| | |
|---|
| | | import org.springblade.core.jwt.JwtUtil; |
|---|
| | | import org.springblade.core.jwt.props.JwtProperties; |
|---|
| | | import org.springblade.core.redis.cache.BladeRedis; |
|---|
| | | import org.springblade.core.secure.utils.AuthUtil; |
|---|
| | | import org.springblade.core.tool.api.R; |
|---|
| | | import org.springblade.core.tool.support.Kv; |
|---|
| | | import org.springblade.core.tool.utils.*; |
|---|
| | |
|---|
| | | import com.vci.ubcs.system.entity.Tenant; |
|---|
| | | import com.vci.ubcs.system.feign.ISysClient; |
|---|
| | | import org.springframework.beans.factory.annotation.Value; |
|---|
| | | import org.springframework.security.core.AuthenticationException; |
|---|
| | | import org.springframework.security.core.GrantedAuthority; |
|---|
| | | import org.springframework.security.core.authority.AuthorityUtils; |
|---|
| | | import org.springframework.security.core.authority.SimpleGrantedAuthority; |
|---|
| | | import org.springframework.security.core.userdetails.UserDetailsService; |
|---|
| | | import org.springframework.security.core.userdetails.UsernameNotFoundException; |
|---|
| | | import org.springframework.security.oauth2.common.exceptions.InvalidGrantException; |
|---|
| | | import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException; |
|---|
| | | import org.springframework.stereotype.Service; |
|---|
| | | |
|---|
| | |
|---|
| | | public class BladeUserDetailsServiceImpl implements UserDetailsService { |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 允许错误次数 |
|---|
| | | * 默认允许错误次数 |
|---|
| | | */ |
|---|
| | | //public static final Integer FAIL_COUNT = 5; |
|---|
| | | public static final Integer FAIL_COUNT = 5; |
|---|
| | | public static final String FAIL_COUNT_VALUE = "account.failCount"; |
|---|
| | | |
|---|
| | | /** |
|---|
| | |
|---|
| | | private final BladeRedis bladeRedis; |
|---|
| | | |
|---|
| | | private final JwtProperties jwtProperties; |
|---|
| | | |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 超级管理员信息 |
|---|
| | |
|---|
| | | // 判断登录是否锁定 |
|---|
| | | int count = getFailCount(tenantId, username); |
|---|
| | | //为防止取值为空报错的情况,当为空的时候给默认只为5次便锁定用户登录,但是一般很难出现这种情况,因为我feign里面是给了默认密码策略查询的 |
|---|
| | | int failCountValue = Func.isEmpty(strategy) ? 5:Func.toInt(strategy.getLockingNum()); |
|---|
| | | |
|---|
| | | int failCountValue = Func.isEmpty(strategy) ? FAIL_COUNT:Func.toInt(strategy.getLockingNum()); |
|---|
| | | int failCount = Func.toInt(ParamCache.getValue(FAIL_COUNT_VALUE), failCountValue); |
|---|
| | | |
|---|
| | | if (count >= failCount) { |
|---|
| | | throw new UserDeniedAuthorizationException(TokenUtil.USER_HAS_TOO_MANY_FAILS); |
|---|
| | | } |
|---|
| | | //超级管理员配置文件配置账号密码,实现登录, 默认租户id为000000 |
|---|
| | | if(tenantId.equals(this.tenantId)){ |
|---|
| | | |
|---|
| | | //超级管理员配置文件配置账号密码,实现登录, 默认租户id和超管为配置出来的 |
|---|
| | | if(tenantId.equals(this.tenantId) && userName.equals(username)){ |
|---|
| | | if (!this.userName.equals(username) && !password.equalsIgnoreCase(this.password)) { |
|---|
| | | setFailCount(tenantId, username, count,strategy.getLockingTime()); |
|---|
| | | throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND); |
|---|
| | | } |
|---|
| | | //如果ip比对后get抛出异常No value present就直接抛异常结束登录 |
|---|
| | | if(ipEnable){ |
|---|
| | | Log.debug("当前访问IP:"+getIpAddress(request)); |
|---|
| | | // Log.debug("当前访问IP:"+getIpAddress(request)); |
|---|
| | | Log.debug("当前访问IP:"+WebUtil.getIP(request)); |
|---|
| | | try { |
|---|
| | | ips.stream().filter(s -> s.equals(getIpAddress(request))).findFirst().get(); |
|---|
| | | ips.stream().filter(s -> s.equals(WebUtil.getIP(request))).findFirst().get(); |
|---|
| | | } catch (Exception e){ |
|---|
| | | throw new UserDeniedAuthorizationException(TokenUtil.IP_NOT_FOND); |
|---|
| | | } |
|---|
| | |
|---|
| | | setFailCount(tenantId, username, count,strategy.getLockingTime()); |
|---|
| | | throw new UsernameNotFoundException(TokenUtil.USER_NOT_FOUND); |
|---|
| | | } |
|---|
| | | // 用户状态为1时说明该用户被锁定 |
|---|
| | | if(user.getUserStatus() == 1){ |
|---|
| | | throw new InvalidGrantException(TokenUtil.USER_LOCK); |
|---|
| | | } |
|---|
| | | String hex = DigestUtil.hex(password); |
|---|
| | | // 用户存在但密码错误,超过次数则锁定账号 |
|---|
| | | if (grantType != null && !grantType.equals(TokenUtil.REFRESH_TOKEN_KEY) && !user.getPassword().equals(hex)) { |
|---|
| | |
|---|
| | | BladeUserDetails bladeUserDetails = new BladeUserDetails(user.getId(), |
|---|
| | | user.getTenantId(), StringPool.EMPTY, user.getName(), user.getRealName(), user.getDeptId(), user.getPostId(), user.getRoleId(), Func.join(userInfo.getRoles()), Func.toStr(user.getAvatar(), TokenUtil.DEFAULT_AVATAR), |
|---|
| | | username, AuthConstant.ENCRYPT + user.getPassword(), userInfo.getDetail(),user.getSecretGrade(), true, true, true, true, |
|---|
| | | AuthorityUtils.commaSeparatedStringToAuthorityList(Func.join(result.getData().getRoles())),user.getStrategyUpdateStatus()); |
|---|
| | | AuthorityUtils.commaSeparatedStringToAuthorityList(Func.join(result.getData().getRoles())),user.getStrategyUpdateStatus(),tenant.getData().getTenantName(),user.getDeptName(),user.getEmail()); |
|---|
| | | return bladeUserDetails; |
|---|
| | | } else { |
|---|
| | | throw new UsernameNotFoundException(result.getMsg()); |
|---|
