src/main/java/com/whyc/controller/LoginController.java
New file @@ -0,0 +1,44 @@ package com.whyc.controller; import com.whyc.pojo.Response; import com.whyc.pojo.UserInf; import com.whyc.service.UserInfService; import com.whyc.util.ActionUtil; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; import javax.servlet.http.HttpServletRequest; @RequestMapping("login") @RestController @Api(tags = "登录") public class LoginController { @Autowired private UserInfService service; @PostMapping("login") @ApiOperation(value ="登录") public Response login(@RequestParam String uname, String usnId, HttpServletRequest request){ return service.login(uname,usnId,request); } @ApiOperation(value = "修改密码") @GetMapping("changeSnId") public Response changeSnId(@RequestParam String oldSnId,@RequestParam String newSnId){ UserInf uinf=ActionUtil.getUser(); return service.changeSnId(uinf.getUname(),oldSnId,newSnId); } @PostMapping("logout") @ApiOperation(value ="退出登录") public void logout(){ service.logout(); } } src/main/java/com/whyc/controller/UserInfController.java
New file @@ -0,0 +1,42 @@ package com.whyc.controller; import com.whyc.pojo.Response; import com.whyc.pojo.UserInf; import com.whyc.service.UserInfService; import com.whyc.util.ActionUtil; import io.swagger.annotations.Api; import io.swagger.annotations.ApiImplicitParam; import io.swagger.annotations.ApiOperation; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.*; import org.springframework.web.multipart.MultipartFile; @RestController @Api(tags = "用户管理") @RequestMapping("userInf") public class UserInfController { @Autowired private UserInfService service; @ApiOperation(value = "查询所有用户信息",notes = "默认排除指定用户:sys_admin") @GetMapping("getAllUser") public Response getAllUser(@RequestParam int pageCurr, @RequestParam int pageSize){ return service.getAllUser(pageCurr,pageSize); } @ApiOperation(value = "编辑所有用户信息") @GetMapping("updateUser") public Response updateUser(@RequestParam int uid,@RequestParam int udownloadRole){ return service.updateUser(uid,udownloadRole); } @ApiOperation(value = "新添加用户信息") @PostMapping("addUser") public Response addUser(@RequestBody UserInf uinf){ return service.addUser(uinf); } @ApiOperation(value = "删除用户信息") @GetMapping("deleteUser") public Response deleteUser(@RequestParam int uid){ return service.delUser(uid); } } src/main/java/com/whyc/filter/AccessFilter.java
@@ -1,7 +1,7 @@ package com.whyc.filter; import com.whyc.constant.YamlProperties; import com.whyc.pojo.DocUser; import com.whyc.pojo.UserInf; import com.whyc.util.ActionUtil; import javax.servlet.*; @@ -99,7 +99,7 @@ if(YamlProperties.profileType.equals("prod1")) { //用户需要登录 DocUser user = (DocUser) request.getSession().getAttribute("user"); UserInf user = (UserInf) request.getSession().getAttribute("user"); //无需登录可以调用接口放行 if (!requestURI.contains(".") && !servletPath.equals("/") && (! src/main/java/com/whyc/filter/RolesOrAuthorizationFilter.java
@@ -1,6 +1,6 @@ package com.whyc.filter; import com.whyc.pojo.DocUser; import com.whyc.pojo.UserInf; import org.apache.shiro.subject.Subject; import org.apache.shiro.util.CollectionUtils; import org.apache.shiro.web.filter.authz.AuthorizationFilter; @@ -25,7 +25,7 @@ Set<String> roles = CollectionUtils.asSet(rolesArray); //判断为or DocUser user = (DocUser) subject.getPrincipals().getPrimaryPrincipal(); UserInf user = (UserInf) subject.getPrincipals().getPrimaryPrincipal(); for (String role :roles){ if (subject.hasRole(role)){ return true; src/main/java/com/whyc/mapper/DocUserMapper.java
@@ -1,14 +1,14 @@ package com.whyc.mapper; import com.whyc.pojo.DocUser; import com.whyc.pojo.UserInf; import java.util.List; public interface DocUserMapper extends CustomMapper<DocUser>{ public interface DocUserMapper extends CustomMapper<UserInf>{ //查询所有用户信息 List<DocUser> getAllUser(DocUser docUser); List<UserInf> getAllUser(UserInf userInf); //查询密码 String selectSnId(String name); //查询所有用户(权限管理用) List<DocUser> getAllDocUser(); List<UserInf> getAllDocUser(); } src/main/java/com/whyc/mapper/UserInfMapper.java
New file @@ -0,0 +1,8 @@ package com.whyc.mapper; import com.whyc.pojo.UserInf; public interface UserInfMapper extends CustomMapper<UserInf>{ //查询密码 String selectSnId(String uname); } src/main/java/com/whyc/pojo/DocUser.java
File was deleted src/main/java/com/whyc/pojo/Response.java
New file @@ -0,0 +1,120 @@ package com.whyc.pojo; import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; import java.io.Serializable; /** * 接口数据响应对象 */ @ApiModel public class Response<T> implements Serializable { private Integer code; @ApiModelProperty private T data; private T data2; private T data3; private T data4; private String msg; public Response<T> setCode(Integer code) { this.code = code; return this; } public Response<T> setData(T data) { this.data = data; return this; } public Response<T> set(Integer code,T data) { this.code = code; this.data = data; return this; } public Response<T> set(Integer code,T data,String msg) { this.code = code; this.data = data; this.msg = msg; return this; } public Response<T> set(Integer code) { this.code = code; return this; } public Response<T> setII(Integer code,String msg) { this.code = code; this.msg = msg; return this; } public Response<T> setII(Integer code,T data,T data2,String msg) { this.code = code; this.msg = msg; this.data = data; this.data2 = data2; return this; } public Response<T> setIII(Integer code,T data,T data2,T data3,String msg) { this.code = code; this.msg = msg; this.data = data; this.data2 = data2; this.data3 = data3; return this; } public Response<T> setIIII(Integer code,T data,T data2,T data3,T data4,String msg) { this.code = code; this.msg = msg; this.data = data; this.data2 = data2; this.data3 = data3; this.data4 = data4; return this; } public Integer getCode() { return code; } public T getData() { return data; } public String getMsg() { return msg; } public void setMsg(String msg) { this.msg = msg; } public T getData2() { return data2; } public void setData2(T data2) { this.data2 = data2; } public T getData3() { return data3; } public void setData3(T data3) { this.data3 = data3; } public T getData4() { return data4; } public void setData4(T data4) { this.data4 = data4; } } src/main/java/com/whyc/pojo/UserInf.java
New file @@ -0,0 +1,51 @@ package com.whyc.pojo; import com.baomidou.mybatisplus.annotation.IdType; import com.baomidou.mybatisplus.annotation.TableField; import com.baomidou.mybatisplus.annotation.TableId; import com.baomidou.mybatisplus.annotation.TableName; import io.swagger.annotations.ApiModel; import io.swagger.annotations.ApiModelProperty; import lombok.AllArgsConstructor; import lombok.Data; import lombok.NoArgsConstructor; import lombok.ToString; import java.io.Serializable; import java.util.Date; /** * <p> * * </p> * * @author lxw * @since 2022-07-13 */ @Data @ToString @AllArgsConstructor @NoArgsConstructor @TableName(schema = "db_user",value = "tb_user_inf") @ApiModel(value="User对象", description="") public class UserInf implements Serializable { private static final long serialVersionUID = 1L; @TableId(value = "uid", type = IdType.AUTO) private int uid; @ApiModelProperty(value = "rsa加密密码") private String usnid; @ApiModelProperty(value = "用户名") private String uname; @ApiModelProperty(value = "下载权限") private int udownloadRole; public UserInf(int uid, String uname) { this.uid = uid; this.uname = uname; } } src/main/java/com/whyc/realm/CustomRealm.java
@@ -1,7 +1,7 @@ package com.whyc.realm; import com.whyc.anotation.Realm; import com.whyc.pojo.DocUser; import com.whyc.pojo.UserInf; import com.whyc.service.UserBridgeService; import com.whyc.util.RSAUtil; import org.apache.shiro.authc.*; @@ -28,11 +28,11 @@ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { String userName = (String) authenticationToken.getPrincipal(); DocUser user = userBridgeService.findPasswordByUserName(userName); if(user.getId()==0){ UserInf user = userBridgeService.findPasswordByUserName(userName); if(user.getUid()==0){ throw new UnknownAccountException("账号不存在"); } String password = RSAUtil.decrypt(user.getSnId(),RSAUtil.getPrivateKey()); String password = RSAUtil.decrypt(user.getUsnid(),RSAUtil.getPrivateKey()); return new SimpleAuthenticationInfo(user,password,getName()); } @@ -41,7 +41,7 @@ */ @Override protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { DocUser user = (DocUser) principalCollection.getPrimaryPrincipal(); UserInf user = (UserInf) principalCollection.getPrimaryPrincipal(); return userBridgeService.getAuthorizationInfo(user); }
@@ -3,7 +3,7 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.toolkit.Wrappers; import com.whyc.mapper.DocUserMapper; import com.whyc.pojo.DocUser; import com.whyc.pojo.UserInf; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.springframework.cache.CacheManager; @@ -28,20 +28,20 @@ @Resource private CacheManager caffeineCacheManager; public DocUser findPasswordByUserName(String userName) { DocUser userInf = null; QueryWrapper<DocUser> queryWrapper = Wrappers.query(); public UserInf findPasswordByUserName(String userName) { UserInf userInf = null; QueryWrapper<UserInf> queryWrapper = Wrappers.query(); queryWrapper.select("id","name","sn_id","role_id").eq("name",userName); userInf = userMapper.selectOne(queryWrapper); return userInf==null?new DocUser(0L,"用户不存在"):userInf; return userInf==null?new UserInf(0,"用户不存在"):userInf; } public DocUser findUserByMobilephone(String mobilephone){ QueryWrapper<DocUser> queryWrapper = Wrappers.query(); public UserInf findUserByMobilephone(String mobilephone){ QueryWrapper<UserInf> queryWrapper = Wrappers.query(); queryWrapper.select("uId","uName","upassword","UKey_ID","uRole","uMobilephone").eq("uMobilephone",mobilephone); List<DocUser> list = userMapper.selectList(queryWrapper); return list.size()==0?new DocUser(0L,"用户不存在"):list.get(0); List<UserInf> list = userMapper.selectList(queryWrapper); return list.size()==0?new UserInf(0,"用户不存在"):list.get(0); } /** @@ -50,15 +50,15 @@ * @return */ //@Cacheable(key = "#root.methodName+#p0.id") public AuthorizationInfo getAuthorizationInfo(DocUser user) { public AuthorizationInfo getAuthorizationInfo(UserInf user) { System.out.println("=========执行了UserBridgeService.getAuthorization方法=========="); SimpleAuthorizationInfo authorizationInfo = new SimpleAuthorizationInfo(); //添加Roles和Permissions /*//添加Roles和Permissions List<String> roles = findRolesByUserId(user.getId()); List<String> perms = findPermissionsByUserId(user.getId()); authorizationInfo.addRoles(roles); authorizationInfo.addStringPermissions(perms); authorizationInfo.addStringPermissions(perms);*/ return authorizationInfo; }
New file @@ -0,0 +1,124 @@ package com.whyc.service; import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; import com.baomidou.mybatisplus.core.conditions.update.UpdateWrapper; import com.github.pagehelper.PageHelper; import com.github.pagehelper.PageInfo; import com.whyc.mapper.UserInfMapper; import com.whyc.pojo.Response; import com.whyc.pojo.UserInf; import com.whyc.util.ActionUtil; import com.whyc.util.RSAUtil; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UnknownAccountException; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.Subject; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.multipart.MultipartFile; import javax.servlet.ServletContext; import javax.servlet.http.HttpServletRequest; import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; @Service public class UserInfService { @Autowired(required = false) private UserInfMapper mapper; //查询所有用户信息 public Response getAllUser( int pageCurr, int pageSize) { PageHelper.startPage(pageCurr,pageSize); List<UserInf> list=mapper.selectList(null); PageInfo pageInfo=new PageInfo(list); return new Response().setII(1,list!=null,pageInfo,"数据返回"); } //编辑权限 public Response updateUser(int uid, int udownloadRole) { UpdateWrapper wrapper=new UpdateWrapper(); wrapper.set("udownload_role",udownloadRole); wrapper.eq("uid",uid); int bl=mapper.update(null,wrapper); return new Response().set(1,bl>0); } //新添加用户信息 public Response addUser(UserInf uinf) { QueryWrapper wrapper=new QueryWrapper(); String pwd= RSAUtil.encrypt("123456", RSAUtil.getPublicKey()); uinf.setUsnid(pwd); wrapper.eq("uname",uinf.getUname()); List list=mapper.selectList(wrapper); if(list!=null&&list.size()>0){ return new Response().setII(1,false,list,"用户名已存在"); } int bl=mapper.insert(uinf); return new Response().set(1,bl>0); } //修改密码 public Response changeSnId(String uname,String oldSnId, String newSnId) { if(uname==null||uname.equals("")){ return new Response().set(1,false,"找不到用户"); } //验证老密码是否正确 String snIdRsa=mapper.selectSnId(uname); //解密 String snId=RSAUtil.decrypt(snIdRsa,RSAUtil.getPrivateKey()); String[] decOld=RSAUtil.decryptFrontP(oldSnId,RSAUtil.fontSeparator); String oldId=decOld[0]; String[] newOld=RSAUtil.decryptFrontP(newSnId,RSAUtil.fontSeparator); String newId=newOld[0]; if(oldId.equals(snId)){ UpdateWrapper wrapper=new UpdateWrapper(); wrapper.set("usnid",RSAUtil.encrypt(newId,RSAUtil.getPublicKey())); wrapper.eq("uname",uname); int bl=mapper.update(null,wrapper); return new Response().set(1,bl>0,"修改成功"); }else { return new Response().set(1,false,"修改失败"); } } //删除用户信息 public Response delUser(int uid) { UpdateWrapper wrapper=new UpdateWrapper(); wrapper.eq("uid",uid); int bl=mapper.delete(wrapper); return new Response().setII(1,bl>0,bl,"删除返回"); } public Response login(String uname, String usnId, HttpServletRequest request) { Response response = new Response(); String[] dataArr = RSAUtil.decryptFrontP(usnId, RSAUtil.fontSeparator); //验签md5 if (!dataArr[1].equals(ActionUtil.EncryptionMD5(org.apache.commons.lang3.StringUtils.trim(dataArr[0])).toString())) { return response.set(1, false, "密码验签失败"); } UsernamePasswordToken userToken = new UsernamePasswordToken(uname, dataArr[0]); Subject subject = SecurityUtils.getSubject(); try { subject.login(userToken); } catch (Exception e) { if(e instanceof UnknownAccountException){ return response.set(1,false,"账号不存在"); } return response.set(1,false,"密码错误"); } //登录成功 ServletContext servletContext = request.getServletContext(); servletContext.setAttribute(uname, request.getSession().getId()); //Session存储当前用户及权限组列表 UserInf userDB = (UserInf) subject.getPrincipal(); userDB.setUsnid(null); request.getSession().setAttribute("user", userDB); return response.setII(1,true, userDB,"登录成功"); } public void logout() { Subject subject = SecurityUtils.getSubject(); subject.logout(); } } src/main/java/com/whyc/util/ActionUtil.java
@@ -3,7 +3,7 @@ import com.google.gson.Gson; import com.google.gson.GsonBuilder; import com.google.gson.JsonSyntaxException; import com.whyc.pojo.DocUser; import com.whyc.pojo.UserInf; import org.apache.commons.codec.digest.DigestUtils; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; @@ -189,16 +189,16 @@ * * @return 获取当前session 中的用户对象 */ public static DocUser getUser(){ public static UserInf getUser(){ HttpSession session =getSession(); Object obj=session.getAttribute("user"); DocUser userInf = new DocUser(); UserInf userInf = new UserInf(); if(obj==null){ userInf.setName("未登录的用户账号"); userInf.setId(0L); userInf.setRoleId("0"); userInf.setUname("未登录的用户账号"); userInf.setUid(0); userInf.setUdownloadRole(0); }else{ userInf=(DocUser) session.getAttribute("user"); userInf=(UserInf) session.getAttribute("user"); } return userInf; } src/main/resources/mapper/UserInfMapper.xml
New file @@ -0,0 +1,9 @@ <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <mapper namespace="com.whyc.mapper.UserInfMapper"> <select id="selectSnId" resultType="java.lang.String"> select usnid from tb_doc_user where uname=#{uname} limit 1 </select> </mapper>
