diff --git a/src/main/java/com/youlai/system/common/constant/CacheConstants.java b/src/main/java/com/youlai/system/common/constant/SecurityConstants.java similarity index 91% rename from src/main/java/com/youlai/system/common/constant/CacheConstants.java rename to src/main/java/com/youlai/system/common/constant/SecurityConstants.java index 8d5301eb..96594d8b 100644 --- a/src/main/java/com/youlai/system/common/constant/CacheConstants.java +++ b/src/main/java/com/youlai/system/common/constant/SecurityConstants.java @@ -6,7 +6,7 @@ package com.youlai.system.common.constant; * @author haoxr * @since 2023/11/24 */ -public interface CacheConstants { +public interface SecurityConstants { /** * 验证码缓存前缀 diff --git a/src/main/java/com/youlai/system/filter/CaptchaValidationFilter.java b/src/main/java/com/youlai/system/filter/CaptchaValidationFilter.java index f85088b1..83c467c0 100644 --- a/src/main/java/com/youlai/system/filter/CaptchaValidationFilter.java +++ b/src/main/java/com/youlai/system/filter/CaptchaValidationFilter.java @@ -2,8 +2,7 @@ package com.youlai.system.filter; import cn.hutool.captcha.generator.CodeGenerator; import cn.hutool.core.util.StrUtil; -import com.youlai.system.common.constant.CacheConstants; -import com.youlai.system.security.constant.SecurityConstants; +import com.youlai.system.common.constant.SecurityConstants; import com.youlai.system.common.result.ResultCode; import com.youlai.system.common.util.ResponseUtils; import jakarta.servlet.FilterChain; @@ -25,7 +24,7 @@ import java.io.IOException; */ public class CaptchaValidationFilter extends OncePerRequestFilter { - private static final AntPathRequestMatcher LOGIN_PATH_REQUEST_MATCHER = new AntPathRequestMatcher(SecurityConstants.LOGIN_PATH, "POST"); + private static final AntPathRequestMatcher LOGIN_PATH_REQUEST_MATCHER = new AntPathRequestMatcher(com.youlai.system.security.constant.SecurityConstants.LOGIN_PATH, "POST"); public static final String CAPTCHA_CODE_PARAM_NAME = "captchaCode"; public static final String CAPTCHA_KEY_PARAM_NAME = "captchaKey"; @@ -53,7 +52,7 @@ public class CaptchaValidationFilter extends OncePerRequestFilter { } // 缓存中的验证码 String verifyCodeKey = request.getParameter(CAPTCHA_KEY_PARAM_NAME); - String cacheVerifyCode = (String) redisTemplate.opsForValue().get(CacheConstants.CAPTCHA_CODE_PREFIX + verifyCodeKey); + String cacheVerifyCode = (String) redisTemplate.opsForValue().get(SecurityConstants.CAPTCHA_CODE_PREFIX + verifyCodeKey); if (cacheVerifyCode == null) { ResponseUtils.writeErrMsg(response, ResultCode.VERIFY_CODE_TIMEOUT); } else { diff --git a/src/main/java/com/youlai/system/filter/JwtValidationFilter.java b/src/main/java/com/youlai/system/filter/JwtValidationFilter.java index 15ddfc85..110ca1e4 100644 --- a/src/main/java/com/youlai/system/filter/JwtValidationFilter.java +++ b/src/main/java/com/youlai/system/filter/JwtValidationFilter.java @@ -3,7 +3,7 @@ package com.youlai.system.filter; import cn.hutool.core.convert.Convert; import cn.hutool.core.util.StrUtil; import cn.hutool.jwt.JWTPayload; -import com.youlai.system.common.constant.CacheConstants; +import com.youlai.system.common.constant.SecurityConstants; import com.youlai.system.common.result.ResultCode; import com.youlai.system.security.util.JwtUtils; import com.youlai.system.common.util.ResponseUtils; @@ -49,7 +49,7 @@ public class JwtValidationFilter extends OncePerRequestFilter { Map payload = JwtUtils.parseToken(token); String jti = Convert.toStr(payload.get(JWTPayload.JWT_ID)); - Boolean isTokenBlacklisted = redisTemplate.hasKey(CacheConstants.BLACKLIST_TOKEN_PREFIX + jti); + Boolean isTokenBlacklisted = redisTemplate.hasKey(SecurityConstants.BLACKLIST_TOKEN_PREFIX + jti); if (Boolean.TRUE.equals(isTokenBlacklisted)) { ResponseUtils.writeErrMsg(response, ResultCode.TOKEN_INVALID); return; diff --git a/src/main/java/com/youlai/system/mapper/SysUserRoleMapper.java b/src/main/java/com/youlai/system/mapper/SysUserRoleMapper.java index 091b34ad..7b96ec00 100644 --- a/src/main/java/com/youlai/system/mapper/SysUserRoleMapper.java +++ b/src/main/java/com/youlai/system/mapper/SysUserRoleMapper.java @@ -14,7 +14,7 @@ import org.apache.ibatis.annotations.Mapper; public interface SysUserRoleMapper extends BaseMapper { /** - * 统计角色下绑定的用户数量 + * 获取角色绑定的用户数 * * @param roleId 角色ID */ diff --git a/src/main/java/com/youlai/system/security/service/PermissionService.java b/src/main/java/com/youlai/system/security/service/PermissionService.java index db627e75..7f6f4021 100644 --- a/src/main/java/com/youlai/system/security/service/PermissionService.java +++ b/src/main/java/com/youlai/system/security/service/PermissionService.java @@ -2,11 +2,8 @@ package com.youlai.system.security.service; import cn.hutool.core.collection.CollectionUtil; import cn.hutool.core.util.StrUtil; -import com.youlai.system.common.constant.CacheConstants; +import com.youlai.system.common.constant.SecurityConstants; import com.youlai.system.security.util.SecurityUtils; -import com.youlai.system.model.bo.RolePermsBO; -import com.youlai.system.service.SysRoleMenuService; -import jakarta.annotation.PostConstruct; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.springframework.data.redis.core.RedisTemplate; @@ -28,102 +25,6 @@ public class PermissionService { private final RedisTemplate redisTemplate; - private final SysRoleMenuService roleMenuService; - - /** - * 初始化权限缓存 - */ - @PostConstruct - public void initRolePermsCache() { - refreshRolePermsCache(); - } - - /** - * 刷新权限缓存 - */ - public void refreshRolePermsCache() { - // 清理权限缓存 - redisTemplate.opsForHash().delete(CacheConstants.ROLE_PERMS_PREFIX, "*"); - - List list = roleMenuService.getRolePermsList(null); - if (CollectionUtil.isNotEmpty(list)) { - list.forEach(item -> { - String roleCode = item.getRoleCode(); - Set perms = item.getPerms(); - redisTemplate.opsForHash().put(CacheConstants.ROLE_PERMS_PREFIX, roleCode, perms); - }); - } - } - - /** - * 刷新权限缓存 - */ - public void refreshRolePermsCache(String roleCode) { - // 清理权限缓存 - redisTemplate.opsForHash().delete(CacheConstants.ROLE_PERMS_PREFIX, roleCode); - - List list = roleMenuService.getRolePermsList(roleCode); - if (CollectionUtil.isNotEmpty(list)) { - RolePermsBO rolePerms = list.get(0); - if (rolePerms == null) { - return; - } - - Set perms = rolePerms.getPerms(); - redisTemplate.opsForHash().put(CacheConstants.ROLE_PERMS_PREFIX, roleCode, perms); - } - } - - /** - * 刷新权限缓存 (角色编码变更时调用) - */ - public void refreshRolePermsCache(String oldRoleCode, String newRoleCode) { - // 清理旧角色权限缓存 - redisTemplate.opsForHash().delete(CacheConstants.ROLE_PERMS_PREFIX, oldRoleCode); - - // 添加新角色权限缓存 - List list = roleMenuService.getRolePermsList(newRoleCode); - if (CollectionUtil.isNotEmpty(list)) { - RolePermsBO rolePerms = list.get(0); - if (rolePerms == null) { - return; - } - - Set perms = rolePerms.getPerms(); - redisTemplate.opsForHash().put(CacheConstants.ROLE_PERMS_PREFIX, newRoleCode, perms); - } - } - - - /** - * 获取角色权限列表 - * - * @param roleCodes 角色编码集合 - * @return 角色权限列表 - */ - public Set getRolePermsFormCache(Set roleCodes) { - // 检查输入是否为空 - if (CollectionUtil.isEmpty(roleCodes)) { - return Collections.emptySet(); - } - - Set perms = new HashSet<>(); - // 从缓存中一次性获取所有角色的权限 - Collection roleCodesAsObjects = new ArrayList<>(roleCodes); - List rolePermsList = redisTemplate.opsForHash().multiGet(CacheConstants.ROLE_PERMS_PREFIX, roleCodesAsObjects); - - for (Object rolePermsObj : rolePermsList) { - if (rolePermsObj instanceof Set) { - @SuppressWarnings("unchecked") - Set rolePerms = (Set) rolePermsObj; - perms.addAll(rolePerms); - } - } - - return perms; - } - - /** * 判断当前登录用户是否拥有操作权限 * @@ -165,4 +66,32 @@ public class PermissionService { } + /** + * 从缓存中获取角色权限列表 + * + * @param roleCodes 角色编码集合 + * @return 角色权限列表 + */ + public Set getRolePermsFormCache(Set roleCodes) { + // 检查输入是否为空 + if (CollectionUtil.isEmpty(roleCodes)) { + return Collections.emptySet(); + } + + Set perms = new HashSet<>(); + // 从缓存中一次性获取所有角色的权限 + Collection roleCodesAsObjects = new ArrayList<>(roleCodes); + List rolePermsList = redisTemplate.opsForHash().multiGet(SecurityConstants.ROLE_PERMS_PREFIX, roleCodesAsObjects); + + for (Object rolePermsObj : rolePermsList) { + if (rolePermsObj instanceof Set) { + @SuppressWarnings("unchecked") + Set rolePerms = (Set) rolePermsObj; + perms.addAll(rolePerms); + } + } + + return perms; + } + } diff --git a/src/main/java/com/youlai/system/security/util/SecurityUtils.java b/src/main/java/com/youlai/system/security/util/SecurityUtils.java index 84c2aba8..a2570460 100644 --- a/src/main/java/com/youlai/system/security/util/SecurityUtils.java +++ b/src/main/java/com/youlai/system/security/util/SecurityUtils.java @@ -20,7 +20,7 @@ public class SecurityUtils { /** * 获取当前登录人信息 * - * @return + * @return SysUserDetails */ public static SysUserDetails getUser() { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); @@ -36,7 +36,7 @@ public class SecurityUtils { /** * 获取用户ID * - * @return + * @return Long */ public static Long getUserId() { Long userId = Convert.toLong(getUser().getUserId()); @@ -65,7 +65,7 @@ public class SecurityUtils { /** * 获取用户角色集合 * - * @return + * @return 角色集合 */ public static Set getRoles() { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); @@ -80,25 +80,6 @@ public class SecurityUtils { return Collections.EMPTY_SET; } - /** - * 获取用户权限集合 - * - * @return - */ - public static Set getPerms() { - Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); - if (authentication != null) { - Collection authorities = authentication.getAuthorities(); - if (CollectionUtil.isNotEmpty(authorities)) { - return authorities.stream() - .map(GrantedAuthority::getAuthority) - .filter(authority -> !authority.startsWith("ROLE_")) - .collect(Collectors.toSet()); - } - } - return Collections.EMPTY_SET; - } - /** * 是否超级管理员 *

@@ -111,23 +92,4 @@ public class SecurityUtils { return roles.contains(SystemConstants.ROOT_ROLE_CODE); } - - /** - * 是否拥有权限判断 - *

- * 适用业务判断(接口权限判断适用Spring Security 自带注解 PreAuthorize 判断即可 ) - * - * @return - */ - public static boolean hasPerm(String perm) { - - if (isRoot()) { - return true; - } - - Set perms = getPerms(); - - return perms.stream().anyMatch(item -> PatternMatchUtils.simpleMatch(perm, item)); - } - } diff --git a/src/main/java/com/youlai/system/service/SysRoleMenuService.java b/src/main/java/com/youlai/system/service/SysRoleMenuService.java index 03786a00..37ebea97 100644 --- a/src/main/java/com/youlai/system/service/SysRoleMenuService.java +++ b/src/main/java/com/youlai/system/service/SysRoleMenuService.java @@ -2,11 +2,9 @@ package com.youlai.system.service; import com.baomidou.mybatisplus.extension.service.IService; -import com.youlai.system.model.bo.RolePermsBO; import com.youlai.system.model.entity.SysRoleMenu; import java.util.List; -import java.util.Set; /** * 角色菜单业务接口 @@ -26,9 +24,23 @@ public interface SysRoleMenuService extends IService { /** - * 获取角色和权限的列表 - * - * @return 角色权限的列表 + * 刷新权限缓存(所有角色) */ - List getRolePermsList(String roleCode); + void refreshRolePermsCache(); + + /** + * 刷新权限缓存(指定角色) + * + * @param roleCode 角色编码 + */ + void refreshRolePermsCache(String roleCode); + + /** + * 刷新权限缓存(修改角色编码时调用) + * + * @param oldRoleCode 旧角色编码 + * @param newRoleCode 新角色编码 + */ + void refreshRolePermsCache(String oldRoleCode, String newRoleCode); + } diff --git a/src/main/java/com/youlai/system/service/SysUserRoleService.java b/src/main/java/com/youlai/system/service/SysUserRoleService.java index d798809f..5bb52b9d 100644 --- a/src/main/java/com/youlai/system/service/SysUserRoleService.java +++ b/src/main/java/com/youlai/system/service/SysUserRoleService.java @@ -23,5 +23,5 @@ public interface SysUserRoleService extends IService { * @param roleId 角色ID * @return true:已分配 false:未分配 */ - boolean isRoleAssignedToUser(Long roleId); + boolean hasAssignedUsers(Long roleId); } diff --git a/src/main/java/com/youlai/system/service/impl/AuthServiceImpl.java b/src/main/java/com/youlai/system/service/impl/AuthServiceImpl.java index f7ce665f..bd38b2e3 100644 --- a/src/main/java/com/youlai/system/service/impl/AuthServiceImpl.java +++ b/src/main/java/com/youlai/system/service/impl/AuthServiceImpl.java @@ -7,7 +7,7 @@ import cn.hutool.core.convert.Convert; import cn.hutool.core.util.IdUtil; import cn.hutool.core.util.StrUtil; import cn.hutool.jwt.JWTPayload; -import com.youlai.system.common.constant.CacheConstants; +import com.youlai.system.common.constant.SecurityConstants; import com.youlai.system.common.enums.CaptchaTypeEnum; import com.youlai.system.model.dto.CaptchaResult; import com.youlai.system.model.dto.LoginResult; @@ -81,9 +81,9 @@ public class AuthServiceImpl implements AuthService { Long expiration = Convert.toLong(claims.get(JWTPayload.EXPIRES_AT)); if (expiration != null) { long ttl = expiration - System.currentTimeMillis() / 1000; - redisTemplate.opsForValue().set(CacheConstants.BLACKLIST_TOKEN_PREFIX + jti, null, ttl, TimeUnit.SECONDS); + redisTemplate.opsForValue().set(SecurityConstants.BLACKLIST_TOKEN_PREFIX + jti, null, ttl, TimeUnit.SECONDS); } else { - redisTemplate.opsForValue().set(CacheConstants.BLACKLIST_TOKEN_PREFIX + jti, null); + redisTemplate.opsForValue().set(SecurityConstants.BLACKLIST_TOKEN_PREFIX + jti, null); } } SecurityContextHolder.clearContext(); @@ -124,7 +124,7 @@ public class AuthServiceImpl implements AuthService { // 验证码文本缓存至Redis,用于登录校验 String captchaKey = IdUtil.fastSimpleUUID(); - redisTemplate.opsForValue().set(CacheConstants.CAPTCHA_CODE_PREFIX + captchaKey, captchaCode, + redisTemplate.opsForValue().set(SecurityConstants.CAPTCHA_CODE_PREFIX + captchaKey, captchaCode, captchaProperties.getExpireSeconds(), TimeUnit.SECONDS); return CaptchaResult.builder() diff --git a/src/main/java/com/youlai/system/service/impl/SysMenuServiceImpl.java b/src/main/java/com/youlai/system/service/impl/SysMenuServiceImpl.java index 395e6217..271eed16 100644 --- a/src/main/java/com/youlai/system/service/impl/SysMenuServiceImpl.java +++ b/src/main/java/com/youlai/system/service/impl/SysMenuServiceImpl.java @@ -18,8 +18,8 @@ import com.youlai.system.model.form.MenuForm; import com.youlai.system.model.query.MenuQuery; import com.youlai.system.model.vo.MenuVO; import com.youlai.system.model.vo.RouteVO; -import com.youlai.system.security.service.PermissionService; import com.youlai.system.service.SysMenuService; +import com.youlai.system.service.SysRoleMenuService; import lombok.RequiredArgsConstructor; import org.apache.commons.lang3.StringUtils; import org.springframework.cache.annotation.CacheEvict; @@ -43,7 +43,7 @@ public class SysMenuServiceImpl extends ServiceImpl impl private final MenuConverter menuConverter; - private final PermissionService permissionService; + private final SysRoleMenuService roleMenuService; /** @@ -224,7 +224,7 @@ public class SysMenuServiceImpl extends ServiceImpl impl if (result) { // 编辑刷新角色权限缓存 if (menuForm.getId() != null) { - permissionService.refreshRolePermsCache(); + roleMenuService.refreshRolePermsCache(); } } return result; @@ -251,7 +251,7 @@ public class SysMenuServiceImpl extends ServiceImpl impl * * @param menuId 菜单ID * @param visible 是否显示(1->显示;2->隐藏) - * @return + * @return 是否修改成功 */ @Override @CacheEvict(cacheNames = "menu", key = "'routes'") @@ -302,7 +302,7 @@ public class SysMenuServiceImpl extends ServiceImpl impl // 刷新角色权限缓存 if (result) { - permissionService.refreshRolePermsCache(); + roleMenuService.refreshRolePermsCache(); } return result; diff --git a/src/main/java/com/youlai/system/service/impl/SysRoleMenuServiceImpl.java b/src/main/java/com/youlai/system/service/impl/SysRoleMenuServiceImpl.java index b937026a..0625201b 100644 --- a/src/main/java/com/youlai/system/service/impl/SysRoleMenuServiceImpl.java +++ b/src/main/java/com/youlai/system/service/impl/SysRoleMenuServiceImpl.java @@ -1,13 +1,19 @@ package com.youlai.system.service.impl; +import cn.hutool.core.collection.CollectionUtil; import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl; +import com.youlai.system.common.constant.SecurityConstants; import com.youlai.system.mapper.SysRoleMenuMapper; import com.youlai.system.model.bo.RolePermsBO; import com.youlai.system.model.entity.SysRoleMenu; import com.youlai.system.service.SysRoleMenuService; +import jakarta.annotation.PostConstruct; +import lombok.RequiredArgsConstructor; +import org.springframework.data.redis.core.RedisTemplate; import org.springframework.stereotype.Service; import java.util.List; +import java.util.Set; /** @@ -17,8 +23,79 @@ import java.util.List; * @since 2.5.0 */ @Service +@RequiredArgsConstructor public class SysRoleMenuServiceImpl extends ServiceImpl implements SysRoleMenuService { + private final RedisTemplate redisTemplate; + + /** + * 初始化权限缓存 + */ + @PostConstruct + public void initRolePermsCache() { + refreshRolePermsCache(); + } + + /** + * 刷新权限缓存 + */ + @Override + public void refreshRolePermsCache() { + // 清理权限缓存 + redisTemplate.opsForHash().delete(SecurityConstants.ROLE_PERMS_PREFIX, "*"); + + List list = this.baseMapper.getRolePermsList(null); + if (CollectionUtil.isNotEmpty(list)) { + list.forEach(item -> { + String roleCode = item.getRoleCode(); + Set perms = item.getPerms(); + redisTemplate.opsForHash().put(SecurityConstants.ROLE_PERMS_PREFIX, roleCode, perms); + }); + } + } + + /** + * 刷新权限缓存 + */ + @Override + public void refreshRolePermsCache(String roleCode) { + // 清理权限缓存 + redisTemplate.opsForHash().delete(SecurityConstants.ROLE_PERMS_PREFIX, roleCode); + + List list = this.baseMapper.getRolePermsList(roleCode); + if (CollectionUtil.isNotEmpty(list)) { + RolePermsBO rolePerms = list.get(0); + if (rolePerms == null) { + return; + } + + Set perms = rolePerms.getPerms(); + redisTemplate.opsForHash().put(SecurityConstants.ROLE_PERMS_PREFIX, roleCode, perms); + } + } + + /** + * 刷新权限缓存 (角色编码变更时调用) + */ + @Override + public void refreshRolePermsCache(String oldRoleCode, String newRoleCode) { + // 清理旧角色权限缓存 + redisTemplate.opsForHash().delete(SecurityConstants.ROLE_PERMS_PREFIX, oldRoleCode); + + // 添加新角色权限缓存 + List list =this.baseMapper.getRolePermsList(newRoleCode); + if (CollectionUtil.isNotEmpty(list)) { + RolePermsBO rolePerms = list.get(0); + if (rolePerms == null) { + return; + } + + Set perms = rolePerms.getPerms(); + redisTemplate.opsForHash().put(SecurityConstants.ROLE_PERMS_PREFIX, newRoleCode, perms); + } + } + + /** * 获取角色拥有的菜单ID集合 * @@ -31,15 +108,4 @@ public class SysRoleMenuServiceImpl extends ServiceImpl getRolePermsList(String roleCode) { - List rolePerms= this.baseMapper.getRolePermsList(roleCode); - return rolePerms; - } - } diff --git a/src/main/java/com/youlai/system/service/impl/SysUserRoleServiceImpl.java b/src/main/java/com/youlai/system/service/impl/SysUserRoleServiceImpl.java index b88bcd3e..782edc7e 100644 --- a/src/main/java/com/youlai/system/service/impl/SysUserRoleServiceImpl.java +++ b/src/main/java/com/youlai/system/service/impl/SysUserRoleServiceImpl.java @@ -75,7 +75,7 @@ public class SysUserRoleServiceImpl extends ServiceImpl 0; } diff --git a/src/main/resources/mapper/SysUserRoleMapper.xml b/src/main/resources/mapper/SysUserRoleMapper.xml index 499ad4cc..baff3076 100644 --- a/src/main/resources/mapper/SysUserRoleMapper.xml +++ b/src/main/resources/mapper/SysUserRoleMapper.xml @@ -14,13 +14,13 @@ user_id = #{userId} - +