diff --git a/jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgBootExceptionHandler.java b/jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgBootExceptionHandler.java index 0d20dd83..8f9e0f4f 100644 --- a/jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgBootExceptionHandler.java +++ b/jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgBootExceptionHandler.java @@ -86,7 +86,6 @@ public class JeecgBootExceptionHandler { @ExceptionHandler(AccessDeniedException.class) public Result handleAuthorizationException(AccessDeniedException e){ - log.error(e.getMessage(), e); return Result.noauth("没有权限,请联系管理员授权"); } diff --git a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgPermissionService.java b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgPermissionService.java index fdb4a915..0ec33683 100644 --- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgPermissionService.java +++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgPermissionService.java @@ -2,13 +2,17 @@ package org.jeecg.config.security; import cn.hutool.core.util.ArrayUtil; import lombok.AllArgsConstructor; +import lombok.extern.slf4j.Slf4j; import org.jeecg.common.api.CommonAPI; import org.jeecg.common.system.vo.LoginUser; +import org.jeecg.common.util.RedisUtil; import org.jeecg.config.security.utils.SecureUtil; import org.springframework.stereotype.Service; import org.springframework.util.PatternMatchUtils; import org.springframework.util.StringUtils; +import java.util.Arrays; +import java.util.Objects; import java.util.Set; /** @@ -18,9 +22,13 @@ import java.util.Set; */ @Service("jps") @AllArgsConstructor +@Slf4j public class JeecgPermissionService { + private final String SPLIT = "::"; + private final String PERM_PREFIX = "jps" + SPLIT; private final CommonAPI commonAPI; + private final RedisUtil redisUtil; /** * 判断接口是否有任意xxx,xxx权限 @@ -32,9 +40,22 @@ public class JeecgPermissionService { return false; } LoginUser loginUser = SecureUtil.currentUser(); - Set permissionList = commonAPI.queryUserAuths(loginUser.getUsername()); - return permissionList.stream().filter(StringUtils::hasText) + + Object cache = redisUtil.get(buildKey("permission", loginUser.getUsername())); + Set permissionList; + if (Objects.nonNull(cache)) { + permissionList = (Set) cache; + } else { + permissionList = commonAPI.queryUserAuths(loginUser.getUsername()); + redisUtil.set(buildKey("permission", loginUser.getUsername()), permissionList); + } + + boolean pass = permissionList.stream().filter(StringUtils::hasText) .anyMatch(x -> PatternMatchUtils.simpleMatch(permissions, x)); + if (!pass) { + log.error("权限不足,缺少权限:"+ Arrays.toString(permissions)); + } + return pass; } /** @@ -47,8 +68,33 @@ public class JeecgPermissionService { return false; } LoginUser loginUser = SecureUtil.currentUser(); - Set roleList = commonAPI.queryUserRoles(loginUser.getUsername()); - return roleList.stream().filter(StringUtils::hasText) + + Object cache = redisUtil.get(buildKey("role", loginUser.getUsername())); + Set roleList; + if (Objects.nonNull(cache)) { + roleList = (Set) cache; + } else { + roleList = commonAPI.queryUserRoles(loginUser.getUsername()); + redisUtil.set(buildKey("role", loginUser.getUsername()), roleList); + } + + boolean pass = roleList.stream().filter(StringUtils::hasText) .anyMatch(x -> PatternMatchUtils.simpleMatch(roles, x)); + if (!pass) { + log.error("权限不足,缺少角色:" + Arrays.toString(roles)); + } + return pass; + } + + /** + * 由于缓存key是以人的维度,角色列表、权限列表在值中,jeecg是以权限列表绑定在角色上,形成的权限集合 + * 权限发生变更时,需要清理全部人的权限缓存 + */ + public void clearCache() { + redisUtil.removeAll(PERM_PREFIX); + } + + private String buildKey(String type, String username) { + return PERM_PREFIX + type + SPLIT + username; } } diff --git a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysPermissionController.java b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysPermissionController.java index 98d2bd83..dea63f67 100644 --- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysPermissionController.java +++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysPermissionController.java @@ -15,6 +15,7 @@ import org.jeecg.common.system.vo.LoginUser; import org.jeecg.common.util.Md5Util; import org.jeecg.common.util.oConvertUtils; import org.jeecg.config.JeecgBaseConfig; +import org.jeecg.config.security.JeecgPermissionService; import org.jeecg.config.security.utils.SecureUtil; import org.jeecg.modules.base.service.BaseCommonService; import org.jeecg.modules.system.entity.*; @@ -67,6 +68,9 @@ public class SysPermissionController { @Autowired private ISysRoleIndexService sysRoleIndexService; + @Autowired + private JeecgPermissionService jeecgPermissionService; + /** * 子菜单 */ @@ -562,6 +566,8 @@ public class SysPermissionController { LoginUser loginUser = SecureUtil.currentUser(); baseCommonService.addLog("修改角色ID: "+roleId+" 的权限配置,操作人: " +loginUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2); //update-end---author:wangshuai ---date:20220316 for:[VUEN-234]用户管理角色授权添加敏感日志------------ + // 清除权限缓存 + jeecgPermissionService.clearCache(); result.success("保存成功!"); log.info("======角色授权成功=====耗时:" + (System.currentTimeMillis() - start) + "毫秒"); } catch (Exception e) {