refactor: 隔离sso多系统基础数据

kicc-auth/src/main/java/com/cloud/kicc/auth/config/AuthorizationServerConfiguration.java

@@ -1,7 +1,7 @@
 package com.cloud.kicc.auth.config;
 
 import com.cloud.kicc.common.core.constant.SecurityConstants;
-import com.cloud.kicc.common.data.entity.KiccUser;
+import com.cloud.kicc.common.data.entity.CasUser;
 import com.cloud.kicc.common.security.grant.app.ResourceOwnerCustomeAppTokenGranter;
 import com.cloud.kicc.common.security.override.KiccClientDetailsService;
 import com.cloud.kicc.common.security.override.KiccCustomTokenServices;
@@ -103,8 +103,8 @@ public class AuthorizationServerConfiguration extends AuthorizationServerConfigu
 				return accessToken;
 			}
 
-			KiccUser kiccUser = (KiccUser) authentication.getUserAuthentication().getPrincipal();
-			additionalInfo.put(SecurityConstants.DETAILS_USER, kiccUser);
+			CasUser casUser = (CasUser) authentication.getUserAuthentication().getPrincipal();
+			additionalInfo.put(SecurityConstants.DETAILS_USER, casUser);
 			((DefaultOAuth2AccessToken) accessToken).setAdditionalInformation(additionalInfo);
 			return accessToken;
 		};

kicc-auth/src/main/java/com/cloud/kicc/auth/endpoint/KiccTokenEndpoint.java

@@ -85,7 +85,7 @@ public class KiccTokenEndpoint {
 			AuthorizationRequest authorizationRequest = (AuthorizationRequest) auth;
 			ClientDetails clientDetails = clientDetailsService.loadClientByClientId(authorizationRequest.getClientId());
 			modelAndView.addObject("app", clientDetails.getAdditionalInformation());
-			modelAndView.addObject("user", SecurityUtils.getUser());
+			modelAndView.addObject("user", SecurityUtils.getCasUser());
 		}
 
 		modelAndView.setViewName("ftl/confirm");

kicc-common/kicc-common-core/src/main/java/com/cloud/kicc/common/core/constant/SecurityConstants.java

@@ -1,6 +1,6 @@
 package com.cloud.kicc.common.core.constant;
 
-import com.cloud.kicc.common.core.enums.SsoSystemEnum;
+import com.cloud.kicc.common.core.enums.CasSystemEnum;
 
 /**
  *<p>
@@ -17,11 +17,6 @@ public interface SecurityConstants {
 	 */
 	String ROLE = "ROLE_";
 
-	/**
-	 * sso多系统角色权限
-	 */
-	String SSO_PERMISSION = SsoSystemEnum.KICC.getName() + ROLE;
-
 	/**
 	 * 项目的license
 	 */

kicc-common/kicc-common-core/src/main/java/com/cloud/kicc/common/core/enums/CasSystemEnum.java

@@ -5,7 +5,7 @@ import lombok.RequiredArgsConstructor;
 
 /**
  *<p>
- * sso系统枚举
+ * cas系统枚举
  *</p>
  *
  * @Author: wangxiang4
@@ -13,7 +13,7 @@ import lombok.RequiredArgsConstructor;
  */
 @Getter
 @RequiredArgsConstructor
-public enum SsoSystemEnum {
+public enum CasSystemEnum {
 
 	/**
 	 * sso认证系统

kicc-common/kicc-common-data/src/main/java/com/cloud/kicc/common/data/entity/CasUser.java

@@ -0,0 +1,134 @@
+package com.cloud.kicc.common.data.entity;
+
+import com.cloud.kicc.common.core.enums.CasSystemEnum;
+import lombok.EqualsAndHashCode;
+import lombok.Getter;
+import lombok.Setter;
+import lombok.experimental.Accessors;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+
+import java.time.LocalDateTime;
+import java.util.Collection;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+
+/**
+ *<p>
+ * CAS统一认证用户数据
+ *</p>
+ *
+ * @Author: wangxiang4
+ * @Since: 2023/8/16
+ */
+@Setter
+@Getter
+@Accessors(chain = true)
+@EqualsAndHashCode(callSuper = false)
+public class CasUser extends User {
+
+	private static final long serialVersionUID = 1L;
+
+	/** 用户ID */
+	private String id;
+
+	/** 昵称 */
+	private String nickName;
+
+	/** 邮箱 */
+	private String email;
+
+	/** 手机号 */
+	private String phone;
+
+	/** 性别 */
+	private String sex;
+
+	/** 头像地址 */
+	private String avatar;
+
+	/** 最后登陆ip */
+	private String loginIp;
+
+	/** 最后登陆时间 */
+	private LocalDateTime loginTime;
+
+	/** 创建ID */
+	private String createById;
+
+	/** 创建人 */
+	private String createByName;
+
+	/** 创建时间 */
+	private LocalDateTime createTime;
+
+	/** 更新id */
+	private String updateById;
+
+	/** 更新者 */
+	private String updateByName;
+
+	/** 更新时间 */
+	private LocalDateTime updateTime;
+
+	/** 备注 */
+	private String remarks;
+
+	/** 多租户ID */
+	private String tenantId;
+
+	/** sso扩展信息 */
+	private Map<CasSystemEnum, String> exPrincipals = new ConcurrentHashMap<>(3);
+
+
+	public CasUser(String username, String password, Collection<? extends GrantedAuthority> authorities) {
+		super(username, password, authorities);
+	}
+
+	public CasUser(String username, String password, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
+		super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
+	}
+
+	public CasUser(String username,
+				   String password,
+				   boolean enabled,
+				   boolean accountNonExpired,
+				   boolean credentialsNonExpired,
+				   boolean accountNonLocked,
+				   Collection<? extends GrantedAuthority> authorities,
+				   String id,
+				   String nickName,
+				   String email,
+				   String phone,
+				   String sex,
+				   String avatar,
+				   String loginIp,
+				   LocalDateTime loginTime,
+				   String createById,
+				   String createByName,
+				   LocalDateTime createTime,
+				   String updateById,
+				   String updateByName,
+				   LocalDateTime updateTime,
+				   String remarks,
+				   String tenantId) {
+		super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
+		this.id = id;
+		this.nickName = nickName;
+		this.email = email;
+		this.phone = phone;
+		this.sex = sex;
+		this.avatar = avatar;
+		this.loginIp = loginIp;
+		this.loginTime = loginTime;
+		this.createById = createById;
+		this.createByName = createByName;
+		this.createTime = createTime;
+		this.updateById = updateById;
+		this.updateByName = updateByName;
+		this.updateTime = updateTime;
+		this.remarks = remarks;
+		this.tenantId = tenantId;
+	}
+
+}

kicc-common/kicc-common-data/src/main/java/com/cloud/kicc/common/data/entity/KiccUser.java

@@ -1,74 +1,35 @@
 package com.cloud.kicc.common.data.entity;
 
-import com.cloud.kicc.common.core.constant.SecurityConstants;
+import lombok.AllArgsConstructor;
+import lombok.Data;
 import lombok.EqualsAndHashCode;
-import lombok.Getter;
-import lombok.Setter;
+import lombok.NoArgsConstructor;
 import lombok.experimental.Accessors;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.userdetails.User;
 
-import java.util.Collection;
-import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
+import java.util.Set;
 
 /**
  *<p>
- * 扩展安全框架用户信息
+ * 扩展用户数据
  *</p>
  *
  * @Author: wangxiang4
  * @Since: 2023/8/16
  */
-@Getter
+@Data
 @Accessors(chain = true)
 @EqualsAndHashCode(callSuper = false)
-public class KiccUser extends User {
+@AllArgsConstructor
+@NoArgsConstructor
+public class KiccUser {
 
-	private static final long serialVersionUID = 999L;
+	/** 部门ID */
+	private String deptId;
 
-	/**
-	 * 用户ID
-	 */
-	private final String id;
-
-	/**
-	 * 部门ID
-	 */
-	private final String deptId;
-
-	/**
-	 * 手机号
-	 */
-	private final String phone;
-
-	/**
-	 * 用户类型
-	 */
-	private final String userType;
-
-	/**
-	 * 扩展sso多系统角色权限
-	 */
-	@Setter
-	private Map<String, Collection<? extends GrantedAuthority>> ssoPermissions = new ConcurrentHashMap<>(3);
+	/** 用户类型 */
+	private String userType;
 
-	/**
-	 * 多租户ID
-	 */
-	@Setter
-	private String tenantId;
-
-	public KiccUser(String id, String deptId, String username, String password, String phone, String userType, String tenantId, boolean enabled,
-					boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked,
-					Collection<? extends GrantedAuthority> authorities) {
-		super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
-		this.id = id;
-		this.deptId = deptId;
-		this.phone = phone;
-		this.userType = userType;
-		this.tenantId = tenantId;
-		this.ssoPermissions.put(SecurityConstants.SSO_PERMISSION, authorities);
-	}
+	/** 扩展用户权限 */
+	private Set<String> exPermissions;
 
 }

kicc-common/kicc-common-data/src/main/java/com/cloud/kicc/common/data/handler/BaseMetaObjectHandler.java

@@ -1,7 +1,7 @@
 package com.cloud.kicc.common.data.handler;
 
 import com.baomidou.mybatisplus.core.handlers.MetaObjectHandler;
-import com.cloud.kicc.common.data.entity.KiccUser;
+import com.cloud.kicc.common.data.entity.CasUser;
 import org.apache.ibatis.reflection.MetaObject;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -62,12 +62,12 @@ public class BaseMetaObjectHandler implements MetaObjectHandler {
     /**
      * 获取用户
      */
-    protected KiccUser getUser() {
+    protected CasUser getUser() {
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
         if (Optional.ofNullable(authentication).isPresent()) {
             Object principal = authentication.getPrincipal();
-            if (principal instanceof KiccUser) {
-                return (KiccUser) principal;
+            if (principal instanceof CasUser) {
+                return (CasUser) principal;
             }
         }
         return null;

kicc-common/kicc-common-data/src/main/java/com/cloud/kicc/common/data/handler/KiccTenantLineHandler.java

@@ -2,7 +2,7 @@ package com.cloud.kicc.common.data.handler;
 
 import cn.hutool.core.util.ObjectUtil;
 import com.baomidou.mybatisplus.extension.plugins.handler.TenantLineHandler;
-import com.cloud.kicc.common.data.entity.KiccUser;
+import com.cloud.kicc.common.data.entity.CasUser;
 import com.cloud.kicc.common.data.override.TenantLikeExpression;
 import com.cloud.kicc.common.data.properties.TenantProperties;
 import net.sf.jsqlparser.expression.Expression;
@@ -63,12 +63,12 @@ public class KiccTenantLineHandler implements TenantLineHandler {
     /**
      * 获取用户
      */
-    protected KiccUser getUser() {
+    protected CasUser getUser() {
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
         if (Optional.ofNullable(authentication).isPresent()) {
             Object principal = authentication.getPrincipal();
-            if (principal instanceof KiccUser) {
-                return (KiccUser) principal;
+            if (principal instanceof CasUser) {
+                return (CasUser) principal;
             }
         }
         return null;

kicc-common/kicc-common-data/src/main/java/com/cloud/kicc/common/data/plugins/KiccTenantLineInnerInterceptor.java

@@ -6,6 +6,7 @@ import com.baomidou.mybatisplus.core.toolkit.CollectionUtils;
 import com.baomidou.mybatisplus.core.toolkit.ExceptionUtils;
 import com.baomidou.mybatisplus.extension.plugins.handler.TenantLineHandler;
 import com.baomidou.mybatisplus.extension.plugins.inner.TenantLineInnerInterceptor;
+import com.cloud.kicc.common.core.exception.CheckedException;
 import com.cloud.kicc.common.data.override.TenantLikeExpression;
 import lombok.NoArgsConstructor;
 import net.sf.jsqlparser.expression.Expression;
@@ -89,6 +90,9 @@ public class KiccTenantLineInnerInterceptor extends TenantLineInnerInterceptor {
                             likeExpression.setRightExpression(new StringValue("%" + tenantId + "%"));
                             statementBuilder.append(likeExpression + " OR ");
                         });
+                        if (statementBuilder.length() == 0) {
+                            throw new CheckedException("当前用户没有分配租户");
+                        }
                         statementBuilder.delete(statementBuilder.length()-4, statementBuilder.length());
                         TenantLikeExpression tenantLikeExpression = new TenantLikeExpression(statementBuilder.toString());
                         Parenthesis parenthesis = new Parenthesis(tenantLikeExpression);
@@ -144,6 +148,9 @@ public class KiccTenantLineInnerInterceptor extends TenantLineInnerInterceptor {
             likeExpression.setRightExpression(new StringValue("%" + tenantId + "%"));
             statementBuilder.append(likeExpression + " OR ");
         });
+        if (statementBuilder.length() == 0) {
+            throw new CheckedException("当前用户没有分配租户");
+        }
         statementBuilder.delete(statementBuilder.length()-4, statementBuilder.length());
         TenantLikeExpression tenantLikeExpression = new TenantLikeExpression(statementBuilder.toString());
         Parenthesis parenthesis = new Parenthesis(tenantLikeExpression);
@@ -171,6 +178,9 @@ public class KiccTenantLineInnerInterceptor extends TenantLineInnerInterceptor {
                         likeExpression.setRightExpression(new StringValue("%" + tenantId + "%"));
                         statementBuilder.append(likeExpression + " OR ");
                     });
+                    if (statementBuilder.length() == 0) {
+                        throw new CheckedException("当前用户没有分配租户");
+                    }
                     statementBuilder.delete(statementBuilder.length()-4, statementBuilder.length());
                     TenantLikeExpression tenantLikeExpression = new TenantLikeExpression(statementBuilder.toString());
                     Parenthesis parenthesis = new Parenthesis(tenantLikeExpression);

kicc-common/kicc-common-feign/src/main/java/com/cloud/kicc/common/feign/config/FeignErrorDecoder.java

@@ -1,5 +1,6 @@
 package com.cloud.kicc.common.feign.config;
 
+import cn.hutool.json.JSONUtil;
 import com.alibaba.fastjson.JSON;
 import com.cloud.kicc.common.core.api.R;
 import feign.FeignException;
@@ -38,8 +39,7 @@ public class FeignErrorDecoder extends ErrorDecoder.Default {
             if (exception instanceof FeignException && ((FeignException) exception).responseBody().isPresent()) {
                 ByteBuffer responseBody = ((FeignException) exception).responseBody().get();
                 String bodyText = StandardCharsets.UTF_8.newDecoder().decode(responseBody.asReadOnlyBuffer()).toString();
-                R result = JSON.parseObject(bodyText, R.class);
-                return new Exception(result.getMsg());
+                return new Exception(JSONUtil.isJson(bodyText) ? JSONUtil.toBean(bodyText, R.class).getMsg() : bodyText);
             }
         } catch (Exception ex) {
             log.error(ex.getMessage(), ex);

kicc-common/kicc-common-log/src/main/java/com/cloud/kicc/common/log/util/SysLogUtils.java

@@ -4,7 +4,7 @@ import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.core.util.URLUtil;
 import cn.hutool.extra.servlet.ServletUtil;
 import cn.hutool.http.HttpUtil;
-import com.cloud.kicc.common.data.entity.KiccUser;
+import com.cloud.kicc.common.data.entity.CasUser;
 import com.cloud.kicc.common.log.menus.LogTypeEnum;
 import com.cloud.kicc.monitor.api.entity.OperLog;
 import lombok.experimental.UtilityClass;
@@ -81,12 +81,12 @@ public class SysLogUtils {
 	/**
 	 * 获取用户
 	 */
-	protected KiccUser getUser() {
+	protected CasUser getUser() {
 		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 		if (Optional.ofNullable(authentication).isPresent()) {
 			Object principal = authentication.getPrincipal();
-			if (principal instanceof KiccUser) {
-				return (KiccUser) principal;
+			if (principal instanceof CasUser) {
+				return (CasUser) principal;
 			}
 		}
 		return null;

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/exp/KiccLocalResourceServerTokenServices.java

@@ -1,5 +1,6 @@
 package com.cloud.kicc.common.security.exp;
 
+import com.cloud.kicc.common.data.entity.CasUser;
 import com.cloud.kicc.common.data.entity.KiccUser;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -34,14 +35,14 @@ public class KiccLocalResourceServerTokenServices implements ResourceServerToken
 		}
 
 		OAuth2Request oAuth2Request = oAuth2Authentication.getOAuth2Request();
-		// 检测是否是属于认证的KiccUser实体用户
-		if (!(oAuth2Authentication.getPrincipal() instanceof KiccUser)) {
+		// 检测是否是属于认证的CAS统一认证用户
+		if (!(oAuth2Authentication.getPrincipal() instanceof CasUser)) {
 			return oAuth2Authentication;
 		}
 
-		KiccUser kiccUser = (KiccUser) oAuth2Authentication.getPrincipal();
+		CasUser casUser = (CasUser) oAuth2Authentication.getPrincipal();
 		// 每次请求前都预先加载用户名密码身份验证令牌
-		Authentication userAuthentication = new UsernamePasswordAuthenticationToken(kiccUser, "N/A", kiccUser.getAuthorities());
+		Authentication userAuthentication = new UsernamePasswordAuthenticationToken(casUser, "N/A", casUser.getAuthorities());
 		OAuth2Authentication authentication = new OAuth2Authentication(oAuth2Request, userAuthentication);
 		authentication.setAuthenticated(true);
 		return authentication;

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/grant/provider/CustomAppAuthenticationProvider.java

@@ -83,7 +83,7 @@ public class CustomAppAuthenticationProvider extends AbstractUserDetailsAuthenti
 		String phone = authentication.getName();
 		UserDetails userDetails = optional.get().loadUserByUsername(phone);
 
-		// userDeails 校验
+		// userDetails 校验
 		preAuthenticationChecks.check(userDetails);
 
 		CustomAppAuthenticationToken token = new CustomAppAuthenticationToken(userDetails);

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/service/KiccUserDetailsService.java

@@ -2,24 +2,29 @@ package com.cloud.kicc.common.security.service;
 
 import cn.hutool.core.util.ArrayUtil;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.json.JSONUtil;
 import com.cloud.kicc.common.core.api.R;
 import com.cloud.kicc.common.core.constant.CommonConstants;
 import com.cloud.kicc.common.core.constant.SecurityConstants;
-import com.cloud.kicc.common.core.exception.CheckedException;
+import com.cloud.kicc.common.core.enums.CasSystemEnum;
+import com.cloud.kicc.common.data.entity.CasUser;
 import com.cloud.kicc.common.data.entity.KiccUser;
 import com.cloud.kicc.common.security.exception.SecurityCheckedException;
 import com.cloud.kicc.system.api.entity.User;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.MapperFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import lombok.SneakyThrows;
+import org.springframework.beans.BeanUtils;
 import org.springframework.core.Ordered;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Set;
+import java.util.*;
 
 /**
  *<p>
@@ -54,6 +59,7 @@ public interface KiccUserDetailsService extends UserDetailsService, Ordered {
 	 * @param result 用户信息
 	 * @return UserDetails
 	 */
+	@SneakyThrows
 	default UserDetails getUserDetails(R<User> result) {
 
 		// 验证请求是否成功
@@ -70,32 +76,37 @@ public interface KiccUserDetailsService extends UserDetailsService, Ordered {
 			dbAuthsSet.addAll(Arrays.asList(user.getPermissions()));
 		}
 
-		Collection<? extends GrantedAuthority> authorities = AuthorityUtils.createAuthorityList(dbAuthsSet.toArray(new String[0]));
-
-		// 构造security用户
-		return new KiccUser(
-				user.getId(),
-				user.getDeptId(),
+		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList(dbAuthsSet.toArray(new String[0]));
+		CasUser casUser = new CasUser(
 				user.getUserName(),
 				SecurityConstants.BCRYPT + user.getPassword(),
-				user.getPhone(),
-				user.getUserType(),
-				user.getTenantId(),
 				true,
 				true,
 				true,
 				StrUtil.equals(user.getStatus(), CommonConstants.STATUS_NORMAL),
 				authorities
 		);
+		BeanUtils.copyProperties(user, casUser, CasUser.class);
+
+		// 设置扩展用户数据
+		casUser.getExPrincipals().put(CasSystemEnum.KICC, new ObjectMapper()
+		.setSerializationInclusion(JsonInclude.Include.NON_NULL)
+		.writeValueAsString(new KiccUser(
+				user.getDeptId(),
+				user.getUserType(),
+				dbAuthsSet
+		)));
+
+		// 构造security用户
+		return casUser;
 	}
 
 	/**
 	 * 通过用户实体查询
-	 * @param kiccUser user
-	 * @return
+	 * @param casUser user
 	 */
-	default UserDetails loadUserByUser(KiccUser kiccUser) {
-		return this.loadUserByUsername(kiccUser.getUsername());
+	default UserDetails loadUserByUser(CasUser casUser) {
+		return this.loadUserByUsername(casUser.getUsername());
 	}
 
 }

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/service/impl/KiccAppUserDetailsServiceImpl.java

@@ -2,7 +2,7 @@ package com.cloud.kicc.common.security.service.impl;
 
 import com.cloud.kicc.common.core.api.R;
 import com.cloud.kicc.common.core.constant.SecurityConstants;
-import com.cloud.kicc.common.data.entity.KiccUser;
+import com.cloud.kicc.common.data.entity.CasUser;
 import com.cloud.kicc.common.security.service.KiccUserDetailsService;
 import com.cloud.kicc.system.api.entity.User;
 import com.cloud.kicc.system.api.feign.RemoteUserService;
@@ -28,24 +28,21 @@ public class KiccAppUserDetailsServiceImpl implements KiccUserDetailsService {
 	/**
 	 * 手机号登录
 	 * @param phone 手机号
-	 * @return
 	 */
 	@Override
 	@SneakyThrows
 	public UserDetails loadUserByUsername(String phone) {
 		R<User> result = remoteUserService.selectByPhone(phone);
-		UserDetails userDetails = getUserDetails(result);
-		return userDetails;
+        return getUserDetails(result);
 	}
 
 	/**
-	 * check-token 使用
-	 * @param kiccUser user
-	 * @return
+	 * 通过用户实体查询
+	 * @param casUser user
 	 */
 	@Override
-	public UserDetails loadUserByUser(KiccUser kiccUser) {
-		return this.loadUserByUsername(kiccUser.getPhone());
+	public UserDetails loadUserByUser(CasUser casUser) {
+		return this.loadUserByUsername(casUser.getPhone());
 	}
 
 	/**

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/service/impl/KiccUserDetailsServiceImpl.java

@@ -30,14 +30,12 @@ public class KiccUserDetailsServiceImpl implements KiccUserDetailsService {
 	/**
 	 * 用户名密码登录
 	 * @param username 用户名
-	 * @return
 	 */
 	@Override
 	@SneakyThrows
 	public UserDetails loadUserByUsername(String username) {
 		R<User> result = remoteUserService.selectByUserName(username);
-		UserDetails userDetails = getUserDetails(result);
-		return userDetails;
+        return getUserDetails(result);
 	}
 
 	@Override

kicc-common/kicc-common-security/src/main/java/com/cloud/kicc/common/security/util/SecurityUtils.java

@@ -1,15 +1,23 @@
 package com.cloud.kicc.common.security.util;
 
+import cn.hutool.core.util.ArrayUtil;
 import cn.hutool.core.util.StrUtil;
+import cn.hutool.json.JSONUtil;
 import com.cloud.kicc.common.core.api.R;
 import com.cloud.kicc.common.core.constant.CommonConstants;
 import com.cloud.kicc.common.core.constant.SecurityConstants;
+import com.cloud.kicc.common.core.enums.CasSystemEnum;
 import com.cloud.kicc.common.core.exception.CheckedException;
 import com.cloud.kicc.common.core.util.SpringContextHolderUtil;
+import com.cloud.kicc.common.data.entity.CasUser;
 import com.cloud.kicc.common.data.entity.KiccUser;
 import com.cloud.kicc.system.api.entity.User;
 import com.cloud.kicc.system.api.feign.RemoteUserService;
+import com.fasterxml.jackson.annotation.JsonInclude;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import lombok.SneakyThrows;
 import lombok.experimental.UtilityClass;
+import org.springframework.beans.BeanUtils;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -17,9 +25,7 @@ import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
+import java.util.*;
 
 /**
  *<p>
@@ -42,23 +48,37 @@ public class SecurityUtils {
 	/**
 	 * 获取用户
 	 */
-	public KiccUser getUser(Authentication authentication) {
+	public CasUser getCasUser(Authentication authentication) {
 		Object principal = authentication.getPrincipal();
-		if (principal instanceof KiccUser) {
-			return (KiccUser) principal;
+		if (principal instanceof CasUser) {
+			return (CasUser) principal;
 		}
 		return null;
 	}
 
 	/**
-	 * 获取用户
+	 * 获取CAS用户
 	 */
-	public KiccUser getUser() {
+	public CasUser getCasUser() {
 		Authentication authentication = getAuthentication();
 		if (authentication == null) {
 			return null;
 		}
-		return getUser(authentication);
+		return getCasUser(authentication);
+	}
+
+	/**
+	 * 获取SSO扩展用户
+	 */
+	@SneakyThrows
+	public KiccUser getUser() {
+		CasUser casUser = getCasUser();
+		String str = casUser.getExPrincipals().get(CasSystemEnum.KICC);
+		if (JSONUtil.isJson(str)) {
+			return	new ObjectMapper()
+					.readValue(str, KiccUser.class);
+		}
+		return null;
 	}
 
 	/**
@@ -83,6 +103,7 @@ public class SecurityUtils {
 	 * @param userId 用户id
 	 * @return User 用户对象
 	 */
+	@SneakyThrows
 	public User openInterfaceTemporaryLoginSession(String userId) {
 		RemoteUserService remoteUserService = SpringContextHolderUtil.getBean(RemoteUserService.class);
 		R<User> result = remoteUserService.selectByUserId(userId);
@@ -90,21 +111,36 @@ public class SecurityUtils {
 			throw new CheckedException("用户不存在");
 		}
 		User user = result.getData();
-		KiccUser kiccUser = new KiccUser(
-				user.getId(),
-				user.getDeptId(),
+		Set<String> dbAuthsSet = new HashSet<>();
+		if (ArrayUtil.isNotEmpty(user.getRoleIds())) {
+			// 获取角色
+			Arrays.stream(user.getRoleIds()).forEach(role -> dbAuthsSet.add(SecurityConstants.ROLE + role));
+			// 获取资源
+			dbAuthsSet.addAll(Arrays.asList(user.getPermissions()));
+		}
+
+		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList(dbAuthsSet.toArray(new String[0]));
+
+		CasUser casUser = new CasUser(
 				user.getUserName(),
 				SecurityConstants.BCRYPT + user.getPassword(),
-				user.getPhone(),
-				user.getUserType(),
-				user.getTenantId(),
 				true,
 				true,
 				true,
 				StrUtil.equals(user.getStatus(), CommonConstants.STATUS_NORMAL),
-				AuthorityUtils.createAuthorityList(user.getPermissions())
+				authorities
 		);
-		Authentication authentication = new UsernamePasswordAuthenticationToken(kiccUser, "N/A", kiccUser.getAuthorities());
+		BeanUtils.copyProperties(user, casUser);
+		// 设置扩展用户数据
+		casUser.getExPrincipals().put(CasSystemEnum.KICC, new ObjectMapper()
+				.setSerializationInclusion(JsonInclude.Include.NON_NULL)
+				.writeValueAsString(new KiccUser(
+						user.getDeptId(),
+						user.getUserType(),
+						dbAuthsSet
+				)));
+
+		Authentication authentication = new UsernamePasswordAuthenticationToken(casUser, "N/A", casUser.getAuthorities());
 		SecurityContextHolder.getContext().setAuthentication(authentication);
 		return user;
 	}

kicc-platform/kicc-platform-biz/kicc-common-biz/src/main/java/com/cloud/kicc/commonbiz/controller/MapLogisticController.java

@@ -98,7 +98,7 @@ public class MapLogisticController {
     @PostMapping("/uploadGps")
     @ApiOperation(value = "安卓定时上传GPS定位")
     public R uploadGps(@RequestBody MapLogistic mapLogistic) {
-        iMapLogisticSseService.sendMessage(SecurityUtils.getUser().getId(),item -> {
+        iMapLogisticSseService.sendMessage(SecurityUtils.getCasUser().getId(),item -> {
             item.getSseEmitter().send(mapLogistic);
         });
         return R.ok(mapLogistic);

kicc-platform/kicc-platform-biz/kicc-common-biz/src/main/java/com/cloud/kicc/commonbiz/controller/MapTaskController.java

@@ -131,7 +131,7 @@ public class MapTaskController {
         String content = JSONObject.toJSONString(mapLogisticPoint);
         PushChatMessage pushChatMessage = new PushChatMessage();
         pushChatMessage.setRemarks(content);
-        pushChatMessage.setTitle(SecurityUtils.getUser().getUsername() + "与你对接预设点");
+        pushChatMessage.setTitle(SecurityUtils.getCasUser().getUsername() + "与你对接预设点");
         // 保存交接消息
         iPushChatMessageService.save(pushChatMessage);
         // todo: 调用友盟推送接口,目前未测试需要安卓上线平台,后面处理

kicc-platform/kicc-platform-biz/kicc-common-biz/src/main/java/com/cloud/kicc/commonbiz/controller/PushApplicationController.java

@@ -46,7 +46,7 @@ public class PushApplicationController {
 
     private LambdaQueryWrapper<PushApplication> getQueryWrapper(PushApplication pushApplication) {
         return new LambdaQueryWrapper<PushApplication>()
-                .eq(PushApplication::getCreateById, SecurityUtils.getUser().getId())
+                .eq(PushApplication::getCreateById, SecurityUtils.getCasUser().getId())
                 .eq(StrUtil.isNotBlank(pushApplication.getName()), PushApplication::getName, pushApplication.getName())
                 .eq(StrUtil.isNotBlank(pushApplication.getStatus()), PushApplication::getStatus, pushApplication.getStatus())
                 .orderByAsc(PushApplication::getCreateTime);
@@ -72,7 +72,7 @@ public class PushApplicationController {
         if (StrUtil.equals(SecurityUtils.getUser().getUserType(), UserTypeEnum.ENTERPRISE_USER.getValue()) &&
                 iPushEnterpriseService.count(Wrappers.<PushEnterprise>lambdaQuery()
                         .eq(PushEnterprise::getStatus, PushAuditStatusEnum.APPROVED.getValue())
-                        .eq(PushEnterprise::getUserId, SecurityUtils.getUser().getId())) == 0){
+                        .eq(PushEnterprise::getUserId, SecurityUtils.getCasUser().getId())) == 0){
             throw new CheckedException("该企业用户未进行企业认证，禁止操作！");
         }
         pushApplication.setMessageSecret(UUID.randomUUID().toString().replace("-",""));

kicc-platform/kicc-platform-biz/kicc-common-biz/src/main/java/com/cloud/kicc/commonbiz/controller/PushBlacklistController.java

@@ -44,7 +44,7 @@ public class PushBlacklistController {
     @ApiOperation("分页查询")
     @GetMapping("/list")
     public R list(Page page, User user) {
-        user.setCreateById(SecurityUtils.getUser().getId());
+        user.setCreateById(SecurityUtils.getCasUser().getId());
         IPage<Map<String, Object>> iPage = iPushBlacklistService.selectPushBlacklist(page, user);
         return R.ok(iPage.getRecords(), iPage.getTotal());
     }

kicc-platform/kicc-platform-biz/kicc-common-biz/src/main/java/com/cloud/kicc/commonbiz/controller/PushChatMessageController.java

@@ -37,7 +37,7 @@ public class PushChatMessageController {
 
     private LambdaQueryWrapper<PushChatMessage> getQueryWrapper(PushChatMessage pushChatMessage) {
         return new LambdaQueryWrapper<PushChatMessage>()
-                .eq(PushChatMessage::getUserId, SecurityUtils.getUser().getId())
+                .eq(PushChatMessage::getUserId, SecurityUtils.getCasUser().getId())
                 .eq(ObjectUtil.isNotEmpty(pushChatMessage.getStatus()), PushChatMessage::getStatus, pushChatMessage.getStatus())
                 .like(StrUtil.isNotBlank(pushChatMessage.getTitle()), PushChatMessage::getTitle, pushChatMessage.getTitle())
                 .eq(StrUtil.isNotBlank(pushChatMessage.getAlias()), PushChatMessage::getAlias, pushChatMessage.getAlias())

kicc-platform/kicc-platform-biz/kicc-common-biz/src/main/java/com/cloud/kicc/commonbiz/controller/PushEnterpriseController.java

@@ -63,7 +63,7 @@ public class PushEnterpriseController {
     @GetMapping("/getAuthData")
     public R getAuthData() {
         return R.ok(iPushEnterpriseService.getOne(Wrappers.<PushEnterprise>lambdaQuery()
-                .eq(PushEnterprise::getUserId, SecurityUtils.getUser().getId())));
+                .eq(PushEnterprise::getUserId, SecurityUtils.getCasUser().getId())));
     }
 
     @ApiOperation("保存")
@@ -74,10 +74,10 @@ public class PushEnterpriseController {
             throw new CheckedException("当前用户不是企业用户请用企业用户登录后重试！");
         }
         if(iPushEnterpriseService.count(Wrappers.<PushEnterprise>lambdaQuery()
-                .eq(PushEnterprise::getUserId, SecurityUtils.getUser().getId())) > 0) {
+                .eq(PushEnterprise::getUserId, SecurityUtils.getCasUser().getId())) > 0) {
             throw new CheckedException("该企业用户下已经存在认证数据！");
         }
-        if (StrUtil.isBlank(pushEnterprise.getUserId())) pushEnterprise.setUserId(SecurityUtils.getUser().getId());
+        if (StrUtil.isBlank(pushEnterprise.getUserId())) pushEnterprise.setUserId(SecurityUtils.getCasUser().getId());
         iPushEnterpriseService.save(pushEnterprise);
         return R.ok();
     }
@@ -110,7 +110,7 @@ public class PushEnterpriseController {
     public R updateAuditStatus(@PathVariable Integer status) {
         iPushEnterpriseService.update(Wrappers.<PushEnterprise>lambdaUpdate()
                 .set(PushEnterprise::getStatus, status)
-                .eq(PushEnterprise::getUserId, SecurityUtils.getUser().getId()));
+                .eq(PushEnterprise::getUserId, SecurityUtils.getCasUser().getId()));
         return R.ok();
     }
 

kicc-platform/kicc-platform-biz/kicc-common-biz/src/main/java/com/cloud/kicc/commonbiz/controller/PushTypeController.java

@@ -53,7 +53,7 @@ public class PushTypeController {
     @ApiOperation("分页查询")
     @GetMapping("/list")
     public R list(Page page, PushType pushType) {
-        pushType.setCreateById(SecurityUtils.getUser().getId());
+        pushType.setCreateById(SecurityUtils.getCasUser().getId());
         IPage<PushType> list = iPushTypeService.page(page, getQueryWrapper(pushType));
         return R.ok(list.getRecords(), list.getTotal());
     }
@@ -70,7 +70,7 @@ public class PushTypeController {
     public R save(@Valid @RequestBody PushType pushType) {
         iPushTypeService.save(pushType);
         List<PushConcernFan> pushConcernFanList = iPushConcernFanService
-                .list(Wrappers.<PushConcernFan>lambdaQuery().eq(PushConcernFan::getConcernUserId, SecurityUtils.getUser().getId()));
+                .list(Wrappers.<PushConcernFan>lambdaQuery().eq(PushConcernFan::getConcernUserId, SecurityUtils.getCasUser().getId()));
         List<PushConcernFanType> pushConcernFanTypeList = pushConcernFanList.stream().map(item -> new PushConcernFanType()
                 .setConcernFanId(item.getId())
                 .setName(pushType.getName())
@@ -111,7 +111,7 @@ public class PushTypeController {
         // 全部设置为不默认
         iPushTypeService.update(Wrappers.<PushType>lambdaUpdate()
                 .set(PushType::getDefaultType, "0")
-                .eq(PushType::getCreateById, SecurityUtils.getUser().getId()));
+                .eq(PushType::getCreateById, SecurityUtils.getCasUser().getId()));
         iPushTypeService.updateById(pushType);
         return R.ok();
     }

kicc-platform/kicc-platform-biz/kicc-common-biz/src/main/java/com/cloud/kicc/commonbiz/service/impl/MapLogisticServiceImpl.java

@@ -206,7 +206,7 @@ public class MapLogisticServiceImpl extends ServiceImpl<MapLogisticMapper, MapLo
         payload.put("display_type", "notification");
         JSONObject body = new JSONObject();
         body.put("ticker", "交接任务确认");
-        body.put("text", SecurityUtils.getUser().getUsername() + "向你发起了交接点确认!");
+        body.put("text", SecurityUtils.getCasUser().getUsername() + "向你发起了交接点确认!");
         body.put("title", "交接任务确认");
         body.put("after_open", "go_custom");
         body.put("custom", JSONObject.toJSON(mapLogisticPoint));

kicc-platform/kicc-platform-biz/kicc-common-biz/src/main/java/com/cloud/kicc/commonbiz/service/impl/MapLogisticSseServiceImpl.java

@@ -3,7 +3,7 @@ package com.cloud.kicc.commonbiz.service.impl;
 import cn.hutool.core.collection.ConcurrentHashSet;
 import cn.hutool.core.util.StrUtil;
 import com.cloud.kicc.common.core.exception.CheckedException;
-import com.cloud.kicc.common.data.entity.KiccUser;
+import com.cloud.kicc.common.data.entity.CasUser;
 import com.cloud.kicc.common.security.util.SecurityUtils;
 import com.cloud.kicc.commonbiz.api.entity.SseSignalContainer;
 import com.cloud.kicc.commonbiz.service.IMapLogisticSseService;
@@ -48,57 +48,57 @@ public class MapLogisticSseServiceImpl implements IMapLogisticSseService {
     @Override
     @SneakyThrows
     public SseEmitter SseSubscribe(String clientId) {
-        KiccUser kiccUser = getUser();
+        CasUser casUser = getUser();
         Optional.ofNullable(clientId).orElseThrow(() -> new CheckedException("当前客户端Id为空,请检查后重试!"));
         // 设置超时时间为1小时
         SseEmitter sseEmitter = new SseEmitter(3600_000L);
         SseSignalContainer sseSignalContainer =new SseSignalContainer(
                 clientId,
-                kiccUser.getId(),
+                casUser.getId(),
                 sseEmitter,
-                kiccUser.getTenantId()
+                casUser.getTenantId()
         );
         // 设置如果网络出错前端请求的重试时间为1s
         sseEmitter.send(SseEmitter.event().data("创建通道连接成功").reconnectTime(1000));
         sseSignalContainers.add(sseSignalContainer);
-        log.info("clientId:{},建立的用户Id为:{}", clientId, kiccUser.getId());
+        log.info("clientId:{},建立的用户Id为:{}", clientId, casUser.getId());
         sseEmitter.onTimeout(() -> {
-            log.info("clientId:{},用户Id为:{},的SSE长轮询已经超时,正在删除当前的建立通道对象", clientId, kiccUser.getId());
+            log.info("clientId:{},用户Id为:{},的SSE长轮询已经超时,正在删除当前的建立通道对象", clientId, casUser.getId());
             sseEmitter.complete();
             sseSignalContainers.remove(sseSignalContainer);
         });
         sseEmitter.onCompletion(() -> {
-            log.info("clientId:{},用户Id为:{}的SSE长轮询已经返回响应关闭,正在删除当前的建立通道对象", clientId, kiccUser.getId());
+            log.info("clientId:{},用户Id为:{}的SSE长轮询已经返回响应关闭,正在删除当前的建立通道对象", clientId, casUser.getId());
             sseSignalContainers.remove(sseSignalContainer);
         });
-        sseEmitter.onError(e -> log.info("clientId:{},当前用户Id为:{}的SSE长轮询出现异常,正在删除当前的建立通道对象,错误信息{}", clientId, kiccUser.getId(), e.getLocalizedMessage()));
+        sseEmitter.onError(e -> log.info("clientId:{},当前用户Id为:{}的SSE长轮询出现异常,正在删除当前的建立通道对象,错误信息{}", clientId, casUser.getId(), e.getLocalizedMessage()));
         return sseEmitter;
     }
 
     @Override
     public void sendMessage(String userId, SseEmitterConsumer<SseSignalContainer> consumer) {
-        KiccUser kiccUser = getUser();
+        CasUser casUser = getUser();
         Set<SseSignalContainer> sendSseSignalContainers = sseSignalContainers.stream()
-                .filter(item -> StrUtil.equals(item.getUserId(), userId) && StrUtil.equals(item.getTenantId(), kiccUser.getTenantId()))
+                .filter(item -> StrUtil.equals(item.getUserId(), userId) && StrUtil.equals(item.getTenantId(), casUser.getTenantId()))
                 .collect(Collectors.toSet());
         send(sendSseSignalContainers, consumer);
     }
 
     @Override
     public void sendMessage(SseEmitterConsumer<SseSignalContainer> consumer) {
-        KiccUser kiccUser = getUser();
+        CasUser casUser = getUser();
         Set<SseSignalContainer> sendSseSignalContainers = sseSignalContainers.stream()
-                .filter(item -> StrUtil.equals(item.getTenantId(), kiccUser.getTenantId()))
+                .filter(item -> StrUtil.equals(item.getTenantId(), casUser.getTenantId()))
                 .collect(Collectors.toSet());
         send(sendSseSignalContainers, consumer);
     }
 
     @Override
     public void disconnect(String clientId) {
-        KiccUser kiccUser = getUser();
+        CasUser casUser = getUser();
         Optional.ofNullable(clientId).orElseThrow(() -> new CheckedException("当前客户端Id为空,请检查后重试!"));
         Set<SseSignalContainer> sendSseSignalContainers = sseSignalContainers.stream()
-                .filter(item -> StrUtil.equals(item.getClientId(), clientId) && StrUtil.equals(item.getTenantId(), kiccUser.getTenantId()))
+                .filter(item -> StrUtil.equals(item.getClientId(), clientId) && StrUtil.equals(item.getTenantId(), casUser.getTenantId()))
                 .collect(Collectors.toSet());
         sendSseSignalContainers.forEach(item -> item.getSseEmitter().complete());
         sseSignalContainers.removeAll(sendSseSignalContainers);
@@ -106,9 +106,9 @@ public class MapLogisticSseServiceImpl implements IMapLogisticSseService {
 
     @Override
     public void disconnect() {
-        KiccUser kiccUser = getUser();
+        CasUser casUser = getUser();
         Set<SseSignalContainer> sendSseSignalContainers = sseSignalContainers.stream()
-                .filter(item -> StrUtil.equals(item.getTenantId(), kiccUser.getTenantId()))
+                .filter(item -> StrUtil.equals(item.getTenantId(), casUser.getTenantId()))
                 .collect(Collectors.toSet());
         sendSseSignalContainers.forEach(item -> item.getSseEmitter().complete());
         sseSignalContainers.removeAll(sendSseSignalContainers);
@@ -154,10 +154,10 @@ public class MapLogisticSseServiceImpl implements IMapLogisticSseService {
         return failedEmitters;
     }
 
-    private KiccUser getUser() {
-        KiccUser kiccUser = SecurityUtils.getUser();
-        Optional.ofNullable(kiccUser).orElseThrow(() -> new CheckedException("当前用户登录,请先登录后重试!"));
-        return kiccUser;
+    private CasUser getUser() {
+        CasUser casUser = SecurityUtils.getCasUser();
+        Optional.ofNullable(casUser).orElseThrow(() -> new CheckedException("当前用户登录,请先登录后重试!"));
+        return casUser;
     }
 
 }

kicc-platform/kicc-platform-biz/kicc-common-biz/src/main/java/com/cloud/kicc/commonbiz/service/impl/PushApplicationServiceImpl.java

@@ -76,7 +76,7 @@ public class PushApplicationServiceImpl extends ServiceImpl<PushApplicationMappe
         if (StrUtil.equals(SecurityUtils.getUser().getUserType(),  UserTypeEnum.ENTERPRISE_USER.getValue()) &&
                 iPushEnterpriseService.count(Wrappers.<PushEnterprise>lambdaQuery()
                         .eq(PushEnterprise::getStatus, PushAuditStatusEnum.APPROVED.getValue())
-                        .eq(PushEnterprise::getUserId, SecurityUtils.getUser().getId())) == 0){
+                        .eq(PushEnterprise::getUserId, SecurityUtils.getCasUser().getId())) == 0){
             throw new CheckedException("该企业用户未进行企业认证，禁止操作！");
         }
 

kicc-platform/kicc-platform-biz/kicc-system-biz/src/main/java/com/cloud/kicc/system/bigscreen/service/impl/VisualDbServiceImpl.java

@@ -5,6 +5,7 @@ import cn.hutool.core.map.MapUtil;
 import cn.hutool.core.util.ObjectUtil;
 import com.baomidou.dynamic.datasource.toolkit.DynamicDataSourceContextHolder;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
+import com.cloud.kicc.common.data.entity.CasUser;
 import com.cloud.kicc.common.data.entity.KiccUser;
 import com.cloud.kicc.common.datasource.dynamic.DynamicDataSource;
 import com.cloud.kicc.common.datasource.util.ConnUtil;
@@ -56,9 +57,14 @@ public class VisualDbServiceImpl extends ServiceImpl<VisualDbMapper, VisualDb> i
 			BeanUtils.copyProperties(visualDb, dynamicDataSource);
 			DynamicDataSourceUtil.switchToDataSource(dynamicDataSource);
 			// 获取user信息
+			CasUser casUser = SecurityUtils.getCasUser();
 			KiccUser kiccUser = SecurityUtils.getUser();
 			// 获取user参数
-			Map<String, Object> map = ObjectUtil.isEmpty(kiccUser) ? MapUtil.newHashMap() : BeanUtil.beanToMap(kiccUser);
+			Map<String, Object> map = MapUtil.newHashMap();
+			if (ObjectUtil.isNotEmpty(casUser)) {
+				map.putAll(BeanUtil.beanToMap(casUser));
+				map.putAll(BeanUtil.beanToMap(kiccUser));
+			}
 			// 替换user占位符
 			String dynamicSql = PlaceholderUtil.getDefaultResolver().resolveByMap(sql, map);
 			// 执行自定义sql

kicc-platform/kicc-platform-biz/kicc-system-biz/src/main/java/com/cloud/kicc/system/controller/SsoUserController.java

@@ -89,7 +89,7 @@ public class SsoUserController {
 
     @PutMapping("/updatePwd")
     public R updatePwd(@Validated @RequestBody SsoUser ssoUser) {
-        SsoUser originUser = iSsoUserService.getById(SecurityUtils.getUser().getId());
+        SsoUser originUser = iSsoUserService.getById(SecurityUtils.getCasUser().getId());
         if (originUser != null && StrUtil.equals(ENCODER.encode(ssoUser.getPassword()), originUser.getPassword())) {
             iSsoUserService.update(Wrappers.<SsoUser>update().lambda().eq(SsoUser::getId, originUser.getId()).set(SsoUser::getPassword, ssoUser.getPassword()));
             return R.ok();

kicc-platform/kicc-platform-biz/kicc-system-biz/src/main/java/com/cloud/kicc/system/controller/UserController.java

@@ -141,7 +141,7 @@ public class UserController {
         // 企业内部用户推送类型数据同步
         if (StrUtil.equals(user.getUserType(), UserTypeEnum.INTERNAL_USER.getValue())) {
             List<User> userList = userService.list(Wrappers.<User>lambdaQuery()
-                    .ne(User::getId, SecurityUtils.getUser().getId())
+                    .ne(User::getId, SecurityUtils.getCasUser().getId())
                     .notIn(User::getUserType, UserTypeEnum.ENTERPRISE_USER.getValue(), UserTypeEnum.INTERNAL_USER.getValue()));
             remotePushConcernFanService.enterpriseUserFanSave(user.getId(), userList);
         }
@@ -215,7 +215,7 @@ public class UserController {
     @PutMapping("/updatePwd")
     @PreAuthorize("@pms.hasPermission('user_edit')")
     public R updatePwd(User user) {
-        User originUser = userService.getById(SecurityUtils.getUser().getId());
+        User originUser = userService.getById(SecurityUtils.getCasUser().getId());
         if (originUser != null && StrUtil.equals(ENCODER.encode(user.getPassword()), originUser.getPassword())) {
             userService.update(Wrappers.<User>update().lambda().eq(User::getId, originUser.getId()).set(User::getPassword, user.getPassword()));
             return R.ok();
@@ -253,7 +253,7 @@ public class UserController {
     @GetMapping("/changeTenant/{tenantIds:[\\w,]+}")
     @PreAuthorize("@pms.hasPermission('user_edit')")
     public R changeTenant(@PathVariable String[] tenantIds) {
-        String originTenantIds = SecurityUtils.getUser().getTenantId();
+        String originTenantIds = SecurityUtils.getCasUser().getTenantId();
         userService.setCurrentUserTenant(tenantIds);
         try {
             // 检测切换的多租户下是否已经配置好了基础数据,没配置会导致系统直接404
@@ -280,7 +280,7 @@ public class UserController {
 
     @GetMapping("/synchronousAuthenticationUser")
     public R synchronousAuthenticationUser() {
-        return R.ok(SecurityUtils.getUser());
+        return R.ok(SecurityUtils.getCasUser());
     }
 
 }

kicc-platform/kicc-platform-biz/kicc-system-biz/src/main/java/com/cloud/kicc/system/service/impl/UserServiceImpl.java

@@ -8,6 +8,7 @@ import com.baomidou.mybatisplus.core.toolkit.Wrappers;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
 import com.cloud.kicc.common.core.constant.SecurityConstants;
 import com.cloud.kicc.common.core.exception.CheckedException;
+import com.cloud.kicc.common.data.entity.CasUser;
 import com.cloud.kicc.common.data.entity.KiccUser;
 import com.cloud.kicc.common.security.util.SecurityUtils;
 import com.cloud.kicc.system.api.entity.Dept;
@@ -85,19 +86,19 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
         List<String> roleIds = roleList.stream().map(Role::getId).collect(Collectors.toList());
         user.setRoleIds(ArrayUtil.toArray(roleIds, String.class));
         // 设置权限列表（menu.permission）
-        Set<String> permissions = new HashSet();
+        Set<String> permissions = new HashSet<>();
         // 设置多租户编码列表
-        Set<String> tenantCode = new HashSet();
+        Set<String> tenantCode = new HashSet<>();
         roleList.forEach(role -> {
             permissions.add(SecurityConstants.ROLE + role.getId());
             List<String> perms = menuService.selectPermsByRoleId(role.getId());
-            permissions.addAll(perms.stream().filter(item -> StrUtil.isNotBlank(item)).collect(Collectors.toList()));
+            permissions.addAll(perms.stream().filter(StrUtil::isNotBlank).collect(Collectors.toList()));
             // 设置多租户编码信息
             List<String> codes = tenantService.selectTenantCodeByRoleId(role.getId());
             tenantCode.addAll(codes);
         });
         // 检测多租户信息是否存在,不存在抛出异常
-        if (tenantCode.size() == 0) {
+        if (tenantCode.isEmpty()) {
            throw new CheckedException("该用户下不存在多租户,请联系统管理员进行配置。");
         }
         user.setTenantId(String.join(",", tenantCode));
@@ -107,7 +108,7 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
 
     @Override
     public User getCurrentUserInfo() {
-        User user = super.getOne(Wrappers.<User>query().lambda().eq(User::getId, SecurityUtils.getUser().getId()));
+        User user = super.getOne(Wrappers.<User>query().lambda().eq(User::getId, SecurityUtils.getCasUser().getId()));
         this.getUserAuthority(user);
         return user;
     }
@@ -116,15 +117,15 @@ public class UserServiceImpl extends ServiceImpl<UserMapper, User> implements Us
     public void setCurrentUserTenant(String... tenantIds) {
         Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication();
         if (currentAuthentication == null) {
-            new CheckedException("当前用户未登录,请登录后重试!");
+            throw new CheckedException("当前用户未登录,请登录后重试!");
         }
         OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) currentAuthentication;
         OAuth2AccessToken accessToken = tokenStore.getAccessToken(oAuth2Authentication);
         OAuth2Request oAuth2Request = oAuth2Authentication.getOAuth2Request();
         // 更新当前授权成功用户的信息
-        KiccUser kiccUser = SecurityUtils.getUser().setTenantId(StrUtil.join(",", tenantIds));
+        CasUser casUser = SecurityUtils.getCasUser().setTenantId(StrUtil.join(",", tenantIds));
         // 加载用户名密码身份验证令牌
-        Authentication userAuthentication = new UsernamePasswordAuthenticationToken(kiccUser, "N/A", kiccUser.getAuthorities());
+        Authentication userAuthentication = new UsernamePasswordAuthenticationToken(casUser, "N/A", casUser.getAuthorities());
         OAuth2Authentication authentication = new OAuth2Authentication(oAuth2Request, userAuthentication);
         authentication.setAuthenticated(true);
         tokenStore.storeAccessToken(accessToken, authentication);

kicc-platform/kicc-platform-biz/kicc-workflow-biz/src/main/java/com/cloud/kicc/workflow/controller/WorkflowFormController.java

@@ -67,9 +67,9 @@ public class WorkflowFormController {
         List<FormProperty> formProperties = startFormData.getFormProperties();
         // 设置流程变量
         Map<String,String> formProcessVars = MapUtil.newHashMap();
-        formProcessVars.put(WorkflowConstant.USERNAME, SecurityUtils.getUser().getUsername());
+        formProcessVars.put(WorkflowConstant.USERNAME, SecurityUtils.getCasUser().getUsername());
         // 设置流程发起人
-        identityService.setAuthenticatedUserId(SecurityUtils.getUser().getId() + "");
+        identityService.setAuthenticatedUserId(SecurityUtils.getCasUser().getId());
         // 设置流程标题
         if (StringUtils.isNotBlank(title)) {
             formProcessVars.put("title", title);

kicc-platform/kicc-platform-biz/kicc-workflow-biz/src/main/java/com/cloud/kicc/workflow/controller/WorkflowModelController.java

@@ -9,7 +9,7 @@ import com.cloud.kicc.common.core.api.R;
 import com.cloud.kicc.common.core.constant.AppConstants;
 import com.cloud.kicc.common.core.exception.CheckedException;
 import com.cloud.kicc.common.core.util.FileUtil;
-import com.cloud.kicc.common.data.entity.KiccUser;
+import com.cloud.kicc.common.data.entity.CasUser;
 import com.cloud.kicc.common.security.exception.ServerErrorException;
 import com.cloud.kicc.workflow.api.entity.WorkflowModel;
 import com.cloud.kicc.workflow.api.vo.ProcessDefinitionInfoVo;
@@ -128,9 +128,9 @@ public class WorkflowModelController {
         this.checkForDuplicateKey(modelRepresentation);
         String modelJson = modelService.createModelJson(modelRepresentation);
         // 设置模型用户信息
-        KiccUser user = com.cloud.kicc.common.security.util.SecurityUtils.getUser();
+        CasUser user = com.cloud.kicc.common.security.util.SecurityUtils.getCasUser();
         UserEntity modelUser = new UserEntityImpl();
-        modelUser.setId(user.getId() + "");
+        modelUser.setId(user.getId());
         modelUser.setFirstName(user.getUsername());
         modelUser.setLastName("");
         // 创建新模型
@@ -171,7 +171,7 @@ public class WorkflowModelController {
 
             // 查询模型进行比较处理
             Model model = this.modelService.getModel(modelId);
-            KiccUser currentUser = com.cloud.kicc.common.security.util.SecurityUtils.getUser();
+            CasUser currentUser = com.cloud.kicc.common.security.util.SecurityUtils.getCasUser();
             boolean currentUserIsOwner = model.getLastUpdatedBy().equals(currentUser.getId());
             String resolveAction = values.getFirst("conflictResolveAction");
             // 版本校验(如果此时你在修改模型时别人提交了你的模型版本,如果没有版本校验就会出问题)

kicc-platform/kicc-platform-biz/kicc-workflow-biz/src/main/java/com/cloud/kicc/workflow/controller/WorkflowTaskController.java

@@ -196,7 +196,7 @@ public class WorkflowTaskController {
     @PostMapping("/delegateTask")
     public R delegateTask(String taskId, String userId) {
         if (StringUtils.isBlank(taskId) || StringUtils.isBlank(userId)) return R.error("参数异常");
-        taskService.setOwner(taskId, SecurityUtils.getUser().getId() + "");
+        taskService.setOwner(taskId, SecurityUtils.getCasUser().getId());
         // 设置任务委托人为的指定的处理人
         taskService.delegateTask(taskId, userId);
         return R.ok("委托成功");
@@ -205,7 +205,7 @@ public class WorkflowTaskController {
     /** 签收任务 */
     @PostMapping("/claim/{taskId}")
     public R claim(@PathVariable String taskId) {
-        workflowTaskService.claim(taskId, SecurityUtils.getUser().getId() + "");
+        workflowTaskService.claim(taskId, SecurityUtils.getCasUser().getId());
         return R.ok("签收成功");
     }
 
@@ -221,7 +221,7 @@ public class WorkflowTaskController {
     public R transferTask(String taskId, String userId) {
         if (StringUtils.isBlank(userId) || StringUtils.isBlank(taskId)) return R.error("转移失败,参数异常");
         // 设置当前流程任务办理人
-        Authentication.setAuthenticatedUserId(SecurityUtils.getUser().getId() + "");
+        Authentication.setAuthenticatedUserId(SecurityUtils.getCasUser().getId());
         taskService.setAssignee(taskId, userId);
         return R.ok("转移成功!");
     }

kicc-platform/kicc-platform-biz/kicc-workflow-biz/src/main/java/com/cloud/kicc/workflow/extension/controller/WorkflowCopyController.java

@@ -29,7 +29,7 @@ public class WorkflowCopyController {
 
     @GetMapping("/list")
     public R list(Page page, WorkflowCopy workflowCopy) {
-        workflowCopy.setUserId(SecurityUtils.getUser().getId());
+        workflowCopy.setUserId(SecurityUtils.getCasUser().getId());
         IPage<WorkflowCopy> result = workflowCopyService.findList(page, workflowCopy);
         return R.ok(result.getRecords(), result.getTotal());
     }

kicc-platform/kicc-platform-biz/kicc-workflow-biz/src/main/java/com/cloud/kicc/workflow/interceptor/ModelHandlerInterceptor.java

@@ -1,6 +1,7 @@
 package com.cloud.kicc.workflow.interceptor;
 
 import cn.hutool.core.util.StrUtil;
+import com.cloud.kicc.common.data.entity.CasUser;
 import com.cloud.kicc.common.data.entity.KiccUser;
 import lombok.SneakyThrows;
 import org.flowable.idm.api.User;
@@ -25,12 +26,12 @@ public class ModelHandlerInterceptor implements HandlerInterceptor {
 
 	@SneakyThrows
 	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
-		KiccUser kiccUser = com.cloud.kicc.common.security.util.SecurityUtils.getUser();
+		CasUser casUser = com.cloud.kicc.common.security.util.SecurityUtils.getCasUser();
 		User currentUserObject = SecurityUtils.getCurrentUserObject();
 		if (currentUserObject == null || StrUtil.isBlank(currentUserObject.getId())) {
 			User user = new UserEntityImpl();
-			user.setId(kiccUser.getId() + "");
-			user.setFirstName(kiccUser.getUsername());
+			user.setId(casUser.getId());
+			user.setFirstName(casUser.getUsername());
 			user.setLastName("");
 			SecurityUtils.assumeUser(user);
 		}

kicc-platform/kicc-platform-biz/kicc-workflow-biz/src/main/java/com/cloud/kicc/workflow/override/json/FlowableSequenceFlowJsonConverter.java

@@ -49,7 +49,7 @@ public class FlowableSequenceFlowJsonConverter extends SequenceFlowJsonConverter
 
                 ExtensionAttribute id = new ExtensionAttribute();
                 id.setName("id");
-                id.setValue(workflowCondition.getId() + "");
+                id.setValue(workflowCondition.getId());
                 ExtensionAttribute field = new ExtensionAttribute();
                 field.setName("field");
                 field.setValue(workflowCondition.getField());

kicc-platform/kicc-platform-biz/kicc-workflow-biz/src/main/java/com/cloud/kicc/workflow/parser/handler/ExtendUserTaskActivityBehavior.java

@@ -114,7 +114,7 @@ public class ExtendUserTaskActivityBehavior extends UserTaskActivityBehavior {
                         break;
                     case "currentUserId":
                         // 当前登录用户进行候选
-                        candidateUserIds.add(SecurityUtils.getUser().getId() + "");
+                        candidateUserIds.add(SecurityUtils.getCasUser().getId());
                         break;
                     case "sql":
                         // 查询sql中指定的id用户进行候选

kicc-platform/kicc-platform-biz/kicc-workflow-biz/src/main/java/com/cloud/kicc/workflow/parser/handler/MultiInstanceHandler.java

@@ -83,7 +83,7 @@ public class MultiInstanceHandler {
                         break;
                     case "currentUserId":
                         // 当前登录用户进行候选
-                        candidateUserIds.add(SecurityUtils.getUser().getId() + "");
+                        candidateUserIds.add(SecurityUtils.getCasUser().getId());
                         break;
                     case "sql":
                         // 查询sql中指定的id用户进行候选

kicc-platform/kicc-platform-biz/kicc-workflow-biz/src/main/java/com/cloud/kicc/workflow/service/impl/WorkflowProcessServiceImpl.java

@@ -7,6 +7,7 @@ import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.cloud.kicc.common.core.constant.CommonConstants;
+import com.cloud.kicc.common.data.entity.CasUser;
 import com.cloud.kicc.common.data.entity.KiccUser;
 import com.cloud.kicc.common.security.util.SecurityUtils;
 import com.cloud.kicc.workflow.api.constant.WorkflowConstant;
@@ -102,7 +103,7 @@ public class WorkflowProcessServiceImpl implements WorkflowProcessService {
         result.setRecords(CollectionUtil.newArrayList());
         List<ProcessDefinition> processDefinitionList = query.listPage((current - 1) * size, size);
         for (ProcessDefinition processDefinition : processDefinitionList) {
-            if(this.validateProcessAuth(SecurityUtils.getUser(), processDefinition.getId())){
+            if(this.validateProcessAuth(SecurityUtils.getCasUser(), processDefinition.getId())){
                 Deployment deployment = repositoryService.createDeploymentQuery().deploymentId(processDefinition.getDeploymentId()).singleResult();
                 ProcessDefinitionInfoVo processDefinitionInfo =new ProcessDefinitionInfoVo();
                 processDefinitionInfo.setId(processDefinition.getId());
@@ -257,7 +258,7 @@ public class WorkflowProcessServiceImpl implements WorkflowProcessService {
 
             // 处理未签收任务,未领取就让当前用户领取
             if (StrUtil.isBlank(task.getAssignee())) {
-                taskService.claim(task.getId(), SecurityUtils.getUser().getId() + "");
+                taskService.claim(task.getId(), SecurityUtils.getCasUser().getId());
             }
             runtimeService.setVariable(processInsId, WorkflowConstant.PROCESS_STATUS_CODE, extendMessage.getMesCode());
             List<EndEvent> endNodes = workflowBpmnModelService.findEndFlowElement(processInstance.getProcessDefinitionId());
@@ -387,7 +388,7 @@ public class WorkflowProcessServiceImpl implements WorkflowProcessService {
     @Override
     public IPage<ProcessInstanceInfoVo> selfProcessInstanceList(Map<String, Object> params) {
         HistoricProcessInstanceQuery query = historyService.createHistoricProcessInstanceQuery()
-                .startedBy(SecurityUtils.getUser().getId() + "").includeProcessVariables().orderByProcessInstanceStartTime().desc();
+                .startedBy(SecurityUtils.getCasUser().getId()).includeProcessVariables().orderByProcessInstanceStartTime().desc();
 
         String title = MapUtil.getStr(params, " title");
         Date beginTime = MapUtil.getDate(params, "beginTime"),
@@ -409,7 +410,7 @@ public class WorkflowProcessServiceImpl implements WorkflowProcessService {
         IPage result = new Page(current, size);
         result.setTotal(query.count());
         result.setRecords(CollectionUtil.newArrayList());
-        List<HistoricProcessInstance> historicProcessInstanceList = query.involvedUser(SecurityUtils.getUser().getId() + "").listPage((current - 1) * size, size);
+        List<HistoricProcessInstance> historicProcessInstanceList = query.involvedUser(SecurityUtils.getCasUser().getId()).listPage((current - 1) * size, size);
 
         for (HistoricProcessInstance historicProcessInstance : historicProcessInstanceList) {
             ProcessInstanceInfoVo processInstanceInfo = this.queryProcessState(historicProcessInstance.getId());
@@ -436,11 +437,11 @@ public class WorkflowProcessServiceImpl implements WorkflowProcessService {
         // 可由外部提供流程发起人
         String userId = MapUtil.getStr(vars, WorkflowConstant.INITIATOR);
         if(userId == null){
-            userId= SecurityUtils.getUser().getId() + "";
+            userId= SecurityUtils.getCasUser().getId();
         }
 
         // 设置流程执行人
-        vars.put(WorkflowConstant.USERNAME, SecurityUtils.getUser().getUsername());
+        vars.put(WorkflowConstant.USERNAME, SecurityUtils.getCasUser().getUsername());
 
         // 设置流程发起人
         identityService.setAuthenticatedUserId(userId);
@@ -471,13 +472,13 @@ public class WorkflowProcessServiceImpl implements WorkflowProcessService {
     }
 
     /** 流程权限校验 */
-    private boolean validateProcessAuth(KiccUser user, String processDefId) {
+    private boolean validateProcessAuth(CasUser user, String processDefId) {
         List<IdentityLink> identityLinks = repositoryService.getIdentityLinksForProcessDefinition(processDefId);
-        if(identityLinks.size() == 0){
+        if(identityLinks.isEmpty()){
             return true;
         }
         for (IdentityLink identityLink : identityLinks ) {
-            if((user.getId() + "").equals(identityLink.getUserId())){
+            if((user.getId()).equals(identityLink.getUserId())){
                 return true;
             }
             if(SecurityUtils.getRoles().contains(identityLink.getGroupId())) {

kicc-platform/kicc-platform-biz/kicc-workflow-biz/src/main/java/com/cloud/kicc/workflow/service/impl/WorkflowTaskServiceImpl.java

@@ -80,7 +80,7 @@ public class WorkflowTaskServiceImpl implements WorkflowTaskService {
     public IPage<ProcessInstanceInfoVo> list(Map<String, Object> params) {
         // =============== 已经签收或者等待签收的任务  ===============
         TaskQuery query = taskService.createTaskQuery()
-                .taskCandidateOrAssigned(SecurityUtils.getUser().getId() + "").active()
+                .taskCandidateOrAssigned(SecurityUtils.getCasUser().getId()).active()
                 .includeProcessVariables().orderByTaskCreateTime().desc();
 
         // 设置查询条件
@@ -130,7 +130,7 @@ public class WorkflowTaskServiceImpl implements WorkflowTaskService {
     @Override
     public IPage<HistoryTaskInfoVo> historyList(Map<String, Object> params) {
         HistoricTaskInstanceQuery query = historyService.createHistoricTaskInstanceQuery()
-                .taskAssignee(SecurityUtils.getUser().getId() + "").finished()
+                .taskAssignee(SecurityUtils.getCasUser().getId()).finished()
                 .includeProcessVariables().orderByHistoricTaskInstanceEndTime().desc();
 
         // 设置查询条件
@@ -279,7 +279,7 @@ public class WorkflowTaskServiceImpl implements WorkflowTaskService {
             // 未签收任务
         } else if(StrUtil.isBlank(task.getAssignee())){
             // 签收任务
-            taskService.claim(workFlow.getTaskId(),SecurityUtils.getUser().getId() + "");
+            taskService.claim(workFlow.getTaskId(),SecurityUtils.getCasUser().getId());
             // 提交任务
             taskService.complete(workFlow.getTaskId(), processVars);
         } else  {
@@ -340,7 +340,7 @@ public class WorkflowTaskServiceImpl implements WorkflowTaskService {
         Task task = taskService.createTaskQuery().taskId(currentTaskId).singleResult();
         if(StrUtil.isBlank(task.getAssignee())){
             //代理人为空自己签收任务
-            taskService.claim(currentTaskId, SecurityUtils.getUser().getId() + "");
+            taskService.claim(currentTaskId, SecurityUtils.getCasUser().getId());
         }
         // 退回发起者处理,退回到发起者,默认设置任务执行人为发起者
         ActivityInstance targetRealActivityInstance = runtimeService.createActivityInstanceQuery()