移除权限不足异常堆栈，权限加载加入缓存

2024-03-15 13:55:58 +08:00 · 2024-03-15 13:55:58 +08:00 · f741db874c
parent 364be22dd0
commit f741db874c
3 changed files with 56 additions and 5 deletions
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgBootExceptionHandler.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/common/exception/JeecgBootExceptionHandler.java
@ -86,7 +86,6 @@ public class JeecgBootExceptionHandler {

 	@ExceptionHandler(AccessDeniedException.class)
 	public Result<?> handleAuthorizationException(AccessDeniedException e){
-		log.error(e.getMessage(), e);
 		return Result.noauth("没有权限，请联系管理员授权");
 	}

--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgPermissionService.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/security/JeecgPermissionService.java
@ -2,13 +2,17 @@ package org.jeecg.config.security;

 import cn.hutool.core.util.ArrayUtil;
 import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.jeecg.common.api.CommonAPI;
 import org.jeecg.common.system.vo.LoginUser;
+import org.jeecg.common.util.RedisUtil;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.springframework.stereotype.Service;
 import org.springframework.util.PatternMatchUtils;
 import org.springframework.util.StringUtils;

+import java.util.Arrays;
+import java.util.Objects;
 import java.util.Set;

 /**
@ -18,9 +22,13 @@ import java.util.Set;
 */
@Service("jps")
@AllArgsConstructor
+@Slf4j
 public class JeecgPermissionService {
+    private final String SPLIT = "::";
+    private final String PERM_PREFIX = "jps" + SPLIT;

    private final CommonAPI commonAPI;
+    private final RedisUtil redisUtil;

    /**
     * 判断接口是否有任意xxx，xxx权限
@ -32,9 +40,22 @@ public class JeecgPermissionService {
            return false;
        }
        LoginUser loginUser = SecureUtil.currentUser();
-        Set<String> permissionList = commonAPI.queryUserAuths(loginUser.getUsername());
-        return permissionList.stream().filter(StringUtils::hasText)
+
+        Object cache = redisUtil.get(buildKey("permission", loginUser.getUsername()));
+        Set<String> permissionList;
+        if (Objects.nonNull(cache)) {
+            permissionList = (Set<String>) cache;
+        } else {
+            permissionList = commonAPI.queryUserAuths(loginUser.getUsername());
+            redisUtil.set(buildKey("permission", loginUser.getUsername()), permissionList);
+        }
+
+        boolean pass = permissionList.stream().filter(StringUtils::hasText)
                .anyMatch(x -> PatternMatchUtils.simpleMatch(permissions, x));
+        if (!pass) {
+            log.error("权限不足，缺少权限："+ Arrays.toString(permissions));
+        }
+        return pass;
    }

    /**
@ -47,8 +68,33 @@ public class JeecgPermissionService {
            return false;
        }
        LoginUser loginUser = SecureUtil.currentUser();
-        Set<String> roleList = commonAPI.queryUserRoles(loginUser.getUsername());
-        return roleList.stream().filter(StringUtils::hasText)
+
+        Object cache = redisUtil.get(buildKey("role", loginUser.getUsername()));
+        Set<String> roleList;
+        if (Objects.nonNull(cache)) {
+            roleList = (Set<String>) cache;
+        } else {
+            roleList = commonAPI.queryUserRoles(loginUser.getUsername());
+            redisUtil.set(buildKey("role", loginUser.getUsername()), roleList);
+        }
+
+        boolean pass = roleList.stream().filter(StringUtils::hasText)
                .anyMatch(x -> PatternMatchUtils.simpleMatch(roles, x));
+        if (!pass) {
+            log.error("权限不足，缺少角色：" + Arrays.toString(roles));
+        }
+        return pass;
+    }
+
+    /**
+     * 由于缓存key是以人的维度，角色列表、权限列表在值中，jeecg是以权限列表绑定在角色上，形成的权限集合
+     * 权限发生变更时，需要清理全部人的权限缓存
+     */
+    public void clearCache() {
+        redisUtil.removeAll(PERM_PREFIX);
+    }
+
+    private String buildKey(String type, String username) {
+        return PERM_PREFIX + type + SPLIT + username;
    }
 }
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysPermissionController.java
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysPermissionController.java
@ -15,6 +15,7 @@ import org.jeecg.common.system.vo.LoginUser;
 import org.jeecg.common.util.Md5Util;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.JeecgBaseConfig;
+import org.jeecg.config.security.JeecgPermissionService;
 import org.jeecg.config.security.utils.SecureUtil;
 import org.jeecg.modules.base.service.BaseCommonService;
 import org.jeecg.modules.system.entity.*;
@ -67,6 +68,9 @@ public class SysPermissionController {
 	@Autowired
 	private ISysRoleIndexService sysRoleIndexService;

+	@Autowired
+	private JeecgPermissionService jeecgPermissionService;
+
    /**
     * 子菜单
     */
@ -562,6 +566,8 @@ public class SysPermissionController {
            LoginUser loginUser = SecureUtil.currentUser();
 			baseCommonService.addLog("修改角色ID: "+roleId+" 的权限配置，操作人： " +loginUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2);
            //update-end---author:wangshuai ---date:20220316  for：[VUEN-234]用户管理角色授权添加敏感日志------------
+			// 清除权限缓存
+			jeecgPermissionService.clearCache();
 			result.success("保存成功！");
 			log.info("======角色授权成功=====耗时:" + (System.currentTimeMillis() - start) + "毫秒");
 		} catch (Exception e) {