用户权限更新

whyczh

2021-06-03 18f848916fd1d0e915bb51148fa85609f335aaaa

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package com.whyc.service;
 
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.whyc.dto.Response;
import com.whyc.dto.UserLoginInfo;
import com.whyc.mapper.MenuMapper;
import com.whyc.mapper.RoleMenuMapper;
import com.whyc.mapper.UserMapper;
import com.whyc.pojo.Menu;
import com.whyc.pojo.User;
import com.whyc.util.DigestsUtil;
import com.whyc.util.ShiroUtil;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Service;
 
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.util.List;
import java.util.Map;
 
@Service
public class LoginService {
    @Resource
    private UserMapper userMapper;
 
    @Resource
    private MenuMapper menuMapper;
 
    @Resource
    private RoleMenuMapper roleMenuMapper;
 
    public Response login(String userName, String password, HttpServletRequest request) {
        UsernamePasswordToken userToken = new UsernamePasswordToken(userName, password);
        Subject subject = SecurityUtils.getSubject();
        try {
            subject.login(userToken);
        }catch (UnknownAccountException e) {
            return new Response<>().set(0,false,"账号不存在");
        }catch (IncorrectCredentialsException e) {
            return new Response<>().set(0,false,"密码错误");
        }catch (DisabledAccountException e){
            return new Response<>().set(0,false,"冻结用户");
        }catch (Exception e){
            e.printStackTrace();
            return new Response<>().set(0,false,"其他异常");
        }
        if (subject.isAuthenticated()){
            //每个登录的用户都有一个全局变量,里面存着对应的SessionId;
            //同一个账号,后面登录的,会挤掉之前登录的SessionId
            System.out.println("全局存储中当前SessionId为:"+request.getSession().getId());
            request.getServletContext().setAttribute(userName,request.getSession().getId());
            //存储当前用户
            request.getSession().setAttribute("user",userName);
            QueryWrapper<User> queryWrapper = Wrappers.query();
            queryWrapper.eq("name",userName);
            User user = userMapper.selectOne(queryWrapper);
 
            List<Menu> menus = roleMenuMapper.getUserMenu(user.getId());
            UserLoginInfo info = new UserLoginInfo();
            info.setUsername(userName);
            info.setTimestamp(System.currentTimeMillis());
            info.setUser(user);
            if ("superadmin".equals(user.getName())){
                List<Menu> menuList = menuMapper.selectList(null);
                info.setMenus(menuList);
            }else{
                info.setMenus(menus);
            }
            return new Response<>().set(1,info);
        }
        return new Response<>().set(0,false);
    }
 
    public void logout() {
        Subject subject = SecurityUtils.getSubject();
        subject.logout();
    }
}