登陆登出获取用户信息等

build.gradle

@@ -25,7 +25,7 @@ buildscript {
         swagger_version = '2.7.0'
         fastjson_version = '1.2.44'
         pinyin4j_version = '2.5.1'
-        kisso_version = '3.7.0'
+        kisso_version = '3.6.13'
         caffeine_version = '2.6.1'
     }
     repositories {

zen-core/src/main/kotlin/com/gxzc/zen/common/base/BaseController.kt

@@ -1,7 +1,7 @@
 package com.gxzc.zen.common.base
 
 import com.baomidou.kisso.SSOHelper
-import com.baomidou.kisso.security.token.SSOToken
+import com.baomidou.kisso.SSOToken
 import com.gxzc.zen.common.util.HttpUtil
 import org.slf4j.LoggerFactory
 import javax.servlet.http.HttpServletRequest
@@ -24,10 +24,10 @@ open class BaseController {
     }
 
     protected fun getCurUserId(): Long {
-        return getSSOToken().id.toLong()
+        return getSSOToken().uid.toLong()
     }
 
-    protected fun getSSOToken(): SSOToken {
+    fun getSSOToken(): SSOToken {
         return SSOHelper.attrToken(getRequest())
                 ?: throw RuntimeException("The user does not exist, please re-login.")
     }

zen-umps/src/main/kotlin/com/gxzc/zen/umps/config/KissoAuthorization.kt

@@ -2,7 +2,8 @@ package com.gxzc.zen.umps.config
 
 import com.baomidou.kisso.SSOAuthorization
 import com.baomidou.kisso.SSOHelper
-import com.baomidou.kisso.security.token.SSOToken
+import com.baomidou.kisso.SSOToken
+import com.baomidou.kisso.Token
 import com.gxzc.zen.api.sys.service.ISysPermissionService
 import com.gxzc.zen.common.util.PlatformUtil
 import com.gxzc.zen.common.util.SpringContextHolder
@@ -16,18 +17,18 @@ import org.springframework.cache.CacheManager
  * 精确到按钮级别
  */
 class KissoAuthorization : SSOAuthorization {
-    private val cacheManager = SpringContextHolder.getBean(CacheManager::class.java)
-    private val permissionService = SpringContextHolder.getBean(ISysPermissionService::class.java)
-
-    override fun isPermitted(token: SSOToken?, permission: String?): Boolean {
+    override fun isPermitted(token: Token?, permission: String?): Boolean {
         if (token == null) {
             return false
         }
 
-        if (!StringUtils.isNumeric(token.id)) {
+        if (!StringUtils.isNumeric(token.id.toString())) {
             return false
         }
         val realPerm = "${PlatformUtil.getPlatformId()}:$permission"
-        return PermissionUtil.isPermitted(realPerm, permissionService.getPermissionSetByUserId(token.id.toLong()))
+        return PermissionUtil.isPermitted(realPerm, permissionService.getPermissionSetByUserId(token.id as Long))
     }
+
+    private val cacheManager = SpringContextHolder.getBean(CacheManager::class.java)
+    private val permissionService = SpringContextHolder.getBean(ISysPermissionService::class.java)
 }

zen-umps/src/main/kotlin/com/gxzc/zen/umps/config/KissoConfig.kt

@@ -0,0 +1,20 @@
+package com.gxzc.zen.umps.config
+
+import com.baomidou.kisso.web.WebKissoConfigurer
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+
+/**
+ *
+ * @author NorthLan
+ * @date 2018/3/5
+ * @url https://noahlan.com
+ */
+@Configuration
+class KissoConfig {
+
+    @Bean
+    fun webKissoConfigurer(): WebKissoConfigurer {
+        return WebKissoConfigurer("properties/sso.properties").also { it.initKisso() }
+    }
+}

zen-umps/src/main/kotlin/com/gxzc/zen/umps/config/KissoWebAppConfigurer.kt

@@ -30,7 +30,6 @@ class KissoWebAppConfigurer : WebMvcConfigurerAdapter() {
         // 权限拦截
         registry.addInterceptor(SSOPermissionInterceptor().also {
             it.authorization = KissoAuthorization()
-            it.isNothingAnnotationPass = true
         })
                 .addPathPatterns("/**")
                 .excludePathPatterns(

zen-umps/src/main/kotlin/com/gxzc/zen/umps/util/MD5Salt.kt

@@ -0,0 +1,123 @@
+package com.gxzc.zen.umps.util
+
+import com.baomidou.kisso.common.encrypt.MD5
+import org.slf4j.LoggerFactory
+import com.baomidou.kisso.SSOConfig
+import com.baomidou.kisso.common.encrypt.Byte2Hex
+import com.sun.xml.internal.fastinfoset.algorithm.BuiltInEncodingAlgorithmFactory.getAlgorithm
+import java.security.MessageDigest
+import com.baomidou.kisso.SSOConfig.CUT_SYMBOL
+import java.nio.charset.Charset
+
+
+/**
+ *
+ * @author NorthLan
+ * @date 2018/3/5
+ * @url https://noahlan.com
+ */
+class MD5Salt {
+    companion object {
+        private val logger = LoggerFactory.getLogger(MD5Salt::class.java)
+
+        /**
+         * md5 盐值加密字符串
+         * @param salt
+         * 				盐值
+         * @param rawText
+         *				需要加密的字符串
+         * @return
+         */
+        fun md5SaltEncode(salt: String, rawText: String): String? {
+            return MD5Salt(salt, MD5.ALGORITHM).encode(rawText)
+        }
+
+        /**
+         * 判断md5 盐值加密内容是否正确
+         * @param salt
+         * 盐值
+         * @param encodeText
+         * 加密后的文本内容
+         * @param rawText
+         * 加密前的文本内容
+         * @return
+         */
+        fun md5SaltValid(salt: String, encodeText: String, rawText: String): Boolean {
+            return MD5Salt(salt, MD5.ALGORITHM).isValid(encodeText, rawText)
+        }
+    }
+
+    private var salt: String? = null
+    private var algorithm: String? = null
+
+    private constructor()
+
+    constructor(salt: String, algorithm: String) {
+        this.salt = salt
+        this.algorithm = algorithm
+    }
+
+    /**
+     * 字符串盐值加密
+     * @param rawText
+     * 需要加密的字符串
+     * @return
+     */
+    fun encode(rawText: String): String? {
+        try {
+            val md = MessageDigest.getInstance(this.algorithm)
+            //加密后的字符串
+            return Byte2Hex.byte2Hex(md.digest(mergeRawTextAndSalt(rawText).toByteArray(Charset.forName(SSOConfig.getSSOEncoding()))))
+        } catch (e: Exception) {
+            logger.error(" MD5Salt encode exception.")
+            e.printStackTrace()
+        }
+        return null
+    }
+
+    /**
+     *
+     *
+     *
+     * 判断加密内容是否正确
+     *
+     *
+     * @param encodeText
+     * 加密后的文本内容
+     * @param rawText
+     * 加密前的文本内容
+     * @return
+     */
+    fun isValid(encodeText: String, rawText: String): Boolean {
+        return this.encode(rawText).equals(encodeText)
+    }
+
+    /**
+     *
+     *
+     *
+     * 合并混淆盐值至加密内容
+     *
+     *
+     * @param rawText
+     * 需要加密的字符串
+     * @return
+     */
+    private fun mergeRawTextAndSalt(rawText: String?): String {
+        var rawText = rawText
+        if (rawText == null) {
+            rawText = ""
+        }
+
+        return if (this.salt == null || "" == this.salt) {
+            rawText
+        } else {
+            val mt = StringBuffer()
+            mt.append(rawText)
+            mt.append(SSOConfig.CUT_SYMBOL)
+            mt.append(this.salt)
+            mt.toString()
+        }
+    }
+
+}

zen-web/src/main/kotlin/com/gxzc/zen/web/sys/controller/AuthController.kt

@@ -2,16 +2,15 @@ package com.gxzc.zen.web.sys.controller
 
 import com.baomidou.kisso.SSOConfig
 import com.baomidou.kisso.SSOHelper
+import com.baomidou.kisso.SSOToken
 import com.baomidou.kisso.annotation.Action
 import com.baomidou.kisso.annotation.Login
-import com.baomidou.kisso.common.encrypt.MD5Salt
-import com.baomidou.kisso.security.token.SSOToken
 import com.gxzc.zen.api.sys.service.ISysUserService
 import com.gxzc.zen.common.base.BaseController
 import com.gxzc.zen.common.dto.RequestDto
-import com.gxzc.zen.common.dto.ResponseDto
 import com.gxzc.zen.common.exception.ZenException
 import com.gxzc.zen.common.exception.ZenExceptionEnum
+import com.gxzc.zen.umps.util.MD5Salt
 import io.swagger.annotations.ApiOperation
 import org.slf4j.LoggerFactory
 import org.springframework.beans.factory.annotation.Autowired
@@ -41,7 +40,7 @@ class AuthController : BaseController() {
         // 验证输入合法性
         val account = data.data["account"]?.toString()?.trim()
         val password = data.data["password"]?.toString()
-        val rememberMe = data.data["rememberMe"] as Boolean
+        val rememberMe = data.data["rememberMe"]?.let { it as Boolean }
 
         if (account.isNullOrEmpty() || password.isNullOrEmpty()) {
             throw ZenException(ZenExceptionEnum.REQUEST_NULL)
@@ -50,17 +49,24 @@ class AuthController : BaseController() {
         val user = userService.getUserByAccountCacheable(account!!)
                 ?: throw ZenException(ZenExceptionEnum.AUTH_ACCOUNT_NOT_EXISTS)
         // 对密码进行盐值处理比对
-        if (user.password != MD5Salt.md5SaltEncode(user.salt, password)) {
+        if (user.password != MD5Salt.md5SaltEncode(user.salt!!, password!!)) {
             throw ZenException(ZenExceptionEnum.AUTH_PASSWORD_ERROR)
         }
 
         // 生成登陆 token->cookie
-        if (rememberMe) {
+        if (rememberMe != null && rememberMe) {
             SSOConfig.getInstance().cookieMaxage = 604800
+        } else {
+            val attrMaxAge = getRequest().getAttribute(SSOConfig.SSO_COOKIE_MAXAGE)?.let {
+                it as Int
+            }
+            if (attrMaxAge != null) {
+                getRequest().removeAttribute(SSOConfig.SSO_COOKIE_MAXAGE)
+            }
         }
-        SSOHelper.setCookie(getRequest(), getResponse(), SSOToken.create().setId(user.id), true)
-
-        // redirectURL
+        SSOHelper.setSSOCookie(getRequest(), getResponse(), SSOToken().also {
+            it.uid = user.id.toString()
+        }, true)
         return ResponseEntity.ok(null)
     }
 

zen-web/src/main/kotlin/com/gxzc/zen/web/sys/controller/ExampleController.kt

@@ -4,7 +4,6 @@ import com.baomidou.kisso.SSOHelper
 import com.baomidou.kisso.annotation.Action
 import com.baomidou.kisso.annotation.Login
 import com.baomidou.kisso.annotation.Permission
-import com.baomidou.kisso.security.token.SSOToken
 import com.gxzc.zen.api.sys.service.ISysPermissionService
 import com.gxzc.zen.api.sys.service.ISysUserRoleService
 import com.gxzc.zen.api.sys.service.ISysUserService

zen-web/src/main/kotlin/com/gxzc/zen/web/sys/controller/UserController.kt

@@ -1,7 +1,9 @@
 package com.gxzc.zen.web.sys.controller
 
 import com.baomidou.kisso.SSOHelper
-import com.baomidou.kisso.security.token.SSOToken
+import com.baomidou.kisso.SSOToken
+import com.baomidou.kisso.annotation.Action
+import com.baomidou.kisso.annotation.Permission
 import com.gxzc.zen.api.sys.service.ISysUserRoleService
 import com.gxzc.zen.api.sys.service.ISysUserService
 import com.gxzc.zen.common.base.BaseController
@@ -36,11 +38,11 @@ class UserController : BaseController() {
 
 
     @GetMapping("/userInfo")
+    @Permission(action = Action.Skip)
     fun userInfo(): ResponseEntity<*> {
-        val token: SSOToken = SSOHelper.getSSOToken(getRequest())
-                ?: throw ZenException(ZenExceptionEnum.AUTH_NO_LOGIN) // 未登录直接跳出
-        val userRoleList = userRoleService.getUserRoleListByUserId(token.id.toLong())
-        val userInfo = userService.getUserByIdCacheable(token.id.toLong())
+        val token: SSOToken = getSSOToken()
+        val userRoleList = userRoleService.getUserRoleListByUserId(token.uid.toLong())
+        val userInfo = userService.getUserByIdCacheable(token.uid.toLong())
 
         return ResponseEntity.ok(ResponseDto().also {
             it.data["info"] = mutableMapOf(

zen-web/src/main/resources/application-umps.yml

@@ -1,8 +1,14 @@
-kisso:
-  config:
-    signKey: C691d971EJ3H376G81 # 对称加密使用
-    cookieName: ks # cookie名称
-    cookieDomain: zen.com
-    cookiePath: /
-    # cookieMaxage: 604800 cookie最长保存时间,目前由login模块控制
-    cookieHttponly: false
+#sso:
+#  config:
+#    secretkey: C691d971EJ3H376G81 # 对称加密使用
+#    cookieName: ks # cookie名称
+#    cookieDomain: zen.com
+#    cookiePath: /
+#    # cookieMaxage: 604800 cookie最长保存时间,目前由login模块控制
+#    cookieHttponly: false
+#
+#sso:
+#  secretkey: C691d971EJ3H376G81 # 对称加密使用
+#  cookie:
+#    name: ks
+#    domain: .zen.com

zen-web/src/main/resources/properties/sso.properties

@@ -0,0 +1,8 @@
+sso.encoding=UTF-8
+sso.secretkey=C691d971EJ3H376G81
+sso.cookie.name=ks
+sso.cookie.domain=zen.com
+sso.cookie.httponly=false
+
+#sso.cookie.maxage=7200
+#sso.login.url=http://xxx