mirror of https://github.com/jeecgboot/jeecg-boot
移除权限不足异常堆栈,权限加载加入缓存
EightMonth
parent
364be22dd0
commit
f741db874c
|
|
@ -86,7 +86,6 @@ public class JeecgBootExceptionHandler {
|
||||||
|
|
||||||
@ExceptionHandler(AccessDeniedException.class)
|
@ExceptionHandler(AccessDeniedException.class)
|
||||||
public Result<?> handleAuthorizationException(AccessDeniedException e){
|
public Result<?> handleAuthorizationException(AccessDeniedException e){
|
||||||
log.error(e.getMessage(), e);
|
|
||||||
return Result.noauth("没有权限,请联系管理员授权");
|
return Result.noauth("没有权限,请联系管理员授权");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,13 +2,17 @@ package org.jeecg.config.security;
|
||||||
|
|
||||||
import cn.hutool.core.util.ArrayUtil;
|
import cn.hutool.core.util.ArrayUtil;
|
||||||
import lombok.AllArgsConstructor;
|
import lombok.AllArgsConstructor;
|
||||||
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.jeecg.common.api.CommonAPI;
|
import org.jeecg.common.api.CommonAPI;
|
||||||
import org.jeecg.common.system.vo.LoginUser;
|
import org.jeecg.common.system.vo.LoginUser;
|
||||||
|
import org.jeecg.common.util.RedisUtil;
|
||||||
import org.jeecg.config.security.utils.SecureUtil;
|
import org.jeecg.config.security.utils.SecureUtil;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
import org.springframework.util.PatternMatchUtils;
|
import org.springframework.util.PatternMatchUtils;
|
||||||
import org.springframework.util.StringUtils;
|
import org.springframework.util.StringUtils;
|
||||||
|
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.Objects;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -18,9 +22,13 @@ import java.util.Set;
|
||||||
*/
|
*/
|
||||||
@Service("jps")
|
@Service("jps")
|
||||||
@AllArgsConstructor
|
@AllArgsConstructor
|
||||||
|
@Slf4j
|
||||||
public class JeecgPermissionService {
|
public class JeecgPermissionService {
|
||||||
|
private final String SPLIT = "::";
|
||||||
|
private final String PERM_PREFIX = "jps" + SPLIT;
|
||||||
|
|
||||||
private final CommonAPI commonAPI;
|
private final CommonAPI commonAPI;
|
||||||
|
private final RedisUtil redisUtil;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 判断接口是否有任意xxx,xxx权限
|
* 判断接口是否有任意xxx,xxx权限
|
||||||
|
|
@ -32,9 +40,22 @@ public class JeecgPermissionService {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
LoginUser loginUser = SecureUtil.currentUser();
|
LoginUser loginUser = SecureUtil.currentUser();
|
||||||
Set<String> permissionList = commonAPI.queryUserAuths(loginUser.getUsername());
|
|
||||||
return permissionList.stream().filter(StringUtils::hasText)
|
Object cache = redisUtil.get(buildKey("permission", loginUser.getUsername()));
|
||||||
|
Set<String> permissionList;
|
||||||
|
if (Objects.nonNull(cache)) {
|
||||||
|
permissionList = (Set<String>) cache;
|
||||||
|
} else {
|
||||||
|
permissionList = commonAPI.queryUserAuths(loginUser.getUsername());
|
||||||
|
redisUtil.set(buildKey("permission", loginUser.getUsername()), permissionList);
|
||||||
|
}
|
||||||
|
|
||||||
|
boolean pass = permissionList.stream().filter(StringUtils::hasText)
|
||||||
.anyMatch(x -> PatternMatchUtils.simpleMatch(permissions, x));
|
.anyMatch(x -> PatternMatchUtils.simpleMatch(permissions, x));
|
||||||
|
if (!pass) {
|
||||||
|
log.error("权限不足,缺少权限:"+ Arrays.toString(permissions));
|
||||||
|
}
|
||||||
|
return pass;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -47,8 +68,33 @@ public class JeecgPermissionService {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
LoginUser loginUser = SecureUtil.currentUser();
|
LoginUser loginUser = SecureUtil.currentUser();
|
||||||
Set<String> roleList = commonAPI.queryUserRoles(loginUser.getUsername());
|
|
||||||
return roleList.stream().filter(StringUtils::hasText)
|
Object cache = redisUtil.get(buildKey("role", loginUser.getUsername()));
|
||||||
|
Set<String> roleList;
|
||||||
|
if (Objects.nonNull(cache)) {
|
||||||
|
roleList = (Set<String>) cache;
|
||||||
|
} else {
|
||||||
|
roleList = commonAPI.queryUserRoles(loginUser.getUsername());
|
||||||
|
redisUtil.set(buildKey("role", loginUser.getUsername()), roleList);
|
||||||
|
}
|
||||||
|
|
||||||
|
boolean pass = roleList.stream().filter(StringUtils::hasText)
|
||||||
.anyMatch(x -> PatternMatchUtils.simpleMatch(roles, x));
|
.anyMatch(x -> PatternMatchUtils.simpleMatch(roles, x));
|
||||||
|
if (!pass) {
|
||||||
|
log.error("权限不足,缺少角色:" + Arrays.toString(roles));
|
||||||
|
}
|
||||||
|
return pass;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 由于缓存key是以人的维度,角色列表、权限列表在值中,jeecg是以权限列表绑定在角色上,形成的权限集合
|
||||||
|
* 权限发生变更时,需要清理全部人的权限缓存
|
||||||
|
*/
|
||||||
|
public void clearCache() {
|
||||||
|
redisUtil.removeAll(PERM_PREFIX);
|
||||||
|
}
|
||||||
|
|
||||||
|
private String buildKey(String type, String username) {
|
||||||
|
return PERM_PREFIX + type + SPLIT + username;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -15,6 +15,7 @@ import org.jeecg.common.system.vo.LoginUser;
|
||||||
import org.jeecg.common.util.Md5Util;
|
import org.jeecg.common.util.Md5Util;
|
||||||
import org.jeecg.common.util.oConvertUtils;
|
import org.jeecg.common.util.oConvertUtils;
|
||||||
import org.jeecg.config.JeecgBaseConfig;
|
import org.jeecg.config.JeecgBaseConfig;
|
||||||
|
import org.jeecg.config.security.JeecgPermissionService;
|
||||||
import org.jeecg.config.security.utils.SecureUtil;
|
import org.jeecg.config.security.utils.SecureUtil;
|
||||||
import org.jeecg.modules.base.service.BaseCommonService;
|
import org.jeecg.modules.base.service.BaseCommonService;
|
||||||
import org.jeecg.modules.system.entity.*;
|
import org.jeecg.modules.system.entity.*;
|
||||||
|
|
@ -67,6 +68,9 @@ public class SysPermissionController {
|
||||||
@Autowired
|
@Autowired
|
||||||
private ISysRoleIndexService sysRoleIndexService;
|
private ISysRoleIndexService sysRoleIndexService;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private JeecgPermissionService jeecgPermissionService;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 子菜单
|
* 子菜单
|
||||||
*/
|
*/
|
||||||
|
|
@ -562,6 +566,8 @@ public class SysPermissionController {
|
||||||
LoginUser loginUser = SecureUtil.currentUser();
|
LoginUser loginUser = SecureUtil.currentUser();
|
||||||
baseCommonService.addLog("修改角色ID: "+roleId+" 的权限配置,操作人: " +loginUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2);
|
baseCommonService.addLog("修改角色ID: "+roleId+" 的权限配置,操作人: " +loginUser.getUsername() ,CommonConstant.LOG_TYPE_2, 2);
|
||||||
//update-end---author:wangshuai ---date:20220316 for:[VUEN-234]用户管理角色授权添加敏感日志------------
|
//update-end---author:wangshuai ---date:20220316 for:[VUEN-234]用户管理角色授权添加敏感日志------------
|
||||||
|
// 清除权限缓存
|
||||||
|
jeecgPermissionService.clearCache();
|
||||||
result.success("保存成功!");
|
result.success("保存成功!");
|
||||||
log.info("======角色授权成功=====耗时:" + (System.currentTimeMillis() - start) + "毫秒");
|
log.info("======角色授权成功=====耗时:" + (System.currentTimeMillis() - start) + "毫秒");
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue