更新

mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/config/BrowserSecurityConfig.java

@@ -1,14 +1,16 @@
 package com.chinaunicom.mall.ebtp.cloud.security.starter.config;
 
+import com.chinaunicom.mall.ebtp.cloud.security.starter.filter.CustomUserDetailService;
+import com.chinaunicom.mall.ebtp.cloud.security.starter.filter.TokenAuthenticationFilter;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
-import com.chinaunicom.mall.ebtp.cloud.security.starter.filter.TokenAuthenticationFilter;
-
 /**
  * 安全设置
  *
@@ -18,6 +20,9 @@ import com.chinaunicom.mall.ebtp.cloud.security.starter.filter.TokenAuthenticati
 @EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true, securedEnabled = true)
 public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
 
+    @Autowired
+    private CustomUserDetailService userDetailsService;
+
     @Bean
     public TokenAuthenticationFilter authenticationTokenFilterBean() {
         return new TokenAuthenticationFilter();
@@ -35,4 +40,8 @@ public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
         http.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
     }
 
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(userDetailsService);
+    }
 }

mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/entity/AuthorityEntity.java

@@ -3,13 +3,18 @@ package com.chinaunicom.mall.ebtp.cloud.security.starter.entity;
 import java.util.List;
 
 import lombok.Data;
+import org.springframework.security.core.GrantedAuthority;
 
 @Data
-public class AuthorityEntity {
+public class AuthorityEntity implements GrantedAuthority {
 
 	private String roleName;
 	private String roleCode;
 	private String roleId;
 	private List<String> authorities;
 
+	@Override
+	public String getAuthority() {
+		return roleCode;
+	}
 }

mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/entity/SecurityUser.java

@@ -1,10 +1,13 @@
 package com.chinaunicom.mall.ebtp.cloud.security.starter.entity;
 
+import java.util.Collection;
 import java.util.Date;
 import java.util.List;
 
 import lombok.Data;
 import lombok.experimental.Accessors;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
 
 /**
  * 缓存用户实体映射类
@@ -15,7 +18,7 @@ import lombok.experimental.Accessors;
  */
 @Data
 @Accessors(chain = true)
-public class SecurityUser {
+public class SecurityUser implements UserDetails {
 
 	/**
 	 * PKID
@@ -159,4 +162,38 @@ public class SecurityUser {
 	 */
 	private List<AuthorityEntity> authorityList;
 
+	@Override
+	public Collection<? extends GrantedAuthority> getAuthorities() {
+		return authorityList;
+	}
+
+	@Override
+	public String getPassword() {
+		return null;
+	}
+
+	@Override
+	public String getUsername() {
+		return fullName;
+	}
+
+	@Override
+	public boolean isAccountNonExpired() {
+		return true;
+	}
+
+	@Override
+	public boolean isAccountNonLocked() {
+		return true;
+	}
+
+	@Override
+	public boolean isCredentialsNonExpired() {
+		return true;
+	}
+
+	@Override
+	public boolean isEnabled() {
+		return true;
+	}
 }

mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/CustomUserDetailService.java

@@ -0,0 +1,19 @@
+package com.chinaunicom.mall.ebtp.cloud.security.starter.filter;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+@Service
+@Slf4j
+public class CustomUserDetailService implements UserDetailsService {
+
+
+    @Override
+    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
+        log.info("UserDetails --------------------------------  {}  ---------------------------------------", s);
+        return null;
+    }
+}

mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java

@@ -1,12 +1,9 @@
 package com.chinaunicom.mall.ebtp.cloud.security.starter.filter;
 
-import java.io.IOException;
+import com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants;
-
+import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.AuthorityEntity;
-import javax.servlet.FilterChain;
+import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityUser;
-import javax.servlet.ServletException;
+import lombok.extern.slf4j.Slf4j;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import org.apache.commons.lang3.RegExUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -21,10 +18,15 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.client.RestTemplate;
 import org.springframework.web.filter.OncePerRequestFilter;
 
-import com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants;
+import javax.servlet.FilterChain;
-import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityUser;
+import javax.servlet.ServletException;
-
+import javax.servlet.http.HttpServletRequest;
-import lombok.extern.slf4j.Slf4j;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.List;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.stream.Collectors;
 
 /**
  * 请求Token拦截
@@ -82,7 +84,12 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
         ResponseEntity<SecurityUser> entity = restTemplate.exchange(token_uri, HttpMethod.GET,
                 new HttpEntity<String>(headers), SecurityUser.class);
 
-		return new UsernamePasswordAuthenticationToken(entity.getBody().setCurrentRoleCode(currentRoleCode), token);
+        SecurityUser securityUser = entity.getBody();
+        //设置当前角色的权限
+        List<AuthorityEntity> authority = Optional.ofNullable(currentRoleCode)
+                .map(o -> securityUser.getAuthorityList().stream().filter(f -> Objects.equals(f.getRoleCode(), currentRoleCode)).collect(Collectors.toList()))
+                .orElse(securityUser.getAuthorityList());
+        return new UsernamePasswordAuthenticationToken(securityUser.setCurrentRoleCode(currentRoleCode), token, authority);
     }
 
 }