'精简结构'

README.md

@@ -15,4 +15,7 @@
 
 ### 框架项目升级日志
 #### 2018/9/27
-升级框架的安全认证方式，改成jwt 和Spring session分布式方式认证。权限由网关统一认证。
+升级框架的安全认证方式，改成jwt 和Spring session分布式方式认证。权限由网关统一认证。
+
+#### 2018/9/28
+已初步完成Spring session的分布式认证，下一步将移除shiro 依赖即权限认证。

zen-api/src/main/kotlin/cn/gygxzc/envir/config/jwt/JwtConfig.kt

@@ -1,12 +0,0 @@
-package cn.gygxzc.envir.config.jwt
-
-import java.security.Key
-import java.time.Duration
-
-/**
- * Created by niantuo on 2018/9/21.
- */
-
-data class JwtConfig(var expired: Duration,
-                     var key: Key) {
-}

zen-api/src/main/kotlin/cn/gygxzc/envir/config/jwt/JwtPayload.kt

@@ -1,9 +0,0 @@
-package cn.gygxzc.envir.config.jwt
-
-/**
- * Created by niantuo on 2018/9/21.
- */
-
-data class JwtPayload(var id:String,
-                      var username:String) {
-}

zen-api/src/main/kotlin/cn/gygxzc/envir/config/jwt/JwtUtils.kt

@@ -1,45 +0,0 @@
-package cn.gygxzc.envir.config.jwt
-
-import io.jsonwebtoken.Jwts
-import io.jsonwebtoken.SignatureAlgorithm
-import java.security.Key
-import java.util.*
-
-/**
- * Created by niantuo on 2018/9/21.
- * 签发jwt方法，
- */
-
-object JwtUtils {
-
-
-    /**
-     * 暂时如此，后期可以考虑ip，域名这些加强验证
-     */
-    fun sign(payload: JwtPayload, jwtConfig: JwtConfig): String {
-        val calendar = Calendar.getInstance(Locale.CANADA)
-        calendar.add(Calendar.HOUR_OF_DAY, jwtConfig.expired.toHours().toInt())
-        return Jwts.builder()
-                .setId(payload.id)
-                .setSubject(payload.username)
-                .setExpiration(calendar.time)
-                .signWith(jwtConfig.key,SignatureAlgorithm.HS256)
-                .compact()
-    }
-
-
-    /**
-     * 解析出放进去的结果
-     */
-    @Throws(Exception::class)
-    fun parseJwt(key: Key, jwtToken: String): JwtPayload {
-        val parser = Jwts.parser()
-                .setSigningKey(key)
-                .parseClaimsJws(jwtToken)
-        val id = parser.body.id
-        val username = parser.body.subject
-        return JwtPayload(id, username)
-    }
-
-
-}

zen-api/src/main/kotlin/cn/gygxzc/envir/config/shiro/ShiroConfig.kt

@@ -2,7 +2,6 @@ package cn.gygxzc.envir.config.shiro
 
 import cn.gygxzc.envir.config.shiro.cache.RedisConfiguration
 import cn.gygxzc.envir.config.shiro.filter.AjaxAuthorizationFilter
-import cn.gygxzc.envir.config.shiro.filter.UrlPermissionsFilter
 import cn.gygxzc.envir.config.shiro.filter.ZenCorsAnonymousFilter
 import cn.gygxzc.envir.config.shiro.filter.ZenCorsPathMatchingFilter
 import cn.gygxzc.envir.config.shiro.realm.ZenShiroRealm
@@ -15,6 +14,7 @@ import org.apache.shiro.spring.web.ShiroFilterFactoryBean
 import org.apache.shiro.web.filter.authc.AnonymousFilter
 import org.apache.shiro.web.mgt.DefaultWebSecurityManager
 import org.apache.shiro.web.session.mgt.ServletContainerSessionManager
+import org.springframework.beans.factory.annotation.Qualifier
 import org.springframework.boot.autoconfigure.condition.ConditionalOnClass
 import org.springframework.boot.web.servlet.FilterRegistrationBean
 import org.springframework.context.annotation.Bean
@@ -42,8 +42,8 @@ class ShiroConfig {
     }
 
     @Bean
-    @DependsOn(value = ["shiroLifecycleBeanPostProcessor", "shrioRedisCacheManager"])
-    fun userRealm(cacheManager: CacheManager): ZenShiroRealm {
+    @DependsOn(value = ["shiroLifecycleBeanPostProcessor", "shiroRedisCacheManager"])
+    fun userRealm(@Qualifier("shiroRedisCacheManager") cacheManager: CacheManager): ZenShiroRealm {
         val shiroRealm = ZenShiroRealm()
                 .apply {
                     isCachingEnabled = true
@@ -61,7 +61,7 @@ class ShiroConfig {
 
     @Bean(name = ["securityManager"])
     fun securityManager(userRealm: AuthorizingRealm,
-                        redisCacheManager: CacheManager): DefaultWebSecurityManager {
+                        @Qualifier("shiroRedisCacheManager") redisCacheManager: CacheManager): DefaultWebSecurityManager {
         return DefaultWebSecurityManager().apply {
             setRealm(userRealm)
             cacheManager = redisCacheManager
@@ -89,7 +89,6 @@ class ShiroConfig {
             filters = hashMapOf<String, Filter>(
                     "canon" to ZenCorsAnonymousFilter(),
                     "cors" to ZenCorsPathMatchingFilter(),
-                    "perms" to UrlPermissionsFilter(),
                     "authc" to AjaxAuthorizationFilter(),
                     "anon" to AnonymousFilter()
             )

zen-api/src/main/kotlin/cn/gygxzc/envir/config/shiro/ZenHttpSession.kt

@@ -1,21 +0,0 @@
-package cn.gygxzc.envir.config.shiro
-
-/**
- * 静态枚举
- * @author NorthLan
- * @date 2018/4/25
- * @url https://noahlan.com
- */
-object ZenHttpSession {
-    const val DEFAULT_SESSION_ID_NAME = "ZENJSID"
-
-    /**
-     * 用户Session缓存数据key
-     */
-    const val SESSION_KEY_USER_INFO = "INFO" // 用户基本信息
-    const val SESSION_KEY_USER_ID = "ID" // id
-    const val SESSION_KEY_USER_ROLES = "ROLES" // 角色列表
-    const val SESSION_KEY_USER_PERMS = "PERMS" // 权限列表?
-    //    const val SESSION_KEY_USER_RESOURCES = "RESOURCES" // 资源列表
-    const val SESSION_KEY_USER_MENU = "MENU" // 菜单
-}

zen-api/src/main/kotlin/cn/gygxzc/envir/config/shiro/cache/JwtRedisCache.kt

@@ -1,66 +0,0 @@
-package cn.gygxzc.envir.config.shiro.cache
-
-import cn.gygxzc.envir.config.shiro.common.ZenAuthToken
-import com.google.gson.Gson
-import org.apache.shiro.cache.Cache
-import org.springframework.data.redis.core.HashOperations
-import org.springframework.data.redis.core.RedisTemplate
-
-/**
- * Created by niantuo on 2018/9/21.
- * 帮助jwt缓存信息的缓存管理
- */
-
-class JwtRedisCache(redisTemplate: RedisTemplate<String, Any>)
-    : Cache<String, ZenAuthToken> {
-
-    companion object {
-        private const val mCacheKey = "JwtToken"
-        private val mGson = Gson()
-    }
-
-    private val mHashOperations: HashOperations<String, String, String> = redisTemplate.opsForHash<String, String>()
-
-
-    override fun values(): MutableCollection<ZenAuthToken?> {
-        return keys().map { get(it) }
-                .filter { it != null }
-                .toMutableList()
-    }
-
-    override fun clear() {
-        val keys = mHashOperations.keys(mCacheKey)
-        keys.forEach { mHashOperations.delete(mCacheKey, it) }
-    }
-
-    override fun put(p0: String, p1: ZenAuthToken): ZenAuthToken {
-        mHashOperations.put(mCacheKey, p0, mGson.toJson(p1))
-        return p1
-    }
-
-    override fun remove(p0: String?): ZenAuthToken? {
-        if (p0 == null) return null
-        val subject = mHashOperations.get(mCacheKey, p0)
-        if (subject != null) {
-            mHashOperations.delete(mCacheKey, p0)
-            return mGson.fromJson<ZenAuthToken>(subject, ZenAuthToken::class.java)
-        }
-        return null
-    }
-
-    override fun size(): Int {
-        return mHashOperations.keys(mCacheKey).size
-    }
-
-    override fun get(p0: String?): ZenAuthToken? {
-        if (p0 == null) return null
-        val json = mHashOperations.get(mCacheKey, p0)
-        if (json.isNullOrBlank()) return null
-        return mGson.fromJson(json, ZenAuthToken::class.java)
-
-    }
-
-    override fun keys(): MutableSet<String> {
-        return mHashOperations.keys(mCacheKey)
-    }
-}

zen-api/src/main/kotlin/cn/gygxzc/envir/config/shiro/cache/RedisConfiguration.kt

@@ -1,6 +1,5 @@
 package cn.gygxzc.envir.config.shiro.cache
 
-import cn.gygxzc.envir.config.jwt.JwtConfig
 import cn.gygxzc.tina.config.properties.ShiroRedisCacheProperties
 import cn.gygxzc.tina.config.properties.ShiroSessionProperties
 import org.springframework.beans.factory.annotation.Autowired
@@ -13,8 +12,6 @@ import org.springframework.data.redis.core.RedisTemplate
 import org.springframework.data.redis.serializer.Jackson2JsonRedisSerializer
 import org.springframework.data.redis.serializer.JdkSerializationRedisSerializer
 import org.springframework.data.redis.serializer.StringRedisSerializer
-import java.util.*
-import javax.crypto.spec.SecretKeySpec
 
 /**
  * @program: Zen-Framework
@@ -41,15 +38,6 @@ class RedisConfiguration {
     }
 
 
-    @Bean
-    fun jwtConfig(): JwtConfig {
-        val encodedKey = Base64.getEncoder().encode(sessionProperties.jwtKey.toByteArray())
-        val key = SecretKeySpec(encodedKey, 0, encodedKey.size, "HmacSHA256")
-        return JwtConfig(sessionProperties.expired, key)
-
-    }
-
-
     @Bean(name = ["shiroRedisTemplate"])
     fun redisTemplate(): RedisTemplate<String, Any> {
         return RedisTemplate<String, Any>().apply {
@@ -62,33 +50,12 @@ class RedisConfiguration {
         }
     }
 
-    @Bean
-    fun jwtRedisCache(): JwtRedisCache {
-        val template = RedisTemplate<String, Any>()
-                .apply {
-                    connectionFactory = connectionFactory()
-                    val stringSerializer = StringRedisSerializer()
-                    keySerializer = stringSerializer
-                    valueSerializer = JdkSerializationRedisSerializer()
-                    hashKeySerializer = stringSerializer
-                    hashValueSerializer = stringSerializer
-                }
-        template.afterPropertiesSet()
-        return JwtRedisCache(template)
-    }
 
-
-    @Bean(name = ["shrioRedisCacheManager"])
+    @Bean(name = ["shiroRedisCacheManager"])
     @DependsOn(value = ["shiroRedisTemplate"])
     fun redisCacheManager(): ShiroRedisCacheManager {
         return ShiroRedisCacheManager(redisTemplate(), sessionProperties)
     }
 
 
-    @Bean
-    fun redisSessionDAO(): ShiroRedisSessionDAO {
-        return ShiroRedisSessionDAO(redisTemplate(), sessionProperties)
-    }
-
-
 }

zen-api/src/main/kotlin/cn/gygxzc/envir/config/shiro/cache/ShiroRedisSessionDAO.kt

@@ -1,74 +0,0 @@
-package cn.gygxzc.envir.config.shiro.cache
-
-import cn.gygxzc.tina.cache.redis.RedisKeyGenerator
-import cn.gygxzc.tina.config.properties.ShiroSessionProperties
-import org.apache.shiro.session.Session
-import org.apache.shiro.session.mgt.eis.AbstractSessionDAO
-import org.slf4j.LoggerFactory
-import org.springframework.data.redis.core.RedisTemplate
-import java.io.Serializable
-import java.nio.charset.Charset
-import java.util.concurrent.TimeUnit
-
-
-/**
- * Shiro SessionDAO
- * 若继承自 AbstractSessionDAO 则不会将Session缓存(shiro-activeSessioCache:xxxx)
- * 继承自 EnterpriseCacheSessionDAO 或 CachingSessionDAO 则自动将session缓存
- * 由于本项目使用Redis作为缓存框架,所以不需要额外缓存开销
- * @author NorthLan
- * @date 2018/4/24
- * @url https://noahlan.com
- */
-class ShiroRedisSessionDAO(private val redisTemplate: RedisTemplate<String, Any>,
-                           private val properties: ShiroSessionProperties,
-                           private var charset: Charset = Charsets.UTF_8) : AbstractSessionDAO() {
-    companion object {
-        private val logger = LoggerFactory.getLogger(ShiroRedisSessionDAO::class.java)
-    }
-
-    private fun getKey(originalKey: String): String {
-        return "${properties.prefix}${RedisKeyGenerator.SEPARATOR}$originalKey"
-    }
-
-    override fun update(session: Session) {
-        logger.debug("Update Session: ${session.id}")
-        redisTemplate.opsForValue().set(getKey(session.id.toString()), session, properties.expired.seconds, TimeUnit.SECONDS)
-    }
-
-    override fun getActiveSessions(): MutableCollection<Session> {
-        logger.debug("Get Active Sessions")
-        val result = mutableListOf<Session>()
-        val keys = redisTemplate.keys(getKey("*"))
-        if (keys.isNotEmpty()) {
-            keys.forEach {
-                val session = redisTemplate.opsForValue().get(it) as? Session
-                if (session != null) {
-                    result.add(session)
-                }
-            }
-        }
-        return result
-    }
-
-    override fun doReadSession(sessionId: Serializable): Session? {
-        logger.debug("Read Session: $sessionId")
-        return redisTemplate.opsForValue().get(getKey(sessionId.toString())) as? Session
-    }
-
-    /**
-     * 创建 session
-     */
-    override fun doCreate(session: Session): Serializable {
-        val sid = this.generateSessionId(session)
-        this.assignSessionId(session, sid)
-        logger.debug("Create Session: $sid")
-        redisTemplate.opsForValue().set(getKey(sid.toString()), session, properties.expired.seconds, TimeUnit.SECONDS)
-        return sid
-    }
-
-    override fun delete(session: Session) {
-        logger.debug("Delete Session: ${session.id}")
-        redisTemplate.delete(getKey(session.id.toString()))
-    }
-}

zen-api/src/main/kotlin/cn/gygxzc/envir/config/shiro/filter/JwtPathMatchingFilter.kt

@@ -1,50 +0,0 @@
-package cn.gygxzc.envir.config.shiro.filter
-
-import cn.gygxzc.envir.config.jwt.JwtConfig
-import cn.gygxzc.envir.config.jwt.JwtUtils
-import cn.gygxzc.envir.config.shiro.cache.JwtRedisCache
-import org.apache.commons.lang3.StringUtils
-import org.apache.shiro.SecurityUtils
-import org.apache.shiro.web.filter.PathMatchingFilter
-import org.slf4j.LoggerFactory
-import javax.servlet.ServletRequest
-import javax.servlet.ServletResponse
-import javax.servlet.http.HttpServletRequest
-
-/**
- * @program: Zen-Framework
- *
- * @description: ${description}
- *
- * @author: tuonina
- *
- * @create: 2018-09-20 22:20
- * 任然没有想好，这个到底应该这么搞
- **/
-class JwtPathMatchingFilter(private val config: JwtConfig,
-                            private val cache: JwtRedisCache) : PathMatchingFilter() {
-    companion object {
-        private const val authenticationName = "Authentication"
-        private val logger = LoggerFactory.getLogger(JwtPathMatchingFilter::class.java)
-    }
-
-    /**
-     * 解析header中包含的Authorization ,jwt 格式的，如果有，绑定对应的授权信息
-     */
-    override fun onPreHandle(request: ServletRequest, response: ServletResponse, mappedValue: Any?): Boolean {
-        val httpRequest = request as HttpServletRequest
-        val jwtToken: String? = httpRequest.getHeader(authenticationName)
-        val subject = SecurityUtils.getSubject()
-        if (!StringUtils.isBlank(jwtToken) && !subject.isAuthenticated) {
-            try {
-                val jwtPayload = JwtUtils.parseJwt(config.key, jwtToken!!)
-                val authToken = cache.get(jwtPayload.username)
-                if (authToken != null)
-                    subject.login(authToken)
-            } catch (e: Exception) {
-                logger.info("onPreHandle: {}", e)
-            }
-        }
-        return true
-    }
-}

zen-api/src/main/kotlin/cn/gygxzc/envir/config/shiro/filter/UrlPermissionsFilter.kt

@@ -1,103 +0,0 @@
-package cn.gygxzc.envir.config.shiro.filter
-
-import com.gxzc.zen.api.sys.service.IPermissionService
-import com.gxzc.zen.common.util.SpringContextHolder
-import cn.gygxzc.envir.config.shiro.common.ZenPermission
-import org.apache.shiro.web.filter.PathMatchingFilter
-import org.springframework.http.HttpMethod
-import org.springframework.http.HttpStatus
-import java.util.regex.Pattern
-import javax.servlet.ServletRequest
-import javax.servlet.ServletResponse
-import javax.servlet.http.HttpServletRequest
-import javax.servlet.http.HttpServletResponse
-
-/**
- * Url拦截 集中式权限管理
- * 权限判定自行处理, 不交给Realm处理
- * @author NorthLan
- * @date 2018/4/25
- * @url https://noahlan.com
- */
-class UrlPermissionsFilter : PathMatchingFilter() {
-
-    /**
-     * 此物只应天上有
-     * filter比servlet更先初始化,反正就是不能自动注入
-     */
-    private var permissionService: IPermissionService? = null
-        get() {
-            if (field == null) {
-                field = SpringContextHolder.getBean(IPermissionService::class.java)
-            }
-            return field
-        }
-
-    /**
-     * 所有的权限从redis缓存中获取，不需要RPC或者其他方式获取
-     */
-    override fun onPreHandle(request: ServletRequest?, response: ServletResponse?, mappedValue: Any?): Boolean {
-        request as HttpServletRequest
-        if (request.method.equals(HttpMethod.OPTIONS.name, true)) {
-            return true
-        }
-
-        // 获取系统权限列表(数据库中定义的)
-        val sysPerms = permissionService!!.getAllSysPermission()
-
-        // 根据请求url获取 系统 需要判定权限的url
-        val permission = getPermissionIfs(sysPerms, request.requestURI, request.method)
-
-        // 该url在系统表内未配置 默认认为无需权限认证 移交给下边流程处理
-        if (permission.isEmpty()) {
-            return true
-        }
-
-        // 若需要权限判定,则获取用户权限进行判定 正常流程走完
-        if (!checkPermission(permission)) {
-            forbidden(response)
-            return false
-        }
-        return true
-    }
-
-    /**
-     * 根据requestUri
-     * 获取系统定义的权限列表
-     */
-    private fun getPermissionIfs(perms: MutableList<ZenPermission>, requestUri: String, method: String): List<ZenPermission> {
-        return perms.filter {
-            if (it.uri != null) {
-                val regEx = "^${it.uri!!.replace("\\{\\*}".toRegex(), "[a-zA-Z\\\\d]+")}\$"
-                //                (Pattern.compile(regEx).matcher(requestUri).find() || requestUri.startsWith(it.uri + "/")) && method.equals(it.method, false)
-                Pattern.compile(regEx).matcher(requestUri).find() && method.equals(it.method, false)
-            } else {
-                false
-            }
-        }
-    }
-
-    /**
-     * 检查用户权限
-     */
-    private fun checkPermission(perms: List<ZenPermission>): Boolean {
-        val userPermission = permissionService!!.getSubjectPermission()
-        if (userPermission.isEmpty()) {
-            return false
-        }
-        return perms.any { sys ->
-            userPermission.any { user ->
-                user.code == sys.code
-            }
-        }
-    }
-
-    private fun forbidden(response: ServletResponse?) {
-        response as HttpServletResponse
-        response.apply {
-            characterEncoding = "UTF-8"
-            contentType = "application/json"
-            sendError(HttpStatus.FORBIDDEN.value(), "FORBIDDEN") // 403
-        }
-    }
-}

zen-api/src/main/kotlin/cn/gygxzc/envir/config/shiro/session/ZenWebSessionManager.kt

@@ -1,309 +0,0 @@
-package cn.gygxzc.envir.config.shiro.session
-
-import org.apache.shiro.session.ExpiredSessionException
-import org.apache.shiro.session.InvalidSessionException
-import org.apache.shiro.session.Session
-import org.apache.shiro.session.UnknownSessionException
-import org.apache.shiro.session.mgt.DefaultSessionManager
-import org.apache.shiro.session.mgt.DelegatingSession
-import org.apache.shiro.session.mgt.SessionContext
-import org.apache.shiro.session.mgt.SessionKey
-import org.apache.shiro.web.servlet.Cookie
-import org.apache.shiro.web.servlet.ShiroHttpServletRequest
-import org.apache.shiro.web.servlet.ShiroHttpSession
-import org.apache.shiro.web.servlet.SimpleCookie
-import org.apache.shiro.web.session.mgt.WebSessionKey
-import org.apache.shiro.web.util.WebUtils
-import org.slf4j.LoggerFactory
-import java.io.Serializable
-import javax.servlet.ServletRequest
-import javax.servlet.ServletResponse
-import javax.servlet.http.HttpServletRequest
-import javax.servlet.http.HttpServletResponse
-
-
-/**
- * Copied form @link DefaultWebSessionManager
- * 解决一次登陆多次直接读取缓存的问题
- * 在读取前先读取本地缓存(目前存放于spring-session 中 attribute)
- * @author NorthLan
- * @date 2018/4/25
- * @url https://noahlan.com
- */
-@Suppress("unused")
-class ZenWebSessionManager//more secure, protects against XSS attacks
-() : DefaultSessionManager() {
-    companion object {
-        private val log = LoggerFactory.getLogger(ZenWebSessionManager::class.java)
-    }
-
-    var sessionIdCookie: Cookie? = null
-    var sessionIdCookieEnabled: Boolean = false
-    var sessionIdUrlRewritingEnabled: Boolean = false
-
-    init {
-        val cookie = SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME)
-        cookie.isHttpOnly = true
-        this.sessionIdCookie = cookie
-        this.sessionIdCookieEnabled = true
-        this.sessionIdUrlRewritingEnabled = true
-    }
-
-    private fun storeSessionId(currentId: Serializable?, request: HttpServletRequest, response: HttpServletResponse) {
-        if (currentId == null) {
-            val msg = "sessionId cannot be null when persisting for subsequent requests."
-            throw IllegalArgumentException(msg)
-        }
-        val template = sessionIdCookie
-        val cookie = SimpleCookie(template)
-        val idString = currentId.toString()
-        cookie.value = idString
-        cookie.saveTo(request, response)
-        log.trace("Set session ID cookie for session with id {}", idString)
-    }
-
-    private fun removeSessionIdCookie(request: HttpServletRequest, response: HttpServletResponse) {
-        sessionIdCookie?.removeFrom(request, response)
-    }
-
-    private fun getSessionIdCookieValue(request: ServletRequest, response: ServletResponse): String? {
-        if (!sessionIdCookieEnabled) {
-            log.debug("Session ID cookie is disabled - session id will not be acquired from a request cookie.")
-            return null
-        }
-        if (request !is HttpServletRequest) {
-            log.debug("Current request is not an HttpServletRequest - cannot get session ID cookie.  Returning null.")
-            return null
-        }
-        return sessionIdCookie?.readValue(request, WebUtils.toHttp(response))
-    }
-
-    private fun getReferencedSessionId(request: ServletRequest, response: ServletResponse): Serializable? {
-
-        var id = getSessionIdCookieValue(request, response)
-        if (id != null) {
-            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
-                    ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE)
-        } else {
-            //not in a cookie, or cookie is disabled - try the request URI as a fallback (i.e. due to URL rewriting):
-
-            //try the URI path segment parameters first:
-            id = getUriPathSegmentParamValue(request, ShiroHttpSession.DEFAULT_SESSION_ID_NAME)
-
-            if (id == null) {
-                //not a URI path segment parameter, try the query parameters:
-                val name = getSessionIdName()
-                id = request.getParameter(name)
-                if (id == null) {
-                    //try lowercase:
-                    id = request.getParameter(name.toLowerCase())
-                }
-            }
-            if (id != null) {
-                request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
-                        ShiroHttpServletRequest.URL_SESSION_ID_SOURCE)
-            }
-        }
-        if (id != null) {
-            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id)
-            //automatically mark it valid here.  If it is invalid, the
-            //onUnknownSession method below will be invoked and we'll remove the attribute at that time.
-            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, java.lang.Boolean.TRUE)
-        }
-
-        // always set rewrite flag - SHIRO-361
-        request.setAttribute(ShiroHttpServletRequest.SESSION_ID_URL_REWRITING_ENABLED, sessionIdUrlRewritingEnabled)
-
-        return id
-    }
-
-    //SHIRO-351
-    //also see http://cdivilly.wordpress.com/2011/04/22/java-servlets-uri-parameters/
-    //since 1.2.2
-    private fun getUriPathSegmentParamValue(servletRequest: ServletRequest, paramName: String): String? {
-
-        if (servletRequest !is HttpServletRequest) {
-            return null
-        }
-        var uri: String? = servletRequest.requestURI ?: return null
-
-        val queryStartIndex = uri!!.indexOf('?')
-        if (queryStartIndex >= 0) { //get rid of the query string
-            uri = uri.substring(0, queryStartIndex)
-        }
-
-        var index = uri.indexOf(';') //now check for path segment parameters:
-        if (index < 0) {
-            //no path segment params - return:
-            return null
-        }
-
-        //there are path segment params, let's get the last one that may exist:
-
-        val token = "$paramName="
-
-        uri = uri.substring(index + 1) //uri now contains only the path segment params
-
-        //we only care about the last JSESSIONID param:
-        index = uri.lastIndexOf(token)
-        if (index < 0) {
-            //no segment param:
-            return null
-        }
-
-        uri = uri.substring(index + token.length)
-
-        index = uri.indexOf(';') //strip off any remaining segment params:
-        if (index >= 0) {
-            uri = uri.substring(0, index)
-        }
-
-        return uri //what remains is the value
-    }
-
-    override fun retrieveSession(sessionKey: SessionKey): Session? {
-        val sessionId = getSessionId(sessionKey)
-        if (sessionId == null) {
-            log.debug("Unable to resolve session ID from SessionKey [{}].  Returning null to indicate a " + "session could not be found.", sessionKey)
-            return null
-        }
-        ////////////////////////Add by noahlan//////////////////////////////////
-        // 多线程下request获取不到,凉凉
-//        var request: ServletRequest? = null
-//        if (sessionKey is WebSessionKey) {
-//            request = sessionKey.servletRequest
-//        }
-//        if (request != null) {
-//            val s = request.getAttribute(sessionId.toString())
-//            if (s != null) {
-//                return s as Session
-//            }
-//        }
-        ////////////////////////////////////////////////////////////////////////
-        val s = retrieveSessionFromDataSource(sessionId)
-        if (s == null) {
-            //session ID was provided, meaning one is expected to be found, but we couldn't find one:
-            val msg = "Could not find session with ID [$sessionId]"
-            throw UnknownSessionException(msg)
-        }
-
-        ////////////////////////Add by noahlan//////////////////////////////////
-//        request?.setAttribute(sessionId.toString(), s)
-        ///////////////////////////////////////////////////////////////////////
-        return s
-    }
-
-    //since 1.2.1
-    private fun getSessionIdName(): String {
-        var name: String? = this.sessionIdCookie?.name
-        if (name == null) {
-            name = ShiroHttpSession.DEFAULT_SESSION_ID_NAME
-        }
-        return name
-    }
-
-    override fun createExposedSession(session: Session, context: SessionContext?): Session {
-        if (!WebUtils.isWeb(context)) {
-            return super.createExposedSession(session, context)
-        }
-        val request = WebUtils.getRequest(context)
-        val response = WebUtils.getResponse(context)
-        val key = WebSessionKey(session.id, request, response)
-        return DelegatingSession(this, key)
-    }
-
-    override fun createExposedSession(session: Session, key: SessionKey?): Session {
-        if (!WebUtils.isWeb(key)) {
-            return super.createExposedSession(session, key)
-        }
-
-        val request = WebUtils.getRequest(key)
-        val response = WebUtils.getResponse(key)
-        val sessionKey = WebSessionKey(session.id, request, response)
-        return DelegatingSession(this, sessionKey)
-    }
-
-    /**
-     * Stores the Session's ID, usually as a Cookie, to associate with future requests.
-     *
-     * @param session the session that was just [created][.createSession].
-     */
-    override fun onStart(session: Session, context: SessionContext?) {
-        super.onStart(session, context)
-
-        if (!WebUtils.isHttp(context)) {
-            log.debug("SessionContext argument is not HTTP compatible or does not have an HTTP request/response " + "pair. No session ID cookie will be set.")
-            return
-
-        }
-        val request = WebUtils.getHttpRequest(context)
-        val response = WebUtils.getHttpResponse(context)
-
-        if (sessionIdCookieEnabled) {
-            val sessionId = session.id
-            storeSessionId(sessionId, request, response)
-        } else {
-            log.debug("Session ID cookie is disabled.  No cookie has been set for new session with id {}", session.id)
-        }
-
-        request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE)
-        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, java.lang.Boolean.TRUE)
-    }
-
-    public override fun getSessionId(key: SessionKey): Serializable? {
-        var id: Serializable? = super.getSessionId(key)
-        if (id == null && WebUtils.isWeb(key)) {
-            val request = WebUtils.getRequest(key)
-            val response = WebUtils.getResponse(key)
-            id = getSessionId(request, response)
-        }
-        return id
-    }
-
-    protected fun getSessionId(request: ServletRequest, response: ServletResponse): Serializable? {
-        return getReferencedSessionId(request, response)
-    }
-
-    override fun onExpiration(s: Session, ese: ExpiredSessionException?, key: SessionKey?) {
-        super.onExpiration(s, ese, key)
-        onInvalidation(key)
-    }
-
-    override fun onInvalidation(session: Session, ise: InvalidSessionException, key: SessionKey) {
-        super.onInvalidation(session, ise, key)
-        onInvalidation(key)
-    }
-
-    private fun onInvalidation(key: SessionKey?) {
-        val request = WebUtils.getRequest(key)
-        request?.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID)
-        if (WebUtils.isHttp(key)) {
-            log.debug("Referenced session was invalid.  Removing session ID cookie.")
-            removeSessionIdCookie(WebUtils.getHttpRequest(key), WebUtils.getHttpResponse(key))
-        } else {
-            log.debug("SessionKey argument is not HTTP compatible or does not have an HTTP request/response " + "pair. Session ID cookie will not be removed due to invalidated session.")
-        }
-    }
-
-    override fun onStop(session: Session, key: SessionKey?) {
-        super.onStop(session, key)
-        if (WebUtils.isHttp(key)) {
-            val request = WebUtils.getHttpRequest(key)
-            val response = WebUtils.getHttpResponse(key)
-            log.debug("Session has been stopped (subject logout or explicit stop).  Removing session ID cookie.")
-            removeSessionIdCookie(request, response)
-        } else {
-            log.debug("SessionKey argument is not HTTP compatible or does not have an HTTP request/response " + "pair. Session ID cookie will not be removed due to stopped session.")
-        }
-    }
-
-    /**
-     * This is a native session manager implementation, so this method returns `false` always.
-     *
-     * @return `false` always
-     * @since 1.2
-     */
-    fun isServletContainerSessions(): Boolean {
-        return false
-    }
-}

zen-api/src/main/kotlin/cn/gygxzc/envir/config/shiro/utils/SSOUtil.kt

@@ -1,109 +0,0 @@
-package cn.gygxzc.envir.config.shiro.utils
-
-import com.gxzc.zen.api.sys.common.MenuTree
-import com.gxzc.zen.api.sys.model.SysRole
-import cn.gygxzc.envir.sys.model.SysUser
-import com.gxzc.zen.api.sys.service.IPermissionService
-import com.gxzc.zen.common.util.SpringContextHolder
-import cn.gygxzc.envir.config.shiro.common.ZenPermission
-import cn.gygxzc.envir.config.shiro.ZenHttpSession
-import org.apache.shiro.SecurityUtils
-import org.apache.shiro.session.Session
-import org.slf4j.LoggerFactory
-
-/**
- * SSO 工具类
- * @author NorthLan
- * @date 2018/3/15
- * @url https://noahlan.com
- */
-@Suppress("UNCHECKED_CAST")
-object SSOUtil {
-    private var permissionService: IPermissionService? = SpringContextHolder.getBean(IPermissionService::class.java)
-    private val logger = LoggerFactory.getLogger(SSOUtil::class.java)
-    private const val NA = "NA"
-
-    fun getSession(): Session? {
-        return SecurityUtils.getSubject().getSession(false)
-    }
-
-    fun setAttribute(key: Any, value: Any?) {
-        getSession()?.setAttribute(key, value)
-    }
-
-    fun isLogin(): Boolean {
-        return SecurityUtils.getSubject()?.isAuthenticated ?: false
-    }
-
-    /**
-     * 获取当前登陆 账号
-     */
-    fun getCurAccount(): String {
-        return try {
-            SecurityUtils.getSubject().principal.toString()
-        } catch (e: Throwable) {
-            logger.warn("get curAccount error, return empty string:\"\"")
-            ""
-        }
-    }
-
-    /**
-     * 获取当前登陆 userId
-     */
-    fun getCurUserId(): Long {
-        return try {
-            getSession()?.getAttribute(ZenHttpSession.SESSION_KEY_USER_ID) as Long
-        } catch (e: Throwable) {
-            logger.warn("getCurUserId error, return -1")
-            -1
-        }
-    }
-
-    /**
-     * 获取当前登陆 基本信息
-     */
-    fun getCurUserInfo(): SysUser? {
-        return try {
-            getSession()?.getAttribute(ZenHttpSession.SESSION_KEY_USER_INFO) as? SysUser
-        } catch (e: Throwable) {
-            logger.warn("get curUserInfo error, return null")
-            null
-        }
-    }
-
-    /**
-     * 获取当前登陆用户名
-     */
-    fun getCurUserName(): String {
-        return try {
-            getCurUserInfo()?.username!!
-        } catch (e: Throwable) {
-            logger.warn("getCurUserName error, return given NA: \"NA\" ")
-            ""
-        }
-    }
-
-    /**
-     * 获取当前登陆 角色列表
-     */
-    fun getCurUserRoles(): MutableList<SysRole>? {
-        return getSession()?.getAttribute(ZenHttpSession.SESSION_KEY_USER_ROLES) as? MutableList<SysRole>
-    }
-
-    /**
-     * 获取当前用户 权限列表
-     */
-    fun getCurUserPerms(): MutableList<ZenPermission>? {
-        if (permissionService == null) {
-            permissionService = SpringContextHolder.getBean(IPermissionService::class.java)
-        }
-        return permissionService!!.getSubjectPermission()
-    }
-
-    /**
-     * 获取当前用户 目录树
-     */
-    fun getCurUserMenuTree(): MutableList<MenuTree>? {
-        return getSession()?.getAttribute(ZenHttpSession.SESSION_KEY_USER_MENU) as? MutableList<MenuTree>
-    }
-}

zen-api/src/main/kotlin/cn/gygxzc/envir/sys/dto/LoginDto.kt

@@ -0,0 +1,9 @@
+package cn.gygxzc.envir.sys.dto
+
+/**
+ * Created by niantuo on 2018/9/28.
+ */
+
+data class LoginDto(var username:String="",
+               var password:String="") {
+}

zen-api/src/main/kotlin/cn/gygxzc/envir/sys/service/ILoginService.kt

@@ -1,13 +1,24 @@
 package cn.gygxzc.envir.sys.service
 
+import cn.gygxzc.envir.sys.dto.LoginDto
+import com.gxzc.zen.common.dto.ResponseDto
+import org.springframework.cloud.openfeign.FeignClient
+import org.springframework.web.bind.annotation.RequestBody
+import org.springframework.web.bind.annotation.RequestMapping
+import org.springframework.web.bind.annotation.RequestMethod
+
 /**
  * Created by niantuo on 2018/9/21.
+ * 登陆远程调用
  */
-
+@FeignClient("sys")
 interface ILoginService {
 
     /**
      * 登陆，返回jwt token验证
      */
-    fun login(username: String, password: String): String
+    @RequestMapping(method = [RequestMethod.POST], value = ["/auth/v2/login"])
+    fun login(@RequestBody dto: LoginDto): ResponseDto
+
+
 }

zen-api/src/main/kotlin/cn/gygxzc/envir/sys/service/impl/LoginService.kt

@@ -1,62 +0,0 @@
-package cn.gygxzc.envir.sys.service.impl
-
-import cn.gygxzc.envir.sys.dao.IUserDao
-import cn.gygxzc.envir.sys.model.SysUser
-import cn.gygxzc.envir.sys.service.ILoginService
-import cn.gygxzc.envir.config.jwt.JwtConfig
-import cn.gygxzc.envir.config.jwt.JwtPayload
-import cn.gygxzc.envir.config.jwt.JwtUtils
-import cn.gygxzc.envir.config.shiro.cache.JwtRedisCache
-import cn.gygxzc.envir.config.shiro.common.ZenAuthToken
-import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper
-import org.apache.shiro.SecurityUtils
-import org.apache.shiro.authc.AuthenticationException
-import org.apache.shiro.web.subject.support.WebDelegatingSubject
-import org.slf4j.LoggerFactory
-import org.springframework.beans.factory.annotation.Autowired
-import org.springframework.stereotype.Service
-
-/**
- * Created by niantuo on 2018/9/21.
- * 实际上客户端只能从redis缓存中去取数据，也就是说
- * 登陆需要在授权服务器，授权服务器会将用户数据存入redis缓存
- * 客户端可以获取用户数据，如果redis没有改数据，那么表示该用户没有登录
- */
-
-@Service
-class LoginService : ILoginService {
-
-    private val logger = LoggerFactory.getLogger(LoginService::class.java)
-
-    @Autowired
-    private lateinit var userDao: IUserDao
-
-    @Autowired
-    private lateinit var jwtConfig: JwtConfig
-
-    @Autowired
-    private lateinit var redisCache: JwtRedisCache
-
-
-    /**
-     * 登陆之后将用户信息保存到redis缓存
-     */
-    override fun login(username: String, password: String): String {
-        val wrapper = QueryWrapper<SysUser>()
-        wrapper.eq("account", username)
-
-        logger.info("login select user : ${wrapper.expression}")
-
-        val user = userDao.selectOne(wrapper)
-        val authToken = ZenAuthToken(username, password, user)
-        val subject = SecurityUtils.getSubject() as WebDelegatingSubject
-        try {
-            subject.login(authToken)
-            redisCache.put(username, authToken)
-            return JwtUtils.sign(JwtPayload(user.id.toString(), user.account!!), jwtConfig)
-        } catch (e: AuthenticationException) {
-            throw e
-        }
-
-    }
-}

zen-api/src/main/kotlin/com/gxzc/zen/api/sys/constants/CacheKeyConstants.kt

@@ -1,11 +0,0 @@
-package com.gxzc.zen.api.sys.constants
-
-/**
- *
- * @author NorthLan
- * @date 2018/5/5
- * @url https://noahlan.com
- */
-object CacheKeyConstants {
-    const val DICT_VALUE_KEY = "dict_value"
-}

zen-api/src/main/kotlin/com/gxzc/zen/api/sys/model/SysDept.kt

@@ -1,36 +0,0 @@
-package com.gxzc.zen.api.sys.model
-
-import com.baomidou.mybatisplus.annotation.TableName
-import com.gxzc.zen.common.base.BaseModel
-
-/**
- * <p>
- * 部门管理
- * </p>
- *
- * @author NorthLan
- * @since 2018-04-28
- */
-@TableName("sys_dept")
-open class SysDept : BaseModel() {
-    /**
-     * 父节点ID
-     */
-    var parentId: Long? = null
-    /**
-     * 路径枚举
-     */
-    var path: String? = null
-    /**
-     * 部门名称
-     */
-    var name: String? = null
-    /**
-     * 负责人
-     */
-    var principal: String? = null
-    /**
-     * 排序号
-     */
-    var sort: Int? = null
-}

zen-api/src/main/kotlin/com/gxzc/zen/api/sys/model/SysDeptUser.kt

@@ -1,24 +0,0 @@
-package com.gxzc.zen.api.sys.model
-
-import com.baomidou.mybatisplus.annotation.TableName
-import com.gxzc.zen.common.base.BaseModel
-
-/**
- * <p>
- * 部门用户表
- * </p>
- *
- * @author NorthLan
- * @since 2018-04-28
- */
-@TableName("sys_dept_user")
-open class SysDeptUser : BaseModel() {
-    /**
-     * 部门ID
-     */
-    var deptId: Long? = null
-    /**
-     * 用户ID
-     */
-    var userId: Long? = null
-}

zen-api/src/main/kotlin/com/gxzc/zen/api/sys/model/SysDictType.kt

@@ -1,32 +0,0 @@
-package com.gxzc.zen.api.sys.model
-
-import com.baomidou.mybatisplus.annotation.TableName
-import com.gxzc.zen.common.base.BaseModel
-
-/**
- * <p>
- * 字典结构树
- * </p>
- *
- * @author NorthLan
- * @since 2018-04-28
- */
-@TableName("sys_dict_type")
-open class SysDictType : BaseModel() {
-    /**
-     * 目录码
-     */
-    var code: String? = null
-    /**
-     * 标签
-     */
-    var label: String? = null
-    /**
-     * 父节点id
-     */
-    var parentId: Long? = null
-    /**
-     * 路径枚举
-     */
-    var path: String? = null
-}

zen-api/src/main/kotlin/com/gxzc/zen/api/sys/model/SysDictValue.kt

@@ -1,36 +0,0 @@
-package com.gxzc.zen.api.sys.model
-
-import com.baomidou.mybatisplus.annotation.TableName
-import com.gxzc.zen.common.base.BaseModel
-
-/**
- * <p>
- * 字典值
- * </p>
- *
- * @author NorthLan
- * @since 2018-04-28
- */
-@TableName("sys_dict_value")
-open class SysDictValue : BaseModel() {
-    /**
-     * 关联字典树ID
-     */
-    var typeId: Long? = null
-    /**
-     * 字典码
-     */
-    var code: String? = null
-    /**
-     * 字典值
-     */
-    var value: String? = null
-    /**
-     * 标签（中文名）
-     */
-    var label: String? = null
-    /**
-     * 排序号
-     */
-    var sort: Int? = null
-}

zen-api/src/main/kotlin/com/gxzc/zen/api/sys/model/SysEventLogin.kt

@@ -1,44 +0,0 @@
-package com.gxzc.zen.api.sys.model
-
-import com.baomidou.mybatisplus.annotation.TableName
-import com.gxzc.zen.common.base.BaseModel
-
-/**
- * <p>
- * 登录日志表
- * </p>
- *
- * @author NorthLan
- * @since 2018-04-28
- */
-@TableName("sys_event_login")
-open class SysEventLogin : BaseModel() {
-    /**
-     * 日志标题
-     */
-    var title: String? = null
-    /**
-     * 请求地址
-     */
-    var requestUri: String? = null
-    /**
-     * 排序号
-     */
-    var sort: Int? = null
-    /**
-     * 账户名
-     */
-    var account: String? = null
-    /**
-     * 登录IP地址
-     */
-    var clientHost: String? = null
-    /**
-     * 用户代理
-     */
-    var userAgent: String? = null
-    /**
-     * 请求状态
-     */
-    var status: Int? = null
-}

zen-api/src/main/kotlin/com/gxzc/zen/api/sys/model/SysEventOper.kt

@@ -1,44 +0,0 @@
-package com.gxzc.zen.api.sys.model
-
-import com.baomidou.mybatisplus.annotation.TableName
-import com.gxzc.zen.common.base.BaseModel
-
-/**
- * <p>
- * 操作日志表
- * </p>
- *
- * @author NorthLan
- * @since 2018-04-28
- */
-@TableName("sys_event_oper")
-open class SysEventOper : BaseModel() {
-    /**
-     * 日志标题
-     */
-    var title: String? = null
-    /**
-     * 请求地址
-     */
-    var requestUri: String? = null
-    /**
-     * 排序号
-     */
-    var sort: Int? = null
-    /**
-     * 账户名
-     */
-    var account: String? = null
-    /**
-     * 登录IP地址
-     */
-    var clientHost: String? = null
-    /**
-     * 请求参数
-     */
-    var parameter: String? = null
-    /**
-     * 请求方法
-     */
-    var method: String? = null
-}

zen-api/src/main/kotlin/com/gxzc/zen/api/sys/model/SysNotice.kt

@@ -1,43 +0,0 @@
-package com.gxzc.zen.api.sys.model
-
-import com.baomidou.mybatisplus.annotation.TableName
-import com.fasterxml.jackson.annotation.JsonFormat
-import com.gxzc.zen.common.base.BaseModel
-import java.util.*
-
-/**
- * <p>
- * 通知公告表
- * </p>
- *
- * @author NorthLan
- * @since 2018-04-28
- */
-@TableName("sys_notice")
-open class SysNotice : BaseModel() {
-    /**
-     * 公告标题
-     */
-    var noticeTitle: String? = null
-    /**
-     * 公告类型
-     */
-    var noticeType: String? = null
-    /**
-     * 发布时间
-     */
-    @JsonFormat(pattern = "yyyy-MM-dd HH:mm:ss")
-    var sendTime: Date? = null
-    /**
-     * 来源地址
-     */
-    var sourcesUrl: String? = null
-    /**
-     * 内容
-     */
-    var content: String? = null
-    /**
-     * 发布状态
-     */
-    var status: String? = null
-}

zen-api/src/main/kotlin/com/gxzc/zen/api/sys/model/SysParam.kt

@@ -1,44 +0,0 @@
-package com.gxzc.zen.api.sys.model
-
-import com.baomidou.mybatisplus.annotation.TableName
-import com.gxzc.zen.common.base.BaseModel
-
-/**
- * <p>
- * 系统参数表
- * </p>
- *
- * @author NorthLan
- * @since 2018-04-28
- */
-@TableName("sys_param")
-open class SysParam : BaseModel() {
-    /**
-     * 参数key
-     */
-    var key: String? = null
-    /**
-     * 参数值
-     */
-    var value: String? = null
-    /**
-     * 扩展字段1
-     */
-    var ext1: String? = null
-    /**
-     * 扩展字段2
-     */
-    var ext2: String? = null
-    /**
-     * 扩展字段3
-     */
-    var ext3: String? = null
-    /**
-     * 扩展字段4
-     */
-    var ext4: String? = null
-    /**
-     * 排序号
-     */
-    var sort: Int? = null
-}

zen-api/src/main/kotlin/com/gxzc/zen/api/sys/model/SysRole.kt

@@ -1,56 +0,0 @@
-package com.gxzc.zen.api.sys.model
-
-import com.baomidou.mybatisplus.annotation.TableName
-import com.gxzc.zen.common.base.BaseModel
-
-/**
- * <p>
- * 角色表
- * </p>
- *
- * @author NorthLan
- * @since 2018-04-28
- */
-@TableName("sys_role")
-open class SysRole : BaseModel() {
-    companion object {
-        private const val serialVersionUID = 1000000000000000003L
-    }
-
-    /**
-     * 父级节点
-     */
-    var parentId: Long? = null
-    /**
-     * 角色名称
-     */
-    var name: String? = null
-    /**
-     * 路径枚举
-     */
-    var path: String? = null
-    /**
-     * 角色代码
-     */
-    var code: String? = null
-    /**
-     * 扩展字段1
-     */
-    var ext1: String? = null
-    /**
-     * 扩展字段2
-     */
-    var ext2: String? = null
-    /**
-     * 扩展字段3
-     */
-    var ext3: String? = null
-    /**
-     * 扩展字段4
-     */
-    var ext4: String? = null
-    /**
-     * 扩展字段5
-     */
-    var ext5: String? = null
-}

zen-api/src/main/kotlin/com/gxzc/zen/api/sys/model/SysUploadInfo.kt

@@ -1,74 +0,0 @@
-package com.gxzc.zen.api.sys.model
-
-import com.baomidou.mybatisplus.annotation.TableField
-import com.baomidou.mybatisplus.annotation.TableName
-import com.gxzc.zen.common.base.BaseModel
-import java.util.*
-
-/**
- * <p>
- * 上传文件信息表
- * </p>
- *
- * @author NorthLan
- * @since 2018-06-01
- */
-@TableName("sys_upload_info")
-open class SysUploadInfo : BaseModel() {
-    /**
-     * 当前虚拟文件名
-     */
-    var filename: String? = null
-    /**
-     * 原始文件名
-     */
-    var originFilename: String? = null
-    /**
-     * 虚拟相对路径
-     */
-    var relativePath: String? = null
-    /**
-     * 最后一次修改时间
-     */
-    var lastModified: Date? = null
-    /**
-     * 文件非完整md5(头+[尾]+修改时间)
-     */
-    var md5: String? = null
-    /**
-     * 后缀名
-     */
-    var extension: String? = null
-    /**
-     * 文件大小(byte)
-     */
-    var filesize: Long? = null
-    /**
-     * 存储group位
-     */
-    var group: String? = null
-    /**
-     * 保存的path
-     */
-    var path: String? = null
-    /**
-     * 备用字段
-     */
-    var ext1: String? = null
-    /**
-     * 备用字段
-     */
-    var ext2: String? = null
-    /**
-     * 备用字段
-     */
-    var ext3: String? = null
-    /**
-     * 备用字段
-     */
-    var ext4: String? = null
-
-    ////////////////////// url
-    @TableField(exist = false)
-    var url: String? = null
-}

zen-api/src/main/kotlin/com/gxzc/zen/api/sys/model/SysUserRole.kt

@@ -1,28 +0,0 @@
-package com.gxzc.zen.api.sys.model
-
-import com.baomidou.mybatisplus.annotation.TableName
-import com.gxzc.zen.common.base.BaseModel
-
-/**
- * <p>
- * 用户角色表
- * </p>
- *
- * @author NorthLan
- * @since 2018-04-27
- */
-@TableName("sys_user_role")
-open class SysUserRole : BaseModel() {
-    companion object {
-        private const val serialVersionUID = 1000000000000000005L
-    }
-
-    /**
-     * 角色ID
-     */
-    var roleId: Long? = null
-    /**
-     * 用户ID
-     */
-    var userId: Long? = null
-}

zen-api/src/main/kotlin/com/gxzc/zen/api/sys/service/IPermissionService.kt

@@ -1,43 +0,0 @@
-package com.gxzc.zen.api.sys.service
-
-import com.gxzc.zen.api.sys.model.SysRole
-import cn.gygxzc.envir.config.shiro.common.ZenPermission
-import org.apache.shiro.session.Session
-
-/**
- * <p>
- * 权限 服务类
- * </p>
- *
- * @author NorthLan
- * @since 2018-02-06
- */
-interface IPermissionService {
-
-    /**
-     * 获取系统所有权限列表并存入 {code 系统缓存}
-     */
-    fun getAllSysPermission(): MutableList<ZenPermission>
-
-    /**
-     * 获取用户主体拥有的权限列表
-     * 若session缓存中没有 则从数据库中取出
-     */
-    fun getSubjectPermission(): MutableList<ZenPermission>
-
-    /**
-     * 获取用户主体拥有的角色列表
-     * 若session缓存中没有 则从数据库中取出
-     */
-    fun getSubjectRoles(session: Session): MutableList<SysRole>
-
-    /**
-     * 更新系统权限缓存
-     */
-    fun updateAllSysPermission()
-
-    /**
-     * 更新所有用户权限
-     */
-    fun updateAllSessionPermission()
-}

zen-api/src/main/kotlin/com/gxzc/zen/api/sys/service/impl/PermissionServiceImpl.kt

@@ -1,83 +0,0 @@
-//package com.gxzc.zen.api.sys.service.impl
-//
-//import com.alibaba.dubbo.config.annotation.Reference
-//import com.gxzc.zen.api.sys.model.SysRole
-//import com.gxzc.zen.api.sys.service.IPermissionService
-//import com.gxzc.zen.common.contants.ZenConstants
-//import com.gxzc.zen.common.util.RedisCacheUtil
-//import com.gxzc.zen.rpc.api.sys.RPermissionService
-//import com.gxzc.zen.rpc.api.sys.RRoleService
-//import cn.gygxzc.tina.config.shiro.common.ZenPermission
-//import cn.gygxzc.tina.config.shiro.ZenHttpSession
-//import cn.gygxzc.tina.config.shiro.utils.SSOUtil
-//import cn.gygxzc.tina.config.shiro.utils.ShiroRedisUtil
-//import org.apache.shiro.session.Session
-//import org.springframework.data.annotation.Reference
-//import org.springframework.stereotype.Service
-//
-///**
-// * <p>
-// * 权限 服务实现类
-// * </p>
-// *
-// * @author NorthLan123
-// * @since 2018-02-06
-// */
-//@Service
-//@Suppress("UNCHECKED_CAST")
-//class PermissionServiceImpl : IPermissionService {
-//
-//    @Reference(version = "1.0")
-//    private val rPermissionService: RPermissionService? = null
-//
-//    @Reference(version = "1.0")
-//    private val roleService: RRoleService? = null
-//
-//    override fun getAllSysPermission(): MutableList<ZenPermission> {
-//        // 获取权限
-//        var ret = rPermissionService?.getAllPermission()
-//        if (ret == null) {
-//            ret = mutableListOf()
-//        }
-//        return ret
-//    }
-//
-//    override fun getSubjectPermission(): MutableList<ZenPermission> {
-//        val session = SSOUtil.getSession() ?: return mutableListOf()
-//        var result = session.getAttribute(ZenHttpSession.SESSION_KEY_USER_PERMS) as? MutableList<ZenPermission>
-//        if (result == null || result.isEmpty()) {
-//            result = mutableListOf()
-//            val roles = getSubjectRoles(session)
-//            val roleIds = roles.map { it.id!! }
-//
-//            val perms = rPermissionService?.getPermissionByRoleIds(roleIds)
-//            if (perms != null && perms.isNotEmpty()) {
-//                result.addAll(perms)
-//            }
-//        }
-//        if (result.isNotEmpty()) {
-//            session.setAttribute(ZenHttpSession.SESSION_KEY_USER_PERMS, result)
-//        }
-//
-//        return result
-//    }
-//
-//    override fun getSubjectRoles(session: Session): MutableList<SysRole> {
-//        var roles = session.getAttribute(ZenHttpSession.SESSION_KEY_USER_ROLES) as? MutableList<SysRole>
-//        // session中没有怎么办?
-//        if (roles == null || roles.isEmpty()) {
-//            // DB中取出来
-//            roles = roleService!!.getRoleListByUserId(session.getAttribute(ZenHttpSession.SESSION_KEY_USER_ID) as? Long)
-//            session.setAttribute(ZenHttpSession.SESSION_KEY_USER_ROLES, roles)
-//        }
-//        return roles
-//    }
-//
-//    override fun updateAllSysPermission() {
-//        RedisCacheUtil.evict(ZenConstants.CACHE_KEY_SYS, "allPerms")
-//    }
-//
-//    override fun updateAllSessionPermission() {
-//        ShiroRedisUtil.removeAllSessionsAttributeKey(ZenHttpSession.SESSION_KEY_USER_PERMS)
-//    }
-//}

zen-api/src/main/kotlin/com/gxzc/zen/orm/config/CustomMetaObjectHandler.kt

@@ -1,7 +1,7 @@
 package com.gxzc.zen.orm.config
 
+import cn.gygxzc.tina.cloud.jwt.session.utils.SessionUtils
 import com.baomidou.mybatisplus.core.handlers.MetaObjectHandler
-import cn.gygxzc.envir.config.shiro.utils.SSOUtil
 import org.apache.ibatis.reflection.MetaObject
 import org.slf4j.LoggerFactory
 import java.util.*
@@ -21,7 +21,7 @@ class CustomMetaObjectHandler : MetaObjectHandler {
     override fun insertFill(metaObject: MetaObject?) {
         try {
             if (getFieldValByName("createBy", metaObject) == null) {
-                val curUser = SSOUtil.getCurAccount()
+                val curUser = SessionUtils.getUser()?.account
                 setFieldValByName("createBy", curUser, metaObject)
             }
             if (getFieldValByName("createTime", metaObject) == null) {
@@ -35,7 +35,7 @@ class CustomMetaObjectHandler : MetaObjectHandler {
     override fun updateFill(metaObject: MetaObject?) {
         try {
             if (getFieldValByName("updateBy", metaObject) == null) {
-                val curUser = SSOUtil.getCurAccount()
+                val curUser = SessionUtils.getUser()?.account
                 setFieldValByName("updateBy", curUser, metaObject)
             }
             setFieldValByName("updateTime", Date(), metaObject)

zen-web/src/main/resources/application-shiro.yml

@@ -17,7 +17,6 @@ shiro:
   session:
     prefix: envir
     expired: 48h
-    jwtKey: 7586df7fc3b34e26a66c039d5ec8445d
 
 ---
 spring:
@@ -37,5 +36,4 @@ shiro:
     timeout: 5000 # 连接超时时间（毫秒）
   session:
     prefix: envir
-    expired: 12h
-    jwtKey: 7586df7fc3b34e26a66c039d5ec8445d
+    expired: 12h

zen-web/src/main/resources/logback-spring.xml

@@ -151,7 +151,8 @@
             <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} %-5level %logger Line:%-3L - %msg%n</pattern>
         </encoder>
     </appender>
-    <logger name="com.minlia" level="DEBUG"/>
+    <logger name="com.gxzc" level="DEBUG"/>
+    <logger name="cn.gygxzc" level="DEBUG"/>
     <logger name="org.springframework.data.mybatis" level="DEBUG"/>
     <logger name="org.springframework.aop.aspectj" level="ERROR"/>
 
@@ -193,7 +194,7 @@
     <!--</contextListener>-->
 
     <springProfile name="prod">
-        <root level="DEBUG">
+        <root level="INFO">
             <!--<appender-ref ref="STDOUT"/>-->
             <appender-ref ref="FILEERROR"/>
             <appender-ref ref="FILEWARN"/>
@@ -204,7 +205,7 @@
 
 
     <springProfile name="dev">
-        <root level="DEBUG">
+        <root level="INFO">
             <appender-ref ref="CONSOLE"/>
             <appender-ref ref="FILEERROR"/>
             <appender-ref ref="FILEWARN"/>