public class GlobalExceptionHandler { return Result.error(null, 500, exception.getMessage()); } - // 处理SQL异常 - @ExceptionHandler(SQLIntegrityConstraintViolationException.class) + // spring security异常 + @ExceptionHandler(AccessDeniedException.class) @ResponseBody - public Result exceptionHandler(SQLIntegrityConstraintViolationException exception) { + public Result error(AccessDeniedException exception) { + log.error("GlobalExceptionHandler===>spring security异常:{}", exception.getMessage()); + + return Result.error(ResultCodeEnum.FAIL_NO_ACCESS_DENIED); + } + + // spring security异常 + @ExceptionHandler(AuthorizationDeniedException.class) + @ResponseBody + public Result error(AuthorizationDeniedException exception) { + log.warn("AuthorizationDeniedException===>spring security异常:{}", exception.getMessage()); + + return Result.error(ResultCodeEnum.FAIL_NO_ACCESS_DENIED); + } + + // 处理SQL异常 + @ExceptionHandler(SQLException.class) + @ResponseBody + public Result exceptionHandler(SQLException exception) { log.error("GlobalExceptionHandler===>处理SQL异常:{}", exception.getMessage()); String message = exception.getMessage(); @@ -99,4 +120,5 @@ public class GlobalExceptionHandler { return Result.error(ResultCodeEnum.UNKNOWN_EXCEPTION); } } + } diff --git a/auth-common/src/main/java/com/auth/common/utils/JwtTokenUtil.java b/auth-common/src/main/java/com/auth/common/utils/JwtTokenUtil.java index 3404d5d..5c80cd6 100644 --- a/auth-common/src/main/java/com/auth/common/utils/JwtTokenUtil.java +++ b/auth-common/src/main/java/com/auth/common/utils/JwtTokenUtil.java @@ -1,5 +1,6 @@ package com.auth.common.utils; + import com.auth.common.exception.AuthenticSecurityException; import com.auth.common.model.common.result.ResultCodeEnum; import io.jsonwebtoken.Claims; diff --git a/auth-dao/dao-base/src/main/java/com/auth/dao/base/entity/UserEntity.java b/auth-dao/dao-base/src/main/java/com/auth/dao/base/entity/UserEntity.java index a7e5a01..8ebe7ea 100644 --- a/auth-dao/dao-base/src/main/java/com/auth/dao/base/entity/UserEntity.java +++ b/auth-dao/dao-base/src/main/java/com/auth/dao/base/entity/UserEntity.java @@ -33,20 +33,11 @@ public class UserEntity extends BaseEntity /* implements UserDetails, Credential @Schema(name = "password", title = "密码") private String password; - @Schema(name = "avatar", title = "头像") + @Schema(name = "avatar", title = "头像URL") private String avatar; - @Schema(name = "summary", title = "个人描述") - private String summary; - - @Schema(name = "ipAddress", title = "最后登录IP") - private String ipAddress; - - @Schema(name = "ipRegion", title = "最后登录ip归属地") - private String ipRegion; - - @Schema(name = "status", title = "1:禁用 0:正常") - private Boolean status; + @Schema(name = "status", title = "状态(0=禁用,1=正常,2=锁定)") + private Integer status; @Schema(name = "salt", title = "密码盐值") private String salt; @@ -76,7 +67,7 @@ public class UserEntity extends BaseEntity /* implements UserDetails, Credential private Long postId; @Schema(name = "isDeleted", title = "是否删除") - private Integer isDeleted; + private Boolean isDeleted; // @TableField(exist = false) // private Set authorities; diff --git a/auth-dao/dao-base/src/main/java/com/auth/dao/base/view/UserRolePermission.java b/auth-dao/dao-base/src/main/java/com/auth/dao/base/view/UserRolePermission.java index bf79698..dcc4bda 100644 --- a/auth-dao/dao-base/src/main/java/com/auth/dao/base/view/UserRolePermission.java +++ b/auth-dao/dao-base/src/main/java/com/auth/dao/base/view/UserRolePermission.java @@ -16,50 +16,88 @@ import java.util.Date; public class UserRolePermission { // 用户角色关联信息 + @Schema(name = "userId", title = "用户Id") private Long userId; // 角色权限关联信息 + @Schema(name = "roleId", title = "角色Id") private Long roleId; + + @Schema(name = "permissionId", title = "权限Id") private Long permissionId; // 权限信息 + @Schema(name = "permissionCode", title = "权限编码") private String permissionCode; + @Schema(name = "permissionName", title = "权限名称") private String permissionName; + @Schema(name = "permissionType", title = "权限类型") private String permissionType; + @Schema(name = "url", title = "URL地址") private String url; + @Schema(name = "method", title = "请求方法") private String method; + @Schema(name = "permissionLevel", title = "权限层级") private Integer permissionLevel; + @Schema(name = "permissionPath", title = "权限路径") private String permissionPath; + @Schema(name = "permissionOrderNum", title = "排序号") private Integer permissionOrderNum; + @Schema(name = "permissionStatus", title = "状态(0禁用 1启用)") private Integer permissionStatus; + @Schema(name = "permissionRemark", title = "备注") private String permissionRemark; // 用户信息 + @Schema(name = "username", title = "用户名") private String username; + @Schema(name = "nickname", title = "昵称") private String nickname; + @Schema(name = "email", title = "邮箱") private String email; + @Schema(name = "phone", title = "手机号") private String phone; + @Schema(name = "salt", title = "加密盐值") private String salt; + @Schema(name = "password", title = "密码") private String password; + @Schema(name = "avatar", title = "头像") private String avatar; + @Schema(name = "gender", title = "性别(0未知 1男 2女)") private Integer gender; + @Schema(name = "birthday", title = "生日") private Date birthday; + @Schema(name = "introduction", title = "个人简介") private String introduction; + @Schema(name = "lastLoginIp", title = "最后登录IP") private String lastLoginIp; + @Schema(name = "lastLoginTime", title = "最后登录时间") private Date lastLoginTime; + @Schema(name = "lastLoginRegion", title = "最后登录地区") private String lastLoginRegion; + @Schema(name = "status", title = "状态(0禁用 1启用)") private Integer status; + @Schema(name = "deptId", title = "部门ID") private Long deptId; + @Schema(name = "postId", title = "岗位ID") private Long postId; + @Schema(name = "isDeleted", title = "是否删除(0否 1是)") private Boolean isDeleted; // 角色信息 + @Schema(name = "roleCode", title = "角色编码") private String roleCode; + @Schema(name = "roleName", title = "角色名称") private String roleName; + @Schema(name = "roleType", title = "角色类型") private String roleType; + @Schema(name = "roleDataScope", title = "数据范围") private String roleDataScope; + @Schema(name = "roleOrderNum", title = "排序号") private Integer roleOrderNum; + @Schema(name = "roleStatus", title = "状态(0禁用 1启用)") private Integer roleStatus; + @Schema(name = "roleRemark", title = "备注") private String roleRemark; } diff --git a/auth-dao/dao-base/src/main/resources/mapper/v1/UserMapper.xml b/auth-dao/dao-base/src/main/resources/mapper/v1/UserMapper.xml index bcbf97e..1b93336 100644 --- a/auth-dao/dao-base/src/main/resources/mapper/v1/UserMapper.xml +++ b/auth-dao/dao-base/src/main/resources/mapper/v1/UserMapper.xml @@ -11,10 +11,6 @@ - - - - @@ -30,14 +26,11 @@ - - id, - username,nickname,email,phone,password,avatar,sex,summary,ip_address,ip_region,status,is_deleted,salt,gender,birthday,introduction,last_login_ip,last_login_region,last_login_time,dept_id,post_id, - create_time, update_time, create_user, update_user, is_deleted + id, username,nickname,email,phone,password,avatar,status,is_deleted,salt,gender,birthday,introduction,last_login_ip,last_login_region,last_login_time,dept_id,post_id, create_time, update_time, create_user, update_user @@ -69,18 +62,6 @@ and base.avatar like CONCAT('%',#{dto.avatar},'%') - - and base.sex like CONCAT('%',#{dto.sex},'%') - - - and base.summary like CONCAT('%',#{dto.summary},'%') - - - and base.ip_address like CONCAT('%',#{dto.ipAddress},'%') - - - and base.ip_region like CONCAT('%',#{dto.ipRegion},'%') - and base.status like CONCAT('%',#{dto.status},'%') @@ -122,15 +103,15 @@ select * from v_user_role_permission vurp where vurp.user_id = #{userId} - and vurp.is_deleteds = 0 - and vurp.status = 0 + and vurp.is_deleted = 0 + and vurp.status = 1 diff --git a/auth-model/model-base/src/main/java/com/auth/model/base/vo/package-info.java b/auth-model/model-base/src/main/java/com/auth/model/base/vo/package-info.java deleted file mode 100644 index 684bcd3..0000000 --- a/auth-model/model-base/src/main/java/com/auth/model/base/vo/package-info.java +++ /dev/null @@ -1 +0,0 @@ -package com.auth.model.base.vo; \ No newline at end of file diff --git a/auth-module/module-security/src/main/java/com/auth/module/security/config/SecurityWebConfiguration.java b/auth-module/module-security/src/main/java/com/auth/module/security/config/SecurityWebConfiguration.java index 03f5ac2..3ead216 100644 --- a/auth-module/module-security/src/main/java/com/auth/module/security/config/SecurityWebConfiguration.java +++ b/auth-module/module-security/src/main/java/com/auth/module/security/config/SecurityWebConfiguration.java @@ -8,7 +8,6 @@ import com.auth.module.security.handler.SecurityAuthenticationEntryPoint; import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.security.authorization.method.PrePostTemplateDefaults; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; @@ -17,7 +16,6 @@ import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.web.SecurityFilterChain; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; - @Configuration @EnableWebSecurity @EnableMethodSecurity(jsr250Enabled = true) @@ -52,13 +50,25 @@ public class SecurityWebConfiguration { authorizeRequests // 不认证登录接口 .requestMatchers(pathsProperties.noAuthPaths.toArray(String[]::new)).permitAll() - // ❗只认证 securedPaths 下的所有接口 + // ❗安全路径配置说明❗ // ======================================================================= - // 也可以在这里写多参数传入,如:"/api/**","/admin/**" - // 但是在 Spring过滤器中,如果要放行不需要认证请求,但是需要认证的接口必需要携带token。 - // 做法是在这里定义要认证的接口,如果要做成动态可以放到数据库。 + // 主要功能:配置需要认证的接口路径(支持多个参数,如:"/api/**","/admin/**") + // + // 注意事项: + // 1. 此处配置会覆盖方法级的@PermitAll注解 + // 2. 如需"携带token则验证,否则放行"的动态效果,不可用此方式配置 + // - 原因:配置为authenticated()则必须登录 + // - 若配置为permitAll()则无法自动注入SecurityContext + // + // 最佳实践建议: + // 1. 固定需要强制认证的路径可在此配置(如:pathsProperties.securedPaths) + // 2. 动态路径建议: + // - 方案A:存储在数据库+自定义过滤器实现 + // - 方案B:使用方法级权限控制(@PreAuthorize等) + // + // 示例配置(当前项目): + // .requestMatchers(pathsProperties.securedPaths.toArray(String[]::new)).authenticated() // ======================================================================= - .requestMatchers(pathsProperties.securedPaths.toArray(String[]::new)).authenticated() // 其余请求都放行 .anyRequest().permitAll() ) @@ -73,35 +83,4 @@ public class SecurityWebConfiguration { return http.build(); } - - /** - * 注册一个用于Spring Security预授权/后授权的模板元注解默认配置Bean。 - * - *

该Bean提供了基于SpEL表达式的权限校验模板,可用于自定义组合注解。

- * - *

典型用法

- *

通过此配置可以简化自定义权限注解的定义,例如:

- * 
{@code
-     * @Target({ElementType.METHOD, ElementType.TYPE})
-     * @Retention(RetentionPolicy.RUNTIME)
-     * @PreAuthorize("hasAnyAuthority(  // 使用模板提供的表达式语法
-     * public @interface HasAnyAuthority {
-     *     String[] auth();  // 接收权限列表参数
-     * }
-     * }
- * - *

注意事项

- *
    - *
  • 需要确保Spring Security的预授权功能已启用
    • - *
  • 模板表达式应符合SpEL语法规范
    • - *
- * - * @return PrePostTemplateDefaults 实例,用于预/后授权注解的默认配置 - * @see org.springframework.security.access.prepost.PreAuthorize - * @see org.springframework.security.access.prepost.PostAuthorize - */ - @Bean - PrePostTemplateDefaults prePostTemplateDefaults() { - return new PrePostTemplateDefaults(); - } } \ No newline at end of file diff --git a/auth-module/module-security/src/main/java/com/auth/module/security/filter/JwtAuthenticationFilter.java b/auth-module/module-security/src/main/java/com/auth/module/security/filter/JwtAuthenticationFilter.java index e004c7f..4163bc2 100644 --- a/auth-module/module-security/src/main/java/com/auth/module/security/filter/JwtAuthenticationFilter.java +++ b/auth-module/module-security/src/main/java/com/auth/module/security/filter/JwtAuthenticationFilter.java @@ -1,5 +1,6 @@ package com.auth.module.security.filter; + import com.auth.common.context.BaseContext; import com.auth.common.exception.AuthenticSecurityException; import com.auth.common.exception.MyAuthenticationException; @@ -42,8 +43,10 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { @NotNull HttpServletResponse response, @NotNull FilterChain filterChain) throws ServletException, IOException { try { - - // 检查白名单路径 + // ======================================== + // 💡先检查白名单路径 + // 有可能会存在,需要认证路径中包含不需要认证路径。 + // ======================================== if (isNoAuthPath(request)) { filterChain.doFilter(request, response); return; @@ -64,14 +67,18 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { filterChain.doFilter(request, response); } catch (AuthenticSecurityException e) { // 直接处理认证异常,不再调用filterChain.doFilter() - MyAuthenticationException myAuthenticationException = new MyAuthenticationException(e.getMessage(), e); - securityAuthenticationEntryPoint.commence(request, response, myAuthenticationException); - + securityAuthenticationEntryPoint.commence( + request, + response, + new MyAuthenticationException(e.getMessage(), e) + ); } catch (RuntimeException e) { - MyAuthenticationException myAuthenticationException = new MyAuthenticationException("Authentication failed", e); - securityAuthenticationEntryPoint.commence(request, response, myAuthenticationException); + securityAuthenticationEntryPoint.commence( + request, + response, + new MyAuthenticationException("Authentication failed", e) + ); } - } private boolean validToken(@NotNull HttpServletRequest request) { @@ -128,4 +135,4 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter { .toArray(RequestMatcher[]::new); return new OrRequestMatcher(matchers).matches(request); } -} +} \ No newline at end of file diff --git a/auth-module/module-security/src/main/java/com/auth/module/security/service/DbUserDetailService.java b/auth-module/module-security/src/main/java/com/auth/module/security/service/DbUserDetailService.java index b6a8253..0ffc507 100644 --- a/auth-module/module-security/src/main/java/com/auth/module/security/service/DbUserDetailService.java +++ b/auth-module/module-security/src/main/java/com/auth/module/security/service/DbUserDetailService.java @@ -1,26 +1,7 @@ package com.auth.module.security.service; -import com.auth.dao.base.view.UserRolePermission; import org.springframework.security.core.userdetails.UserDetailsService; -import java.util.List; - public interface DbUserDetailService extends UserDetailsService { - /** - * 根据用户id查找该用户的角色内容 - * - * @param userRolePermissionList 用户角色权限列表 - * @return 当前用户的角色信息 - */ - List findUserRolesByUserId(List userRolePermissionList); - - /** - * 根据用户id查找该用户的权限内容 - * - * @param userId 用户id - * @return 当前用户的权限信息 - */ - List findPermissionByUserId(List userRolePermissionList); - } diff --git a/auth-module/module-security/src/main/java/com/auth/module/security/service/impl/DbUserDetailServiceImpl.java b/auth-module/module-security/src/main/java/com/auth/module/security/service/impl/DbUserDetailServiceImpl.java index 4e7e69c..f9b470d 100644 --- a/auth-module/module-security/src/main/java/com/auth/module/security/service/impl/DbUserDetailServiceImpl.java +++ b/auth-module/module-security/src/main/java/com/auth/module/security/service/impl/DbUserDetailServiceImpl.java @@ -38,10 +38,10 @@ public class DbUserDetailServiceImpl implements DbUserDetailService { } Long userId = userEntity.getId(); + List jaasGrantedAuthorities = new ArrayList<>(); + List userRolePermissionList = userMapper.selectUserRolePermissionByUsername(userId); Map> roleCodeMap = userRolePermissionList.stream().collect(Collectors.groupingBy(UserRolePermission::getRoleCode)); - - List jaasGrantedAuthorities = new ArrayList<>(); roleCodeMap.forEach((s, permissionCode) -> { List permissions = getPermissionByRoleCode(s, roleCodeMap).stream().map(SimpleGrantedAuthority::new).toList(); UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(s, null, permissions); @@ -49,32 +49,15 @@ public class DbUserDetailServiceImpl implements DbUserDetailService { jaasGrantedAuthorities.add(jaasGrantedAuthority); }); - List roles = findUserRolesByUserId(userRolePermissionList); - - // List list = new ArrayList<>(); - // // 设置用户角色 - // List roles = findUserRolesByUserId(userRolePermissionList); - // // 设置用户权限 - // List permissions = findPermissionByUserId(userRolePermissionList); - // list.addAll(roles); - // list.addAll(permissions); - - // Set authorities = list.stream() - // .map(SimpleGrantedAuthority::new) - // .collect(Collectors.toSet()); - - // 设置用户权限 - // userEntity.setAuthorities(authorities); - // // 返回时将用户密码置为空 - // userEntity.setPassword(null); - // return userEntity; + List roles = userRolePermissionList.stream().map(UserRolePermission::getRoleCode).toList(); return User.builder() .username(username) .password(userEntity.getPassword()) .roles(roles.toArray(String[]::new)) .authorities(jaasGrantedAuthorities) - .disabled(userEntity.getStatus()) + // 0=禁用,1=正常,2=锁定 + .disabled(!userEntity.getStatus().equals(1)) .build(); } @@ -90,25 +73,4 @@ public class DbUserDetailServiceImpl implements DbUserDetailService { .toList(); } - /** - * 根据用户id查找该用户的角色内容 - * - * @param userRolePermissionList 用户角色权限列表 - * @return 当前用户的角色信息 - */ - @Override - public List findUserRolesByUserId(List userRolePermissionList) { - return userRolePermissionList.stream().map(UserRolePermission::getRoleCode).toList(); - } - - /** - * 根据用户id查找该用户的权限内容 - * - * @param userRolePermissionList 用户角色权限列表 - * @return 当前用户的权限信息 - */ - @Override - public List findPermissionByUserId(List userRolePermissionList) { - return userRolePermissionList.stream().map(UserRolePermission::getPermissionCode).toList(); - } } diff --git a/auth-module/module-security/src/main/java/com/auth/module/security/service/impl/InMemoryUserDetailsService.java b/auth-module/module-security/src/main/java/com/auth/module/security/service/impl/InMemoryUserDetailsService.java deleted file mode 100644 index 29ee639..0000000 --- a/auth-module/module-security/src/main/java/com/auth/module/security/service/impl/InMemoryUserDetailsService.java +++ /dev/null @@ -1,4 +0,0 @@ -package com.auth.module.security.service.impl; - -// public interface InMemoryUserDetailsService extends UserDetailsService { -// } \ No newline at end of file diff --git a/auth-module/module-security/src/main/resources/application-security.yml b/auth-module/module-security/src/main/resources/application-security.yml index 35f8773..1c8fa27 100644 --- a/auth-module/module-security/src/main/resources/application-security.yml +++ b/auth-module/module-security/src/main/resources/application-security.yml @@ -8,9 +8,10 @@ jwtToken: # 认证和鉴权配置 security-path: + secured-paths: + - "/api/**" + no-auth-paths: + - "/*/login" + - "/api/public/**" admin-authorities: - "ADMIN" - no-auth-paths: - - "/api/public/**" - secured-paths: - - "/api/v1/**" \ No newline at end of file diff --git a/auth-services/service-base/src/main/java/com/auth/service/base/ServiceBaseMainApplication.java b/auth-services/service-base/src/main/java/com/auth/service/base/ServiceBaseMainApplication.java index e67da09..cbbef4e 100644 --- a/auth-services/service-base/src/main/java/com/auth/service/base/ServiceBaseMainApplication.java +++ b/auth-services/service-base/src/main/java/com/auth/service/base/ServiceBaseMainApplication.java @@ -6,7 +6,7 @@ import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.context.annotation.ComponentScan; @MapperScan(basePackages = "com.auth.dao.*.mapper") -@ComponentScan(basePackages = {"com.auth.service.base", "com.auth.dao", "com.auth.module"}) +@ComponentScan(basePackages = {"com.auth.common", "com.auth.service.base", "com.auth.dao", "com.auth.module.security"}) @SpringBootApplication public class ServiceBaseMainApplication { public static void main(String[] args) { diff --git a/auth-services/service-base/src/main/java/com/auth/service/base/controller/CheckController.java b/auth-services/service-base/src/main/java/com/auth/service/base/controller/CheckController.java new file mode 100644 index 0000000..2f13a02 --- /dev/null +++ b/auth-services/service-base/src/main/java/com/auth/service/base/controller/CheckController.java @@ -0,0 +1,40 @@ +package com.auth.service.base.controller; + +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.tags.Tag; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +@Tag(name = "检查接口", description = "检查当前用户的权限信息") +@RestController +@RequestMapping("/api/security") +public class CheckController { + + @Operation(summary = "当前用户的信息", description = "当前用户的信息") + @GetMapping("/current-user") + public Authentication getCurrentUser() { + Authentication auth = SecurityContextHolder.getContext().getAuthentication(); + System.out.println("Current user: " + auth.getName()); + System.out.println("Authorities: " + auth.getAuthorities()); + return auth; + } + + @Operation(summary = "获取用户详情", description = "获取用户详情") + @GetMapping("user-detail") + public UserDetails getCurrentUserDetail() { + Authentication auth = SecurityContextHolder.getContext().getAuthentication(); + Object principal = auth.getPrincipal(); + + if (principal instanceof UserDetails) { + return (UserDetails) principal; + } else { + return User.builder().username("未知").password("未知").build(); + } + } + +}