116 lines
3.9 KiB
Java
116 lines
3.9 KiB
Java
/**
|
||
* Copyright (c) 2016-2019 人人开源 All rights reserved.
|
||
*
|
||
* https://www.renren.io
|
||
*
|
||
* 版权所有,侵权必究!
|
||
*/
|
||
|
||
package com.peanut.modules.sys.oauth2;
|
||
|
||
import com.peanut.modules.book.entity.MyUserEntity;
|
||
import com.peanut.modules.sys.entity.SysUserEntity;
|
||
import com.peanut.modules.sys.entity.SysUserTokenEntity;
|
||
import com.peanut.modules.sys.service.ShiroService;
|
||
import com.peanut.modules.sys.service.SysUserTokenService;
|
||
import org.apache.shiro.authc.*;
|
||
import org.apache.shiro.authz.AuthorizationInfo;
|
||
import org.apache.shiro.authz.SimpleAuthorizationInfo;
|
||
import org.apache.shiro.realm.AuthorizingRealm;
|
||
import org.apache.shiro.subject.PrincipalCollection;
|
||
import org.springframework.beans.factory.annotation.Autowired;
|
||
import org.springframework.core.env.Environment;
|
||
import org.springframework.stereotype.Component;
|
||
|
||
import java.util.Date;
|
||
import java.util.Set;
|
||
|
||
/**
|
||
* 认证
|
||
*
|
||
* @author Mark sunlightcs@gmail.com
|
||
*/
|
||
@Component
|
||
public class OAuth2Realm extends AuthorizingRealm {
|
||
@Autowired
|
||
private ShiroService shiroService;
|
||
@Autowired
|
||
private SysUserTokenService sysUserTokenService;
|
||
@Autowired
|
||
private Environment environment;
|
||
|
||
@Override
|
||
public boolean supports(AuthenticationToken token) {
|
||
return token instanceof OAuth2Token;
|
||
}
|
||
|
||
/**
|
||
* 授权(验证权限时调用)
|
||
*/
|
||
@Override
|
||
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
|
||
long userId = 0;
|
||
System.out.println("aaaaa"+principals.getPrimaryPrincipal());
|
||
if (principals.toString().contains("MyUserEntity")){
|
||
MyUserEntity user = (MyUserEntity) principals.getPrimaryPrincipal();
|
||
userId = Long.valueOf(user.getId());
|
||
}else {
|
||
SysUserEntity user = (SysUserEntity)principals.getPrimaryPrincipal();
|
||
userId = user.getUserId();
|
||
}
|
||
//用户权限列表
|
||
Set<String> permsSet = shiroService.getUserPermissions(userId);
|
||
|
||
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
|
||
info.setStringPermissions(permsSet);
|
||
return info;
|
||
}
|
||
|
||
/**
|
||
* 认证(登录时调用)
|
||
*/
|
||
@Override
|
||
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
|
||
String accessToken = (String) token.getPrincipal();
|
||
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo();
|
||
//根据accessToken,查询用户信息
|
||
SysUserTokenEntity tokenEntity = shiroService.queryByToken(accessToken);
|
||
//token失效
|
||
if(tokenEntity == null || tokenEntity.getExpireTime().getTime() < System.currentTimeMillis()){
|
||
throw new IncorrectCredentialsException("token失效,请重新登录");
|
||
}
|
||
Long userId = tokenEntity.getUserId();
|
||
|
||
Long timeout = (tokenEntity.getExpireTime().getTime() - System.currentTimeMillis())/(1000 * 60 * 60);
|
||
|
||
if (timeout <= 24*10){
|
||
// token 续期
|
||
//当前时间
|
||
Date now = new Date();
|
||
//过期时间
|
||
Date expireTime = new Date(now.getTime() + (3600 *24 * 10 * 1000) );
|
||
|
||
tokenEntity.setExpireTime(expireTime);
|
||
|
||
sysUserTokenService.updateById(tokenEntity);
|
||
}
|
||
|
||
|
||
//判断前后台用户
|
||
if (userId >= 10000) {
|
||
MyUserEntity myUserEntity = shiroService.queryAppUser(userId);
|
||
info = new SimpleAuthenticationInfo(myUserEntity, accessToken, getName());
|
||
}else {
|
||
//查询用户信息
|
||
SysUserEntity user = shiroService.queryUser(tokenEntity.getUserId());
|
||
//账号锁定
|
||
if(user.getStatus() == 0){
|
||
throw new LockedAccountException("账号已被锁定,请联系管理员");
|
||
}
|
||
info = new SimpleAuthenticationInfo(user, accessToken, getName());
|
||
}
|
||
|
||
return info;
|
||
}
|
||
}
|