package com.mindskip.xzs.configuration.spring.security;
|
|
|
import com.mindskip.xzs.context.WebContext;
|
import com.mindskip.xzs.domain.enums.DeptAdminEnum;
|
import com.mindskip.xzs.domain.enums.RoleEnum;
|
import com.mindskip.xzs.domain.enums.UserStatusEnum;
|
import com.mindskip.xzs.repository.DepartmentMapper;
|
import com.mindskip.xzs.service.AuthenticationService;
|
import com.mindskip.xzs.service.UserService;
|
import lombok.RequiredArgsConstructor;
|
import org.springframework.security.authentication.AuthenticationProvider;
|
import org.springframework.security.authentication.BadCredentialsException;
|
import org.springframework.security.authentication.LockedException;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.GrantedAuthority;
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
import org.springframework.stereotype.Component;
|
|
import java.util.ArrayList;
|
import java.util.List;
|
|
|
/**
|
* @version 3.5.0
|
* @description: 登录用户名密码验证
|
* Copyright (C), 2020-2021, 武汉思维跳跃科技有限公司
|
* @date 2021/12/25 9:45
|
*/
|
@Component
|
@RequiredArgsConstructor
|
public class RestAuthenticationProvider implements AuthenticationProvider {
|
|
private final AuthenticationService authenticationService;
|
private final UserService userService;
|
private final WebContext webContext;
|
private final DepartmentMapper departmentMapper;
|
|
@Override
|
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
|
String username = authentication.getName();
|
String password = (String) authentication.getCredentials();
|
|
com.mindskip.xzs.domain.User user = userService.getUserByUserName(username);
|
if (user == null) {
|
throw new UsernameNotFoundException("用户名或密码错误");
|
}
|
|
boolean result = authenticationService.authUser(user, username, password);
|
if (!result) {
|
throw new BadCredentialsException("用户名或密码错误");
|
}
|
|
UserStatusEnum userStatusEnum = UserStatusEnum.fromCode(user.getStatus());
|
if (UserStatusEnum.Disable == userStatusEnum) {
|
throw new LockedException("用户被禁用");
|
}
|
|
ArrayList<GrantedAuthority> grantedAuthorities = new ArrayList<>();
|
// 赋予部门管理员角色
|
if (new Integer(-1).equals(user.getRole())) {
|
grantedAuthorities.add(new SimpleGrantedAuthority(RoleEnum.DEPT_ADMIN.getRoleName()));
|
}
|
grantedAuthorities.add(new SimpleGrantedAuthority(RoleEnum.fromCode(user.getRole()).getRoleName()));
|
// 获取该用户管理部门
|
List<Integer> deptAdminIds = userService.getDeptAdminIds(user.getId());
|
MyUser authUser = new MyUser(user.getUserName(), user.getPassword(), grantedAuthorities, user.getRole(), deptAdminIds);
|
return new UsernamePasswordAuthenticationToken(authUser, authUser.getPassword(), authUser.getAuthorities());
|
}
|
|
@Override
|
public boolean supports(Class<?> aClass) {
|
return true;
|
}
|
}
|
