diff --git a/kicc-common/kicc-common-data/src/main/java/com/cloud/kicc/common/data/entity/KiccUser.java b/kicc-common/kicc-common-data/src/main/java/com/cloud/kicc/common/data/entity/KiccUser.java index afdcc5f9..69e2c992 100644 --- a/kicc-common/kicc-common-data/src/main/java/com/cloud/kicc/common/data/entity/KiccUser.java +++ b/kicc-common/kicc-common-data/src/main/java/com/cloud/kicc/common/data/entity/KiccUser.java @@ -1,11 +1,10 @@ package com.cloud.kicc.common.data.entity; -import lombok.AllArgsConstructor; -import lombok.Data; -import lombok.EqualsAndHashCode; -import lombok.NoArgsConstructor; +import lombok.*; import lombok.experimental.Accessors; +import org.springframework.security.core.GrantedAuthority; +import java.util.Collection; import java.util.Set; /** @@ -16,12 +15,11 @@ import java.util.Set; * @Author: wangxiang4 * @Since: 2023/8/16 */ -@Data +@Getter +@Setter @Accessors(chain = true) @EqualsAndHashCode(callSuper = false) -@AllArgsConstructor -@NoArgsConstructor -public class KiccUser { +public class KiccUser extends CasUser { /** 部门ID */ private String deptId; @@ -32,4 +30,16 @@ public class KiccUser { /** 扩展用户权限 */ private Set exPermissions; + public KiccUser(String username, + String password, + Collection authorities, + String deptId, + String userType, + Set exPermissions) { + super(username, password, authorities); + this.deptId = deptId; + this.userType = userType; + this.exPermissions = exPermissions; + } + } diff --git a/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/override/jackson2/ExUserDeserializer.java b/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/override/jackson2/ExUserDeserializer.java new file mode 100644 index 00000000..d219c74d --- /dev/null +++ b/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/override/jackson2/ExUserDeserializer.java @@ -0,0 +1,59 @@ +package com.cloud.kicc.common.security.override.jackson2; + +import com.cloud.kicc.common.data.entity.KiccUser; +import com.fasterxml.jackson.core.JsonParser; +import com.fasterxml.jackson.core.type.TypeReference; +import com.fasterxml.jackson.databind.DeserializationContext; +import com.fasterxml.jackson.databind.JsonDeserializer; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.node.MissingNode; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.AuthorityUtils; + +import java.io.IOException; +import java.util.List; +import java.util.Set; + +/** + *

+ * 反序列化扩展用户实现 + *

+ * + * @Author: wangxiang4 + * @Since: 2023/8/19 + */ +class ExUserDeserializer extends JsonDeserializer { + + private static final TypeReference> EX_PERMISSIONS_SET = new TypeReference>() {}; + + @Override + public KiccUser deserialize(JsonParser jp, DeserializationContext context) throws IOException { + ObjectMapper mapper = (ObjectMapper) jp.getCodec(); + JsonNode jsonNode = mapper.readTree(jp); + JsonNode passwordNode = readJsonNode(jsonNode, "password"); + String username = readJsonNode(jsonNode, "username").asText(); + String password = passwordNode.asText(""); + String deptId = readJsonNode(jsonNode, "deptId").asText(); + String userType = readJsonNode(jsonNode, "userType").asText(); + Set exPermissions = mapper.convertValue(jsonNode.get("exPermissions"), EX_PERMISSIONS_SET); + List authorities = AuthorityUtils.createAuthorityList(exPermissions.toArray(new String[0])); + KiccUser result = new KiccUser( + username, + password, + authorities, + deptId, + userType, + exPermissions + ); + if (passwordNode.asText(null) == null) { + result.eraseCredentials(); + } + return result; + } + + private JsonNode readJsonNode(JsonNode jsonNode, String field) { + return jsonNode.has(field) ? jsonNode.get(field) : MissingNode.getInstance(); + } + +} diff --git a/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/override/jackson2/ExUserMixin.java b/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/override/jackson2/ExUserMixin.java new file mode 100644 index 00000000..1591fc5a --- /dev/null +++ b/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/override/jackson2/ExUserMixin.java @@ -0,0 +1,23 @@ +package com.cloud.kicc.common.security.override.jackson2; + +import com.fasterxml.jackson.annotation.JsonAutoDetect; +import com.fasterxml.jackson.annotation.JsonIgnoreProperties; +import com.fasterxml.jackson.annotation.JsonTypeInfo; +import com.fasterxml.jackson.databind.annotation.JsonDeserialize; + +/** + *

+ * 序列化扩展SSO用户信息 + *

+ * + * @Author: wangxiang4 + * @Since: 2023/8/19 + */ +@JsonDeserialize(using = ExUserDeserializer.class) +@JsonAutoDetect(fieldVisibility = JsonAutoDetect.Visibility.ANY, + getterVisibility = JsonAutoDetect.Visibility.NONE, + isGetterVisibility = JsonAutoDetect.Visibility.NONE) +@JsonIgnoreProperties(ignoreUnknown = true) +public abstract class ExUserMixin { + +} diff --git a/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/service/KiccUserDetailsService.java b/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/service/KiccUserDetailsService.java index 634e469a..0a97f382 100644 --- a/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/service/KiccUserDetailsService.java +++ b/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/service/KiccUserDetailsService.java @@ -10,6 +10,7 @@ import com.cloud.kicc.common.core.enums.CasSystemEnum; import com.cloud.kicc.common.data.entity.CasUser; import com.cloud.kicc.common.data.entity.KiccUser; import com.cloud.kicc.common.security.exception.SecurityCheckedException; +import com.cloud.kicc.common.security.override.jackson2.ExUserMixin; import com.cloud.kicc.system.api.entity.User; import com.fasterxml.jackson.annotation.JsonInclude; import com.fasterxml.jackson.core.JsonProcessingException; @@ -92,6 +93,9 @@ public interface KiccUserDetailsService extends UserDetailsService, Ordered { casUser.getExPrincipals().put(CasSystemEnum.KICC, new ObjectMapper() .setSerializationInclusion(JsonInclude.Include.NON_NULL) .writeValueAsString(new KiccUser( + user.getUserName(), + SecurityConstants.BCRYPT + user.getPassword(), + authorities, user.getDeptId(), user.getUserType(), dbAuthsSet diff --git a/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/util/SecurityUtils.java b/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/util/SecurityUtils.java index d635c5bb..d649245c 100644 --- a/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/util/SecurityUtils.java +++ b/kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/util/SecurityUtils.java @@ -11,6 +11,7 @@ import com.cloud.kicc.common.core.exception.CheckedException; import com.cloud.kicc.common.core.util.SpringContextHolderUtil; import com.cloud.kicc.common.data.entity.CasUser; import com.cloud.kicc.common.data.entity.KiccUser; +import com.cloud.kicc.common.security.override.jackson2.ExUserMixin; import com.cloud.kicc.system.api.entity.User; import com.cloud.kicc.system.api.feign.RemoteUserService; import com.fasterxml.jackson.annotation.JsonInclude; @@ -73,10 +74,12 @@ public class SecurityUtils { @SneakyThrows public KiccUser getUser() { CasUser casUser = getCasUser(); - String str = casUser.getExPrincipals().get(CasSystemEnum.KICC); - if (JSONUtil.isJson(str)) { - return new ObjectMapper() - .readValue(str, KiccUser.class); + if (casUser == null) return null; + String user = casUser.getExPrincipals().get(CasSystemEnum.KICC); + if (JSONUtil.isJson(user)) { + KiccUser exUser = new ObjectMapper().addMixIn(KiccUser.class, ExUserMixin.class).readValue(user, KiccUser.class); + BeanUtils.copyProperties(casUser, exUser); + return exUser; } return null; } @@ -135,6 +138,9 @@ public class SecurityUtils { casUser.getExPrincipals().put(CasSystemEnum.KICC, new ObjectMapper() .setSerializationInclusion(JsonInclude.Include.NON_NULL) .writeValueAsString(new KiccUser( + user.getUserName(), + SecurityConstants.BCRYPT + user.getPassword(), + authorities, user.getDeptId(), user.getUserType(), dbAuthsSet