zy-asrs-wcs/src/main/java/com/zy/asrs/wcs/common/security/JwtAuthenticationFilter.java
@@ -37,7 +37,7 @@ @Component public class JwtAuthenticationFilter extends OncePerRequestFilter { public static final ArrayList<String> WHITE_KEY = new ArrayList<String>(){ public static final ArrayList<String> WHITE_LIST = new ArrayList<String>(){ private static final long serialVersionUID = 1L; { add("xltys1995"); @@ -63,8 +63,9 @@ if (!Cools.isEmpty(access_token)) { try { User user; if (WHITE_KEY.contains(access_token)) { user = userService.getByUsername("openapi", 2L); // 白名单 if (WHITE_LIST.contains(access_token)) { user = userService.getByUsername("openapi", null); if (user == null) { throw new UsernameNotFoundException("Username not found"); } @@ -77,7 +78,7 @@ // 解析token Claims claims = JwtUtil.parseToken(access_token, configProperties.getTokenKey()); JwtSubject jwtSubject = JwtUtil.getJwtSubject(claims); user = userService.getByUsername(jwtSubject.getUsername(), jwtSubject.getTenantId()); user = userService.getByUsername(jwtSubject.getUsername(), jwtSubject.getHostId()); if (user == null) { throw new UsernameNotFoundException("Username not found"); } zy-asrs-wcs/src/main/java/com/zy/asrs/wcs/common/security/JwtSubject.java
@@ -26,6 +26,6 @@ /** * 租户id */ private Long tenantId; private Long hostId; } zy-asrs-wcs/src/main/java/com/zy/asrs/wcs/common/security/SecurityConfig.java
@@ -19,10 +19,8 @@ import org.springframework.stereotype.Component; import javax.annotation.Resource; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; /** * Spring Security配置 @@ -95,8 +93,7 @@ static class JwtAccessDeniedHandler implements AccessDeniedHandler { @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) throws IOException, ServletException { public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) { HttpUtils.responseError(response, Constants.UNAUTHORIZED_CODE, Constants.UNAUTHORIZED_MSG, e.getMessage()); } @@ -107,8 +104,7 @@ static class JwtAuthenticationEntryPoint implements AuthenticationEntryPoint { @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException { public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) { HttpUtils.responseError(response, Constants.UNAUTHENTICATED_CODE, Constants.UNAUTHENTICATED_MSG, e.getMessage()); } zy-asrs-wcs/src/main/java/com/zy/asrs/wcs/sys/mapper/UserRoleMapper.java
@@ -1,6 +1,5 @@ package com.zy.asrs.wcs.sys.mapper; import com.baomidou.mybatisplus.annotation.InterceptorIgnore; import com.baomidou.mybatisplus.core.mapper.BaseMapper; import com.zy.asrs.wcs.sys.entity.Role; import com.zy.asrs.wcs.sys.entity.UserRole; @@ -14,7 +13,6 @@ @Repository public interface UserRoleMapper extends BaseMapper<UserRole> { @InterceptorIgnore(tenantLine = "true") List<Role> selectByUserId(@Param("userId") Long userId); } zy-asrs-wcs/src/main/resources/mapper/sys/RoleMenuMapper.xml
@@ -3,21 +3,19 @@ <mapper namespace="com.zy.asrs.wcs.sys.mapper.RoleMenuMapper"> <select id="listMenuByUserId" resultType="com.zy.asrs.wcs.sys.entity.Menu"> SELECT a.* FROM sys_menu a <where> AND a.menu_id IN ( SELECT menu_id FROM sys_role_menu WHERE role_id IN ( SELECT ta.role_id FROM sys_user_role ta LEFT JOIN sys_role tb ON ta.role_id = tb.role_id WHERE ta.user_id = #{userId} AND tb.deleted = 0 select * from sys_menu where 1=1 and id in ( select menu_id from sys_role_menu where role_id in ( select sur.role_id from sys_user_role sur left join sys_role sr on sur.role_id = sr.role_id where 1=1 and sur.user_id = #{userId} and sr.deleted = 0 ) ) <if test="menuType != null"> AND a.menu_type = #{menuType} </if> AND a.deleted = 0 </where> ORDER BY a.sort_number ) order by sort </select> </mapper> zy-asrs-wcs/src/main/resources/mapper/sys/UserMapper.xml
@@ -2,27 +2,15 @@ <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <mapper namespace="com.zy.asrs.wcs.sys.mapper.UserMapper"> <!-- 根据账号查询 --> <select id="selectByUsername" resultType="com.zy.asrs.wcs.sys.entity.User"> SELECT a.* , b.organization_name, c.dict_data_name sex_name FROM sys_user a LEFT JOIN sys_organization b ON a.organization_id = b.organization_id LEFT JOIN ( <include refid="selectSexDictSql"/> ) c ON a.sex = c.dict_data_code <where> AND a.deleted = 0 AND a.username = #{username} <if test="tenantId != null"> AND a.tenant_id = #{tenantId} </if> <if test="tenantId == null"> AND a.tenant_id = 2 </if> </where> select * from sys_user where 1=1 and deleted = 0 and username = #{username} <if test="hostId != null"> AND host_id = #{hostId} </if> </select> </mapper> zy-asrs-wcs/src/main/resources/mapper/sys/UserRoleMapper.xml
@@ -3,13 +3,14 @@ <mapper namespace="com.zy.asrs.wcs.sys.mapper.UserRoleMapper"> <select id="selectByUserId" resultType="com.zy.asrs.wcs.sys.entity.Role"> SELECT * FROM sys_role WHERE role_id IN ( SELECT role_id FROM sys_user_role WHERE user_id = #{userId} select * from sys_role where 1=1 and role_id in ( select role_id from sys_user_role where user_id = #{userId} ) AND deleted = 0 and deleted = 0 </select> </mapper>
