自定义权限验证逻辑优化

2019-11-04 13:55:28 +08:00 · 2019-11-04 13:55:28 +08:00 · ef03d1c80b
parent fd9fb2a600
commit ef03d1c80b
2 changed files with 7 additions and 8 deletions
--- a/eladmin-common/src/main/java/me/zhengjie/config/ElPermissionConfig.java
+++ b/eladmin-common/src/main/java/me/zhengjie/config/ElPermissionConfig.java
@ -19,7 +19,6 @@ public class ElPermissionConfig {
        // 获取当前用户的所有权限
        List<String> elPermissions = SecurityUtils.getUserDetails().getAuthorities().stream().map(GrantedAuthority::getAuthority).collect(Collectors.toList());
        // 判断当前用户的所有权限是否包含接口上定义的权限
-        List<String> list = Arrays.stream(permissions).filter(elPermissions::contains).collect(Collectors.toList());
-        return elPermissions.contains("admin") || list.size() != 0;
+        return elPermissions.contains("admin") || Arrays.stream(permissions).anyMatch(elPermissions::contains);
    }
 }
--- a/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthenticationController.java
+++ b/eladmin-system/src/main/java/me/zhengjie/modules/security/rest/AuthenticationController.java
@ -61,21 +61,21 @@ public class AuthenticationController {
    @ApiOperation("登录授权")
    @AnonymousAccess
    @PostMapping(value = "/login")
-    public ResponseEntity login(@Validated @RequestBody AuthUser authorizationUser, HttpServletRequest request){
+    public ResponseEntity login(@Validated @RequestBody AuthUser authUser, HttpServletRequest request){

        // 查询验证码
-        String code = redisService.getCodeVal(authorizationUser.getUuid());
+        String code = redisService.getCodeVal(authUser.getUuid());
        // 清除验证码
-        redisService.delete(authorizationUser.getUuid());
+        redisService.delete(authUser.getUuid());
        if (StringUtils.isBlank(code)) {
            throw new BadRequestException("验证码已过期");
        }
-        if (StringUtils.isBlank(authorizationUser.getCode()) || !authorizationUser.getCode().equalsIgnoreCase(code)) {
+        if (StringUtils.isBlank(authUser.getCode()) || !authUser.getCode().equalsIgnoreCase(code)) {
            throw new BadRequestException("验证码错误");
        }
-        final JwtUser jwtUser = (JwtUser) userDetailsService.loadUserByUsername(authorizationUser.getUsername());
+        final JwtUser jwtUser = (JwtUser) userDetailsService.loadUserByUsername(authUser.getUsername());

-        if(!jwtUser.getPassword().equals(EncryptUtils.encryptPassword(authorizationUser.getPassword()))){
+        if(!jwtUser.getPassword().equals(EncryptUtils.encryptPassword(authUser.getPassword()))){
            throw new AccountExpiredException("密码错误");
        }