tongtong/youlai-boot
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor: spring security 代码规范优化

Browse Source
This commit is contained in:
haoxr
2024-12-18 21:45:18 +08:00
parent bd0f42f80b
commit 852961275b
3 changed files with 60 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/main/java/com/youlai/boot/common/constant/SecurityConstants.java
View File

@@ -39,4 +39,9 @@ public interface SecurityConstants {
* 微信登录路径 * 微信登录路径
*/ */
String WECHAT_LOGIN_PATH = "/api/v1/auth/wechat-login"; String WECHAT_LOGIN_PATH = "/api/v1/auth/wechat-login";
/**
* 角色前缀 Spring Security 的 authorities 角色前缀,用于区分角色和权限
*/
String ROLE_PREFIX = "ROLE_";
} }

61
src/main/java/com/youlai/boot/core/security/model/SysUserDetails.java
View File

@@ -2,9 +2,9 @@ package com.youlai.boot.core.security.model;
import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.util.ObjectUtil; import cn.hutool.core.util.ObjectUtil;
import com.youlai.boot.common.constant.SecurityConstants;
import com.youlai.boot.system.model.dto.UserAuthInfo; import com.youlai.boot.system.model.dto.UserAuthInfo;
import lombok.Data; import lombok.Data;
import lombok.Getter;
import lombok.NoArgsConstructor; import lombok.NoArgsConstructor;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -12,51 +12,76 @@ import org.springframework.security.core.userdetails.UserDetails;
import java.util.Collection; import java.util.Collection;
import java.util.Collections; import java.util.Collections;
import java.util.Set;
import java.util.stream.Collectors; import java.util.stream.Collectors;
/** /**
* Spring Security 用户对象 * Spring Security 用户认证对象
* <p>
* 封装了用户的基本信息和权限信息,供 Spring Security 进行用户认证与授权。
* 实现了 {@link UserDetails} 接口,提供用户的核心信息。
* *
* @author haoxr * @author Ray.Hao
* @since 3.0.0 * @version 3.0.0
*/ */
@Data @Data
@NoArgsConstructor @NoArgsConstructor
public class SysUserDetails implements UserDetails { public class SysUserDetails implements UserDetails {
@Getter /**
* 用户ID
*/
private Long userId; private Long userId;
/**
* 用户名
*/
private String username; private String username;
/**
* 密码
*/
private String password; private String password;
/**
* 账号是否启用true启用false禁用
*/
private Boolean enabled; private Boolean enabled;
private Collection<SimpleGrantedAuthority> authorities; /**
* 部门ID
*/
private Long deptId; private Long deptId;
/**
* 数据权限范围
*/
private Integer dataScope; private Integer dataScope;
/**
* 用户角色权限集合
*/
private Collection<SimpleGrantedAuthority> authorities;
/**
* 构造函数:根据用户认证信息初始化用户详情对象
*
* @param user 用户认证信息对象 {@link UserAuthInfo}
*/
public SysUserDetails(UserAuthInfo user) { public SysUserDetails(UserAuthInfo user) {
this.userId = user.getUserId(); this.userId = user.getUserId();
Set<String> roles = user.getRoles();
Set<SimpleGrantedAuthority> authorities;
if (CollectionUtil.isNotEmpty(roles)) {
authorities = roles.stream()
.map(role -> new SimpleGrantedAuthority("ROLE_" + role)) // 标识角色
.collect(Collectors.toSet());
} else {
authorities = Collections.emptySet();
}
this.authorities = authorities;
this.username = user.getUsername(); this.username = user.getUsername();
this.password = user.getPassword(); this.password = user.getPassword();
this.enabled = ObjectUtil.equal(user.getStatus(), 1); this.enabled = ObjectUtil.equal(user.getStatus(), 1);
this.deptId = user.getDeptId(); this.deptId = user.getDeptId();
this.dataScope = user.getDataScope(); this.dataScope = user.getDataScope();
// 初始化角色权限集合
this.authorities = CollectionUtil.isNotEmpty(user.getRoles())
? user.getRoles().stream()
// 角色名加上前缀 "ROLE_",用于区分角色 (ROLE_ADMIN) 和权限 (user:add)
.map(role -> new SimpleGrantedAuthority(SecurityConstants.ROLE_PREFIX + role))
.collect(Collectors.toSet())
: Collections.emptySet();
} }

21
src/main/java/com/youlai/boot/core/security/util/SecurityUtils.java
View File

@@ -2,6 +2,7 @@ package com.youlai.boot.core.security.util;
import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.util.StrUtil; import cn.hutool.core.util.StrUtil;
import com.youlai.boot.common.constant.SecurityConstants;
import com.youlai.boot.common.constant.SystemConstants; import com.youlai.boot.common.constant.SystemConstants;
import com.youlai.boot.core.security.model.SysUserDetails; import com.youlai.boot.core.security.model.SysUserDetails;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
@@ -83,22 +84,22 @@ public class SecurityUtils {
/** /**
* 获取用户角色集合 * 获取角色集合
* *
* @return 角色集合 * @return 角色集合
*/ */
public static Set<String> getRoles() { public static Set<String> getRoles() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); return Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication())
if (authentication != null) { .map(Authentication::getAuthorities)
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities(); .filter(CollectionUtil::isNotEmpty)
if (CollectionUtil.isNotEmpty(authorities)) { .stream()
return authorities.stream().filter(item -> item.getAuthority().startsWith("ROLE_")) .flatMap(Collection::stream)
.map(item -> StrUtil.removePrefix(item.getAuthority(), "ROLE_")) .map(GrantedAuthority::getAuthority)
// 筛选角色,authorities 中的角色都是以 ROLE_ 开头
.filter(authority -> authority.startsWith(SecurityConstants.ROLE_PREFIX))
.map(authority -> StrUtil.removePrefix(authority, SecurityConstants.ROLE_PREFIX))
.collect(Collectors.toSet()); .collect(Collectors.toSet());
} }
}
return Collections.EMPTY_SET;
}
/** /**
* 是否超级管理员 * 是否超级管理员