github
/
eladmin
mirror of https://github.com/elunez/eladmin
1
0
Fork 0
Code Issues Releases Wiki Activity

自定义权限验证逻辑优化

pull/189/head
dqjdda 2019-11-04 13:55:28 +08:00
parent fd9fb2a600
commit ef03d1c80b
2 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
eladmin-common/src/main/java/me/zhengjie/config/ElPermissionConfig.java
View File

@ -19,7 +19,6 @@ public class ElPermissionConfig {
// 获取当前用户的所有权限 // 获取当前用户的所有权限
List<String> elPermissions = SecurityUtils.getUserDetails().getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList()); List<String> elPermissions = SecurityUtils.getUserDetails().getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
// 判断当前用户的所有权限是否包含接口上定义的权限 // 判断当前用户的所有权限是否包含接口上定义的权限
List<String> list = Arrays.stream(permissions).filter(elPermissions::contains).collect(Collectors.toList()); return elPermissions.contains("admin") || Arrays.stream(permissions).anyMatch(elPermissions::contains);
return elPermissions.contains("admin") || list.size() != 0;
} }
} }

12
eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthenticationController.java
View File

@ -61,21 +61,21 @@ public class AuthenticationController {
@ApiOperation("登录授权") @ApiOperation("登录授权")
@AnonymousAccess @AnonymousAccess
@PostMapping(value = "/login") @PostMapping(value = "/login")
public ResponseEntity login(@Validated @RequestBody AuthUser authorizationUser, HttpServletRequest request){ public ResponseEntity login(@Validated @RequestBody AuthUser authUser, HttpServletRequest request){
// 查询验证码 // 查询验证码
String code = redisService.getCodeVal(authorizationUser.getUuid()); String code = redisService.getCodeVal(authUser.getUuid());
// 清除验证码 // 清除验证码
redisService.delete(authorizationUser.getUuid()); redisService.delete(authUser.getUuid());
if (StringUtils.isBlank(code)) { if (StringUtils.isBlank(code)) {
throw new BadRequestException("验证码已过期"); throw new BadRequestException("验证码已过期");
} }
if (StringUtils.isBlank(authorizationUser.getCode()) || !authorizationUser.getCode().equalsIgnoreCase(code)) { if (StringUtils.isBlank(authUser.getCode()) || !authUser.getCode().equalsIgnoreCase(code)) {
throw new BadRequestException("验证码错误"); throw new BadRequestException("验证码错误");
} }
final JwtUser jwtUser = (JwtUser) userDetailsService.loadUserByUsername(authorizationUser.getUsername()); final JwtUser jwtUser = (JwtUser) userDetailsService.loadUserByUsername(authUser.getUsername());
if(!jwtUser.getPassword().equals(EncryptUtils.encryptPassword(authorizationUser.getPassword()))){ if(!jwtUser.getPassword().equals(EncryptUtils.encryptPassword(authUser.getPassword()))){
throw new AccountExpiredException("密码错误"); throw new AccountExpiredException("密码错误");
} }