dousha/123123
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Ray
2026-02-19 03:37:37 +08:00
commit ccfd8c79a4
2813 changed files with 453657 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
comm/Security/WebContent/META-INF/MANIFEST.MF Executable file
View File

@@ -0,0 +1,3 @@
Manifest-Version: 1.0
Class-Path:

113
comm/Security/WebContent/role_authority_manage_add.jsp Executable file
View File

@@ -0,0 +1,113 @@
<%@ page language="java" pageEncoding="utf-8"%>
<%@ include file="include/pagetop.jsp"%>
<!DOCTYPE html>
<html>
<head>
<%@ include file="include/head.jsp"%>
</head>
<body>
<%@ include file="include/loading.jsp"%>
<%@ include file="include/top.jsp"%>
<%@ include file="include/menu_left.jsp"%>
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START CONTENT -->
<div class="content">
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START CONTAINER -->
<div class="container-default">
<h3>角色权限管理</h3>
<%@ include file="include/alert.jsp"%>
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START queryForm -->
<form action="<%=basePath%>normal/adminRoleAuthorityManageAction!list.action"
method="post" id="queryForm">
<s:hidden name="pageNo" id="pageNo"></s:hidden>
<s:hidden name="username_para" id="username_para"></s:hidden>
</form>
<!-- END queryForm -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<div class="row">
<div class="col-md-12 col-lg-12">
<div class="panel panel-default">
<div class="panel-title">
新增角色
<ul class="panel-tools">
<li><a class="icon minimise-tool"><i
class="fa fa-minus"></i></a></li>
<li><a class="icon expand-tool"><i class="fa fa-expand"></i></a></li>
</ul>
</div>
<div class="panel-body">
<form class="form-horizontal"
action="<%=basePath%>normal/adminRoleAuthorityManageAction!add.action"
method="post" name="mainForm" id="mainForm">
<s:hidden name="username_para" id="username_para"></s:hidden>
<div class="form-group">
<label class="col-sm-2 control-label form-label">角色</label>
<div class="col-sm-5">
<s:textfield id="roleName" name="roleName"
cssClass="form-control " placeholder="请输入大写英文" />
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<a href="javascript:goUrl(<s:property value="pageNo" />)"
class="btn">取消</a> <a href="javascript:submit()"
class="btn btn-default">保存</a>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
<!-- END CONTAINER -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<%@ include file="include/footer.jsp"%>
</div>
<!-- End Content -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<%@ include file="include/js.jsp"%>
<script type="text/javascript">
function submit() {
swal({
title : "是否保存?",
text : "",
type : "warning",
showCancelButton : true,
confirmButtonColor : "#DD6B55",
confirmButtonText : "确认",
closeOnConfirm : false
}, function() {
document.getElementById("mainForm").submit();
});
}
</script>
</body>
</html>

244
comm/Security/WebContent/role_authority_manage_list.jsp Executable file
View File

@@ -0,0 +1,244 @@
<%@ page language="java" pageEncoding="utf-8"%>
<%@ include file="include/pagetop.jsp"%>
<!DOCTYPE html>
<html>
<head>
<%@ include file="include/head.jsp"%>
</head>
<body>
<%@ include file="include/loading.jsp"%>
<%@ include file="include/top.jsp"%>
<%@ include file="include/menu_left.jsp"%>
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START CONTENT -->
<div class="content">
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START CONTAINER -->
<div class="container-default">
<h3>角色权限管理</h3>
<%@ include file="include/alert.jsp"%>
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START queryForm -->
<!-- END queryForm -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<div class="row">
<div class="col-md-12">
<!-- Start Panel -->
<div class="panel panel-default">
<div class="panel-title">查询结果</div>
<sec:authorize ifAnyGranted="ROLE_ADMIN,ROLE_ROOT">
<a href="<%=basePath%>normal/adminRoleAuthorityManageAction!toAdd.action?username_para=<s:property value="username_para" />" class="btn btn-light" style="margin-bottom: 10px" ><i class="fa fa-pencil"></i>新增角色</a>
</sec:authorize>
<div class="panel-body">
<table class="table table-bordered table-striped" >
<thead>
<tr>
<td>角色</td>
<td>权限</td>
<td width="150px"></td>
</tr>
</thead>
<tbody>
<s:iterator value="datas" status="stat">
<tr>
<td ><s:property value="roleName" /></td>
<td ><s:property value="names" /></td>
<td>
<div class="btn-group">
<button type="button" class="btn btn-light">操作</button>
<button type="button" class="btn btn-light dropdown-toggle"
data-toggle="dropdown" aria-expanded="false">
<span class="caret"></span> <span class="sr-only">Toggle
Dropdown</span>
</button>
<ul class="dropdown-menu" role="menu">
<sec:authorize ifAnyGranted="ROLE_ADMIN,ROLE_ROOT">
<li>
<a href="javascript:updateResource('<s:property value="id" />')" >配置权限</a>
</li>
<li>
<a href="javascript:del('<s:property value="id" />')" >删除</a>
</li>
</sec:authorize>
</ul>
</div>
</td>
</tr>
</s:iterator>
</tbody>
</table>
<%@ include file="include/page_simple.jsp"%>
<nav>
</div>
</div>
<!-- End Panel -->
</div>
</div>
</div>
<!-- END CONTAINER -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<%@ include file="include/footer.jsp"%>
</div>
<!-- End Content -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<sec:authorize ifAnyGranted="ROLE_ADMIN,ROLE_ROOT">
<div class="form-group">
<form
action="<%=basePath%>normal/adminRoleAuthorityManageAction!update.action"
method="post" id="mainform">
<input type="hidden" name="pageNo" id="pageNo"
value="${param.pageNo}">
<input type="hidden" name="id" id="update_role_id"/>
<div class="col-sm-1">
<!-- 模态框Modal -->
<div class="modal fade" id="resources_form" tabindex="-1"
role="dialog" aria-labelledby="myModalLabel"
aria-hidden="true">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close"
data-dismiss="modal" aria-hidden="true">&times;</button>
<h4 class="modal-title" id="myModalLabel">配置权限</h4>
</div>
<div class="modal-body" style="max-height: 400px;overflow-y: scroll;">
<table class="table table-bordered table-striped" >
<thead>
<tr>
<td>权限</td>
</tr>
</thead>
<tbody id="modal_table">
</tbody>
</table>
</div>
<div class="modal-footer" style="margin-top: 0;">
<button type="button" class="btn "
data-dismiss="modal">关闭</button>
<button id="sub" type="submit" class="btn btn-default" >保存</button>
</div>
</div>
<!-- /.modal-content -->
</div>
<!-- /.modal -->
</div>
</div>
</form>
</div>
</sec:authorize>
<%@ include file="include/js.jsp"%>
<script type="text/javascript">
function update_value(code,snotes,svalue){
document.getElementById("change_value").value = svalue;
document.getElementById("titlediv").innerText = snotes;
$("#code").val(code);
$('#modal_set').modal("show");
}
</script>
<sec:authorize ifAnyGranted="ROLE_ADMIN,ROLE_ROOT">
<script>
function del(id) {
swal({
title : "确认删除角色?",
text : "",
type : "warning",
showCancelButton : true,
confirmButtonColor : "#DD6B55",
confirmButtonText : "确认",
closeOnConfirm : false
}, function() {
window.location.href = "<%=basePath%>normal/adminRoleAuthorityManageAction!delete.action?id="+id;
});
}
</script>
<script type="text/javascript">
function updateResource(id){
$("#resources_form").modal("show");
$("#update_role_id").val(id);
var url = "<%=basePath%>normal/adminRoleAuthorityManageAction!resources.action";
var data = {"id":id};
goAjaxUrl(url,data,function(tmp){
var str='';
var content='';
tmp.all_resources
console.log(tmp);
for(var i=0;i<tmp.all_resources.length;i++){
content = '<div class="checkbox checkbox-success checkbox-inline">'
+ '<input type="checkbox" id="inlineCheckbox12_'+tmp.all_resources[i].set_id+'" value="'+tmp.all_resources[i].set_id+'" name="role_resource" >'
+ '<label for="inlineCheckbox12_'+tmp.all_resources[i].set_id+'">'+tmp.all_resources[i].name+'</label>'
+ '</div>';
str += '<tr>'
+'<td>'+content+'</td>'
+'</tr>';
}
$("#modal_table").html(str);
$.each(tmp.checked_resources.split(","),function(index,value){//默认选中
$("#inlineCheckbox12_"+value).prop("checked","checked");
});
},function(){
// $("#coin_value").val(0);
});
}
function goAjaxUrl(targetUrl,data,Func,Fail){
console.log(data);
$.ajax({
url:targetUrl,
data:data,
type : 'get',
dataType : "json",
success: function (res) {
var tmp = $.parseJSON(res)
console.log(tmp);
if(tmp.code==200){
Func(tmp);
}else if(tmp.code==500){
Fail();
swal({
title : tmp.message,
text : "",
type : "warning",
showCancelButton : true,
confirmButtonColor : "#DD6B55",
confirmButtonText : "确认",
closeOnConfirm : false
});
}
},
error : function(XMLHttpRequest, textStatus,
errorThrown) {
console.log("请求错误");
}
});
}
</script>
</sec:authorize>
</body>
</html>

153
comm/Security/WebContent/secadmin_add.jsp Executable file
View File

@@ -0,0 +1,153 @@
<%@ page language="java" pageEncoding="utf-8"%>
<%@ include file="include/pagetop.jsp"%>
<!DOCTYPE html>
<html>
<head>
<%@ include file="include/head.jsp"%>
</head>
<body>
<%@ include file="include/loading.jsp"%>
<%@ include file="include/top.jsp"%>
<%@ include file="include/menu_left.jsp"%>
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START CONTENT -->
<div class="content">
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START CONTAINER -->
<div class="container-default">
<h3>系统用户管理</h3>
<%@ include file="include/alert.jsp"%>
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START queryForm -->
<form action="<%=basePath%>normal/adminSystemUserAction!list.action"
method="post" id="queryForm">
<s:hidden name="pageNo" id="pageNo"></s:hidden>
<s:hidden name="username_para" id="username_para"></s:hidden>
</form>
<!-- END queryForm -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<div class="row">
<div class="col-md-12 col-lg-12">
<div class="panel panel-default">
<div class="panel-title">
新增用户
<ul class="panel-tools">
<li><a class="icon minimise-tool"><i
class="fa fa-minus"></i></a></li>
<li><a class="icon expand-tool"><i class="fa fa-expand"></i></a></li>
</ul>
</div>
<div class="panel-body">
<form class="form-horizontal"
action="<%=basePath%>normal/adminSystemUserAction!add.action"
method="post" name="mainForm" id="mainForm">
<s:hidden name="username_para" id="username_para"></s:hidden>
<h5>基础信息</h5>
<div class="form-group">
<label class="col-sm-2 control-label form-label">用户名</label>
<div class="col-sm-5">
<s:textfield id="username" name="username"
cssClass="form-control " />
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label">密码</label>
<div class="col-sm-5">
<s:password id="password" name="password"
cssClass="form-control " />
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label">角色</label>
<div class="col-sm-2">
<div class="controls">
<s:select id="roleName" cssClass="form-control " name="roleName"
list="role_map" listKey="key" headerKey=""
headerValue="请选择" listValue="value" value="roleName" />
</div>
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label">登录权限</label>
<div class="col-sm-2">
<s:select id="enabled" cssClass="form-control "
name="enabled" list="#{true:'开启',false:'关闭'}"
listKey="key" listValue="value" value="enabled" />
</div>
</div>
<div class="form-group">
<label for="input002" class="col-sm-2 control-label form-label">备注</label>
<div class="col-sm-6">
<s:textarea name="remarks" id="remarks"
cssClass="form-control input-lg" rows="4" cols="20" />
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<a href="javascript:goUrl(<s:property value="pageNo" />)"
class="btn">取消</a> <a href="javascript:submit()"
class="btn btn-default">保存</a>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
<!-- END CONTAINER -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<%@ include file="include/footer.jsp"%>
</div>
<!-- End Content -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<%@ include file="include/js.jsp"%>
<script type="text/javascript">
function submit() {
swal({
title : "是否保存?",
text : "",
type : "warning",
showCancelButton : true,
confirmButtonColor : "#DD6B55",
confirmButtonText : "确认",
closeOnConfirm : false
}, function() {
document.getElementById("mainForm").submit();
});
}
</script>
</body>
</html>

149
comm/Security/WebContent/secadmin_list.jsp Executable file
View File

@@ -0,0 +1,149 @@
<%@ page language="java" pageEncoding="utf-8"%>
<%@ include file="include/pagetop.jsp"%>
<!DOCTYPE html>
<html>
<head>
<%@ include file="include/head.jsp"%>
</head>
<body>
<%@ include file="include/loading.jsp"%>
<%@ include file="include/top.jsp"%>
<%@ include file="include/menu_left.jsp"%>
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START CONTENT -->
<div class="content">
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START CONTAINER -->
<div class="container-default">
<h3>系统用户管理</h3>
<%@ include file="include/alert.jsp"%>
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START queryForm -->
<div class="row">
<div class="col-md-12">
<div class="panel panel-default">
<div class="panel-title">查询条件</div>
<div class="panel-body">
<sec:authorize ifAnyGranted="ROLE_ADMIN,ROLE_ROOT">
<form class="form-horizontal" action="<%=basePath%>normal/adminSystemUserAction!list.action" method="post"
id="queryForm">
<input type="hidden" name="pageNo" id="pageNo"
value="${param.pageNo}">
<div class="col-md-12 col-lg-4">
<fieldset>
<div class="control-group">
<div class="controls">
<s:textfield id="username_para" name="username_para" cssClass="form-control " placeholder="用户名"/>
</div>
</div>
</fieldset>
</div>
<div class="col-md-12 col-lg-2">
<button type="submit" class="btn btn-light btn-block">查询</button>
</div>
</form>
</sec:authorize>
</div>
</div>
</div>
</div>
<!-- END queryForm -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<div class="row">
<div class="col-md-12">
<!-- Start Panel -->
<div class="panel panel-default">
<div class="panel-title">查询结果</div>
<sec:authorize ifAnyGranted="ROLE_ADMIN,ROLE_ROOT">
<a href="<%=basePath%>normal/adminSystemUserAction!toAdd.action?username_para=<s:property value="username_para" />" class="btn btn-light" style="margin-bottom: 10px" ><i class="fa fa-pencil"></i>新增用户</a>
</sec:authorize>
<div class="panel-body">
<table class="table table-bordered table-striped">
<thead>
<tr>
<td>用户名</td>
<td>角色</td>
<td>登录权限</td>
<td>备注</td>
<td style="width:130px;"></td>
</tr>
</thead>
<tbody>
<s:iterator value="page.elements" status="stat">
<tr>
<td><s:property value="username" /></td>
<td>
<s:property value="role_map.get(roleName)" />
</td>
<td><s:if test='enabled'>开启</s:if><s:if test='!enabled'><span class="right label label-danger">关闭</span></s:if></td>
<td><s:property value="remarks" /></td>
<td>
<div class="btn-group">
<button type="button" class="btn btn-light">操作</button>
<button type="button" class="btn btn-light dropdown-toggle" data-toggle="dropdown" aria-expanded="false">
<span class="caret"></span>
<span class="sr-only">Toggle Dropdown</span>
</button>
<ul class="dropdown-menu" role="menu">
<sec:authorize ifAnyGranted="ROLE_ADMIN,ROLE_ROOT">
<%-- <li><a href="<%=basePath%>manage/adminSystemUserAction!toUpdatePassword.action?secAdmin_id=<s:property value="id" />&username_para=<s:property value="username_para" />">修改密码</a></li> --%>
<li><a href="<%=basePath%>normal/adminSystemUserAction!toUpdate.action?secAdmin_id=<s:property value="id" />&username_para=<s:property value="username_para" />">修改</a></li>
<li><a href="<%=basePath%>normal/adminSystemUserAction!toUpdatePassword.action?secAdmin_id=<s:property value="id" />&username_para=<s:property value="username_para" />">修改密码</a></li>
</sec:authorize>
</ul>
</div>
</td>
</tr>
</s:iterator>
</tbody>
</table>
<%@ include file="include/page_simple.jsp"%>
<nav>
</div>
</div>
<!-- End Panel -->
</div>
</div>
</div>
<!-- END CONTAINER -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<%@ include file="include/footer.jsp"%>
</div>
<!-- End Content -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<%@ include file="include/js.jsp"%>
</body>
</html>

124
comm/Security/WebContent/secadmin_password_update.jsp Executable file
View File

@@ -0,0 +1,124 @@
<%@ page language="java" pageEncoding="utf-8"%>
<%@ include file="include/pagetop.jsp"%>
<!DOCTYPE html>
<html>
<head>
<%@ include file="include/head.jsp"%>
</head>
<body>
<%@ include file="include/loading.jsp"%>
<%@ include file="include/top.jsp"%>
<%@ include file="include/menu_left.jsp"%>
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START CONTENT -->
<div class="content">
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START CONTAINER -->
<div class="container-default">
<h3>系统用户管理</h3>
<%@ include file="include/alert.jsp"%>
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START queryForm -->
<form action="<%=basePath%>normal/adminSystemUserAction!list.action"
method="post" id="queryForm">
<s:hidden name="pageNo" id="pageNo"></s:hidden>
<s:hidden name="name_para" id="name_para"></s:hidden>
</form>
<!-- END queryForm -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<div class="row">
<div class="col-md-12 col-lg-12">
<div class="panel panel-default">
<div class="panel-title">
修改用户密码
<ul class="panel-tools">
<li><a class="icon minimise-tool"><i
class="fa fa-minus"></i></a></li>
<li><a class="icon expand-tool"><i class="fa fa-expand"></i></a></li>
</ul>
</div>
<div class="panel-body">
<form class="form-horizontal"
action="<%=basePath%>normal/adminSystemUserAction!updatePassword.action"
method="post" name="mainForm" id="mainForm">
<s:hidden name="username_para" id="username_para"></s:hidden>
<s:hidden name="secAdmin_id" id="secAdmin_id"></s:hidden>
<div class="form-group">
<label class="col-sm-2 control-label form-label">用户名</label>
<div class="col-sm-5">
<s:textfield id="username" name="username"
cssClass="form-control " readonly="true" />
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label">新密码</label>
<div class="col-sm-5">
<s:password id="password" name="password"
cssClass="form-control " />
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<a href="javascript:goUrl(<s:property value="pageNo" />)"
class="btn">取消</a> <a href="javascript:submit()"
class="btn btn-default">保存</a>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
<!-- END CONTAINER -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<%@ include file="include/footer.jsp"%>
</div>
<!-- End Content -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<%@ include file="include/js.jsp"%>
<script type="text/javascript">
function submit() {
swal({
title : "是否保存?",
text : "",
type : "warning",
showCancelButton : true,
confirmButtonColor : "#DD6B55",
confirmButtonText : "确认",
closeOnConfirm : false
}, function() {
document.getElementById("mainForm").submit();
});
}
</script>
</body>
</html>

148
comm/Security/WebContent/secadmin_update.jsp Executable file
View File

@@ -0,0 +1,148 @@
<%@ page language="java" pageEncoding="utf-8"%>
<%@ include file="include/pagetop.jsp"%>
<!DOCTYPE html>
<html>
<head>
<%@ include file="include/head.jsp"%>
</head>
<body>
<%@ include file="include/loading.jsp"%>
<%@ include file="include/top.jsp"%>
<%@ include file="include/menu_left.jsp"%>
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START CONTENT -->
<div class="content">
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START CONTAINER -->
<div class="container-default">
<h3>系统用户管理</h3>
<%@ include file="include/alert.jsp"%>
<!-- //////////////////////////////////////////////////////////////////////////// -->
<!-- START queryForm -->
<form action="<%=basePath%>normal/adminSystemUserAction!list.action"
method="post" id="queryForm">
<s:hidden name="pageNo" id="pageNo"></s:hidden>
<s:hidden name="name_para" id="name_para"></s:hidden>
</form>
<!-- END queryForm -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<div class="row">
<div class="col-md-12 col-lg-12">
<div class="panel panel-default">
<div class="panel-title">
修改用户
<ul class="panel-tools">
<li><a class="icon minimise-tool"><i
class="fa fa-minus"></i></a></li>
<li><a class="icon expand-tool"><i class="fa fa-expand"></i></a></li>
</ul>
</div>
<div class="panel-body">
<form class="form-horizontal"
action="<%=basePath%>normal/adminSystemUserAction!update.action"
method="post" name="mainForm" id="mainForm">
<s:hidden name="username_para" id="username_para"></s:hidden>
<s:hidden name="secAdmin_id" id="secAdmin_id"></s:hidden>
<h5>基础信息</h5>
<div class="form-group">
<label class="col-sm-2 control-label form-label">用户名</label>
<div class="col-sm-5">
<s:textfield id="username" name="username"
cssClass="form-control " readonly="true" />
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label">角色</label>
<div class="col-sm-2">
<div class="controls">
<s:select id="roleName" cssClass="form-control " name="roleName"
list="role_map" listKey="key" headerKey=""
headerValue="请选择" listValue="value" value="roleName" />
</div>
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label form-label">登录权限</label>
<div class="col-sm-2">
<s:select id="enabled" cssClass="form-control "
name="enabled" list="#{true:'开启',false:'关闭'}"
listKey="key" listValue="value" value="enabled" />
</div>
</div>
<div class="form-group">
<label for="input002" class="col-sm-2 control-label form-label">备注</label>
<div class="col-sm-6">
<s:textarea name="remarks" id="remarks"
cssClass="form-control input-lg" rows="4" cols="20" />
</div>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<a href="javascript:goUrl(<s:property value="pageNo" />)"
class="btn">取消</a> <a href="javascript:submit()"
class="btn btn-default">保存</a>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div>
<!-- END CONTAINER -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<%@ include file="include/footer.jsp"%>
</div>
<!-- End Content -->
<!-- //////////////////////////////////////////////////////////////////////////// -->
<%@ include file="include/js.jsp"%>
<script type="text/javascript">
function submit() {
swal({
title : "是否保存?",
text : "",
type : "warning",
showCancelButton : true,
confirmButtonColor : "#DD6B55",
confirmButtonText : "确认",
closeOnConfirm : false
}, function() {
document.getElementById("mainForm").submit();
});
}
</script>
</body>
</html>

23
comm/Security/build/classes/security/mapping/Resource.hbm.xml Executable file
View File

@@ -0,0 +1,23 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping>
<class name="security.Resource" table="SCT_RESOURCE">
<id name="id" type="java.lang.String">
<column name="UUID" />
<generator class="uuid.hex" />
</id>
<property name="resString" type="java.lang.String">
<column name="RES_STRING" length="256" not-null="true" />
</property>
<property name="resType" type="java.lang.String">
<column name="RES_TYPE" length="32" not-null="true" />
</property>
<set cascade="none" lazy="false" name="roles"
outer-join="false" sort="unsorted" table="SCT_ROLE_RESOURCE">
<key column="RESOURCE_UUID" />
<many-to-many class="security.Role"
column="ROLE_UUID" unique="false" />
</set>
</class>
</hibernate-mapping>

24
comm/Security/build/classes/security/mapping/Role.hbm.xml Executable file
View File

@@ -0,0 +1,24 @@
<?xml version="1.0"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping>
<class name="security.Role" table="SCT_ROLE">
<id name="id" type="java.lang.String">
<column name="UUID" />
<generator class="uuid.hex" />
</id>
<property generated="never" lazy="false" name="roleName"
type="java.lang.String">
<column length="64" name="ROLE_NAME" />
</property>
<set cascade="none" lazy="false" name="resources"
outer-join="false" sort="unsorted" table="SCT_ROLE_RESOURCE">
<key column="ROLE_UUID" />
<many-to-many class="security.Resource"
column="RESOURCE_UUID" unique="false" />
</set>
</class>
</hibernate-mapping>

49
comm/Security/build/classes/security/mapping/SecUser.hbm.xml Executable file
View File

@@ -0,0 +1,49 @@
<?xml version="1.0"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping>
<class name="security.SecUser" table="SCT_USER">
<id name="id" type="java.lang.String">
<column name="UUID" />
<generator class="uuid.hex" />
</id>
<property name="createTime" type="timestamp">
<column name="CREATETIME" />
</property>
<property generated="never" lazy="false" name="username"
type="java.lang.String">
<column length="64" name="USERNAME" />
</property>
<!--
<property name="name" type="java.lang.String">
<column name="NAME" />
</property>
<property generated="never" lazy="false" name="email"
type="java.lang.String">
<column length="32" name="EMAIL" />
</property>
-->
<property generated="never" lazy="false" name="password"
type="java.lang.String">
<column length="256" name="PASSWORD" />
</property>
<property generated="never" lazy="false" name="partyId"
type="java.lang.String">
<column length="32" name="PARTY_UUID" />
</property>
<property generated="never" lazy="false" name="enabled" type="yes_no">
<column name="ENABLED" />
</property>
<!--
<property generated="never" lazy="false" name="isdel" type="yes_no">
<column name="ISDEL" />
</property>
-->
<set lazy="false" cascade="none" name="roles" outer-join="false"
sort="unsorted" table="SCT_USER_ROLE">
<key column="USER_UUID" />
<many-to-many class="security.Role" column="ROLE_UUID"
unique="false" />
</set>
</class>
</hibernate-mapping>

91
comm/Security/build/classes/spring/applicationContext-security.xml Executable file
View File

@@ -0,0 +1,91 @@
<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
<description>SpringSecurity</description>
<!-- If you enable single sign-on,To security:http plus entry-point-ref="casProcessingFilterEntryPoint" -->
<security:http entry-point-ref="authenticationProcessingFilterEntryPoint">
<security:intercept-url pattern="/public/**"
filters="none" />
<security:intercept-url pattern="/api/**"
filters="none" />
<security:intercept-url pattern="/api/**"
filters="none" />
<security:logout invalidate-session="true"
logout-success-url="/login.jsp" />
<security:concurrent-session-control
max-sessions="9999" expired-url="/default.jsp" />
</security:http>
<security:authentication-provider
user-service-ref="userDetailsService">
<security:password-encoder ref="passwordEncoder">
</security:password-encoder>
</security:authentication-provider>
<bean id="authenticationProcessingFilterEntryPoint" class="security.filter.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/login.jsp"></property>
</bean>
<bean id="passwordEncoder"
class="org.springframework.security.providers.encoding.Md5PasswordEncoder" />
<bean id="secUserService" class="security.internal.SecUserServiceImpl">
<property name="hibernateTemplate" ref="hibernateTemplate" />
<property name="passwordEncoder" ref="passwordEncoder" />
</bean>
<bean id="authenticationProcessingFilter"
class="security.filter.AjaxableAuthenticationProcessingFilter">
<security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
<property name="defaultTargetUrl" value="/user_login_success.jsp" />
<property name="alwaysUseDefaultTargetUrl" value="true" />
<property name="authenticationFailureUrl" value="/login.jsp"/>
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<security:authentication-manager alias="authenticationManager"/>
<!-- 角色管理 -->
<bean id="roleService" class="security.internal.RoleServiceImpl">
<property name="hibernateTemplate" ref="hibernateTemplate" />
<property name="securityAuthoritiesHolder" ref="securityAuthoritiesHolder" />
<property name="namedParameterJdbcTemplate" ref="namedParameterJdbcTemplate" />
</bean>
<bean id="securityAuthoritiesHolder"
class="security.internal.SecurityAuthoritiesHolderImpl">
<property name="hibernateTemplate" ref="hibernateTemplate" />
</bean>
<bean id="filterSecurityInterceptor"
class="org.springframework.security.intercept.web.FilterSecurityInterceptor"
autowire="byType">
<security:custom-filter before="FILTER_SECURITY_INTERCEPTOR" />
<property name="objectDefinitionSource" ref="filterInvocationDefinitionSource" />
</bean>
<bean id="filterInvocationDefinitionSource"
class="security.filter.UrlResourceFilterInvocationDefinitionSource">
<property name="securityAuthoritiesHolder" ref="securityAuthoritiesHolder" />
</bean>
<bean id="securityResourceProcessor"
class="security.internal.SecurityResourceProcessorImpl">
<property name="securityAuthoritiesHolder" ref="securityAuthoritiesHolder" />
<property name="accessDecisionManager" ref="_accessManager" />
</bean>
<bean id="resourceService"
class="security.internal.ResourceServiceImpl">
<property name="hibernateTemplate" ref="hibernateTemplate" />
</bean>
</beans>

26
comm/Security/build/classes/struts2/normal.xml Executable file
View File

@@ -0,0 +1,26 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<package name="normal" namespace="/normal" extends="root">
<result-types>
<result-type name="json" class="org.apache.struts2.json.JSONResult" />
</result-types>
<interceptors>
<interceptor name="json"
class="org.apache.struts2.json.JSONInterceptor" />
</interceptors>
<action name="defaultAction" class="project.party.action.DefaultAction">
<result type="chain" name="index">
<param name="actionName">indexAction</param>
<param name="method">view</param>
</result>
</action>
<action name="isLoginAction" class="security.web.IsLoginAction">
</action>
</package>
</struts>

90
comm/Security/config/applicationContext-security.xml Executable file
View File

@@ -0,0 +1,90 @@
<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
<description>SpringSecurity</description>
<!-- If you enable single sign-on,To security:http plus entry-point-ref="casProcessingFilterEntryPoint" -->
<security:http entry-point-ref="authenticationProcessingFilterEntryPoint">
<security:intercept-url pattern="/public/**"
filters="none" />
<security:intercept-url pattern="/api/**"
filters="none" />
<security:logout invalidate-session="true"
logout-success-url="/login.jsp" />
<security:concurrent-session-control
max-sessions="9999" expired-url="/default.jsp" />
</security:http>
<security:authentication-provider
user-service-ref="userDetailsService">
<security:password-encoder
ref="passwordEncoder">
<security:salt-source user-property="username" />
</security:password-encoder>
</security:authentication-provider>
<bean id="authenticationProcessingFilterEntryPoint" class="security.filter.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/login.jsp"></property>
</bean>
<bean id="passwordEncoder"
class="org.springframework.security.providers.encoding.Md5PasswordEncoder" />
<bean id="secUserService" class="security.internal.SecUserServiceImpl">
<property name="hibernateTemplate" ref="hibernateTemplate" />
<property name="passwordEncoder" ref="passwordEncoder" />
<property name="redisHandler" ref="redisHandler" />
</bean>
<bean id="authenticationProcessingFilter"
class="security.filter.LocalAjaxableAuthenticationProcessingFilter">
<security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
<property name="defaultTargetUrl" value="/user_login_success.jsp" />
<property name="alwaysUseDefaultTargetUrl" value="true" />
<property name="authenticationFailureUrl" value="/login.jsp"/>
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<security:authentication-manager alias="authenticationManager"/>
<!-- 角色管理 -->
<bean id="roleService" class="security.internal.RoleServiceImpl">
<property name="hibernateTemplate" ref="hibernateTemplate" />
<property name="securityAuthoritiesHolder" ref="securityAuthoritiesHolder" />
<property name="namedParameterJdbcTemplate" ref="namedParameterJdbcTemplate" />
</bean>
<bean id="securityAuthoritiesHolder"
class="security.internal.SecurityAuthoritiesHolderImpl">
<property name="hibernateTemplate" ref="hibernateTemplate" />
</bean>
<bean id="filterSecurityInterceptor"
class="org.springframework.security.intercept.web.FilterSecurityInterceptor"
autowire="byType">
<security:custom-filter before="FILTER_SECURITY_INTERCEPTOR" />
<property name="objectDefinitionSource" ref="filterInvocationDefinitionSource" />
</bean>
<bean id="filterInvocationDefinitionSource"
class="security.filter.UrlResourceFilterInvocationDefinitionSource">
<property name="securityAuthoritiesHolder" ref="securityAuthoritiesHolder" />
</bean>
<bean id="securityResourceProcessor"
class="security.internal.SecurityResourceProcessorImpl">
<property name="securityAuthoritiesHolder" ref="securityAuthoritiesHolder" />
<property name="accessDecisionManager" ref="_accessManager" />
</bean>
<bean id="resourceService"
class="security.internal.ResourceServiceImpl">
<property name="hibernateTemplate" ref="hibernateTemplate" />
</bean>
</beans>

23
comm/Security/config/applicationContext-security_data.xml Executable file
View File

@@ -0,0 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:dubbo="http://code.alibabatech.com/schema/dubbo"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://code.alibabatech.com/schema/dubbo
http://code.alibabatech.com/schema/dubbo/dubbo.xsd ">
<!-- init-method="init" -->
<bean id="secUserService" class="security.internal.SecUserServiceImpl">
<property name="hibernateTemplate" ref="hibernateTemplate" />
<property name="passwordEncoder" ref="passwordEncoder" />
<property name="redisHandler" ref="redisHandler" />
</bean>
<bean id="secUserLoadCacheService"
class="project.data.loadcache.SecUserLoadCacheService">
<property name="hibernateTemplate" ref="hibernateTemplate" />
<property name="redisHandler" ref="redisHandler" />
</bean>
</beans>

23
comm/Security/config/normal.xml Executable file
View File

@@ -0,0 +1,23 @@
admin
<action name="LoginSuccessAction"
class="security.web.LocalLoginSuccessAction">
<!-- <result type="chain" name="admin_index">
<param name="actionName">adminContractOrderAction</param>
<param name="method">list</param>
</result>
<result type="chain" name="user_index">
<param name="actionName">adminMyDataAction</param>
<param name="method">list</param>
</result> -->
<result type="chain" name="user_index">
<param name="actionName">userIndexAction</param>
<param name="method">view</param>
</result>
<result type="chain" name="admin_index">
<param name="actionName">adminIndexAction</param>
<param name="method">view</param>
</result>
</action>

31
comm/Security/config/systemuser/applicationContext-security_systemuser_admin.xml Executable file
View File

@@ -0,0 +1,31 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:dubbo="http://code.alibabatech.com/schema/dubbo"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://code.alibabatech.com/schema/dubbo
http://code.alibabatech.com/schema/dubbo/dubbo.xsd ">
<bean id="adminSystemUserService"
class="systemuser.internal.AdminSystemUserServiceImpl">
<property name="hibernateTemplate" ref="hibernateTemplate" />
<property name="pagedQueryDao" ref="pagedDao" />
<property name="secUserService" ref="secUserService" />
<property name="roleService" ref="roleService" />
</bean>
<bean id="adminRoleAuthorityService"
class="systemuser.internal.AdminRoleAuthorityServiceImpl">
<property name="hibernateTemplate" ref="hibernateTemplate" />
<property name="roleService" ref="roleService" />
<property name="namedParameterJdbcTemplate" ref="namedParameterJdbcTemplate" />
<property name="resourceService" ref="resourceService" />
<property name="resourceMappingService" ref="resourceMappingService" />
</bean>
<bean id="resourceMappingService"
class="systemuser.internal.ResourceMappingServiceImpl">
<property name="hibernateTemplate" ref="hibernateTemplate" />
</bean>
</beans>

83
comm/Security/dbscript/1.0/SECURITY-DDL-MYSQL.SQL Executable file
View File

@@ -0,0 +1,83 @@
/*==============================================================*/
/* 安全 开始 */
/*==============================================================*/
DROP TABLE IF EXISTS SCT_USER_ROLE;
DROP TABLE IF EXISTS SCT_ROLE_RESOURCE;
DROP TABLE IF EXISTS SCT_RESOURCE;
DROP TABLE IF EXISTS SCT_ROLE;
DROP TABLE IF EXISTS SCT_USER;
CREATE TABLE SCT_ROLE_RESOURCE
(
RESOURCE_UUID VARCHAR(64) NOT NULL,
ROLE_UUID VARCHAR(32) NOT NULL
)ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE SCT_RESOURCE
(
UUID VARCHAR(64) NOT NULL,
RES_STRING VARCHAR(256) NOT NULL,
RES_TYPE VARCHAR(32) NOT NULL,
PRIMARY KEY (UUID)
)ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE INDEX SCINX_RES_TYPE ON SCT_RESOURCE
(
RES_TYPE
);
CREATE TABLE SCT_ROLE
(
UUID VARCHAR(32) NOT NULL,
ROLE_NAME VARCHAR(128) NOT NULL,
PRIMARY KEY (UUID)
)ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE SCT_USER
(
UUID VARCHAR(32) NOT NULL,
PARTY_UUID VARCHAR(32),
USERNAME VARCHAR(128) NOT NULL,
PASSWORD VARCHAR(256) NOT NULL,
ENABLED CHAR(1) NOT NULL,
CREATETIME datetime ,
PRIMARY KEY (UUID)
)ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE UNIQUE INDEX SCINX_USER_USERNAME ON SCT_USER
(
USERNAME
);
CREATE INDEX SCINX_USER_PARTY_UUID ON SCT_USER
(
PARTY_UUID
);
CREATE TABLE SCT_USER_ROLE
(
USER_UUID VARCHAR(32) NOT NULL,
ROLE_UUID VARCHAR(32) NOT NULL
)DEFAULT CHARSET=utf8;
ALTER TABLE SCT_ROLE_RESOURCE ADD CONSTRAINT SCFK_ROLE_RESOURCET_SCT_RESOURCE FOREIGN KEY (RESOURCE_UUID)
REFERENCES SCT_RESOURCE (UUID) ON DELETE RESTRICT ON UPDATE RESTRICT;
ALTER TABLE SCT_ROLE_RESOURCE ADD CONSTRAINT SCFK_ROLE_RESOURCE_SCT_ROLE FOREIGN KEY (ROLE_UUID)
REFERENCES SCT_ROLE (UUID) ON DELETE RESTRICT ON UPDATE RESTRICT;
ALTER TABLE SCT_USER_ROLE ADD CONSTRAINT SCFK_USER_ROLE_SCT_ROLE FOREIGN KEY (ROLE_UUID)
REFERENCES SCT_ROLE (UUID);
ALTER TABLE SCT_USER_ROLE ADD CONSTRAINT SCFK_USER_ROLE_SCT_USER FOREIGN KEY (USER_UUID)
REFERENCES SCT_USER (UUID) ON DELETE RESTRICT ON UPDATE RESTRICT;
/*==============================================================*/
/* 安全结束 */
/*==============================================================*/

48
comm/Security/dbscript/1.0/SECURITY-DML-MYSQL.SQL Executable file
View File

@@ -0,0 +1,48 @@
/*==============================================================*/
/* 会员 */
/*==============================================================*/
INSERT INTO `SCT_ROLE` (`UUID`, `ROLE_NAME`)
VALUES
('SECURITY_ROLE_MEMBER', 'MEMBER');
INSERT INTO `SCT_ROLE` (`UUID`, `ROLE_NAME`)
VALUES
('SECURITY_ROLE_GUEST', 'GUEST');
/*==============================================================*/
/* 管理员 */
/*==============================================================*/
INSERT INTO `SCT_ROLE` (`UUID`, `ROLE_NAME`)
VALUES
('SECURITY_ROLE_ADMIN', 'ADMIN');
/*==============================================================*/
/* ROOT管理员 */
/*==============================================================*/
INSERT INTO `SCT_ROLE` (`UUID`, `ROLE_NAME`)
VALUES
('SECURITY_ROLE_ROOT', 'ROOT');
/*==============================================================*/
/* admin用户 密码 123456 */
/*==============================================================*/
INSERT INTO `SCT_USER` (`UUID`, `PARTY_UUID`, `USERNAME`, `PASSWORD`, `ENABLED`)
VALUES
('SADMIN','','admin','b594510740d2ac4261c1b2fe87850d08','y');
INSERT INTO `SCT_USER_ROLE` (`USER_UUID`,`ROLE_UUID`)
VALUES
('SADMIN', 'SECURITY_ROLE_ADMIN');
/*==============================================================*/
/* ROOT 用户 密码 123456 */
/*==============================================================*/
INSERT INTO `SCT_USER` (`UUID`, `PARTY_UUID`, `USERNAME`, `PASSWORD`, `ENABLED`)
VALUES
('SROOT','','root','9ae056c6fabcb4c695085d4e5d064d2b','y');
INSERT INTO `SCT_USER_ROLE` (`USER_UUID`,`ROLE_UUID`)
VALUES
('SROOT', 'SECURITY_ROLE_ADMIN');

9
comm/Security/dbscript/2.1/SECURITY-DDL-MYSQL.SQL Executable file
View File

@@ -0,0 +1,9 @@
ALTER TABLE SCT_USER ADD `REMARKS` longtext ;
ALTER TABLE `SCT_USER`
ADD COLUMN `SAFEWORD` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL AFTER `USERNAME`;

1402
comm/Security/dbscript/2.1/SECURITY-DML-MYSQL.SQL Executable file
View File

File diff suppressed because it is too large Load Diff

11
comm/Security/dbscript/3.0/SECURITY-DDL-MYSQL.SQL Executable file
View File

@@ -0,0 +1,11 @@
DROP TABLE IF EXISTS `T_CUSTOMER`;
CREATE TABLE `T_CUSTOMER` (
`UUID` varchar(32) NOT NULL DEFAULT '',
`USERNAME` varchar(64) DEFAULT NULL,
`ONLINE_STATE` int(2) DEFAULT NULL,
`LAST_CUSTOMER_TIME` datetime DEFAULT NULL,
`LAST_ONLINE_TIME` datetime DEFAULT NULL,
`LAST_OFFLINE_TIME` datetime DEFAULT NULL,
`CREATE_TIME` datetime DEFAULT NULL,
PRIMARY KEY (`UUID`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

12
comm/Security/dbscript/3.0/SYSTEMUER-DDL-MYSQL.SQL Executable file
View File

@@ -0,0 +1,12 @@
DROP TABLE IF EXISTS `SCT_RESOURCE_SET_NAME`;
CREATE TABLE `SCT_RESOURCE_SET_NAME` (
`UUID` varchar(64) NOT NULL DEFAULT '',
`NAME` varchar(255) DEFAULT NULL,
PRIMARY KEY (`UUID`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
DROP TABLE IF EXISTS `SCT_RESOURCE_MAPPING`;
CREATE TABLE `SCT_RESOURCE_MAPPING` (
`SET_UUID` varchar(64) DEFAULT NULL,
`RESOURCE_UUID` varchar(64) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;

163
comm/Security/dbscript/3.0/SYSTEMUSER-DML-MYSQL.SQL Executable file
View File

@@ -0,0 +1,163 @@
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_AGENT', '代理商管理');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_AGENT_ALL_STATISTICS', '代理商收益报表');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_ALL_STATISTICS', '总收益报表');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_CHANNEL_BLOCKCHAIN', '区块链充值地址维护');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_CMS', '用户端内容管理');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_CONTRACT_APPLY_ORDER', '永续委托单');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_CONTRACT_MANAGE', '交割合约配置');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_CONTRACT_ORDER', '当前永续持仓单');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_CONTRACT_ORDER_STATISTICS', '永续合约收益统计');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_EXCHANGE_APPLY_ORDER', '币币交易订单');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_EXCHANGE_ORDER_STATISTICS', '币币交易收益统计');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_EXCHANGE_RATE', '货币汇率配置');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_FINANCE_ORDER', '历史理财产品订单');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_FINANCE_STATISTICS', '理财产品收益统计');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_FUND_ORDER', '跟单策略基金订单');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_FUTURES_ORDER', '交割合约单');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_FUTURES_ORDER_STATISTICS', '交割合约收益统计');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_HISTORY_CONTRACT_ORDER', '历史永续合约单');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_KYC', '用户基础认证管理');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_KYC_HIGH_LEVEL', '用户高级认证管理');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_MARKET_QUOTATIONS_MANAGE', '行情管理');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_MESSAGE_NOTIFY', '管理员消息通知');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_MINER', '矿机配置');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_MINER_ORDER', '矿机订单');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_MONEY_IN_OUT_STATISTICS', '充提金额统计');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_MONEY_LOG', '账变记录');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_NEWS', '新闻管理');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_PROFIT_LOSS_CONFIG', '交割场控设置');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_RECHARGE_BLOCKCHAIN', '区块链充值订单');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_RECHARGE_SYMBOL_STATISTICS', '充值币种统计');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_USER', '用户管理');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_USER_ADD_STATISTICS', '新增用户统计');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_USER_ALL_STATISTICS', '用户收益报表');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_USER_DATE', '代理分润对账报表');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_USER_MONEY_STATISTICS', '用户存量汇总');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_USER_RECOM', '用户推荐关系管理');
INSERT INTO SCT_RESOURCE_SET_NAME VALUES ('ADMIN_WITHDRAW', '提现订单管理');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_RECHARGE_SYMBOL_STATISTICS', 'ADMIN_RECHARGE_SYMBOL_STATISTICS_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_RECHARGE_SYMBOL_STATISTICS', 'ADMIN_RECHARGE_SYMBOL_STATISTICS_EXPORTDATA');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CONTRACT_MANAGE', 'ADMIN_CONTRACT_MANAGE_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CONTRACT_MANAGE', 'ADMIN_CONTRACT_MANAGE_LISTPARA');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CONTRACT_MANAGE', 'ADMIN_CONTRACT_MANAGE_TOADD');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CONTRACT_MANAGE', 'ADMIN_CONTRACT_MANAGE_ADDCONTRACTITEM');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CONTRACT_MANAGE', 'ADMIN_CONTRACT_MANAGE_TOADDINSTALL');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CONTRACT_MANAGE', 'ADMIN_CONTRACT_MANAGE_ADDFUTURES');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_AGENT', 'ADMIN_AGENT_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_AGENT', 'ADMIN_AGENT_TOADD');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_AGENT', 'ADMIN_AGENT_ADD');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_AGENT', 'ADMIN_AGENT_TOUPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_AGENT', 'ADMIN_AGENT_UPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_AGENT', 'ADMIN_AGENT_RESETPSW');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_FINANCE_ORDER', 'ADMIN_FINANCE_ORDER_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_FINANCE_ORDER', 'ADMIN_FINANCE_ORDER_CLOSE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_FINANCE_STATISTICS', 'ADMIN_FINANCE_STATISTICS_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_FINANCE_STATISTICS', 'ADMIN_FINANCE_STATISTICS_EXPORTDATA');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_FUND_ORDER', 'ADMIN_FUND_ORDER_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_FUND_ORDER', 'ADMIN_FUND_ORDER_MANAGERLIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_FUND_ORDER', 'ADMIN_FUND_ORDER_CLOSE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_USER_ALL_STATISTICS', 'ADMIN_USER_ALL_STATISTICS_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_USER_ALL_STATISTICS', 'ADMIN_USER_ALL_STATISTICS_EXPORTDATA');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_EXCHANGE_ORDER_STATISTICS', 'ADMIN_EXCHANGE_ORDER_STATISTICS_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_EXCHANGE_ORDER_STATISTICS', 'ADMIN_EXCHANGE_ORDER_STATISTICS_EXPORTDATA');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_NEWS', 'ADMIN_NEWS_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_NEWS', 'ADMIN_NEWS_TOADD');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_NEWS', 'ADMIN_NEWS_ADD');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_NEWS', 'ADMIN_NEWS_TOUPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_NEWS', 'ADMIN_NEWS_UPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_NEWS', 'ADMIN_NEWS_DETAILS');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_NEWS', 'ADMIN_NEWS_DELETE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_USER_RECOM', 'ADMIN_USER_RECOM_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_USER_RECOM', 'ADMIN_USER_RECOM_TOUPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_USER_RECOM', 'ADMIN_USER_RECOM_UPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MINER', 'ADMIN_MINER_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MINER', 'ADMIN_MINER_TOADD');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MINER', 'ADMIN_MINER_ADD');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MINER', 'ADMIN_MINER_TOUPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MINER', 'ADMIN_MINER_UPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_ALL_STATISTICS', 'ADMIN_ALL_STATISTICS_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_ALL_STATISTICS', 'ADMIN_ALL_STATISTICS_EXPORTDATA');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_ALL_STATISTICS', 'ADMIN_ALL_STATISTICS_SYCNSTATISTICS');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MONEY_IN_OUT_STATISTICS', 'ADMIN_MONEY_IN_OUT_STATISTICS_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MONEY_IN_OUT_STATISTICS', 'ADMIN_MONEY_IN_OUT_STATISTICS_EXPORTDATA');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_HISTORY_CONTRACT_ORDER', 'ADMIN_HISTORY_CONTRACT_ORDER_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_HISTORY_CONTRACT_ORDER', 'ADMIN_HISTORY_CONTRACT_ORDER_CLOSE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_PROFIT_LOSS_CONFIG', 'ADMIN_PROFIT_LOSS_CONFIG_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_PROFIT_LOSS_CONFIG', 'ADMIN_PROFIT_LOSS_CONFIG_TOADD');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_PROFIT_LOSS_CONFIG', 'ADMIN_PROFIT_LOSS_CONFIG_ADD');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_PROFIT_LOSS_CONFIG', 'ADMIN_PROFIT_LOSS_CONFIG_TOUPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_PROFIT_LOSS_CONFIG', 'ADMIN_PROFIT_LOSS_CONFIG_UPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_PROFIT_LOSS_CONFIG', 'ADMIN_PROFIT_LOSS_CONFIG_TODELETE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CHANNEL_BLOCKCHAIN', 'ADMIN_CHANNEL_BLOCKCHAIN_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CHANNEL_BLOCKCHAIN', 'ADMIN_CHANNEL_BLOCKCHAIN_TOUPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CHANNEL_BLOCKCHAIN', 'ADMIN_CHANNEL_BLOCKCHAIN_UPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CHANNEL_BLOCKCHAIN', 'ADMIN_CHANNEL_BLOCKCHAIN_TODELETE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_EXCHANGE_RATE', 'ADMIN_EXCHANGE_RATE_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_EXCHANGE_RATE', 'ADMIN_EXCHANGE_RATE_TOUPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_EXCHANGE_RATE', 'ADMIN_EXCHANGE_RATE_UPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MESSAGE_NOTIFY', 'ADMIN_MESSAGE_NOTIFY_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MESSAGE_NOTIFY', 'ADMIN_MESSAGE_NOTIFY_ADD');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MESSAGE_NOTIFY', 'ADMIN_MESSAGE_NOTIFY_UPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MESSAGE_NOTIFY', 'ADMIN_MESSAGE_NOTIFY_DELETE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MARKET_QUOTATIONS_MANAGE', 'ADMIN_MARKET_QUOTATIONS_MANAGE_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MARKET_QUOTATIONS_MANAGE', 'ADMIN_MARKET_QUOTATIONS_MANAGE_SHOWMODAL');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MARKET_QUOTATIONS_MANAGE', 'ADMIN_MARKET_QUOTATIONS_MANAGE_GETVALUE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MARKET_QUOTATIONS_MANAGE', 'ADMIN_MARKET_QUOTATIONS_MANAGE_ADJUST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MONEY_LOG', 'ADMIN_MONEY_LOG_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_USER_MONEY_STATISTICS', 'ADMIN_USER_MONEY_STATISTICS_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_USER_MONEY_STATISTICS', 'ADMIN_USER_MONEY_STATISTICS_EXPORTDATA');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CMS', 'ADMIN_CMS_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CMS', 'ADMIN_CMS_TOADD');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CMS', 'ADMIN_CMS_ADD');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CMS', 'ADMIN_CMS_TOUPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CMS', 'ADMIN_CMS_UPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_EXCHANGE_APPLY_ORDER', 'ADMIN_EXCHANGE_APPLY_ORDER_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_EXCHANGE_APPLY_ORDER', 'ADMIN_EXCHANGE_APPLY_ORDER_CLOSE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_USER_ADD_STATISTICS', 'ADMIN_USER_ADD_STATISTICS_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_USER_ADD_STATISTICS', 'ADMIN_USER_ADD_STATISTICS_EXPORTDATA');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_USER_DATE', 'ADMIN_USER_DATE_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_AGENT_ALL_STATISTICS', 'ADMIN_AGENT_ALL_STATISTICS_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_AGENT_ALL_STATISTICS', 'ADMIN_AGENT_ALL_STATISTICS_EXPORTDATA');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MINER_ORDER', 'ADMIN_MINER_ORDER_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MINER_ORDER', 'ADMIN_MINER_ORDER_CLOSORDER');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MINER_ORDER', 'ADMIN_MINER_ORDER_TOADDORDER');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_MINER_ORDER', 'ADMIN_MINER_ORDER_ADDORDER');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CONTRACT_ORDER_STATISTICS', 'ADMIN_CONTRACT_ORDER_STATISTICS_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CONTRACT_ORDER_STATISTICS', 'ADMIN_CONTRACT_ORDER_STATISTICS_EXPORTDATA');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_USER', 'ADMIN_USER_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_USER', 'ADMIN_USER_TOADD');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_USER', 'ADMIN_USER_ADD');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_USER', 'ADMIN_USER_TOUPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_USER', 'ADMIN_USER_UPDATE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_USER', 'ADMIN_USER_RESET');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_USER', 'ADMIN_USER_RESETPSW');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CONTRACT_APPLY_ORDER', 'ADMIN_CONTRACT_APPLY_ORDER_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CONTRACT_APPLY_ORDER', 'ADMIN_CONTRACT_APPLY_ORDER_CLOSE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_RECHARGE_BLOCKCHAIN', 'ADMIN_RECHARGE_BLOCKCHAIN_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_RECHARGE_BLOCKCHAIN', 'ADMIN_RECHARGE_BLOCKCHAIN_ONSUCCEEDED');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_RECHARGE_BLOCKCHAIN', 'ADMIN_RECHARGE_BLOCKCHAIN_REJECT');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_FUTURES_ORDER_STATISTICS', 'ADMIN_FUTURES_ORDER_STATISTICS_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_FUTURES_ORDER_STATISTICS', 'ADMIN_FUTURES_ORDER_STATISTICS_EXPORTDATA');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_KYC_HIGH_LEVEL', 'ADMIN_KYC_HIGH_LEVEL_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_KYC_HIGH_LEVEL', 'ADMIN_KYC_HIGH_LEVEL_SAVEPASSED');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_KYC_HIGH_LEVEL', 'ADMIN_KYC_HIGH_LEVEL_SAVEFAILED');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_KYC_HIGH_LEVEL', 'ADMIN_KYC_HIGH_LEVEL_DETAIL');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CONTRACT_ORDER', 'ADMIN_CONTRACT_ORDER_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CONTRACT_ORDER', 'ADMIN_CONTRACT_ORDER_CONTENT');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CONTRACT_ORDER', 'ADMIN_CONTRACT_ORDER_SHOWMODAL');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CONTRACT_ORDER', 'ADMIN_CONTRACT_ORDER_GETVALUE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CONTRACT_ORDER', 'ADMIN_CONTRACT_ORDER_ADJUST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_CONTRACT_ORDER', 'ADMIN_CONTRACT_ORDER_CLOSE');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_FUTURES_ORDER', 'ADMIN_FUTURES_ORDER_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_FUTURES_ORDER', 'ADMIN_FUTURES_ORDER_HOLDINGS_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_KYC', 'ADMIN_KYC_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_KYC', 'ADMIN_KYC_SAVEPASSED');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_KYC', 'ADMIN_KYC_SAVEFAILED');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_WITHDRAW', 'ADMIN_WITHDRAW_LIST');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_WITHDRAW', 'ADMIN_WITHDRAW_SUCCESS');
INSERT INTO SCT_RESOURCE_MAPPING VALUES ('ADMIN_WITHDRAW', 'ADMIN_WITHDRAW_REJECT');

80
comm/Security/src/project/web/admin/security/LocalLoginSuccessController.java Executable file
View File

@@ -0,0 +1,80 @@
package project.web.admin.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
import kernel.util.StringUtils;
import project.Constants;
import project.log.Log;
import project.log.LogService;
import security.SecUser;
import security.web.LoginSuccessAction;
@RestController
public class LocalLoginSuccessController extends LoginSuccessAction {
@Autowired
LogService logService;
@RequestMapping(value = "normal/LoginSuccessAction!view.action")
public ModelAndView loginSuccess() {
ModelAndView model = new ModelAndView();
String cookie_username = this.getCookie(COOKIE_USERNAME_NAME);
if (!StringUtils.isNullOrEmpty(cookie_username) && cookie_username.length() >= 4000) {
cookie_username = cookie_username.substring(0, 3999);
}
// super.view();
String partyId = this.getLoginPartyId();
if (!"root".equals(this.getUsername_login())) {
Log log = new Log();
log.setCategory(Constants.LOG_CATEGORY_SECURITY);
log.setLog("登录系统ip[" + this.getIp(getRequest()) + "]");
log.setPartyId(partyId);
log.setUsername(this.getUsername_login());
logService.saveAsyn(log);
}
model.addObject("username_login", this.getUsername_login());
model.setViewName("auto_monitor_iframe");
return model;
}
/**
* 将登录关联信息保存到cookies
*/
private void saveLoginCookies(String username) {
username = username.replaceAll("\\s*", "");
username = username.toLowerCase();
String username_cookie = this.getCookie(COOKIE_USERNAME_NAME);
boolean find = false;
if (!StringUtils.isNullOrEmpty(username_cookie)) {
String[] array = username_cookie.split(",");
for (int i = 0; i < array.length; i++) {
if (username.equals(array[i])) {
find = true;
break;
}
}
}
if (!find) {
if (StringUtils.isNullOrEmpty(username_cookie)) {
addCookie(COOKIE_USERNAME_NAME, username);
} else {
username = username_cookie + "," + username;
addCookie(COOKIE_USERNAME_NAME, username);
}
}
}
}

160
comm/Security/src/project/web/admin/security/LoginController.java Executable file
View File

@@ -0,0 +1,160 @@
package project.web.admin.security;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import kernel.exception.BusinessException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.providers.encoding.PasswordEncoder;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.servlet.ModelAndView;
import kernel.util.StringUtils;
import kernel.web.BaseAction;
import project.Constants;
import project.user.googleauth.GoogleAuthService;
import project.user.token.Token;
import project.user.token.TokenService;
import security.Resource;
import security.Role;
import security.RoleService;
import security.SecUser;
import security.SecurityContext;
import security.internal.SecUserService;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
/**
* 登录相关接口
*
*/
@RestController
public class LoginController extends BaseAction {
private Logger log = LogManager.getLogger(LoginController.class);
@Autowired
SecUserService secUserService;
@Autowired
PasswordEncoder passwordEncoder;
@Autowired
RoleService roleService;
@Autowired
TokenService tokenService;
@Autowired
GoogleAuthService googleAuthService;
@RequestMapping(value = "public/login.action")
public ModelAndView login(HttpServletRequest request) {
ModelAndView modelAndView = new ModelAndView();
String username = request.getParameter("j_username");
if (StringUtils.isNullOrEmpty(username)) {
modelAndView.setViewName("login");
return modelAndView;
}
String j_username = username.replaceAll("\\s*", "");
String[] roles = loginRoles();
SecUser user = this.secUserService.findValidUserByLoginName(j_username.trim(), roles);
if (user == null) {
modelAndView.setViewName("login");
return modelAndView;
}
String j_password = request.getParameter("j_password");
String md5 = this.passwordEncoder.encodePassword(j_password, user.getUsername());
if (!user.getPassword().equals(md5)) {
modelAndView.setViewName("login");
return modelAndView;
}
HttpSession session = request.getSession();
SecurityContext securityContext = new SecurityContext();
securityContext.setPartyId(user.getPartyId());
securityContext.setPrincipal(user);
securityContext.setUsername(user.getUsername());
Iterator<Role> it = user.getRoles().iterator();
while (it.hasNext()) {
Role role = it.next();
securityContext.getRoles().add("ROLE_"+role.getRoleName());
}
session.setAttribute("SPRING_SECURITY_CONTEXT", securityContext);
session.setMaxInactiveInterval(24*60*60);
onlineChatToken(user);
loginIpRecord(user);
// modelAndView.setViewName("login_success");
modelAndView.addObject("username", username);
modelAndView.setViewName("redirect:/normal/LoginSuccessAction!view.action");
return modelAndView;
}
private String[] loginRoles() {
List<String> roles = new LinkedList<String>();
for (Role role : roleService.getAll()) {
if (Constants.SECURITY_ROLE_MEMBER.equals(role.getRoleName())
|| Constants.SECURITY_ROLE_GUEST.equals(role.getRoleName()))// 用户和体验用户不能登录后台
continue;
roles.add(role.getRoleName());
}
return roles.toArray(new String[0]);
}
private void onlineChatToken(SecUser user) {
try {
Set<Role> roles = user.getRoles();
for (Role role : roles) {
for (Resource resource : role.getResources()) {
if ("OP_ADMIN_ONLINECHAT".equals(resource.getId().toString())) {
tokenService.savePut(user.getUsername());// 这里以user的id做key纪录token
return;
}
}
}
Token token = tokenService.find(user.getUsername());
if (token != null) {// 不存在权限时则删除对应的token
tokenService.delete(token.getToken());
}
} catch (Exception e) {
log.error("online chat token fail ,username:" + user.getUsername() + ",e:", e);
}
}
/**
* 记录登录ip
*/
private void loginIpRecord(SecUser user) {
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes())
.getRequest();
String ip = getIp(request);
if (!StringUtils.isEmptyString(user.getPartyId()) || "root".equals(user.getUsername())) {// 代理商和root直接登录
user.setLogin_ip(ip);
user.setLast_loginTime(new Date());
this.secUserService.update(user);
return;
}
if (!ip.equals(user.getLogin_ip())) {// ip不相等时不直接更新而是通过验证更新
return;
}
user.setLogin_ip(ip);
user.setLast_loginTime(new Date());
this.secUserService.update(user);
}
}

31
comm/Security/src/project/web/admin/security/LogoutController.java Executable file
View File

@@ -0,0 +1,31 @@
package project.web.admin.security;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
import kernel.web.BaseAction;
/**
* 后台管理系统退出登录
*
*/
@RestController
public class LogoutController extends BaseAction {
@RequestMapping(value = "public/logout.action")
public ModelAndView Logout(HttpServletRequest request) {
ModelAndView model = new ModelAndView();
HttpSession session = request.getSession();
session.setAttribute("SPRING_SECURITY_CONTEXT", null);
model.setViewName("login");
return model;
}
}

634
comm/Security/src/project/web/admin/systemuser/AdminCustomerController.java Executable file
View File

@@ -0,0 +1,634 @@
package project.web.admin.systemuser;
import java.util.HashSet;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
import kernel.exception.BusinessException;
import kernel.util.StringUtils;
import kernel.web.PageActionSupport;
import project.Constants;
import security.Role;
import security.RoleService;
import security.SecUser;
import security.internal.SecUserService;
import systemuser.AdminCustomerService;
import systemuser.AdminSystemUserService;
import systemuser.CustomerService;
import systemuser.model.Customer;
import util.RegexUtil;
/**
* 客服管理
*/
@RestController
public class AdminCustomerController extends PageActionSupport {
private Logger logger = LogManager.getLogger(AdminCustomerController.class);
@Autowired
private SecUserService secUserService;
@Autowired
private RoleService roleService;
@Autowired
private AdminSystemUserService adminSystemUserService;
@Autowired
private AdminCustomerService adminCustomerService;
@Autowired
private CustomerService customerService;
private final String action = "normal/adminCustomerAction!";
/**
* 获取客服列表
*/
@RequestMapping(action + "list.action")
public ModelAndView list(HttpServletRequest request) {
String pageNo = request.getParameter("pageNo");
String message = request.getParameter("message");
String error = request.getParameter("error");
String username_para = request.getParameter("username_para");
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("sec_customer_list");
try {
this.checkAndSetPageNo(pageNo);
this.check();
this.pageSize = 20;
this.page = this.adminCustomerService.pagedQuery(this.pageNo, this.pageSize, username_para);
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
return modelAndView;
}
modelAndView.addObject("pageNo", this.pageNo);
modelAndView.addObject("pageSize", this.pageSize);
modelAndView.addObject("page", this.page);
modelAndView.addObject("message", message);
modelAndView.addObject("error", error);
modelAndView.addObject("username_para", username_para);
return modelAndView;
}
/**
* 新增客服 页面
*/
@RequestMapping(action + "toAdd.action")
public ModelAndView toAdd() {
ModelAndView modelAndView = new ModelAndView();
try {
this.check();
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
modelAndView.setViewName("sec_customer_add");
return modelAndView;
}
/**
* 新增客服
*/
@RequestMapping(action + "add.action")
public ModelAndView add(HttpServletRequest request) {
String username = request.getParameter("username");
String remarks = request.getParameter("remarks");
String password = request.getParameter("password");
String safe_password = request.getParameter("safe_password");
String auto_answer = request.getParameter("auto_answer");
boolean enabled = Boolean.valueOf(request.getParameter("enabled")).booleanValue();
String login_safeword = request.getParameter("login_safeword");
String email_code = request.getParameter("email_code");
String super_google_auth_code = request.getParameter("super_google_auth_code");
ModelAndView modelAndView = new ModelAndView();
try {
this.check();
String error = this.verif_add(username, password, safe_password, remarks);
if (!StringUtils.isNullOrEmpty(error)) {
throw new BusinessException(error);
}
username = username.replace(" ", "");
if (StringUtils.isNullOrEmpty(login_safeword)) {
throw new BusinessException("请输入登录人资金密码");
}
if (null != this.secUserService.findUserByLoginName(username)) {
throw new BusinessException("用户名已经存在");
}
Role role = this.roleService.findRoleByName(Constants.SECURITY_ROLE_CUSTOMER);
Set<Role> roles = new HashSet<Role>();
roles.add(role);
SecUser secUser = new SecUser();
secUser.setUsername(username);
secUser.setRoles(roles);
secUser.setEnabled(enabled);
secUser.setRemarks(remarks);
secUser.setPassword(password);
secUser.setPartyId("");
secUser.setSafeword(safe_password);
// 补充设值
this.adminCustomerService.save(secUser, this.getUsername_login(), login_safeword, email_code, this.getIp(),
super_google_auth_code, auto_answer);
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.addObject("username", username);
modelAndView.addObject("remarks", remarks);
modelAndView.addObject("password", password);
modelAndView.addObject("safe_password", safe_password);
modelAndView.addObject("auto_answer", auto_answer);
modelAndView.addObject("enabled", enabled);
modelAndView.setViewName("sec_customer_add");
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
modelAndView.addObject("username", username);
modelAndView.addObject("remarks", remarks);
modelAndView.addObject("password", password);
modelAndView.addObject("safe_password", safe_password);
modelAndView.addObject("auto_answer", auto_answer);
modelAndView.addObject("enabled", enabled);
modelAndView.setViewName("sec_customer_add");
return modelAndView;
}
modelAndView.addObject("message", "操作成功");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
/**
* 更新客服 页面
*/
@RequestMapping(action + "toUpdate.action")
public ModelAndView toUpdate(HttpServletRequest request) {
String username = request.getParameter("username");
ModelAndView modelAndView = new ModelAndView();
try {
this.check();
SecUser secUser = this.secUserService.findUserByLoginName(username);
if (null == secUser) {
throw new BusinessException("修改客服不存在");
}
Customer customer = this.customerService.cacheByUsername(username);
if (null == customer) {
throw new BusinessException("修改客服不存在");
}
if ("SADMIN".equals(secUser.getId().toString())) {
throw new BusinessException("该角色无法操作");
}
modelAndView.addObject("username", secUser.getUsername());
modelAndView.addObject("enabled", secUser.getEnabled());
modelAndView.addObject("remarks", secUser.getRemarks());
modelAndView.addObject("auto_answer", customer.getAuto_answer());
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
modelAndView.setViewName("sec_customer_update");
return modelAndView;
}
/**
* 更新客服
*/
@RequestMapping(action + "update.action")
public ModelAndView update(HttpServletRequest request) {
String username = request.getParameter("username");
String remarks = request.getParameter("remarks");
String login_safeword = request.getParameter("login_safeword");
String auto_answer = request.getParameter("auto_answer");
boolean enabled = Boolean.valueOf(request.getParameter("enabled")).booleanValue();
ModelAndView modelAndView = new ModelAndView();
try {
this.check();
String error = this.verif_update(username, auto_answer, remarks);
if (!StringUtils.isNullOrEmpty(error)) {
throw new BusinessException(error);
}
SecUser secUser = this.secUserService.findUserByLoginName(username);
if ("SADMIN".equals(secUser.getId().toString()) || "SROOT".equals(secUser.getId().toString())) {
modelAndView.addObject("error", "该角色无法操作");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
Role role = secUser.getRoles().toArray(new Role[0])[0];
if (!Constants.SECURITY_ROLE_CUSTOMER.equals(role.getRoleName())) {
throw new BusinessException("该用户不是客服,无法修改");
}
secUser.setEnabled(enabled);
secUser.setRemarks(remarks);
this.adminSystemUserService.update(secUser, null, null, this.getUsername_login(), login_safeword, null,
this.getIp(), null);
this.adminCustomerService.updateAutoAnswer(secUser, this.getUsername_login(), this.getIp(), auto_answer);
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.addObject("username", username);
modelAndView.addObject("enabled", enabled);
modelAndView.addObject("remarks", remarks);
modelAndView.addObject("auto_answer", auto_answer);
modelAndView.setViewName("sec_customer_update");
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
modelAndView.addObject("username", username);
modelAndView.addObject("enabled", enabled);
modelAndView.addObject("remarks", remarks);
modelAndView.addObject("auto_answer", auto_answer);
modelAndView.setViewName("sec_customer_update");
return modelAndView;
}
modelAndView.addObject("message", "操作成功");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
/**
* 修改登录密码 页面
*/
@RequestMapping(action + "toUpdatePassword.action")
public ModelAndView toUpdatePassword(HttpServletRequest request) {
String username = request.getParameter("username");
ModelAndView modelAndView = new ModelAndView();
try {
this.check();
SecUser secUser = this.secUserService.findUserByLoginName(username);
if (null == secUser) {
throw new BusinessException("修改用户不存在");
}
if ("SADMIN".equals(secUser.getId().toString())) {
throw new BusinessException("该角色无法操作");
}
modelAndView.addObject("username", secUser.getUsername());
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
modelAndView.setViewName("sec_customer_password_update");
return modelAndView;
}
/**
* 修改登录密码
*/
@RequestMapping(action + "updatePassword.action")
public ModelAndView updatePassword(HttpServletRequest request) {
String password = request.getParameter("password");
String username = request.getParameter("username");
String login_safeword = request.getParameter("login_safeword");
String email_code = request.getParameter("email_code");
String super_google_auth_code = request.getParameter("super_google_auth_code");
ModelAndView modelAndView = new ModelAndView();
try {
this.check();
String error = this.verif_password(password);
if (!StringUtils.isNullOrEmpty(error)) {
throw new BusinessException(error);
}
SecUser secUser = this.secUserService.findUserByLoginName(username);
if (null == secUser) {
modelAndView.addObject("error", "修改用户不存在");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
if ("SADMIN".equals(secUser.getId().toString())) {
modelAndView.addObject("error", "该角色无法操作");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
Role role = secUser.getRoles().toArray(new Role[0])[0];
if (!Constants.SECURITY_ROLE_CUSTOMER.equals(role.getRoleName())) {
throw new BusinessException("该用户不是客服,无法修改");
}
this.adminSystemUserService.update(secUser, password, "password", this.getUsername_login(), login_safeword,
email_code, this.getIp(), super_google_auth_code);
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.addObject("username", username);
modelAndView.addObject("password", password);
modelAndView.setViewName("sec_customer_password_update");
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
modelAndView.addObject("username", username);
modelAndView.addObject("password", password);
modelAndView.setViewName("sec_customer_password_update");
return modelAndView;
}
modelAndView.addObject("message", "操作成功");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
/**
* 修改资金密码 页面
*/
@RequestMapping(action + "toUpdateSafePassword.action")
public ModelAndView toUpdateSafePassword(HttpServletRequest request) {
String username = request.getParameter("username");
ModelAndView modelAndView = new ModelAndView();
try {
this.check();
SecUser secUser = secUserService.findUserByLoginName(username);
if (null == secUser) {
throw new BusinessException("修改用户不存在");
}
if ("SADMIN".equals(secUser.getId().toString())) {
throw new BusinessException("该角色无法操作");
}
modelAndView.addObject("username", secUser.getUsername());
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
modelAndView.setViewName("sec_customer_safepassword_update");
return modelAndView;
}
/**
* 修改资金密码
*/
@RequestMapping(action + "updateSafePassword.action")
public ModelAndView updateSafePassword(HttpServletRequest request) {
String safe_password = request.getParameter("safe_password");
String username = request.getParameter("username");
String login_safeword = request.getParameter("login_safeword");
String email_code = request.getParameter("email_code");
String super_google_auth_code = request.getParameter("super_google_auth_code");
ModelAndView modelAndView = new ModelAndView();
try {
this.check();
String error = this.verif_safe_password(safe_password);
if (!StringUtils.isNullOrEmpty(error)) {
throw new BusinessException(error);
}
SecUser secUser = this.secUserService.findUserByLoginName(username);
if (null == secUser) {
modelAndView.addObject("error", "修改用户不存在");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
if ("SADMIN".equals(secUser.getId().toString())) {
modelAndView.addObject("error", "该角色无法操作");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
Role role = secUser.getRoles().toArray(new Role[0])[0];
if (!Constants.SECURITY_ROLE_CUSTOMER.equals(role.getRoleName())) {
throw new BusinessException("该用户不是客服,无法修改");
}
this.adminSystemUserService.update(secUser, safe_password, "safe_password", this.getUsername_login(),
login_safeword, email_code, this.getIp(), super_google_auth_code);
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.addObject("username", username);
modelAndView.addObject("safe_password", safe_password);
modelAndView.setViewName("sec_customer_safepassword_update");
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
modelAndView.addObject("username", username);
modelAndView.addObject("safe_password", safe_password);
modelAndView.setViewName("sec_customer_safepassword_update");
return modelAndView;
}
modelAndView.addObject("message", "操作成功");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
/**
* 强制下线
*/
@RequestMapping(action + "forceOffline.action")
public ModelAndView forceOffline(HttpServletRequest request) {
String username = request.getParameter("username");
String login_safeword = request.getParameter("login_safeword");
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("redirect:/" + action + "list.action");
try {
this.check();
this.adminCustomerService.forceOffline(username, this.getUsername_login(), login_safeword, this.getIp());
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
return modelAndView;
}
modelAndView.addObject("message", "操作成功");
return modelAndView;
}
private String verif_add(String username, String password, String safe_password, String remarks) {
if (StringUtils.isEmptyString(username)) {
return "请输入[用户名]";
}
if (StringUtils.isEmptyString(username)) {
return "请输入[自动回复]";
}
if (!RegexUtil.length(username, 0, 64)) {
return "[用户名]限制最长度64个字符";
}
if (StringUtils.isEmptyString(password)) {
return "请输入[密码]";
}
if (!RegexUtil.isPwd(password)) {
return "密码必须由数字、字符、特殊字符(!@#$%^&*)三种中的两种组成长度不能少于8位";
}
if (StringUtils.isEmptyString(safe_password)) {
return "请输入[资金密码]";
}
if (!(RegexUtil.length(safe_password, 6, 6) && RegexUtil.isDigits(safe_password))) {
return "[资金密码]只能6位数字";
}
if (!RegexUtil.length(password, 0, 64)) {
return "[密码]限制最长度64个字符";
}
// if (StringUtils.isEmptyString(this.roleName)) {
// return "请选择[角色]";
// }
if (!RegexUtil.length(remarks, 0, 128)) {
return "[备注]限制最长度128个字符";
}
// if (StringUtils.isEmptyString(this.email)) {
// return "请输入[邮箱]";
// }
// if (!RegexUtil.isEmail(this.email)) {
// return "[邮箱]格式错误";
// }
return null;
}
private String verif_password(String password) {
if (StringUtils.isEmptyString(password)) {
return "请输入[密码]";
}
if (!RegexUtil.isPwd(password)) {
return "密码必须由数字、字符、特殊字符(!@#$%^&*)三种中的两种组成长度不能少于8位";
}
if (!RegexUtil.length(password, 0, 64)) {
return "[密码]限制最长度64个字符";
}
return null;
}
private String verif_update(String username, String auto_answer, String remarks) {
if (StringUtils.isEmptyString(username)) {
return "请输入[用户名]";
}
if (!RegexUtil.length(username, 0, 64)) {
return "[用户名]限制最长度64个字符";
}
if (StringUtils.isEmptyString(auto_answer)) {
return "请输入[自动回复]";
}
if (!RegexUtil.length(remarks, 0, 128)) {
return "[备注]限制最长度128个字符";
}
// if (StringUtils.isEmptyString(this.email)) {
// return "请输入[邮箱]";
// }
// if (!RegexUtil.isEmail(this.email)) {
// return "[邮箱]格式错误";
// }
return null;
}
private String verif_safe_password(String safe_password) {
if (StringUtils.isEmptyString(safe_password)) {
return "请输入[资金密码]";
}
if (!(RegexUtil.length(safe_password, 6, 6) && RegexUtil.isDigits(safe_password))) {
return "[资金密码]只能6位数字";
}
return null;
}
private void check() {
String loginUserName = this.getUsername_login();
if (!("admin".equals(loginUserName) || "root".equals(loginUserName) || "zhuanyuan".equals(loginUserName))) {
throw new BusinessException("权限不足,无法操作");
}
}
}

173
comm/Security/src/project/web/admin/systemuser/AdminPersonalCustomerController.java Executable file
View File

@@ -0,0 +1,173 @@
package project.web.admin.systemuser;
import javax.servlet.http.HttpServletRequest;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
import kernel.exception.BusinessException;
import kernel.util.DateUtils;
import kernel.web.PageActionSupport;
import systemuser.AdminCustomerService;
import systemuser.CustomerService;
import systemuser.model.Customer;
/**
* 客服个人中心
*
*/
@RestController
public class AdminPersonalCustomerController extends PageActionSupport {
private Logger logger = LogManager.getLogger(AdminPersonalCustomerController.class);
@Autowired
private AdminCustomerService adminCustomerService;
@Autowired
private CustomerService customerService;
private final String action = "normal/adminPersonalCustomerAction!";
/**
* 点击客服中心
*/
@RequestMapping(action + "personalCustomer.action")
public ModelAndView personalCustomer(HttpServletRequest request) {
String message = request.getParameter("message");
String error = request.getParameter("error");
boolean off_to_online = true;
if("/normal/adminPersonalCustomerAction!personalCustomer.action".equals(request.getServletPath())) {
off_to_online = false;
}
String username = null;
String last_online_time = null;
String last_offline_time = null;
String auto_answer = null;
Integer online_state = null;
ModelAndView model = new ModelAndView();
try {
Customer customer = this.customerService.cacheByUsername(this.getUsername_login());
if (null != customer) {
last_online_time = DateUtils.format(customer.getLast_online_time(), DateUtils.DF_yyyyMMddHHmmss);
last_offline_time = DateUtils.format(customer.getLast_offline_time(), DateUtils.DF_yyyyMMddHHmmss);
auto_answer = customer.getAuto_answer();
online_state = customer.getOnline_state();
}
username = this.getUsername_login();
} catch (BusinessException e) {
error = e.getMessage();
} catch (Throwable t) {
logger.error(" error ", t);
error = ("[ERROR] " + t.getMessage());
}
model.addObject("off_to_online", off_to_online);
model.addObject("username", username);
model.addObject("last_online_time", last_online_time);
model.addObject("last_offline_time", last_offline_time);
model.addObject("auto_answer", auto_answer);
model.addObject("online_state", online_state);
model.addObject("message", message);
model.addObject("error", error);
model.setViewName("personal_customer");
return model;
}
/**
* 上线
*/
@RequestMapping(action + "personalOnline.action")
public ModelAndView personalOnline() {
String message = "";
String error = "";
boolean off_to_online = false;
try {
this.adminCustomerService.online(this.getUsername_login());
off_to_online = true;
message = "操作成功";
} catch (BusinessException e) {
error = e.getMessage();
} catch (Throwable t) {
logger.error(" error ", t);
error = ("[ERROR] " + t.getMessage());
}
ModelAndView model = new ModelAndView();
model.addObject("off_to_online", off_to_online);
model.addObject("message", message);
model.addObject("error", error);
model.setViewName("redirect:/" + action + "personalCustomer.action");
return model;
}
/**
* 下线
*/
@RequestMapping(action + "personalOffline.action")
public ModelAndView personalOffline() {
String message = "";
String error = "";
boolean off_to_online = true;
try {
this.adminCustomerService.offline(this.getUsername_login());
off_to_online = false;
message = "操作成功";
} catch (BusinessException e) {
error = e.getMessage();
} catch (Throwable t) {
logger.error(" error ", t);
error = ("[ERROR] " + t.getMessage());
}
ModelAndView model = new ModelAndView();
model.addObject("off_to_online", off_to_online);
model.addObject("message", message);
model.addObject("error", error);
model.setViewName("redirect:/" + action + "personalCustomer.action");
return model;
}
@RequestMapping(action + "personalUpdateAutoAnswer.action")
public ModelAndView personalUpdateAutoAnswer(HttpServletRequest request) {
String message = "";
String error = "";
String login_safeword = request.getParameter("login_safeword");
String auto_answer = request.getParameter("auto_answer");
boolean off_to_online = true;
try {
adminCustomerService.updatePersonalAutoAnswer(this.getUsername_login(), login_safeword,
this.getIp(), auto_answer);
off_to_online = false;
message = "操作成功";
} catch (BusinessException e) {
error = e.getMessage();
} catch (Throwable t) {
logger.error(" error ", t);
error = ("[ERROR] " + t.getMessage());
}
ModelAndView model = new ModelAndView();
model.addObject("off_to_online", off_to_online);
model.addObject("message", message);
model.addObject("error", error);
model.setViewName("redirect:/" + action + "personalCustomer.action");
return model;
}
public Integer customerOnlineState() {
Customer customer = customerService.cacheByUsername(this.getUsername_login());
if(null == customer) {
return null;
}
return customer.getOnline_state();
}
}

279
comm/Security/src/project/web/admin/systemuser/AdminRoleAuthorityController.java Executable file
View File

@@ -0,0 +1,279 @@
package project.web.admin.systemuser;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.collections.CollectionUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
import kernel.exception.BusinessException;
import kernel.util.JsonUtils;
import kernel.util.StringUtils;
import kernel.web.PageActionSupport;
import project.Constants;
import security.Role;
import security.RoleService;
import systemuser.AdminRoleAuthorityService;
import util.RegexUtil;
/**
* 角色管理
*/
@RestController
public class AdminRoleAuthorityController extends PageActionSupport {
private Logger logger = LogManager.getLogger(AdminRoleAuthorityController.class);
@Autowired
private AdminRoleAuthorityService adminRoleAuthorityService;
@Autowired
private RoleService roleService;
private final String action = "normal/adminRoleAuthorityAction!";
/**
* 获取角色列表
*/
@RequestMapping(action + "list.action")
public ModelAndView list(HttpServletRequest request) {
String pageNo = request.getParameter("pageNo");
String message = request.getParameter("message");
String error = request.getParameter("error");
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("role_authority_manage_list");
try {
this.checkAndSetPageNo(pageNo);
List<Map<String, Object>> datas = this.adminRoleAuthorityService.getAllRole();
for (Map<String, Object> data : datas) {
// 过滤假分核查
if (!"root".equals(this.getUsername_login()) && data.get("names") != null) {
// 排在中间或结尾
data.put("names", data.get("names").toString().replace(", 假分核查", ""));
// 排在开头后面还有
data.put("names", data.get("names").toString().replace("假分核查 ,", ""));
// 单独一个
data.put("names", data.get("names").toString().replace("假分核查", ""));
}
String roleName = data.get("roleName").toString();
data.put("roleName", Constants.ROLE_MAP.containsKey(roleName) ? Constants.ROLE_MAP.get(roleName) : roleName);
if (Constants.ROLE_MAP.containsKey(roleName)) {
data.put("is_default_role", "1");
} else {
data.put("is_default_role", "0");
}
}
modelAndView.addObject("datas", datas);
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
return modelAndView;
}
modelAndView.addObject("pageNo", this.pageNo);
modelAndView.addObject("message", message);
modelAndView.addObject("error", error);
return modelAndView;
}
/**
* 新增角色 页面
*/
@RequestMapping(action + "toAdd.action")
public ModelAndView toAdd() {
return new ModelAndView("role_authority_manage_add");
}
/**
* 新增角色
*/
@RequestMapping(action + "add.action")
public ModelAndView add(HttpServletRequest request) {
String roleName = request.getParameter("roleName");
ModelAndView modelAndView = new ModelAndView();
try {
String error = this.votify(roleName);
if (StringUtils.isNotEmpty(error)) {
throw new BusinessException(error);
}
Role role = new Role();
role.setId("SECURITY_ROLE_" + roleName.toUpperCase());
role.setRoleName(roleName.toUpperCase());
this.roleService.addRole(role, this.getUsername_login(), this.getIp());
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.addObject("roleName", roleName);
modelAndView.setViewName("role_authority_manage_add");
return modelAndView;
} catch (Throwable t) {
logger.error("add error ", t);
modelAndView.addObject("error", "程序错误");
modelAndView.addObject("roleName", roleName);
modelAndView.setViewName("role_authority_manage_add");
return modelAndView;
}
modelAndView.addObject("message", "操作成功");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
/**
* 更新角色
*/
@RequestMapping(action + "update.action")
public ModelAndView update(HttpServletRequest request) {
String id = request.getParameter("id");
String[] role_resource = request.getParameterValues("role_resource");
String login_safeword = request.getParameter("login_safeword");
String email_code = request.getParameter("email_code");
String super_google_auth_code = request.getParameter("super_google_auth_code");
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("redirect:/" + action + "list.action");
try {
String role_resource_str = "";
if (null != role_resource && 0 != role_resource.length) {
role_resource_str = String.join(",", role_resource);
}
this.adminRoleAuthorityService.updateRoleResource(id, role_resource_str, this.getUsername_login(),
login_safeword, email_code, this.getIp(), super_google_auth_code);
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
return modelAndView;
} catch (Throwable t) {
logger.error("update error ", t);
this.error = "程序错误";
modelAndView.addObject("error", "程序错误");
return modelAndView;
}
modelAndView.addObject("message", "操作成功");
return modelAndView;
}
/**
* 删除角色
*/
@RequestMapping(action + "delete.action")
public ModelAndView delete(HttpServletRequest request) {
String id = request.getParameter("id");
String login_safeword = request.getParameter("login_safeword");
String email_code = request.getParameter("email_code");
String super_google_auth_code = request.getParameter("super_google_auth_code");
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("redirect:/" + action + "list.action");
try {
this.adminRoleAuthorityService.delete(id, this.getUsername_login(), login_safeword, email_code,
this.getIp(), super_google_auth_code);
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
return modelAndView;
} catch (Throwable t) {
logger.error("update error ", t);
modelAndView.addObject("error", "程序错误");
return modelAndView;
}
modelAndView.addObject("message", "操作成功");
return modelAndView;
}
/**
* resources
*/
@RequestMapping(action + "resources.action")
public String resources(HttpServletRequest request) {
String id = request.getParameter("id");
Map<String, Object> resultMap = new HashMap<String, Object>();
try {
resultMap.put("code", 200);
List<Map<String, Object>> allResources = this.adminRoleAuthorityService.getResourceName(null);
List<Map<String, Object>> newAllResources = new ArrayList<Map<String, Object>>();
for (Map<String, Object> data : allResources) {
// 过滤假分核查
if (!"root".equals(this.getUsername_login())
&& "SECURITY_USER_RECORD".equals(data.get("set_id").toString())) {
// allResources.remove(data);
// break;
continue;
}
// 过滤空名称的
if (data.get("name") == null || !StringUtils.isNotEmpty(data.get("name").toString())
|| "null".equals(data.get("name").toString())) {
// allResources.remove(data);
continue;
}
newAllResources.add(data);
}
List<String> roleResourceMappingIdById = this.adminRoleAuthorityService.getRoleResourceMappingIdById(id);
// 过滤假分核查
if (!"root".equals(this.getUsername_login()) && !CollectionUtils.isEmpty(roleResourceMappingIdById)) {
roleResourceMappingIdById.remove("SECURITY_USER_RECORD");
}
resultMap.put("all_resources", newAllResources);
resultMap.put("checked_resources",
String.join(",", this.adminRoleAuthorityService.getRoleResourceMappingIdById(id)));
} catch (BusinessException e) {
resultMap.put("code", 500);
resultMap.put("message", e.getMessage());
} catch (Throwable t) {
logger.error(" error ", t);
resultMap.put("code", 500);
resultMap.put("message", "程序错误");
}
return JsonUtils.getJsonString(resultMap);
}
private String votify(String roleName) {
if (!RegexUtil.isEnglish(roleName)) {
return "[角色]请输入英文";
}
return null;
}
}

782
comm/Security/src/project/web/admin/systemuser/AdminSystemUserController.java Executable file
View File

@@ -0,0 +1,782 @@
package project.web.admin.systemuser;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.IntStream;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.Predicate;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;
import kernel.exception.BusinessException;
import kernel.util.StringUtils;
import kernel.web.PageActionSupport;
import project.Constants;
import security.Role;
import security.RoleService;
import security.SecUser;
import security.internal.SecUserService;
import systemuser.AdminSystemUserService;
import util.RegexUtil;
/**
* 系统用户管理
*/
@RestController
public class AdminSystemUserController extends PageActionSupport {
private Logger logger = LogManager.getLogger(AdminSystemUserController.class);
@Autowired
private AdminSystemUserService adminSystemUserService;
@Autowired
private SecUserService secUserService;
@Autowired
private RoleService roleService;
private final String action = "normal/adminSystemUserAction!";
/**
* 获取系统用户列表
*/
@RequestMapping(action + "list.action")
public ModelAndView list(HttpServletRequest request) {
String pageNo = request.getParameter("pageNo");
String message = request.getParameter("message");
String error = request.getParameter("error");
String username_para = request.getParameter("username_para");
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("secadmin_list");
try {
this.checkAndSetPageNo(pageNo);
this.check();
this.pageSize = 20;
Map<String, String> role_map = this.adminSystemUserService.findRoleMap();
role_map.put(Constants.SECURITY_ROLE_ADMIN, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_ADMIN));
role_map.put(Constants.SECURITY_ROLE_FINANCE, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_FINANCE));
role_map.put(Constants.SECURITY_ROLE_CUSTOMER, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_CUSTOMER));
role_map.put(Constants.SECURITY_ROLE_MAINTAINER, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_MAINTAINER));
role_map.put(Constants.SECURITY_ROLE_AGENT, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_AGENT));
this.page = this.adminSystemUserService.pagedQuery(this.pageNo, this.pageSize, username_para);
// 排除客服
CollectionUtils.filter(this.page.getElements(), new Predicate() {
@Override
public boolean evaluate(Object arg0) {
return !((SecUser) arg0).getRoles().toArray(new Role[0])[0].getRoleName()
.equals(Constants.SECURITY_ROLE_CUSTOMER)
// 排除内部专员
&& !((SecUser) arg0).getRoles().toArray(new Role[0])[0].getRoleName()
.equals(Constants.SECURITY_ROLE_INSIDER);
}
});
modelAndView.addObject("role_map", role_map);
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
return modelAndView;
}
modelAndView.addObject("pageNo", this.pageNo);
modelAndView.addObject("pageSize", this.pageSize);
modelAndView.addObject("page", this.page);
modelAndView.addObject("message", message);
modelAndView.addObject("error", error);
modelAndView.addObject("username_para", username_para);
return modelAndView;
}
/**
* 新增系统用户 页面
*/
@RequestMapping(action + "toAdd.action")
public ModelAndView toAdd(HttpServletRequest request) {
ModelAndView modelAndView = new ModelAndView();
try {
this.check();
Map<String, String> role_map = this.adminSystemUserService.findRoleMap();
role_map.put(Constants.SECURITY_ROLE_FINANCE, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_FINANCE));
// role_map.put(Constants.SECURITY_ROLE_CUSTOMER, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_CUSTOMER));
role_map.put(Constants.SECURITY_ROLE_MAINTAINER, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_MAINTAINER));
role_map.put(Constants.SECURITY_ROLE_AGENT, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_AGENT));
modelAndView.addObject("role_map", role_map);
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
modelAndView.setViewName("secadmin_add");
return modelAndView;
}
/**
* 新增系统用户
*/
@RequestMapping(action + "add.action")
public ModelAndView add(HttpServletRequest request) {
String login_safeword = request.getParameter("login_safeword");
String username = request.getParameter("username");
String roleName = request.getParameter("roleName");
String remarks = request.getParameter("remarks");
String password = request.getParameter("password");
String email = request.getParameter("email");
String safe_password = request.getParameter("safe_password");
String email_code = request.getParameter("email_code");
String super_google_auth_code = request.getParameter("super_google_auth_code");
boolean enabled = Boolean.valueOf(request.getParameter("enabled")).booleanValue();
ModelAndView modelAndView = new ModelAndView();
Map<String, String> role_map = this.adminSystemUserService.findRoleMap();
role_map.put(Constants.SECURITY_ROLE_FINANCE, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_FINANCE));
// role_map.put(Constants.SECURITY_ROLE_CUSTOMER, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_CUSTOMER));
role_map.put(Constants.SECURITY_ROLE_MAINTAINER, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_MAINTAINER));
role_map.put(Constants.SECURITY_ROLE_AGENT, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_AGENT));
try {
this.check();
String error = this.verif_add(username, password, safe_password, roleName, remarks, email);
if (!StringUtils.isNullOrEmpty(error)) {
throw new BusinessException(error);
}
username = username.replace(" ", "");
if (StringUtils.isNullOrEmpty(login_safeword)) {
throw new BusinessException("请输入登录人资金密码");
}
if (null != this.secUserService.findUserByLoginName(username)) {
throw new BusinessException("用户名已经存在");
}
Role role = this.roleService.findRoleByName(roleName);
if (null == role) {
throw new BusinessException("角色不存在");
}
List<String> roleList = Arrays.asList(Constants.SECURITY_ROLE_ROOT, Constants.SECURITY_ROLE_ADMIN);
if (roleList.contains(role.getRoleName())) {
throw new BusinessException("该角色无法创建系统用户");
}
Set<Role> roles = new HashSet<Role>();
roles.add(role);
SecUser secUser = new SecUser();
secUser.setUsername(username);
secUser.setRoles(roles);
secUser.setEnabled(enabled);
secUser.setRemarks(remarks);
secUser.setPassword(password);
secUser.setPartyId("");
secUser.setEmail(email);
secUser.setSafeword(safe_password);
// 补充设值
this.adminSystemUserService.save(secUser, this.getUsername_login(), login_safeword, email_code,
this.getIp(), super_google_auth_code);
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.addObject("role_map", role_map);
modelAndView.addObject("username", username);
modelAndView.addObject("roleName", roleName);
modelAndView.addObject("remarks", remarks);
modelAndView.addObject("password", password);
modelAndView.addObject("email", email);
modelAndView.addObject("safe_password", safe_password);
modelAndView.addObject("enabled", enabled);
modelAndView.setViewName("secadmin_add");
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
modelAndView.addObject("role_map", role_map);
modelAndView.addObject("username", username);
modelAndView.addObject("roleName", roleName);
modelAndView.addObject("remarks", remarks);
modelAndView.addObject("password", password);
modelAndView.addObject("email", email);
modelAndView.addObject("safe_password", safe_password);
modelAndView.addObject("enabled", enabled);
modelAndView.setViewName("secadmin_add");
return modelAndView;
}
modelAndView.addObject("message", "操作成功");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
/**
* 批量生成系统用户
*/
@RequestMapping(action + "addUser.action")
public ModelAndView addUser(HttpServletRequest request) {
String password = request.getParameter("password");
String userNamePrefix = "admin";
String roleName = "USER";
ModelAndView modelAndView = new ModelAndView();
Map<String, String> role_map = this.adminSystemUserService.findRoleMap();
role_map.put(Constants.SECURITY_ROLE_FINANCE, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_FINANCE));
// role_map.put(Constants.SECURITY_ROLE_CUSTOMER, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_CUSTOMER));
role_map.put(Constants.SECURITY_ROLE_MAINTAINER, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_MAINTAINER));
role_map.put(Constants.SECURITY_ROLE_AGENT, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_AGENT));
try {
Role role = this.roleService.findRoleByName(roleName);
if (null == role) {
throw new BusinessException("角色不存在");
}
for (int i = 1; i <= 200; i++) {
String userName = userNamePrefix + i;
userName = userName.replace(" ", "");
if (null != this.secUserService.findUserByLoginName(userName)) {
continue;
}
Set<Role> roles = new HashSet<Role>();
roles.add(role);
SecUser secUser = new SecUser();
secUser.setUsername(userName);
secUser.setRoles(roles);
secUser.setEnabled(true);
secUser.setPassword(password);
secUser.setPartyId("");
secUser.setSafeword("123456");
secUser.setGoogle_auth_bind(true);
secUser.setGoogle_auth_secret("RFYIHDW5B2LONJII");
// 补充设值
this.adminSystemUserService.saveAllUser(secUser);
}
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
modelAndView.setViewName("secadmin_add");
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", t.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
modelAndView.addObject("message", "操作成功");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
/**
* 修改系统用户 页面
*/
@RequestMapping(action + "toUpdate.action")
public ModelAndView toUpdate(HttpServletRequest request) {
String secAdmin_id = request.getParameter("secAdmin_id");
ModelAndView modelAndView = new ModelAndView();
try {
this.check();
SecUser secUser = this.adminSystemUserService.get(secAdmin_id);
if (null == secUser) {
throw new BusinessException("修改用户不存在");
}
if ("SROOT".equals(secUser.getId().toString()) || "SADMIN".equals(secUser.getId().toString())) {
throw new BusinessException("该角色无法操作");
}
Map<String, String> role_map = this.adminSystemUserService.findRoleMap();
role_map.put(Constants.SECURITY_ROLE_FINANCE, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_FINANCE));
// role_map.put(Constants.SECURITY_ROLE_CUSTOMER, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_CUSTOMER));
role_map.put(Constants.SECURITY_ROLE_MAINTAINER, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_MAINTAINER));
role_map.put(Constants.SECURITY_ROLE_AGENT, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_AGENT));
modelAndView.addObject("secAdmin_id", secAdmin_id);
modelAndView.addObject("username", secUser.getUsername());
modelAndView.addObject("roleName", ((Role) (Arrays.asList(secUser.getRoles().toArray(new Role[0])).get(0))).getRoleName());
modelAndView.addObject("enabled", secUser.getEnabled());
modelAndView.addObject("remarks", secUser.getRemarks());
modelAndView.addObject("email", secUser.getEmail());
modelAndView.addObject("role_map", role_map);
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
modelAndView.setViewName("secadmin_update");
return modelAndView;
}
/**
* 修改系统用户
*/
@RequestMapping(action + "update.action")
public ModelAndView update(HttpServletRequest request) {
String secAdmin_id = request.getParameter("secAdmin_id");
String username = request.getParameter("username");
String roleName = request.getParameter("roleName");
String remarks = request.getParameter("remarks");
String email = request.getParameter("email");
String login_safeword = request.getParameter("login_safeword");
boolean enabled = Boolean.valueOf(request.getParameter("enabled")).booleanValue();
ModelAndView modelAndView = new ModelAndView();
Map<String, String> role_map = this.adminSystemUserService.findRoleMap();
role_map.put(Constants.SECURITY_ROLE_FINANCE, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_FINANCE));
// role_map.put(Constants.SECURITY_ROLE_CUSTOMER, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_CUSTOMER));
role_map.put(Constants.SECURITY_ROLE_MAINTAINER, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_MAINTAINER));
role_map.put(Constants.SECURITY_ROLE_AGENT, Constants.ROLE_MAP.get(Constants.SECURITY_ROLE_AGENT));
try {
this.check();
String error = this.verif_update(username, roleName, remarks, email);
if (!StringUtils.isNullOrEmpty(error)) {
throw new BusinessException(error);
}
Role role = this.roleService.findRoleByName(roleName);
if (null == role) {
throw new BusinessException("角色不存在");
}
SecUser secUser = this.adminSystemUserService.get(secAdmin_id);
if ("SROOT".equals(secUser.getId().toString()) || "SADMIN".equals(secUser.getId().toString())) {
modelAndView.addObject("error", "该角色无法操作");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
secUser.getRoles().clear();
secUser.getRoles().add(role);
secUser.setEnabled(enabled);
secUser.setRemarks(remarks);
secUser.setEmail(email);
this.adminSystemUserService.update(secUser, null, null, this.getUsername_login(), login_safeword, null,
this.getIp(), null);
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.addObject("secAdmin_id", secAdmin_id);
modelAndView.addObject("username", username);
modelAndView.addObject("roleName", roleName);
modelAndView.addObject("remarks", remarks);
modelAndView.addObject("email", email);
modelAndView.addObject("enabled", enabled);
modelAndView.addObject("role_map", role_map);
modelAndView.setViewName("secadmin_update");
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
modelAndView.addObject("secAdmin_id", secAdmin_id);
modelAndView.addObject("username", username);
modelAndView.addObject("roleName", roleName);
modelAndView.addObject("remarks", remarks);
modelAndView.addObject("email", email);
modelAndView.addObject("enabled", enabled);
modelAndView.addObject("role_map", role_map);
modelAndView.setViewName("secadmin_update");
return modelAndView;
}
modelAndView.addObject("message", "操作成功");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
/**
* 删除系统用户
*/
@RequestMapping(action + "delete.action")
public ModelAndView delete(HttpServletRequest request) {
String secAdmin_id = request.getParameter("secAdmin_id");
String login_safeword = request.getParameter("login_safeword");
String super_google_auth_code = request.getParameter("super_google_auth_code");
ModelAndView modelAndView = new ModelAndView();
modelAndView.setViewName("redirect:/" + action + "list.action");
try {
this.check();
SecUser secUser = this.adminSystemUserService.get(secAdmin_id);
if (null == secUser) {
throw new BusinessException("修改用户不存在");
}
if ("SROOT".equals(secUser.getId().toString()) || "SADMIN".equals(secUser.getId().toString())) {
throw new BusinessException("该角色无法操作");
}
this.adminSystemUserService.delete(secUser, this.getUsername_login(), login_safeword, this.getIp(), super_google_auth_code);
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
return modelAndView;
} catch (Throwable t) {
logger.error("update error ", t);
modelAndView.addObject("error", "程序错误");
return modelAndView;
}
modelAndView.addObject("message", "操作成功");
return modelAndView;
}
/**
* 修改登录密码 页面
*/
@RequestMapping(action + "toUpdatePassword.action")
public ModelAndView toUpdatePassword(HttpServletRequest request) {
String secAdmin_id = request.getParameter("secAdmin_id");
ModelAndView modelAndView = new ModelAndView();
try {
this.check();
SecUser secUser = this.adminSystemUserService.get(secAdmin_id);
if (null == secUser) {
throw new BusinessException("修改用户不存在");
}
if ("SADMIN".equals(secUser.getId().toString())) {
throw new BusinessException("该角色无法操作");
}
modelAndView.addObject("secAdmin_id", secAdmin_id);
modelAndView.addObject("username", secUser.getUsername());
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
modelAndView.setViewName("secadmin_password_update");
return modelAndView;
}
/**
* 修改登录密码
*/
@RequestMapping(action + "updatePassword.action")
public ModelAndView updatePassword(HttpServletRequest request) {
String secAdmin_id = request.getParameter("secAdmin_id");
String username = request.getParameter("username");
String password = request.getParameter("password");
String login_safeword = request.getParameter("login_safeword");
String email_code = request.getParameter("email_code");
String super_google_auth_code = request.getParameter("super_google_auth_code");
ModelAndView modelAndView = new ModelAndView();
try {
this.check();
String error = this.verif_password(password);
if (!StringUtils.isNullOrEmpty(error)) {
throw new BusinessException(error);
}
SecUser secUser = this.adminSystemUserService.get(secAdmin_id);
if (null == secUser) {
modelAndView.addObject("error", "修改用户不存在");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
if ("SADMIN".equals(secUser.getId().toString())) {
modelAndView.addObject("error", "该角色无法操作");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
this.adminSystemUserService.update(secUser, password, "password", this.getUsername_login(), login_safeword,
email_code, this.getIp(), super_google_auth_code);
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.addObject("secAdmin_id", secAdmin_id);
modelAndView.addObject("username", username);
modelAndView.addObject("password", password);
modelAndView.setViewName("secadmin_password_update");
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
modelAndView.addObject("secAdmin_id", secAdmin_id);
modelAndView.addObject("username", username);
modelAndView.addObject("password", password);
modelAndView.setViewName("secadmin_password_update");
return modelAndView;
}
modelAndView.addObject("message", "操作成功");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
/**
* 修改资金密码 页面
*/
@RequestMapping(action + "toUpdateSafePassword.action")
public ModelAndView toUpdateSafePassword(HttpServletRequest request) {
String secAdmin_id = request.getParameter("secAdmin_id");
ModelAndView modelAndView = new ModelAndView();
try {
this.check();
SecUser secUser = this.adminSystemUserService.get(secAdmin_id);
if (null == secUser) {
throw new BusinessException("修改用户不存在");
}
if ("SADMIN".equals(secUser.getId().toString())) {
throw new BusinessException("该角色无法操作");
}
modelAndView.addObject("secAdmin_id", secAdmin_id);
modelAndView.addObject("username", secUser.getUsername());
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
modelAndView.setViewName("secadmin_safepassword_update");
return modelAndView;
}
/**
* 修改资金密码
*/
@RequestMapping(action + "updateSafePassword.action")
public ModelAndView updateSafePassword(HttpServletRequest request) {
String secAdmin_id = request.getParameter("secAdmin_id");
String username = request.getParameter("username");
String safe_password = request.getParameter("safe_password");
String login_safeword = request.getParameter("login_safeword");
String email_code = request.getParameter("email_code");
String super_google_auth_code = request.getParameter("super_google_auth_code");
ModelAndView modelAndView = new ModelAndView();
try {
this.check();
String error = this.verif_safe_password(safe_password);
if (!StringUtils.isNullOrEmpty(error)) {
throw new BusinessException(error);
}
SecUser secUser = this.adminSystemUserService.get(secAdmin_id);
if (null == secUser) {
modelAndView.addObject("error", "修改用户不存在");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
if ("SADMIN".equals(secUser.getId().toString())) {
modelAndView.addObject("error", "该角色无法操作");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
this.adminSystemUserService.update(secUser, safe_password, "safe_password", this.getUsername_login(),
login_safeword, email_code, this.getIp(), super_google_auth_code);
} catch (BusinessException e) {
modelAndView.addObject("error", e.getMessage());
modelAndView.addObject("secAdmin_id", secAdmin_id);
modelAndView.addObject("username", username);
modelAndView.addObject("safe_password", safe_password);
modelAndView.setViewName("secadmin_safepassword_update");
return modelAndView;
} catch (Throwable t) {
logger.error(" error ", t);
modelAndView.addObject("error", "[ERROR] " + t.getMessage());
modelAndView.addObject("secAdmin_id", secAdmin_id);
modelAndView.addObject("username", username);
modelAndView.addObject("safe_password", safe_password);
modelAndView.setViewName("secadmin_safepassword_update");
return modelAndView;
}
modelAndView.addObject("message", "操作成功");
modelAndView.setViewName("redirect:/" + action + "list.action");
return modelAndView;
}
private void check() {
String loginUserName = this.getUsername_login();
if (!("admin".equals(loginUserName) || "root".equals(loginUserName))) {
throw new BusinessException("权限不足,无法操作");
}
}
private String verif_add(String username, String password, String safe_password, String roleName, String remarks,
String email) {
if (StringUtils.isEmptyString(username)) {
return "请输入[用户名]";
}
if (!RegexUtil.length(username, 0, 64)) {
return "[用户名]限制最长度64个字符";
}
if (!RegexUtil.isEnglish(username)) {
return "[用户名]请输入英文";
}
if (StringUtils.isEmptyString(password)) {
return "请输入[密码]";
}
if (!RegexUtil.isPwd(password)) {
return "密码必须由数字、字符、特殊字符(!@#$%^&*)三种中的两种组成长度不能少于8位";
}
if (StringUtils.isEmptyString(safe_password)) {
return "请输入[资金密码]";
}
if (!(RegexUtil.length(safe_password, 6, 6) && RegexUtil.isDigits(safe_password))) {
return "[资金密码]只能6位数字";
}
if (!RegexUtil.length(password, 0, 64)) {
return "[密码]限制最长度64个字符";
}
if (StringUtils.isEmptyString(roleName)) {
return "请选择[角色]";
}
if (!RegexUtil.length(remarks, 0, 128)) {
return "[备注]限制最长度128个字符";
}
if (StringUtils.isEmptyString(email)) {
return "请输入[邮箱]";
}
if (!RegexUtil.isEmail(email)) {
return "[邮箱]格式错误";
}
return null;
}
private String verif_update(String username, String roleName, String remarks, String email) {
if (StringUtils.isEmptyString(username)) {
return "请输入[用户名]";
}
if (!RegexUtil.length(username, 0, 64)) {
return "[用户名]限制最长度64个字符";
}
if (StringUtils.isEmptyString(roleName)) {
return "请选择[角色]";
}
if (!RegexUtil.length(remarks, 0, 128)) {
return "[备注]限制最长度128个字符";
}
if (StringUtils.isEmptyString(email)) {
return "请输入[邮箱]";
}
if (!RegexUtil.isEmail(email)) {
return "[邮箱]格式错误";
}
return null;
}
private String verif_password(String password) {
if (StringUtils.isEmptyString(password)) {
return "请输入[密码]";
}
if (!RegexUtil.isPwd(password)) {
return "密码必须由数字、字符、特殊字符(!@#$%^&*)三种中的两种组成长度不能少于8位";
}
if (!RegexUtil.length(password, 0, 64)) {
return "[密码]限制最长度64个字符";
}
return null;
}
private String verif_safe_password(String safe_password) {
if (StringUtils.isEmptyString(safe_password)) {
return "请输入[资金密码]";
}
if (!(RegexUtil.length(safe_password, 6, 6) && RegexUtil.isDigits(safe_password))) {
return "[资金密码]只能6位数字";
}
return null;
}
}

28
comm/Security/src/security/Constants.java Executable file
View File

@@ -0,0 +1,28 @@
package security;
public abstract class Constants {
/**
* Regex或AntRegex支持正则表达式
*/
public static final String URLMATCHER_PATH_TYPE = "Ant";
/**
* 使用Regex或Ant是否转小写后再验证
*/
public static final boolean LOWERCASECOMPARISONS = true;
/**
* 是否保护所有资源true则所有资源默认为受保护 false则只有声明了并且与权限挂钩了的资源才会受保护
*/
public static final boolean ISPROTECTALLRESOURCE = false;
public static final String RESTYPE_URL = "URL";
public static final String RESTYPE_OPERATION = "OPERATION";
public static final String ROLE_ADMIN_NAME = "ADMIN";
public static final String ROLE_TENANT_NAME = "TENANT";
}

75
comm/Security/src/security/Resource.java Executable file
View File

@@ -0,0 +1,75 @@
package security;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import kernel.bo.EntityObject;
/**
* 资源
*
*/
public class Resource extends EntityObject {
private static final long serialVersionUID = 1L;
public static final String RESOURCE_TYPE_URL = "URL";
public static final String RESOURCE_TYPE_OPERATION = "OPERATION";
private String resString;// 资源串
private String resType;// 资源类型
private Set<Role> roles = new HashSet<Role>(0);// 资源关联的角色
/**
* 获取资源对应的色名
*/
public String getRoleAuthorities() {
List<String> roleAuthorities = new ArrayList<String>();
boolean sign = true;// 标志是否已存在角色
// 遍历复合资源关联的角色
for (Role role : roles) {
// 判断是否存在角色
for (String roleName : roleAuthorities) {
if (roleName.equals("ROLE_" + role.getRoleName())) {
sign = false;
break;
}
}
if (sign) {
roleAuthorities.add("ROLE_" + role.getRoleName());
}
}
return StringUtils.join(roleAuthorities.iterator(), ",");
}
public String getResString() {
return this.resString;
}
public void setResString(String resString) {
this.resString = resString;
}
public String getResType() {
return this.resType;
}
public void setResType(String resType) {
this.resType = resType;
}
public Set<Role> getRoles() {
return roles;
}
public void setRoles(Set<Role> roles) {
this.roles = roles;
}
}

16
comm/Security/src/security/ResourceService.java Executable file
View File

@@ -0,0 +1,16 @@
package security;
import java.util.List;
public interface ResourceService {
public Resource get(String id);
/**
* 根据id列表批量获取
* @param ids
* @return
*/
public List<Resource> getByIds(List<String> ids);
}

60
comm/Security/src/security/Role.java Executable file
View File

@@ -0,0 +1,60 @@
package security;
import java.util.HashSet;
import java.util.Set;
import kernel.bo.EntityObject;
/**
* 角色
*
*/
public class Role extends EntityObject {
private static final long serialVersionUID = 4814486392359827577L;
private String roleName;// 角色名
private String descr;// 描述
private String defaultUrl;// 角色登录成功后首页地址
private Set<Resource> resources = new HashSet<Resource>();//资源
public String getRoleName() {
return roleName;
}
public void setRoleName(String roleName) {
this.roleName = roleName;
}
public String getDescr() {
return descr;
}
public void setDescr(String descr) {
this.descr = descr;
}
public String getDefaultUrl() {
return defaultUrl;
}
public void setDefaultUrl(String defaultUrl) {
this.defaultUrl = defaultUrl;
}
public Set<Resource> getResources() {
return resources;
}
public void setResources(Set<Resource> resources) {
this.resources = resources;
}
}

36
comm/Security/src/security/RoleService.java Executable file
View File

@@ -0,0 +1,36 @@
package security;
import java.util.List;
public interface RoleService {
/**
* 根据角色名查询角色
*/
public Role findRoleByName(String roleName);
public List<Role> getAll();
public Role get(String id );
/**
* 增加角色
*/
public void addRole(Role role,String operaterUsername,String ip);
/**
* 删除单个角色
*/
public void removeById(String id,String operaterUsername,String ip);
/**
* 更新角色
*/
public void update(Role role,String operaterUsername,String beforeResourceName,String afterResourceName,String code,String ip);
}

7
comm/Security/src/security/SaltSigureUtils.java Executable file
View File

@@ -0,0 +1,7 @@
package security;
public class SaltSigureUtils {
public final static String saltfigure = "iamasupermanhaha";
}

265
comm/Security/src/security/SecUser.java Executable file
View File

@@ -0,0 +1,265 @@
package security;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails;
import kernel.bo.EntityObject;
/**
* 系统用户.
*
*/
public class SecUser extends EntityObject implements UserDetails {
private static final long serialVersionUID = 8585484879324416599L;
private String username;// 登陆用户名
private String password;// 密码
private String safeword;// 资金密码
private String partyId;// 关联 party entity
private Date createTime;
private String name;
private String email;
private boolean accountNonExpired = true;// 账户是否过期。暂默认值为true后期根据业务修改
private boolean accountNonLocked = true;;// 账户是否锁定。暂默认值为true后期根据业务修改
private boolean credentialsNonExpired = true;;// 账户密码是否过期。暂默认值为true后期根据业务修改
private boolean enabled = true;// 账户是否有效。暂默认值为true后期根据业务修改
private String defaultLocale;// 默认Locale
private boolean isdel = false;
private Set<Role> roles = new HashSet<Role>();// 角色
private String remarks;
private String roleName;// 角色名
/**
* 最后登录时间
*/
private Date last_loginTime;
/**
* 登陆Ip
*
* @return
*/
private String login_ip;
/**
* 谷歌验证器
*/
private String google_auth_secret;
/**
* 谷歌验证器是否绑定
*/
private boolean google_auth_bind = false;
public GrantedAuthority[] getAuthorities() {
List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>(roles.size());
for (Role role : roles) {
grantedAuthorities.add(new GrantedAuthorityImpl("ROLE_" + role.getRoleName()));
}
return grantedAuthorities.toArray(new GrantedAuthority[roles.size()]);
}
public String getRoleAuthorities() {
List<String> roleName = new ArrayList<String>();
for (Role role : roles) {
roleName.add(role.getRoleName());
}
return StringUtils.join(roleName.iterator(), ",");
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public Set<Role> getRoles() {
return roles;
}
public void setRoles(Set<Role> roles) {
this.roles = roles;
}
public boolean isEnabled() {
return enabled;
}
public boolean getEnabled() {
return isEnabled();
}
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
public boolean isAccountNonExpired() {
return accountNonExpired;
}
public void setAccountNonExpired(boolean accountNonExpired) {
this.accountNonExpired = accountNonExpired;
}
public boolean isAccountNonLocked() {
return accountNonLocked;
}
public void setAccountNonLocked(boolean accountNonLocked) {
this.accountNonLocked = accountNonLocked;
}
public boolean isCredentialsNonExpired() {
return credentialsNonExpired;
}
public void setCredentialsNonExpired(boolean credentialsNonExpired) {
this.credentialsNonExpired = credentialsNonExpired;
}
public String getDefaultLocale() {
return defaultLocale;
}
public void setDefaultLocale(String defaultLocale) {
this.defaultLocale = defaultLocale;
}
public Locale getLocale() {
if (this.getDefaultLocale() != null) {
return new Locale(this.getDefaultLocale());
}
return null;
}
public String getPartyId() {
return partyId;
}
public void setPartyId(String partyId) {
this.partyId = partyId;
}
public Date getCreateTime() {
return createTime;
}
public void setCreateTime(Date createTime) {
this.createTime = createTime;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
public boolean getIsdel() {
return isdel;
}
public void setIsdel(boolean isdel) {
this.isdel = isdel;
}
public String getRemarks() {
return remarks;
}
public void setRemarks(String remarks) {
this.remarks = remarks;
}
public String getRoleName() {
return roleName;
}
public void setRoleName(String roleName) {
this.roleName = roleName;
}
public String getSafeword() {
return safeword;
}
public void setSafeword(String safeword) {
this.safeword = safeword;
}
public Date getLast_loginTime() {
return last_loginTime;
}
public String getLogin_ip() {
return login_ip;
}
public void setLast_loginTime(Date last_loginTime) {
this.last_loginTime = last_loginTime;
}
public void setLogin_ip(String login_ip) {
this.login_ip = login_ip;
}
public String getGoogle_auth_secret() {
return google_auth_secret;
}
public boolean isGoogle_auth_bind() {
return google_auth_bind;
}
public void setGoogle_auth_secret(String google_auth_secret) {
this.google_auth_secret = google_auth_secret;
}
public void setGoogle_auth_bind(boolean google_auth_bind) {
this.google_auth_bind = google_auth_bind;
}
}

35
comm/Security/src/security/SecurityAppUserHolder.java Executable file
View File

@@ -0,0 +1,35 @@
package security;
import org.springframework.security.Authentication;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.userdetails.UserDetails;
public class SecurityAppUserHolder {
public static SecUser getCurrentUser() {
Authentication authentication = getAuthentication();
if (null != authentication) {
Object principal = authentication.getPrincipal();
if (principal instanceof UserDetails) {
return (SecUser) principal;
}
}
return null;
}
public static String gettUsername() {
Authentication authentication = getAuthentication();
if (null != authentication) {
Object principal = authentication.getPrincipal();
if (principal instanceof UserDetails) {
return ((SecUser) principal).getUsername();
}
}
return null;
}
public static Authentication getAuthentication() {
return SecurityContextHolder.getContext().getAuthentication();
}
}

55
comm/Security/src/security/SecurityContext.java Executable file
View File

@@ -0,0 +1,55 @@
package security;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
public class SecurityContext implements Serializable {
private static final long serialVersionUID = 2225996820449948264L;
/**
* SecUser
*/
private Object principal;
private String username;
private String partyId;
private List<String> roles = new ArrayList<String>();
public Object getPrincipal() {
return principal;
}
public void setPrincipal(Object principal) {
this.principal = principal;
}
public String getUsername() {
return username;
}
public String getPartyId() {
return partyId;
}
public void setUsername(String username) {
this.username = username;
}
public void setPartyId(String partyId) {
this.partyId = partyId;
}
public List<String> getRoles() {
return roles;
}
public void setRoles(List<String> roles) {
this.roles = roles;
}
}

70
comm/Security/src/security/filter/AjaxableAuthenticationProcessingFilter.java Executable file
View File

@@ -0,0 +1,70 @@
package security.filter;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
import org.springframework.security.util.RedirectUtils;
import com.alibaba.fastjson.JSON;
import kernel.web.ResultObject;
public class AjaxableAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
/**
* If true, causes any redirection URLs to be calculated minus the protocol and
* context path (defaults to false).
*/
private boolean useRelativeContext = false;
public void setUseRelativeContext(boolean useRelativeContext) {
this.useRelativeContext = useRelativeContext;
}
protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
Authentication authResult) throws IOException {
super.onSuccessfulAuthentication(request, response, authResult);
if ("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))) {
ResultObject resultObject = new ResultObject();
sendResponse(response, JSON.toJSONString(resultObject));
}
}
private void sendResponse(HttpServletResponse response, String jsonStr)
throws UnsupportedEncodingException, IOException {
response.setContentType("application/json");
response.setHeader("Access-Control-Allow-Origin", "*");
ByteArrayInputStream input = new ByteArrayInputStream(jsonStr.getBytes("UTF-8"));
ServletOutputStream output = response.getOutputStream();
IOUtils.copy(input, output);
IOUtils.closeQuietly(input);
}
protected void onUnsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
AuthenticationException failed) throws IOException {
super.onUnsuccessfulAuthentication(request, response, failed);
if ("XMLHttpRequest".equals(request.getHeader("X-Requested-With"))) {
ResultObject resultObject = new ResultObject();
resultObject.setCode("1");
resultObject.setMsg(failed.getMessage());
sendResponse(response, JSON.toJSONString(resultObject));
}
}
protected void sendRedirect(HttpServletRequest request, HttpServletResponse response, String url)
throws IOException {
// ignore redirect when request via ajax
if (!"XMLHttpRequest".equals(request.getHeader("X-Requested-With"))) {
RedirectUtils.sendRedirect(request, response, url, useRelativeContext);
}
}
}

123
comm/Security/src/security/filter/AuthenticationProcessingFilterEntryPoint.java Executable file
View File

@@ -0,0 +1,123 @@
package security.filter;
import java.io.IOException;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.AuthenticationException;
import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.RegexUrlPathMatcher;
import org.springframework.security.util.UrlMatcher;
/**
*
* <p>Title: 重载 security URL重定向 </p>
*/
public class AuthenticationProcessingFilterEntryPoint extends
org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint {
private static final Log logger = LogFactory.getLog(AuthenticationProcessingFilterEntryPoint.class);
String[] roles = null;
String urlMatcherPathType = System.getProperty("security.url.matcher.path.type");
boolean init = false;
/**
* Performs the redirect (or forward) to the login form URL.
*/
public void commence(ServletRequest request, ServletResponse response, AuthenticationException authException)
throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
String redirectUrl = null;
if (isServerSideRedirect()) {
if (isForceHttps() && "http".equals(request.getScheme())) {
redirectUrl = buildHttpsRedirectUrlForRequest(httpRequest);
}
if (redirectUrl == null) {
String loginForm = determineUrlToUseForThisRequest(httpRequest, httpResponse, authException);
if (logger.isDebugEnabled()) {
logger.debug("Server side forward to: " + loginForm);
}
RequestDispatcher dispatcher = httpRequest.getRequestDispatcher(loginForm);
dispatcher.forward(request, response);
return;
}
}
else {
// 是否跳转
boolean whetherRedirect = true;
// request是否跳转值
String redirectValue = httpRequest.getParameter("redirect");
if (redirectValue != null && "false".equalsIgnoreCase(redirectValue)) {
whetherRedirect = false;
}
String verifyUrl = httpRequest.getRequestURI();
if (roles != null) {
for (int i = 0; i < roles.length; i++) {
if (isUrlMatch(roles[i], verifyUrl, urlMatcherPathType, true)) {
whetherRedirect = false;
break;
}
}
}
if (whetherRedirect) {
redirectUrl = buildRedirectUrlToLoginPage(httpRequest, httpResponse, authException);
}
else {
httpResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED,
"Authentication Failed: " + authException.getMessage());
return;
}
}
httpResponse.sendRedirect(httpResponse.encodeRedirectURL(redirectUrl));
}
private boolean isUrlMatch(String rule, String verifyUrl, String urlMatcherPathType, boolean lowercaseComparisons) {
UrlMatcher urlMatcher;
if ("Regex".equals(urlMatcherPathType)) {
urlMatcher = new RegexUrlPathMatcher();
if (lowercaseComparisons) {
((RegexUrlPathMatcher) urlMatcher).setRequiresLowerCaseUrl(true);
}
else {
((RegexUrlPathMatcher) urlMatcher).setRequiresLowerCaseUrl(false);
}
return urlMatcher.pathMatchesUrl(rule, verifyUrl);
}
else if ("Ant".equals(urlMatcherPathType)) {
urlMatcher = new AntUrlPathMatcher();
if (lowercaseComparisons) {
((AntUrlPathMatcher) urlMatcher).setRequiresLowerCaseUrl(true);
}
else {
((AntUrlPathMatcher) urlMatcher).setRequiresLowerCaseUrl(false);
}
return urlMatcher.pathMatchesUrl(rule, verifyUrl);
}
return false;
}
}

174
comm/Security/src/security/filter/HttpSessionContextIntegrationFilter.java Executable file
View File

@@ -0,0 +1,174 @@
package security.filter;
import java.io.IOException;
import java.lang.reflect.Method;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.context.SecurityContext;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.context.SecurityContextImpl;
import org.springframework.util.Assert;
import org.springframework.util.ReflectionUtils;
import security.SecUser;
public class HttpSessionContextIntegrationFilter implements Filter {
private static final Log logger = LogFactory.getLog(HttpSessionContextIntegrationFilter.class);
private boolean forceEagerSessionCreation = false;
private boolean cloneFromHttpSession = false;
public static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
private Class contextClass = SecurityContextImpl.class;
@Override
public void destroy() {
// TODO Auto-generated method stub
}
private static final String FILTER_APPLIED = "_security_userContextFilter_filterApplied";
private boolean observeOncePerRequest = true;
@Override
public void doFilter(ServletRequest req, ServletResponse res,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpSession httpSession = safeGetSession(request,
forceEagerSessionCreation);
SecurityContext contextBeforeChainExecution = readSecurityContextFromSession(httpSession);
httpSession = null;
if (contextBeforeChainExecution == null) {
contextBeforeChainExecution = generateNewContext();
if (logger.isDebugEnabled()) {
logger.debug("New SecurityContext instance will be associated with SecurityContextHolder");
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT to "
+ "associate with SecurityContextHolder: '"
+ contextBeforeChainExecution + "'");
}
}
try {
// This is the only place in this class where
// SecurityContextHolder.setContext() is called
SecurityContextHolder.setContext(contextBeforeChainExecution);
if ((request != null)
&& (request.getAttribute(FILTER_APPLIED) == null)
&& observeOncePerRequest) {
if (request != null) {
request.setAttribute(FILTER_APPLIED, Boolean.TRUE);
}
Object principal = security.SecurityAppUserHolder.getCurrentUser();
if (principal instanceof SecUser) {
// 把用户放入request
request.setAttribute("_currentUser", principal);
}
}
chain.doFilter(request, res);
} finally {
// Crucial removal of SecurityContextHolder contents - do this
// before anything else.
SecurityContextHolder.clearContext();
}
}
public SecurityContext generateNewContext() throws ServletException {
try {
return (SecurityContext) this.contextClass.newInstance();
} catch (InstantiationException ie) {
throw new ServletException(ie);
} catch (IllegalAccessException iae) {
throw new ServletException(iae);
}
}
private SecurityContext readSecurityContextFromSession(
HttpSession httpSession) {
if (httpSession == null) {
if (logger.isDebugEnabled()) {
logger.debug("No HttpSession currently exists");
}
return null;
}
// Session exists, so try to obtain a context from it.
Object contextFromSessionObject = httpSession
.getAttribute(SPRING_SECURITY_CONTEXT_KEY);
if (contextFromSessionObject == null) {
if (logger.isDebugEnabled()) {
logger.debug("HttpSession returned null object for SPRING_SECURITY_CONTEXT");
}
return null;
}
// We now have the security context object from the session.
// Clone if required (see SEC-356)
if (cloneFromHttpSession) {
Assert.isInstanceOf(Cloneable.class, contextFromSessionObject,
"Context must implement Clonable and provide a Object.clone() method");
try {
Method m = contextFromSessionObject.getClass().getMethod(
"clone", new Class[] {});
if (!m.isAccessible()) {
m.setAccessible(true);
}
contextFromSessionObject = m.invoke(contextFromSessionObject,
new Object[] {});
} catch (Exception ex) {
ReflectionUtils.handleReflectionException(ex);
}
}
if (!(contextFromSessionObject instanceof SecurityContext)) {
logger.warn("SPRING_SECURITY_CONTEXT did not contain a SecurityContext but contained: '"
+ contextFromSessionObject
+ "'; are you improperly modifying the HttpSession directly "
+ "(you should always use SecurityContextHolder) or using the HttpSession attribute "
+ "reserved for this class?");
return null;
}
// Everything OK. The only non-null return from this method.
return (SecurityContext) contextFromSessionObject;
}
private HttpSession safeGetSession(HttpServletRequest request,
boolean allowCreate) {
try {
return request.getSession(allowCreate);
} catch (IllegalStateException ignored) {
return null;
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
// TODO Auto-generated method stub
}
}

109
comm/Security/src/security/filter/UrlResourceFilterInvocation.java Executable file
View File

@@ -0,0 +1,109 @@
package security.filter;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.context.ContextLoader;
import org.springframework.web.context.WebApplicationContext;
import security.SecurityContext;
import security.internal.SecurityAuthoritiesHolder;
import security.internal.SecurityResourceProcessor;
import security.util.AuthenticationUtil;
/**
* 登录接口过滤器
*/
public class UrlResourceFilterInvocation implements Filter {
/**
* url 白名单
*/
private List<String> urls = new ArrayList<String>();
private SecurityAuthoritiesHolder securityAuthoritiesHolder;
private SecurityResourceProcessor securityResourceProcessor;
// private AntPathMatcher antPathMatcher = new AntPathMatcher();
private String redirectUrl = "../login.jsp";
@Override
public void init(FilterConfig arg0) throws ServletException {
urls.add("/public/**");// 登录时
urls.add("/systemGoods/**");
urls.add("/activity/**");
urls.add("/activityPrize/**");
urls.add("/lottery/**");
urls.add("/lotteryPrize/**");
urls.add("/lotteryRecord/**");
urls.add("/lotteryReceive/**");
urls.add("/normal/uploadimg!execute.action");
WebApplicationContext webApplicationContext = ContextLoader.getCurrentWebApplicationContext();
securityAuthoritiesHolder = (SecurityAuthoritiesHolder) webApplicationContext
.getBean("securityAuthoritiesHolder");
securityResourceProcessor = (SecurityResourceProcessor) webApplicationContext
.getBean("securityResourceProcessor");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain)
throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpServletResponse httpServleResponse = (HttpServletResponse) response;
String servletPath = httpServletRequest.getServletPath();
if (!servletPath.contains(".action") || !".action".equals(servletPath.substring(servletPath.length() - 7))) {// 白名单直接过滤非action请求直接过滤
filterChain.doFilter(request, response);
return;
}
for (int i = 0; i < urls.size(); i++) {
if (AuthenticationUtil.isUrlMatch(urls.get(i), servletPath)) {
filterChain.doFilter(request, response);
return;
}
}
HttpSession session = httpServletRequest.getSession();
Object contextFromSessionObject = session.getAttribute("SPRING_SECURITY_CONTEXT");
if (contextFromSessionObject == null) {
httpServleResponse.sendRedirect(httpServleResponse.encodeRedirectURL(redirectUrl));
return;
}
if (!(contextFromSessionObject instanceof SecurityContext)) {
httpServleResponse.sendRedirect(httpServleResponse.encodeRedirectURL(redirectUrl));
return;
}
SecurityContext securityContext = (SecurityContext) contextFromSessionObject;
if (securityResourceProcessor.isUrlAccessible(servletPath, securityContext.getRoles())) {
filterChain.doFilter(request, response);
}
}
@Override
public void destroy() {
}
}

76
comm/Security/src/security/filter/UrlResourceFilterInvocationDefinitionSource.java Executable file
View File

@@ -0,0 +1,76 @@
/**
*
*/
package security.filter;
import java.util.Collection;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.intercept.web.FilterInvocation;
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
import security.Constants;
import security.SecUser;
import security.SecurityAppUserHolder;
import security.internal.SecurityAuthoritiesHolder;
import security.util.AuthenticationUtil;
/**
* URL过虑器
*
*/
public class UrlResourceFilterInvocationDefinitionSource implements FilterInvocationDefinitionSource {
private static final Log logger = LogFactory.getLog(UrlResourceFilterInvocationDefinitionSource.class);
private SecurityAuthoritiesHolder securityAuthoritiesHolder;
public ConfigAttributeDefinition getAttributes(Object filter) throws IllegalArgumentException {
if ((filter == null) || !this.supports(filter.getClass())) {
throw new IllegalArgumentException("Sorry, the target object is not FilterInvocation type");
}
SecUser user = SecurityAppUserHolder.getCurrentUser();
// 用户是否已登陆
if (null == user) {
return ConfigAttributeDefinition.NO_ATTRIBUTES;
}
FilterInvocation filterInvocation = (FilterInvocation) filter;
// 待验证URL
String requestURI = filterInvocation.getRequestUrl();
if (logger.isDebugEnabled()) {
logger.debug("To be verified: " + requestURI);
}
Map<String, String> urlAuthorities = this.securityAuthoritiesHolder.loadAuthorities(Constants.RESTYPE_URL);
// 得到该URL允许的角色串
String authorities = AuthenticationUtil.resourceMatches(urlAuthorities, requestURI);
return AuthenticationUtil.getCadByAuthorities(authorities);
}
@SuppressWarnings("rawtypes")
public Collection getConfigAttributeDefinitions() {
return null;
}
@SuppressWarnings("rawtypes")
public boolean supports(Class clazz) {
if (FilterInvocation.class.isAssignableFrom(clazz)) {
return true;
}
else {
return false;
}
}
public void setSecurityAuthoritiesHolder(
SecurityAuthoritiesHolder securityAuthoritiesHolder) {
this.securityAuthoritiesHolder = securityAuthoritiesHolder;
}
}

25
comm/Security/src/security/internal/ResourceServiceImpl.java Executable file
View File

@@ -0,0 +1,25 @@
package security.internal;
import java.util.ArrayList;
import java.util.List;
import org.springframework.orm.hibernate5.support.HibernateDaoSupport;
import security.Resource;
import security.ResourceService;
public class ResourceServiceImpl extends HibernateDaoSupport implements ResourceService{
@Override
public Resource get(String id) {
return this.getHibernateTemplate().get(Resource.class, id);
}
public List<Resource> getByIds(List<String> ids) {
List<String> param_ids = new ArrayList<String>();
for(String id:ids) {
param_ids.add("'"+id+"'");
}
return (List<Resource>) this.getHibernateTemplate().find(" FROM Resource WHERE id in("+String.join(",", param_ids)+")");
}
}

143
comm/Security/src/security/internal/RoleServiceImpl.java Executable file
View File

@@ -0,0 +1,143 @@
package security.internal;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.jdbc.core.namedparam.NamedParameterJdbcOperations;
import org.springframework.orm.hibernate5.support.HibernateDaoSupport;
import kernel.exception.BusinessException;
import project.Constants;
import project.log.Log;
import project.log.LogService;
import project.wallet.internal.WalletServiceImpl;
import security.Role;
import security.RoleService;
public class RoleServiceImpl extends HibernateDaoSupport implements RoleService {
private Logger log = LoggerFactory.getLogger(RoleServiceImpl.class);
private SecurityAuthoritiesHolder securityAuthoritiesHolder;
private NamedParameterJdbcOperations namedParameterJdbcTemplate;
private LogService logService;
public Role findRoleByName(String roleName) {
List<Role> list = null;
try {
list = (List<Role>) this.getHibernateTemplate().find("FROM Role WHERE roleName = ?0", new Object[] {roleName});
} catch (Exception e) {
e.fillInStackTrace();
}
if (list.size() > 0) {
return list.get(0);
}
return null;
}
@Override
public List<Role> getAll() {
return (List<Role>) this.getHibernateTemplate().find("FROM Role ");
}
@Override
public Role get(String id) {
return this.getHibernateTemplate().get(Role.class, id);
}
public void addRole(Role role,String operaterUsername,String ip) {
Role roleDB = this.findRoleByName(role.getRoleName());
// 如果存在重名的角色
if (null != roleDB) {
throw new BusinessException("存在重复的角色名称");
}
// // 如果该角色的资源为空
// if (role.getCompoundResource().size() == 0) {
// throw new BusinessException("security_role_compoundResource_null");
// }
// roleManagerDao.addRole(role);
this.getHibernateTemplate().save(role);
// 重置缓存
securityAuthoritiesHolder.clean();
saveLog(role,operaterUsername,"ip:"+ip+"管理员添加角色:"+role.getRoleName());
}
public void setSecurityAuthoritiesHolder(SecurityAuthoritiesHolder securityAuthoritiesHolder) {
this.securityAuthoritiesHolder = securityAuthoritiesHolder;
}
public void update(Role role,String operaterUsername,String beforeResourceName,String afterResourceName,String code,String ip) {
// 如果存在重名的角色
log.info("roleName:" + role.getRoleName());
log.info("roleId:" + role.getId());
List list = this.getHibernateTemplate().find("select ro FROM Role ro where ro.roleName = ?0 and ro.id != ?1", new Object[] {
role.getRoleName(), role.getId() });
if (list.size() > 0) {
throw new BusinessException("存在重复的角色名称");
}
getHibernateTemplate().merge(role);
// getHibernateTemplate().flush();
// getHibernateTemplate().clear();
// 重置缓存
securityAuthoritiesHolder.clean();
saveLog(role,operaterUsername,"ip:"+ip+"管理员修改角色名及角色权限,角色名:["+role.getRoleName()+"],原有权限:["+beforeResourceName+"],修改后权限:["+afterResourceName+"],验证码:["+code+"]");
}
@Override
public void removeById(String id,String operaterUsername,String ip) {
String sql = "select * FROM SCT_USER_ROLE WHERE ROLE_UUID = :role_id";
Map<String, Object> parameters = new HashMap<String, Object>();
parameters.put("role_id", id);
List<Map<String, Object>> list = namedParameterJdbcTemplate.queryForList(sql, parameters);
if (list.size() > 0) {
throw new BusinessException("角色被用户关联,不可删除");
}
Role role = this.getHibernateTemplate().get(Role.class, id);
if (role != null) {
getHibernateTemplate().delete(role);
}
// 重置缓存
securityAuthoritiesHolder.clean();
saveLog(role,operaterUsername,"ip:"+ip+"管理员删除角色"+role.getRoleName());
}
public void saveLog(Role role, String operator,String context) {
Log log = new Log();
log.setCategory(Constants.LOG_CATEGORY_OPERATION);
log.setUsername(operator);
log.setOperator(operator);
log.setLog(context);
log.setCreateTime(new Date());
logService.saveSync(log);
}
public void setNamedParameterJdbcTemplate(NamedParameterJdbcOperations namedParameterJdbcTemplate) {
this.namedParameterJdbcTemplate = namedParameterJdbcTemplate;
}
public void setLogService(LogService logService) {
this.logService = logService;
}
}

90
comm/Security/src/security/internal/SecUserService.java Executable file
View File

@@ -0,0 +1,90 @@
package security.internal;
import java.io.Serializable;
import java.util.List;
import project.party.model.Party;
import security.SecUser;
public interface SecUserService {
/**
* 根据登陆用户名查询用户
*/
public SecUser findUserByLoginName(String loginName);
/**
* 根据手机号
*/
Party findUserByPhone(String phone);
/**
* 根据用户名和角色查询用户
*/
public SecUser findValidUserByLoginName(String loginName, String[] roles);
public void saveUser(SecUser user);
public void deleteUser(SecUser user);
/**
* 修改密码,会验证旧密码
*
* @param partyId
* @param oldpassword
* @param password
*/
public void updatePassword(String username, String oldpassword, String password);
/**
*  修改密码,不验证旧密码,管理员后台重置密码使用
*
* @param loginName
* @param password
*/
public void updatePassword(String loginName, String password);
/**
* 根据partyId查询用户
*/
public SecUser findUserByPartyId(Serializable partyId);
public void update(SecUser user);
public SecUser findUserById(Serializable id);
/**
* 修改资金密码,会验证旧密码
*
* @param username
* @param oldpassword
* @param password
*/
public void updateSafeword(String username, String oldpassword, String password);
/**
* 修改用户名和密码
* @param loginName
* @param userName
* @param password
*/
public void updateSecUser(String loginName, String userName, String password);
/**
*  修改资金密码,不验证旧密码,管理员后台重置密码使用
*
* @param loginName
* @param password
*/
public void updateSafeword(String loginName, String password);
/**
* 所有系统用户
* @return
*/
public List<SecUser> findAllSysUsers();
public String test();
boolean queryCheckGuestAccount(String partyId);
}

238
comm/Security/src/security/internal/SecUserServiceImpl.java Executable file
View File

@@ -0,0 +1,238 @@
package security.internal;
import java.io.Serializable;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.hibernate.criterion.DetachedCriteria;
import org.hibernate.criterion.Order;
import org.hibernate.criterion.Property;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.orm.hibernate5.support.HibernateDaoSupport;
import org.springframework.security.providers.encoding.PasswordEncoder;
import org.springframework.transaction.annotation.Transactional;
import kernel.exception.BusinessException;
import kernel.util.StringUtils;
import project.Constants;
import project.invest.goods.model.Useraddress;
import project.party.model.Party;
import security.Role;
import security.SecUser;
public class SecUserServiceImpl extends HibernateDaoSupport implements SecUserService {
private PasswordEncoder passwordEncoder;
public void saveUser(SecUser user) {
SecUser db = findUserByLoginName(user.getUsername());
if (null != db) {
throw new BusinessException("系统存在相同[系统登录名]");
}
user.setCreateTime(new Date());
user.setPassword(passwordEncoder.encodePassword(user.getPassword(), user.getUsername()));
this.getHibernateTemplate().merge(user);
}
public void deleteUser(SecUser user) {
SecUser db = this.findUserByLoginName(user.getUsername());
if (null == db) {
throw new BusinessException("系统用户登录名不存在!");
}
this.getHibernateTemplate().delete(db);
}
@SuppressWarnings("unchecked")
public SecUser findUserByLoginName(String loginName) {
List<SecUser> users = (List<SecUser>) this.getHibernateTemplate().find("FROM SecUser WHERE username = ?0" ,new Object[] {loginName});
if (users.size() > 0) {
return users.get(0);
}
return null;
}
@Override
public Party findUserByPhone(String phone) {
DetachedCriteria query = DetachedCriteria.forClass(Party.class);
query.add( Property.forName("phone").eq(phone) );
List list = getHibernateTemplate().findByCriteria(query,0,1);
if(list.size()>0){
return (Party) list.get(0);
}
return null;
}
@Override
public SecUser findValidUserByLoginName(String loginName, String[] rolesArrty) {
SecUser user = findUserByLoginName(loginName);
if (user == null) {
return null;
}
Set<Role> roles = user.getRoles();
boolean find = false;
for (Iterator iterator = roles.iterator(); iterator.hasNext();) {
Role role = (Role) iterator.next();
for (int i = 0; i < rolesArrty.length; i++) {
if (role.getRoleName().equals(rolesArrty[i])) {
find = true;
}
}
}
if (!find) {
return null;
}
return user;
}
public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
this.passwordEncoder = passwordEncoder;
}
@Override
public void updatePassword(String username, String oldpassword, String password) {
SecUser user = this.findUserByLoginName(username);
if (user == null) {
return;
}
String oldpassword_encoder = passwordEncoder.encodePassword(oldpassword, user.getUsername());
// String oldpassword_encoder = oldpassword;
if (oldpassword_encoder.equals(user.getPassword())) {
user.setPassword(passwordEncoder.encodePassword(password, user.getUsername()));
// user.setPassword(password);
this.getHibernateTemplate().update(user);
} else {
throw new BusinessException("旧密码不正确");
}
}
@Override
public SecUser findUserByPartyId(Serializable partyId) {
StringBuffer queryString = new StringBuffer(" FROM SecUser where partyId = ?0");
List<SecUser> list = null;
list = (List<SecUser>) this.getHibernateTemplate().find(queryString.toString() ,new Object[] {partyId});
if (list.size() > 0) {
return list.get(0);
}
return null;
}
public List<SecUser> findAllSysUsers() {
StringBuffer queryString = new StringBuffer(" FROM SecUser where partyId is null OR partyId=''");
List<SecUser> list= (List<SecUser>) this.getHibernateTemplate().find(queryString.toString());
return list;
}
@Override
public void update(SecUser user) {
// this.getHibernateTemplate().update(user);
this.getHibernateTemplate().merge(user);
}
@Override
public SecUser findUserById(Serializable id) {
return this.getHibernateTemplate().get(SecUser.class, id);
}
@Override
public void updatePassword(String loginName, String password) {
SecUser secUser = findUserByLoginName(loginName);
if (secUser != null) {
secUser.setPassword(passwordEncoder.encodePassword(password, secUser.getUsername()));
// secUser.setPassword(password);
this.update(secUser);
} else {
throw new BusinessException("没有找到用户");
}
// codeTimeWindow.getCodeForgot().remove(loginName);
}
@Override
public void updateSecUser(String loginName, String userName, String password) {
SecUser secUser = findUserByLoginName(loginName);
if (secUser != null) {
secUser.setPassword(passwordEncoder.encodePassword(password, userName));
secUser.setUsername(userName);
this.update(secUser);
} else {
throw new BusinessException("sec用户不存在");
}
}
@Override
public void updateSafeword(String username, String oldpassword, String password) {
SecUser user = this.findUserByLoginName(username);
if (user == null) {
return;
}
String oldpassword_encoder = passwordEncoder.encodePassword(oldpassword, user.getUsername());
/**
* 旧资金密码为空则不验证旧密码
*/
if(!StringUtils.isNullOrEmpty(user.getSafeword())) {
if (oldpassword_encoder.equals(user.getSafeword())) {
user.setSafeword(passwordEncoder.encodePassword(password, user.getUsername()));
// user.setPassword(password);
this.getHibernateTemplate().update(user);
} else {
throw new BusinessException("旧密码不正确");
}
}else {
user.setSafeword(passwordEncoder.encodePassword(password, user.getUsername()));
this.getHibernateTemplate().update(user);
}
}
@Override
public void updateSafeword(String loginName, String password) {
SecUser secUser = findUserByLoginName(loginName);
if (secUser != null) {
secUser.setSafeword(passwordEncoder.encodePassword(password, secUser.getUsername()));
// secUser.setPassword(password);
this.update(secUser);
} else {
throw new BusinessException("没有找到用户");
}
// codeTimeWindow.getCodeForgot().remove(loginName);
}
public String test() {
return "test";
}
/**
* 判断一个用户是否是演示账号
*
* @param partyId
* @return
*/
public boolean queryCheckGuestAccount(String partyId) {
SecUser user = this.findUserByPartyId(partyId);
user.getRoles();
boolean guest = false;
for (Role role : user.getRoles()) {
if (Constants.SECURITY_ROLE_GUEST.equals(role.getRoleName())) {
guest = true;
}
}
return guest;
}
}

18
comm/Security/src/security/internal/SecurityAuthoritiesHolder.java Executable file
View File

@@ -0,0 +1,18 @@
package security.internal;
import java.util.Map;
/**
* 安全管理
*
*/
public interface SecurityAuthoritiesHolder {
/**
* 取得系统resType类型资源角色串
*/
public Map<String, String> loadAuthorities(String resType);
public void clean();
}

63
comm/Security/src/security/internal/SecurityAuthoritiesHolderImpl.java Executable file
View File

@@ -0,0 +1,63 @@
package security.internal;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.springframework.orm.hibernate5.support.HibernateDaoSupport;
import security.Resource;
public class SecurityAuthoritiesHolderImpl extends HibernateDaoSupport
implements SecurityAuthoritiesHolder {
private Map<String, Map<String, String>> cache = new HashMap<String, Map<String, String>>();
@SuppressWarnings("unchecked")
private List<Resource> getResourcesByType(String resType) {
return (List<Resource>) this.getHibernateTemplate().find("FROM Resource WHERE resType = ?0",new Object[] {resType});
}
public Map<String, String> loadAuthorities(String resType) {
Map<String, String> authorities = cache.get(resType);
if (authorities == null) {
authorities = new LinkedHashMap<String, String>();
List<Resource> urlResources = getResourcesByType(resType);
Collections.sort(urlResources,new Comparator<Resource>() {
//升序排序
public int compare(Resource o1, Resource o2) {
if (o1.getResString().length()<o2.getResString().length()) {
return 1;
} else if (o1.getResString().length()==o2.getResString().length()){
return 0;
}
return -1;
}
});
for (Resource resource : urlResources) {
authorities.put(resource.getResString(),
resource.getRoleAuthorities());
}
cache.put(resType, authorities);
}
return authorities;
}
@Override
public void clean() {
cache = new HashMap<String, Map<String, String>>();
}
}

16
comm/Security/src/security/internal/SecurityResourceProcessor.java Executable file
View File

@@ -0,0 +1,16 @@
package security.internal;
import java.util.List;
public interface SecurityResourceProcessor {
public boolean isResourceAccessible(String resource,List<String> roles);
public boolean isResourceAccessible(String resource, String type,List<String> roles);
public boolean isRolesAccessible(String verifyroles, List<String> roles);
public boolean isUrlAccessible(String servletPath, List<String> roles);
}

125
comm/Security/src/security/internal/SecurityResourceProcessorImpl.java Executable file
View File

@@ -0,0 +1,125 @@
package security.internal;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.AccessDecisionManager;
import kernel.util.StringUtils;
import security.Constants;
import security.util.AuthenticationUtil;
public class SecurityResourceProcessorImpl implements SecurityResourceProcessor {
private Logger logger = LogManager.getLogger(SecurityResourceProcessorImpl.class);
private SecurityAuthoritiesHolder securityAuthoritiesHolder;
private AccessDecisionManager accessDecisionManager;
public boolean isResourceAccessible(String resource, List<String> roles) {
return isResourceAccessible(resource, Constants.RESTYPE_OPERATION, roles);
}
public boolean isResourceAccessible(String resource, String type, List<String> roles) {
logger.info("jsp在调我,resource:{}", resource);
if (StringUtils.isNullOrEmpty(resource)) {
return true;
}
logger.debug("resource[" + resource + "]");
// URL资源串逗号相隔的角色串
Map<String, String> operationAuthorities = securityAuthoritiesHolder.loadAuthorities(type);
// 角色串
String authorities = null;
for (Iterator<Map.Entry<String, String>> iter = operationAuthorities.entrySet().iterator(); iter.hasNext();) {
Map.Entry<String, String> entry = iter.next();
String operation = entry.getKey();
if (resource.equals(operation)) {
authorities = entry.getValue();
break;
}
}
return isRoleExist(authorities, roles);
//
// ConfigAttributeDefinition attr = AuthenticationUtil.getCadByAuthorities(authorities);
// if (attr != null) {
// Authentication authenticated = SecurityAppUserHolder.getAuthentication();
// try {
// accessDecisionManager.decide(authenticated, null, attr);
// return true;
// } catch (AccessDeniedException accessDeniedException) {
// return false;
// }
// }
// return true;
}
@Override
public boolean isUrlAccessible(String servletPath, List<String> roles) {
if (StringUtils.isNullOrEmpty(servletPath)) {
return true;
}
Map<String, String> urlAuthorities = this.securityAuthoritiesHolder.loadAuthorities(Constants.RESTYPE_URL);
// 得到该URL允许的角色串
String authorities = AuthenticationUtil.resourceMatches(urlAuthorities, servletPath);
// 如果为空,该资源没有被定义
if (StringUtils.isNullOrEmpty(authorities) ) {
// 是否保护所有资源
if (AuthenticationUtil.IS_PROTECT_ALL_RESOURCE) {
return false;
}
else {
// 返回null资源不被保护
return true;
}
}
return isRoleExist(authorities, roles);
}
@Override
public boolean isRolesAccessible(String verifyroles, List<String> roles) {
return isRoleExist(verifyroles, roles);
}
public boolean isRoleExist(String authorities, List<String> roles) {
if (StringUtils.isNullOrEmpty(authorities)) {
return false;
}
String[] arrty = authorities.split(",");
for (int i = 0; i < arrty.length; i++) {
for (int j = 0; j < roles.size(); j++) {
if (arrty[i].equals(roles.get(j))) {
return true;
}
}
}
return false;
}
public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
this.accessDecisionManager = accessDecisionManager;
}
public void setSecurityAuthoritiesHolder(SecurityAuthoritiesHolder securityAuthoritiesHolder) {
this.securityAuthoritiesHolder = securityAuthoritiesHolder;
}
}

23
comm/Security/src/security/mapping/Resource.hbm.xml Executable file
View File

@@ -0,0 +1,23 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping>
<class name="security.Resource" table="SCT_RESOURCE">
<id name="id" type="java.lang.String">
<column name="UUID" />
<generator class="uuid.hex" />
</id>
<property name="resString" type="java.lang.String">
<column name="RES_STRING" length="256" not-null="true" />
</property>
<property name="resType" type="java.lang.String">
<column name="RES_TYPE" length="32" not-null="true" />
</property>
<set cascade="none" lazy="false" name="roles"
outer-join="false" sort="unsorted" table="SCT_ROLE_RESOURCE">
<key column="RESOURCE_UUID" />
<many-to-many class="security.Role"
column="ROLE_UUID" unique="false" />
</set>
</class>
</hibernate-mapping>

24
comm/Security/src/security/mapping/Role.hbm.xml Executable file
View File

@@ -0,0 +1,24 @@
<?xml version="1.0"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping>
<class name="security.Role" table="SCT_ROLE">
<id name="id" type="java.lang.String">
<column name="UUID" />
<!-- <generator class="uuid.hex" /> -->
</id>
<property generated="never" lazy="false" name="roleName"
type="java.lang.String">
<column length="64" name="ROLE_NAME" />
</property>
<set cascade="none" lazy="false" name="resources"
outer-join="false" sort="unsorted" table="SCT_ROLE_RESOURCE">
<key column="ROLE_UUID" />
<many-to-many class="security.Resource"
column="RESOURCE_UUID" unique="false" />
</set>
</class>
</hibernate-mapping>

62
comm/Security/src/security/mapping/SecUser.hbm.xml Executable file
View File

@@ -0,0 +1,62 @@
<?xml version="1.0"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping>
<class name="security.SecUser" table="SCT_USER" dynamic-update="true">
<id name="id" type="java.lang.String">
<column name="UUID" />
<generator class="uuid.hex" />
</id>
<property name="createTime" type="timestamp">
<column name="CREATETIME" />
</property>
<property name="username" lazy="false" type="java.lang.String">
<column name="USERNAME" />
</property>
<property name="last_loginTime" type="timestamp">
<column name="LAST_LOGIN_TIME" />
</property>
<property name="login_ip" type="java.lang.String">
<column name="LOGIN_IP" />
</property>
<property name="email" type="java.lang.String">
<column name="EMAIL" />
</property>
<!-- <property name="name" type="java.lang.String"> <column name="NAME"
/> </property> <property generated="never" lazy="false" name="email" type="java.lang.String">
<column length="32" name="EMAIL" /> </property> -->
<property name="password" type="java.lang.String">
<column length="256" name="PASSWORD" />
</property>
<property name="safeword" type="java.lang.String">
<column name="SAFEWORD" />
</property>
<property lazy="false" name="partyId"
type="java.lang.String">
<column length="32" name="PARTY_UUID" />
</property>
<property name="enabled" type="yes_no">
<column name="ENABLED" />
</property>
<property name="remarks" type="java.lang.String">
<column name="REMARKS" />
</property>
<!-- <property generated="never" lazy="false" name="isdel" type="yes_no">
<column name="ISDEL" /> </property> -->
<set lazy="false" cascade="none" name="roles" outer-join="false"
sort="unsorted" table="SCT_USER_ROLE">
<key column="USER_UUID" />
<many-to-many class="security.Role" column="ROLE_UUID"
unique="false" />
</set>
<property generated="never" name="google_auth_bind"
type="yes_no">
<column name="GOOGLE_AUTH_BIND" />
</property>
<property name="google_auth_secret" type="java.lang.String">
<column name="GOOGLE_AUTH_SECRET" />
</property>
</class>
</hibernate-mapping>

104
comm/Security/src/security/util/AuthenticationUtil.java Executable file
View File

@@ -0,0 +1,104 @@
package security.util;
import java.util.Iterator;
import java.util.Map;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttributeEditor;
import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.RegexUrlPathMatcher;
import org.springframework.security.util.UrlMatcher;
/**
* 鉴权有关的工具类
*
*/
public abstract class AuthenticationUtil {
/**
* 是否保护所有资源true则所有资源默认为受保护 false则只有声明了并且与权限挂钩了的资源才会受保护
*/
public static final boolean IS_PROTECT_ALL_RESOURCE = false;
/**
* Regex或AntRegex支持正则表达式
*/
public static final String URLMATCHER_PATH_TYPE = "Ant";
/**
* 使用Regex或Ant是否转小写后再验证
*/
public static final boolean LOWER_CASE_COMPARISONS = true;
/**
* 验证verify是否满足resource规则
*/
public static boolean isUrlMatch(String resource, String verify) {
return AuthenticationUtil.isUrlMatch(URLMATCHER_PATH_TYPE,LOWER_CASE_COMPARISONS, resource,
verify);
}
/**
* 验证verifyUrl是否满足resourceUrl规则lowercaseComparisons为true为转小写后再验证
*/
public static boolean isUrlMatch(String urlMatcherPathType, boolean lowercaseComparisons, String resourceUrl,
String verifyUrl) {
UrlMatcher urlMatcher;
if ("Regex".equals(urlMatcherPathType)) {
urlMatcher = new RegexUrlPathMatcher();
if (lowercaseComparisons) {
((RegexUrlPathMatcher) urlMatcher).setRequiresLowerCaseUrl(true);
}
else {
((RegexUrlPathMatcher) urlMatcher).setRequiresLowerCaseUrl(false);
}
return urlMatcher.pathMatchesUrl(resourceUrl, verifyUrl);
}
else if ("Ant".equals(urlMatcherPathType)) {
urlMatcher = new AntUrlPathMatcher();
if (lowercaseComparisons) {
((AntUrlPathMatcher) urlMatcher).setRequiresLowerCaseUrl(true);
}
else {
((AntUrlPathMatcher) urlMatcher).setRequiresLowerCaseUrl(false);
}
return urlMatcher.pathMatchesUrl(resourceUrl, verifyUrl);
}
return false;
}
public static String resourceMatches(Map<String, String> resourcesMap, String verify) {
String authorities = null;
for (Iterator<Map.Entry<String, String>> iter = resourcesMap.entrySet().iterator(); iter.hasNext();) {
Map.Entry<String, String> entry = iter.next();
String resourceKey = entry.getKey();
if (AuthenticationUtil.isUrlMatch(resourceKey, verify)) {
authorities = entry.getValue();
break;
}
}
return authorities;
}
public static ConfigAttributeDefinition getCadByAuthorities(String authorities) {
// 如果为空,该资源没有被定义
if (authorities == null) {
// 是否保护所有资源
if (IS_PROTECT_ALL_RESOURCE) {
return ConfigAttributeDefinition.NO_ATTRIBUTES;
}
else {
// 返回null资源不被保护
return null;
}
}
ConfigAttributeEditor configAttrEditor = new ConfigAttributeEditor();
configAttrEditor.setAsText(authorities);
ConfigAttributeDefinition cad = (ConfigAttributeDefinition) configAttrEditor.getValue();
if (cad == null) {
cad = ConfigAttributeDefinition.NO_ATTRIBUTES;
}
return cad;
}
}

205
comm/Security/src/security/web/BaseSecurityAction.java Executable file
View File

@@ -0,0 +1,205 @@
package security.web;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.springframework.web.context.ContextLoader;
import org.springframework.web.context.WebApplicationContext;
import com.alibaba.dubbo.common.utils.CollectionUtils;
import kernel.util.StringUtils;
import kernel.web.BaseAction;
import kernel.web.ResultObject;
import project.syspara.Syspara;
import project.syspara.SysparaService;
import security.Role;
import security.SecUser;
import security.SecurityContext;
import security.internal.SecurityResourceProcessor;
import systemuser.CustomerService;
import systemuser.model.Customer;
public class BaseSecurityAction extends BaseAction {
private static final long serialVersionUID = 5393029010679461944L;
protected String username_login;
WebApplicationContext wac = ContextLoader.getCurrentWebApplicationContext();
// false: dapp+交易所true: 交易所;
public boolean isDappOrExchange() {
SysparaService sysparaService = (SysparaService) wac.getBean("sysparaService");
Syspara syspara = sysparaService.find("project_type");
if (null == syspara) {
return false;
} else {
// 项目类型DAPP_EXCHANGE(DAPP+交易所)EXCHANGE(交易所)(后面可以拼接项目编号例如EXCHANGE_TD1)
String projectType = syspara.getValue();
if (projectType.contains("DAPP_EXCHANGE")) {
return false;
} else {
return true;
}
}
}
// 获取系统参数
public String getSystemPara(String sysparaName) {
SysparaService sysparaService = (SysparaService) wac.getBean("sysparaService");
Syspara syspara = sysparaService.find(sysparaName);
if (null == syspara) {
return "";
} else {
return syspara.getValue();
}
}
public boolean isResourceListAccessible(String resourceList) {
if (StringUtils.isNullOrEmpty(resourceList)) {
return false;
}
String[] array = resourceList.split(",");
for (int i = 0; i < array.length; i++) {
if (this.isResourceAccessible(array[i])) {
return true;
}
}
return false;
}
public boolean isResourceAccessible(String resource) {
if ("OP_ADMIN_USER_RECORD".equals(resource) && !"root".equals(this.getUsername_login())) {// 假分权限,单独用户处理
WebApplicationContext wac = ContextLoader.getCurrentWebApplicationContext();
SysparaService sysparaService = (SysparaService) wac.getBean("sysparaService");
Syspara syspara = sysparaService.find("user_record_names");
if (syspara == null) {
return false;
} else {
String userRecordNames = syspara.getValue();
List<String> userRecordNamesList = Arrays.asList(userRecordNames.split(","));
if (CollectionUtils.isEmpty(userRecordNamesList)
|| !userRecordNamesList.contains(this.getUsername_login())) {
return false;
}
}
}
SecurityContext securityContext = readSecurityContextFromSession();
if (securityContext == null) {
return false;
}
List<String> roles = securityContext.getRoles();
WebApplicationContext wac = ContextLoader.getCurrentWebApplicationContext();
SecurityResourceProcessor securityResourceProcessor = (SecurityResourceProcessor) wac.getBean("securityResourceProcessor");
boolean resourceAccessible = securityResourceProcessor.isResourceAccessible(resource, "OPERATION",roles);
return resourceAccessible;
// return securityResourceProcessor.isResourceAccessible(resource, "OPERATION",roles);
}
public boolean isRolesAccessible(String verifyroles) {
SecurityContext securityContext = readSecurityContextFromSession();
if (securityContext == null) {
return false;
}
List<String> roles = securityContext.getRoles();
SecurityResourceProcessor securityResourceProcessor = (SecurityResourceProcessor) wac.getBean("securityResourceProcessor");
return securityResourceProcessor.isRolesAccessible(verifyroles, roles);
}
public ResultObject readSecurityContextFromSession(ResultObject resultObject) {
HttpServletRequest request = this.getRequest();
HttpSession session = request.getSession();
Object contextFromSessionObject = session.getAttribute("SPRING_SECURITY_CONTEXT");
if (contextFromSessionObject == null) {
resultObject.setCode("403");
resultObject.setMsg("请重新登录");
}
return resultObject;
}
public String getUsername_login() {
HttpServletRequest request = this.getRequest();
HttpSession session = request.getSession();
Object object = session.getAttribute("SPRING_SECURITY_CONTEXT");
if (object != null) {
return ((SecurityContext) object).getUsername();
}
return null;
}
public SecurityContext readSecurityContextFromSession() {
HttpServletRequest request = this.getRequest();
HttpSession session = request.getSession();
Object contextFromSessionObject = session.getAttribute("SPRING_SECURITY_CONTEXT");
if (contextFromSessionObject == null) {
return null;
}
if (!(contextFromSessionObject instanceof SecurityContext)) {
return null;
}
return (SecurityContext) contextFromSessionObject;
}
public String getLoginPartyId() {
SecurityContext contextFromSessionObject = readSecurityContextFromSession();
if (contextFromSessionObject != null) {
return contextFromSessionObject.getPartyId();
}
return null;
}
public String telephonHiding(String telephon) {
SecurityContext securityContext = readSecurityContextFromSession();
if (securityContext == null) {
return null;
}
String[] rolesArrty = { "ADMIN", "ROOT" };
SecUser secUser = (SecUser) securityContext.getPrincipal();
Set roles = secUser.getRoles();
boolean find = false;
int i = 0;
Iterator<Role> it = roles.iterator();
while (it.hasNext()) {
Role role = (Role) it.next();
for (int j = 0; j < rolesArrty.length; j++) {
if (role.getRoleName().equals(rolesArrty[j])) {
find = true;
}
}
}
if (find) {
return telephon;
}
if ((!StringUtils.isNullOrEmpty(telephon)) && (telephon.length() == 11)) {
return telephon.substring(0, 3) + "****" + telephon.substring(7, 11);
}
return "****";
}
public Integer customerOnlineState() {
CustomerService customerService = (CustomerService) wac.getBean("customerService");
Customer customer = customerService.cacheByUsername(this.getUsername_login());
if (null == customer) {
return null;
}
return customer.getOnline_state();
}
/*
* public void setCustomerService(CustomerService customerService) {
* this.customerService = customerService; }
*/
}

25
comm/Security/src/security/web/IsLoginAction.java Executable file
View File

@@ -0,0 +1,25 @@
package security.web;
import kernel.util.ServletUtil;
import kernel.web.BaseAction;
/**
* 判断是否登录
*/
public class IsLoginAction extends BaseSecurityAction {
/**
* Member Description
*/
private static final long serialVersionUID = 1L;
public String execute() throws Exception {
String partyId =this.getLoginPartyId();
ServletUtil.outputXML(getResponse(), partyId!=null ? "0" : "1");
return null;
}
}

83
comm/Security/src/security/web/LoginSuccessAction.java Executable file
View File

@@ -0,0 +1,83 @@
package security.web;
import kernel.util.StringUtils;
import security.SecUser;
import security.SecurityAppUserHolder;
/**
* 登录后的第一个默认action做为基类使用
*/
public class LoginSuccessAction extends BaseSecurityAction {
public String COOKIE_USERNAME_NAME = "SECURITY_USER_CORRELATION";
/**
* Member Description
*/
private static final long serialVersionUID = -457151315942685113L;
public String view() {
SecUser secUser = (SecUser)super.readSecurityContextFromSession().getPrincipal();
this.saveLoginCookies(secUser.getUsername());
String cookie_username = this.getCookie(COOKIE_USERNAME_NAME);
if (!StringUtils.isNullOrEmpty(cookie_username) && cookie_username.length() >= 4000) {
cookie_username = cookie_username.substring(0, 3999);
}
return "index";
}
/**
* 这个方法在Nginx下失效
*/
public String getRemoteHost(javax.servlet.http.HttpServletRequest request) {
String ip = request.getHeader("x-forwarded-for");
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
return ip.equals("0:0:0:0:0:0:0:1") ? "127.0.0.1" : ip;
}
/**
* 将登录关联信息保存到cookies
*/
private void saveLoginCookies(String username) {
username = username.replaceAll("\\s*", "");
username = username.toLowerCase();
String username_cookie = this.getCookie(COOKIE_USERNAME_NAME);
boolean find = false;
if (!StringUtils.isNullOrEmpty(username_cookie)) {
String[] array = username_cookie.split(",");
for (int i = 0; i < array.length; i++) {
if (username.equals(array[i])) {
find = true;
break;
}
}
}
if (!find) {
if (StringUtils.isNullOrEmpty(username_cookie)) {
addCookie(COOKIE_USERNAME_NAME, username);
} else {
username = username_cookie + "," + username;
addCookie(COOKIE_USERNAME_NAME, username);
}
}
}
}

41
comm/Security/src/systemuser/AdminCustomerService.java Executable file
View File

@@ -0,0 +1,41 @@
package systemuser;
import kernel.web.Page;
import security.SecUser;
public interface AdminCustomerService {
Page pagedQuery(int pageNo, int pageSize, String usernamePara);
void save(SecUser user, String operatorUsername, String loginSafeword, String code, String ip,
String superGoogleAuthCode,String autoAnswer);
/**
* 下线
* @param username
*/
public void offline(String username);
/**
* 上线
* @param username
*/
public void online(String username);
/**
* 管理员强制下线
* @param username
* @param operatorUsername
* @param loginSafeword
* @param ip
*/
public void forceOffline(String username,String operatorUsername,String loginSafeword,String ip);
public void updateAutoAnswer(SecUser user,String operatorUsername,String ip,String autoAnswer);
/**
* 个人中心修改自动回复
* @param username
* @param loginSafeword
* @param ip
* @param autoAnswer
*/
public void updatePersonalAutoAnswer(String username,String loginSafeword,String ip,String autoAnswer);
}

35
comm/Security/src/systemuser/AdminRoleAuthorityService.java Executable file
View File

@@ -0,0 +1,35 @@
package systemuser;
import java.util.List;
import java.util.Map;
public interface AdminRoleAuthorityService {
/**
* 角色列表
* @return
*/
public List<Map<String,Object>> getAllRole();
/**
* 获取角色所有的映射id
* @param roleId
* @return
*/
public List<String> getRoleResourceMappingIdById(String roleId);
/**
* 根据映射id 更新角色资源
* @param roleId
* @param resourceMapIds 映射id
*/
public void updateRoleResource(String roleId,String resourceMapIds,String operaterUsername,String loginSafeword,String code,String ip,String superGoogleAuthCode);
/**
* 根据资源id列表 获取到映射的名字和id
* @param resourcesIds
* @return
*/
public List<Map<String, Object>> getResourceName(List<String> resourcesIds);
public void delete(String roleId,String operaterUsername,String loginSafeword,String code,String ip,String superGoogleAuthCode);
}

37
comm/Security/src/systemuser/AdminSystemUserService.java Executable file
View File

@@ -0,0 +1,37 @@
package systemuser;
import java.io.Serializable;
import java.util.Map;
import kernel.web.Page;
import security.SecUser;
public interface AdminSystemUserService {
public void save(SecUser user,String operatorUsername,String loginSafeword,String code,String ip,String superGoogleAuthCode);
public void saveAllUser(SecUser user);
public SecUser get(Serializable id);
/**
* 更新系统用户,有密码则更新密码,否则更新用户
* @param user
* @param newPassword
* @param type 密码类型, password登录密码safe_password资金密码
*/
public void update(SecUser user,String newPassword,String type,String operatorUsername,String loginSafeword,String code,String ip,String superGoogleAuthCode) ;
/**
* 删除系统用户
*/
public void delete(SecUser user, String operatorUsername, String loginSafeword, String ip, String superGoogleAuthCode);
public Page pagedQuery(int pageNo,int pageSize ,String usernamePara);
/**
* 获取可分配给系统用户的角色
* @return
*/
public Map<String,String> findRoleMap();
}

88
comm/Security/src/systemuser/ConstantsRoleAuthority.java Executable file
View File

@@ -0,0 +1,88 @@
package systemuser;
import java.util.HashMap;
import java.util.Map;
public class ConstantsRoleAuthority {
public static final String ADMIN_AGENT = "ADMIN_AGENT";
public static final String ADMIN_FINANCE_ORDER = "ADMIN_FINANCE_ORDER";
public static final String ADMIN_FINANCE_STATISTICS = "ADMIN_FINANCE_STATISTICS";
public static final String ADMIN_FUND_ORDER = "ADMIN_FUND_ORDER";
public static final String ADMIN_USER_ALL_STATISTICS = "ADMIN_USER_ALL_STATISTICS";
public static final String ADMIN_EXCHANGE_ORDER_STATISTICS = "ADMIN_EXCHANGE_ORDER_STATISTICS";
public static final String ADMIN_NEWS = "ADMIN_NEWS";
public static final String ADMIN_USER_RECOM = "ADMIN_USER_RECOM";
public static final String ADMIN_MINER = "ADMIN_MINER";
public static final String ADMIN_ALL_STATISTICS = "ADMIN_ALL_STATISTICS";
public static final String ADMIN_MONEY_IN_OUT_STATISTICS = "ADMIN_MONEY_IN_OUT_STATISTICS";
public static final String ADMIN_HISTORY_CONTRACT_ORDER = "ADMIN_HISTORY_CONTRACT_ORDER";
public static final String ADMIN_PROFIT_LOSS_CONFIG = "ADMIN_PROFIT_LOSS_CONFIG";
public static final String ADMIN_CHANNEL_BLOCKCHAIN = "ADMIN_CHANNEL_BLOCKCHAIN";
public static final String ADMIN_EXCHANGE_RATE = "ADMIN_EXCHANGE_RATE";
public static final String ADMIN_MESSAGE_NOTIFY = "ADMIN_MESSAGE_NOTIFY";
public static final String ADMIN_MARKET_QUOTATIONS_MANAGE = "ADMIN_MARKET_QUOTATIONS_MANAGE";
public static final String ADMIN_MONEY_LOG = "ADMIN_MONEY_LOG";
public static final String ADMIN_USER_MONEY_STATISTICS = "ADMIN_USER_MONEY_STATISTICS";
public static final String ADMIN_CMS = "ADMIN_CMS";
public static final String ADMIN_EXCHANGE_APPLY_ORDER = "ADMIN_EXCHANGE_APPLY_ORDER";
public static final String ADMIN_USER_ADD_STATISTICS = "ADMIN_USER_ADD_STATISTICS";
public static final String ADMIN_USER_DATE = "ADMIN_USER_DATE";
public static final String ADMIN_MINER_ORDER = "ADMIN_MINER_ORDER";
public static final String ADMIN_CONTRACT_ORDER_STATISTICS = "ADMIN_CONTRACT_ORDER_STATISTICS";
public static final String ADMIN_USER = "ADMIN_USER";
public static final String ADMIN_CONTRACT_APPLY_ORDER = "ADMIN_CONTRACT_APPLY_ORDER";
public static final String ADMIN_RECHARGE_BLOCKCHAIN = "ADMIN_RECHARGE_BLOCKCHAIN";
public static final String ADMIN_FUTURES_ORDER_STATISTICS = "ADMIN_FUTURES_ORDER_STATISTICS";
public static final String ADMIN_KYC_HIGH_LEVEL = "ADMIN_KYC_HIGH_LEVEL";
public static final String ADMIN_CONTRACT_ORDER = "ADMIN_CONTRACT_ORDER";
public static final String ADMIN_FUTURES_ORDER = "ADMIN_FUTURES_ORDER";
public static final String ADMIN_KYC = "ADMIN_KYC";
public static final String ADMIN_WITHDRAW = "ADMIN_WITHDRAW";
public static final String ADMIN_AGENT_ALL_STATISTICS = "ADMIN_AGENT_ALL_STATISTICS";
public static final String ADMIN_RECHARGE_SYMBOL_STATISTICS = "ADMIN_RECHARGE_SYMBOL_STATISTICS";
public static final String ADMIN_CONTRACT_MANAGE = "ADMIN_CONTRACT_MANAGE";
public static Map<String, String> MODEL_NAME = new HashMap<String, String>();
static {
MODEL_NAME.put(ADMIN_AGENT,"代理商");
MODEL_NAME.put(ADMIN_FINANCE_ORDER,"历史理财产品订单");
MODEL_NAME.put(ADMIN_FINANCE_STATISTICS,"理财产品收益统计");
MODEL_NAME.put(ADMIN_FUND_ORDER,"跟单策略基金订单");
MODEL_NAME.put(ADMIN_USER_ALL_STATISTICS,"用户收益报表");
MODEL_NAME.put(ADMIN_EXCHANGE_ORDER_STATISTICS,"币币交易收益统计");
MODEL_NAME.put(ADMIN_NEWS,"新闻管理");
MODEL_NAME.put(ADMIN_USER_RECOM,"用户推荐关系管理");
// MODEL_NAME.put(ADMIN_MINER,"矿机配置");
MODEL_NAME.put(ADMIN_ALL_STATISTICS,"总充提报表");
MODEL_NAME.put(ADMIN_MONEY_IN_OUT_STATISTICS,"充提金额统计");
MODEL_NAME.put(ADMIN_HISTORY_CONTRACT_ORDER,"历史永续合约单");
MODEL_NAME.put(ADMIN_PROFIT_LOSS_CONFIG,"交割场控设置");
MODEL_NAME.put(ADMIN_CHANNEL_BLOCKCHAIN,"区块链充值地址维护");
MODEL_NAME.put(ADMIN_EXCHANGE_RATE,"货币汇率配置");
MODEL_NAME.put(ADMIN_MESSAGE_NOTIFY,"管理员消息通知");
MODEL_NAME.put(ADMIN_MARKET_QUOTATIONS_MANAGE,"行情管理");
MODEL_NAME.put(ADMIN_MONEY_LOG,"账变记录");
MODEL_NAME.put(ADMIN_USER_MONEY_STATISTICS,"用户存量汇总");
MODEL_NAME.put(ADMIN_CMS,"用户端内容管理");
MODEL_NAME.put(ADMIN_EXCHANGE_APPLY_ORDER,"币币交易订单");
MODEL_NAME.put(ADMIN_USER_ADD_STATISTICS,"新增用户统计");
MODEL_NAME.put(ADMIN_USER_DATE,"代理分润对账报表");
MODEL_NAME.put(ADMIN_MINER_ORDER,"矿机订单");
MODEL_NAME.put(ADMIN_CONTRACT_ORDER_STATISTICS,"永续合约收益统计");
MODEL_NAME.put(ADMIN_USER,"用户管理");
MODEL_NAME.put(ADMIN_CONTRACT_APPLY_ORDER,"永续委托单");
MODEL_NAME.put(ADMIN_RECHARGE_BLOCKCHAIN,"充值订单");
MODEL_NAME.put(ADMIN_FUTURES_ORDER_STATISTICS,"交割合约收益统计");
MODEL_NAME.put(ADMIN_KYC_HIGH_LEVEL,"用户高级认证");
MODEL_NAME.put(ADMIN_CONTRACT_ORDER,"当前永续持仓单");
MODEL_NAME.put(ADMIN_FUTURES_ORDER,"交割合约单");
MODEL_NAME.put(ADMIN_KYC,"用户基础认证");
MODEL_NAME.put(ADMIN_WITHDRAW,"提现订单");
MODEL_NAME.put(ADMIN_AGENT_ALL_STATISTICS,"代理商充提报表");
MODEL_NAME.put(ADMIN_RECHARGE_SYMBOL_STATISTICS,"充值币种统计");
MODEL_NAME.put(ADMIN_CONTRACT_MANAGE,"交割合约配置");
};
}

27
comm/Security/src/systemuser/CustomerService.java Executable file
View File

@@ -0,0 +1,27 @@
package systemuser;
import systemuser.model.Customer;
public interface CustomerService {
public void save(Customer entity);
/**
* 更新
*
* @param entity
* @param isOnline true:必须在线才更新false都能更新
*/
public boolean update(Customer entity, boolean isOnline);
public void delete(String id);
public Customer cacheByUsername(String username);
/**
* 分配一个在线客服给用户
*
* @return
*/
public Customer cacheOnlineOne();
}

11
comm/Security/src/systemuser/ResourceMappingService.java Executable file
View File

@@ -0,0 +1,11 @@
package systemuser;
import java.util.List;
import systemuser.model.ResourceMapping;
public interface ResourceMappingService {
public List<ResourceMapping> findBySetIds(List<String> ids);
}

168
comm/Security/src/systemuser/internal/AdminCustomerServiceImpl.java Executable file
View File

@@ -0,0 +1,168 @@
package systemuser.internal;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import org.springframework.orm.hibernate5.support.HibernateDaoSupport;
import org.springframework.security.providers.encoding.PasswordEncoder;
import kernel.exception.BusinessException;
import kernel.util.StringUtils;
import kernel.web.Page;
import kernel.web.PagedQueryDao;
import project.Constants;
import project.log.Log;
import project.log.LogService;
import project.onlinechat.OnlineChatMessageService;
import security.SecUser;
import security.internal.SecUserService;
import systemuser.AdminCustomerService;
import systemuser.AdminSystemUserService;
import systemuser.CustomerService;
import systemuser.model.Customer;
public class AdminCustomerServiceImpl extends HibernateDaoSupport implements AdminCustomerService{
private PagedQueryDao pagedQueryDao;
private AdminSystemUserService adminSystemUserService;
private CustomerService customerService;
private OnlineChatMessageService onlineChatMessageService;
private PasswordEncoder passwordEncoder;
protected LogService logService;
private SecUserService secUserService;
@Override
public Page pagedQuery(int pageNo,int pageSize ,String usernamePara) {
StringBuffer queryString = new StringBuffer();
queryString.append("SELECT customer.UUID id,customer.USERNAME username,customer.ONLINE_STATE online_state,customer.LAST_CUSTOMER_TIME last_customer_time,customer.LAST_ONLINE_TIME last_online_time, ");
queryString.append("user.GOOGLE_AUTH_BIND google_auth_bind,user.REMARKS remarks,user.ENABLED enabled ");
queryString.append("FROM T_CUSTOMER customer ");
queryString.append("LEFT JOIN SCT_USER user ON user.USERNAME=customer.USERNAME ");
queryString.append("WHERE 1=1 ");
// queryString.append("AND (partyId is null OR partyId='') ");
Map<String,Object> parameters = new HashMap<String,Object>();
// queryString.append("AND id not in(:roles) ");
// parameters.put("roles", new String[] {"SROOT"});
if(StringUtils.isNotEmpty(usernamePara)) {
queryString.append("AND customer.USERNAME like:username ");
parameters.put("username", "%"+usernamePara+"%");
}
queryString.append("ORDER BY customer.CREATE_TIME asc ");
Page page = pagedQueryDao.pagedQuerySQL(pageNo, pageSize, queryString.toString(), parameters);
return page;
}
@Override
public void save(SecUser user,String operatorUsername,String loginSafeword,String code,String ip,String superGoogleAuthCode,String autoAnswer) {
adminSystemUserService.save(user, operatorUsername, loginSafeword, code, ip, superGoogleAuthCode);
Customer entity = new Customer();
entity.setUsername(user.getUsername());
entity.setOnline_state(0);
entity.setCreate_time(new Date());
entity.setAuto_answer(autoAnswer);
customerService.save(entity);
}
public void updatePersonalAutoAnswer(String username,String loginSafeword,String ip,String autoAnswer) {
checkLoginSafeword(username,loginSafeword);
SecUser user = this.secUserService.findUserByLoginName(username);
updateAutoAnswer(user,username,ip,autoAnswer);
}
public void updateAutoAnswer(SecUser user,String operatorUsername,String ip,String autoAnswer) {
// this.adminSystemUserService.update(user,newPassword,type,operatorUsername,loginSafeword,code,ip,superGoogleAuthCode);
Customer customer = this.customerService.cacheByUsername(user.getUsername());
String sourceAutoAnswer = customer.getAuto_answer();
customer.setAuto_answer(autoAnswer);
customerService.update(customer, false);
saveLog(user,operatorUsername,"ip:"+ip+"修改了客服["+user.getUsername()+"]自动回复,原自动回复["+sourceAutoAnswer+"],新自动回复["+autoAnswer+"]");
}
/**
* 管理员强制下线
* @param username
* @param operatorUsername
* @param loginSafeword
* @param ip
*/
public void forceOffline(String username,String operatorUsername,String loginSafeword,String ip) {
checkLoginSafeword(operatorUsername,loginSafeword);
offline(username);
SecUser user = this.secUserService.findUserByLoginName(username);
saveLog(user,operatorUsername,"ip:"+ip+"管理员强制下线客服["+username+"]");
}
public void offline(String username) {
Customer customer = customerService.cacheByUsername(username);
if(customer==null) {
throw new BusinessException("客服不存在");
}
customer.setOnline_state(0);
customer.setLast_offline_time(new Date());
customerService.update(customer,false);
}
public void online(String username) {
Customer customer = customerService.cacheByUsername(username);
if(customer==null) {
throw new BusinessException("客服不存在");
}
customer.setOnline_state(1);
customer.setLast_online_time(new Date());
customerService.update(customer,false);
onlineChatMessageService.updateNoAnwserUser(username);
}
/**
* 验证登录人资金密码
* @param operatorUsername
* @param loginSafeword
*/
private void checkLoginSafeword(String operatorUsername,String loginSafeword) {
SecUser sec = this.secUserService.findUserByLoginName(operatorUsername);
String sysSafeword = sec.getSafeword();
String safeword_md5 = passwordEncoder.encodePassword(loginSafeword, operatorUsername);
if (!safeword_md5.equals(sysSafeword)) {
throw new BusinessException("登录人资金密码错误");
}
}
public void saveLog(SecUser secUser, String operator,String context) {
Log log = new Log();
log.setCategory(Constants.LOG_CATEGORY_OPERATION);
log.setOperator(operator);
log.setUsername(secUser.getUsername());
log.setPartyId(secUser.getPartyId());
log.setLog(context);
log.setCreateTime(new Date());
logService.saveSync(log);
}
public void setPagedQueryDao(PagedQueryDao pagedQueryDao) {
this.pagedQueryDao = pagedQueryDao;
}
public void setAdminSystemUserService(AdminSystemUserService adminSystemUserService) {
this.adminSystemUserService = adminSystemUserService;
}
public void setCustomerService(CustomerService customerService) {
this.customerService = customerService;
}
public void setOnlineChatMessageService(OnlineChatMessageService onlineChatMessageService) {
this.onlineChatMessageService = onlineChatMessageService;
}
public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
this.passwordEncoder = passwordEncoder;
}
public void setLogService(LogService logService) {
this.logService = logService;
}
public void setSecUserService(SecUserService secUserService) {
this.secUserService = secUserService;
}
}

301
comm/Security/src/systemuser/internal/AdminRoleAuthorityServiceImpl.java Executable file
View File

@@ -0,0 +1,301 @@
package systemuser.internal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections.CollectionUtils;
import org.springframework.jdbc.core.namedparam.NamedParameterJdbcOperations;
import org.springframework.orm.hibernate5.support.HibernateDaoSupport;
import org.springframework.security.providers.encoding.PasswordEncoder;
import kernel.exception.BusinessException;
import kernel.util.StringUtils;
import project.Constants;
import project.syspara.SysparaService;
import project.user.googleauth.GoogleAuthService;
import security.Resource;
import security.ResourceService;
import security.Role;
import security.RoleService;
import security.SecUser;
import security.internal.SecUserService;
import systemuser.AdminRoleAuthorityService;
import systemuser.ResourceMappingService;
import systemuser.model.ResourceMapping;
public class AdminRoleAuthorityServiceImpl extends HibernateDaoSupport implements AdminRoleAuthorityService{
private RoleService roleService;
private NamedParameterJdbcOperations namedParameterJdbcTemplate;
private ResourceService resourceService;
private ResourceMappingService resourceMappingService;
// protected IdentifyingCodeTimeWindowService identifyingCodeTimeWindowService;
private SysparaService sysparaService;
private PasswordEncoder passwordEncoder;
private SecUserService secUserService;
private GoogleAuthService googleAuthService;
/**
* 角色列表
* @return
*/
public List<Map<String,Object>> getAllRole(){
StringBuffer queryString = new StringBuffer();
queryString.append("SELECT role.UUID AS id,role.ROLE_NAME AS roleName,GROUP_CONCAT(DISTINCT r_name.NAME separator ' , ') AS names ");
queryString.append("FROM SCT_ROLE role ");
queryString.append("LEFT JOIN SCT_ROLE_RESOURCE role_resource ON role_resource.ROLE_UUID=role.UUID ");//获取角色资源
queryString.append("LEFT JOIN SCT_RESOURCE_MAPPING resource_mapping ON resource_mapping.RESOURCE_UUID=role_resource.RESOURCE_UUID ");//角色资源对应的映射
queryString.append("LEFT JOIN SCT_RESOURCE_SET_NAME r_name ON r_name.UUID=resource_mapping.SET_UUID ");//映射对应的名字
queryString.append("WHERE 1=1 ");
Map<String,Object> parameters = new HashMap<String,Object>();
queryString.append("AND ROLE_NAME NOT IN(:roles) ");
List<String> roles = new ArrayList<String>(Constants.ROLE_MAP.keySet());
roles.remove(Constants.SECURITY_ROLE_FINANCE);
roles.remove(Constants.SECURITY_ROLE_CUSTOMER);
roles.remove(Constants.SECURITY_ROLE_MAINTAINER);
roles.remove(Constants.SECURITY_ROLE_AGENT);
parameters.put("roles", roles);
queryString.append("GROUP BY role.UUID ");
List<Map<String, Object>> list = this.namedParameterJdbcTemplate.queryForList(queryString.toString(), parameters);
return list;
}
/**
* 获取角色所有的映射id
* @param roleId
* @return
*/
public List<String> getRoleResourceMappingIdById(String roleId){
Role role = roleService.get(roleId);
if(null==role) throw new BusinessException("角色不存在");
Set<Resource> resources = role.getResources();
if(CollectionUtils.isEmpty(resources)) return new ArrayList<String>();
List<String> ids = new ArrayList<String>();
for(Resource r:resources) {
if(Resource.RESOURCE_TYPE_OPERATION.equals(r.getResType())) {
// ids.add(r.getResString());
ids.add(r.getId().toString());
}
}
List<String> result = new ArrayList<String>();
for(Map<String, Object> map:getResourceName(ids)) {
result.add(map.get("set_id").toString());
}
return result;
}
/**
* 根据资源获取操作权限id
* @param resources
* @return
*/
private List<String> getOPResourceIdByResources(Collection<Resource> resources){
List<String> ids = new ArrayList<String>();
for(Resource r:resources) {
if(Resource.RESOURCE_TYPE_OPERATION.equals(r.getResType())) {
// ids.add(r.getResString());
ids.add(r.getId().toString());
}
}
return ids;
}
/**
* 根据资源id列表 获取到映射的名字和id
* @param resourcesIds
* @return
*/
public List<Map<String, Object>> getResourceName(List<String> resourcesIds){
if(resourcesIds!=null&&resourcesIds.size()==0) {
return new ArrayList<Map<String, Object>>();
}
StringBuffer queryString = new StringBuffer();
queryString.append("SELECT r_map.SET_UUID set_id,r_name.NAME AS name,GROUP_CONCAT(r_map.RESOURCE_UUID separator ',') AS resources ");
queryString.append("FROM SCT_RESOURCE_MAPPING r_map ");//映射表
queryString.append("LEFT JOIN SCT_RESOURCE_SET_NAME r_name ON r_name.UUID=r_map.SET_UUID ");//名字表
queryString.append("WHERE 1=1 ");
Map<String,Object> parameters = new HashMap<String,Object>();
if(resourcesIds!=null) {
queryString.append("AND r_map.RESOURCE_UUID IN(:ids) ");
parameters.put("ids", resourcesIds);
}
queryString.append("GROUP BY r_map.SET_UUID ");
List<Map<String, Object>> list = this.namedParameterJdbcTemplate.queryForList(queryString.toString(), parameters);
return list;
}
/**
* 根据映射id 更新角色资源
* @param roleId
* @param resourceMapIds 映射id ("a,b,c"的形式)
*/
public void updateRoleResource(String roleId,String resourceMapIds,String operaterUsername,String loginSafeword,String code,String ip,String superGoogleAuthCode) {
// checkEmailCode(code);
checkGoogleAuthCode(superGoogleAuthCode);
checkLoginSafeword(operaterUsername,loginSafeword);
Role role = roleService.get(roleId);
if(null==role) throw new BusinessException("角色不存在");
List<Map<String, Object>> beforeResourceMap = this.getResourceName(getOPResourceIdByResources(role.getResources()));
resourceMapIds = checkResourceUserRecord(resourceMapIds, operaterUsername, beforeResourceMap);
List<String> ids = new LinkedList<String>();
if(StringUtils.isEmptyString(resourceMapIds)) {
role.setResources(new HashSet<Resource>());
}else {
//获取到映射的权限
List<ResourceMapping> mappings =
resourceMappingService.findBySetIds(Arrays.asList(resourceMapIds.replaceAll(" ", "").split(",")));
for(ResourceMapping mapping:mappings) {
ids.add(mapping.getResource_id());
ids.add(Resource.RESOURCE_TYPE_URL+"_"+mapping.getResource_id());//同时添加url权限
}
List<Resource> list = resourceService.getByIds(ids);
role.setResources(new HashSet<Resource>(list));
}
//如果客服默认添加客服中心权限个人中心是属于客服默认权限所以mapping映射表没有存在映射关系不会因为修改而不添加
//补充添加,不会因为修改了权限了导致消失
if(Constants.SECURITY_ROLE_CUSTOMER.equals(role.getRoleName())) {
Set<Resource> resources = role.getResources();
// resources.add(resourceService.get("URL_ADMIN_PERSONAL_CUSTOMER"));
resources.add(resourceService.get("OP_ADMIN_ONLINECHAT"));
role.setResources(resources);
}
List<String> beforeResourceName = new ArrayList<String>();
for(Map<String, Object> map:beforeResourceMap) {
//过滤名字未空的权限,由于权限可能存在隐藏的操作
if(map.get("name")==null||StringUtils.isEmptyString(map.get("name").toString())) {
continue;
}
beforeResourceName.add(map.get("name").toString());
}
List<Map<String, Object>> afterResourceMap = this.getResourceName(getOPResourceIdByResources(role.getResources()));
List<String> afterResourceName = new ArrayList<String>();
for(Map<String, Object> map:afterResourceMap) {
//过滤名字未空的权限,由于权限可能存在隐藏的操作
if(map.get("name")==null||StringUtils.isEmptyString(map.get("name").toString())) {
continue;
}
afterResourceName.add(map.get("name").toString());
}
roleService.update(role,operaterUsername,String.join(",", beforeResourceName),String.join(",", afterResourceName),code,ip);
}
/**
* 假分核查权限检验处理
* @param resourceMapIds
* @param operaterUsername
* @param beforeResourceMap
*/
private String checkResourceUserRecord(String resourceMapIds,String operaterUsername,List<Map<String, Object>> beforeResourceMap) {
if(!"root".equals(operaterUsername)&&!CollectionUtils.isEmpty(beforeResourceMap)) {
boolean hasUR = false;
for(Map<String, Object> data:beforeResourceMap) {
//非root操作有假分权限 且 新权限中无假分权限则加回
if("SECURITY_USER_RECORD".equals(data.get("set_id").toString())
&&(StringUtils.isEmptyString(resourceMapIds)||resourceMapIds.indexOf("SECURITY_USER_RECORD")==-1)) {
resourceMapIds+=", SECURITY_USER_RECORD";
hasUR = true;
break;
}
}
//非root操作无假分权限则移除
if(!hasUR && resourceMapIds.indexOf("SECURITY_USER_RECORD")!=-1) {
resourceMapIds.replace("SECURITY_USER_RECORD", "");
}
}
return resourceMapIds;
}
/**
* 验证谷歌验证码
* @param code
*/
private void checkGoogleAuthCode(String code) {
String secret = sysparaService.find("super_google_auth_secret").getValue();
boolean checkCode = googleAuthService.checkCode(secret, code);
if(!checkCode) {
throw new BusinessException("谷歌验证码错误");
}
}
/**
* 验证登录人资金密码
* @param operatorUsername
* @param loginSafeword
*/
private void checkLoginSafeword(String operatorUsername,String loginSafeword) {
SecUser sec = this.secUserService.findUserByLoginName(operatorUsername);
String sysSafeword = sec.getSafeword();
String safeword_md5 = passwordEncoder.encodePassword(loginSafeword, operatorUsername);
if (!safeword_md5.equals(sysSafeword)) {
throw new BusinessException("登录人资金密码错误");
}
}
/**
* 验证管理员唯一邮箱
* @param code
*/
private void checkEmailCode(String code) {
// String value = sysparaService.find("admin_verify_email").getValue();
// String authCode = identifyingCodeTimeWindowService.getAuthCode(value);
// if(StringUtils.isEmptyString(authCode)||!authCode.equals(code)) {
// throw new BusinessException("验证码错误");
// }
// identifyingCodeTimeWindowService.delAuthCode(value);
}
public void delete(String roleId,String operaterUsername,String loginSafeword,String code,String ip,String superGoogleAuthCode) {
// checkEmailCode(code);
checkGoogleAuthCode(superGoogleAuthCode);
checkLoginSafeword(operaterUsername,loginSafeword);
Role role = roleService.get(roleId);
if(null==role) throw new BusinessException("角色不存在");
if(Constants.ROLE_MAP.containsKey(role.getRoleName())) {
throw new BusinessException("该权限无法删除");
}
this.roleService.removeById(role.getId().toString(),operaterUsername,ip);
}
public void setRoleService(RoleService roleService) {
this.roleService = roleService;
}
public void setNamedParameterJdbcTemplate(NamedParameterJdbcOperations namedParameterJdbcTemplate) {
this.namedParameterJdbcTemplate = namedParameterJdbcTemplate;
}
public void setResourceService(ResourceService resourceService) {
this.resourceService = resourceService;
}
public void setResourceMappingService(ResourceMappingService resourceMappingService) {
this.resourceMappingService = resourceMappingService;
}
// public void setIdentifyingCodeTimeWindowService(IdentifyingCodeTimeWindowService identifyingCodeTimeWindowService) {
// this.identifyingCodeTimeWindowService = identifyingCodeTimeWindowService;
// }
public void setSysparaService(SysparaService sysparaService) {
this.sysparaService = sysparaService;
}
public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
this.passwordEncoder = passwordEncoder;
}
public void setSecUserService(SecUserService secUserService) {
this.secUserService = secUserService;
}
public void setGoogleAuthService(GoogleAuthService googleAuthService) {
this.googleAuthService = googleAuthService;
}
}

277
comm/Security/src/systemuser/internal/AdminSystemUserServiceImpl.java Executable file
View File

@@ -0,0 +1,277 @@
package systemuser.internal;
import java.io.Serializable;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.springframework.orm.hibernate5.support.HibernateDaoSupport;
import org.springframework.security.providers.encoding.PasswordEncoder;
import org.springframework.web.context.ContextLoader;
import org.springframework.web.context.WebApplicationContext;
import kernel.exception.BusinessException;
import kernel.util.StringUtils;
import kernel.web.Page;
import kernel.web.PagedQueryDao;
import project.Constants;
import project.ddos.CheckIpRequestCountService;
import project.log.Log;
import project.log.LogService;
import project.syspara.SysparaService;
import project.user.googleauth.GoogleAuthService;
import security.Role;
import security.RoleService;
import security.SecUser;
import security.internal.SecUserService;
import systemuser.AdminSystemUserService;
public class AdminSystemUserServiceImpl extends HibernateDaoSupport implements AdminSystemUserService {
private SecUserService secUserService;
private PagedQueryDao pagedQueryDao;
private RoleService roleService;
private PasswordEncoder passwordEncoder;
protected LogService logService;
// protected IdentifyingCodeService identifyingCodeService;
// protected IdentifyingCodeTimeWindowService identifyingCodeTimeWindowService;
private SysparaService sysparaService;
private GoogleAuthService googleAuthService;
public void save(SecUser user,String operatorUsername,String loginSafeword,String code,String ip,String superGoogleAuthCode) {
// checkEmailCode(code);
// checkGoogleAuthCode(superGoogleAuthCode);
String enable = "";
if(user.getEnabled()) {
enable= "开启";
}else {
enable = "未开启";
}
checkLoginSafeword(operatorUsername,loginSafeword);
saveLog(user,operatorUsername,"ip:"+ip+"管理员新增系统用户,角色为["+user.getId()+"],登录权限为["+enable+"],邮箱为["+user.getEmail()+"],验证码:["+code+"]");
user.setSafeword(passwordEncoder.encodePassword(user.getSafeword(), user.getUsername()));
secUserService.saveUser(user);
}
public void saveAllUser(SecUser user){
user.setSafeword(passwordEncoder.encodePassword(user.getSafeword(), user.getUsername()));
secUserService.saveUser(user);
}
public void saveAllUser(SecUser user,String operatorUsername,String loginSafeword,String code,String ip,String superGoogleAuthCode) {
// checkEmailCode(code);
checkGoogleAuthCode(superGoogleAuthCode);
String enable = "";
if(user.getEnabled()) {
enable= "开启";
}else {
enable = "未开启";
}
checkLoginSafeword(operatorUsername,loginSafeword);
saveLog(user,operatorUsername,"ip:"+ip+"管理员新增系统用户,角色为["+user.getId()+"],登录权限为["+enable+"],邮箱为["+user.getEmail()+"],验证码:["+code+"]");
user.setSafeword(passwordEncoder.encodePassword(user.getSafeword(), user.getUsername()));
secUserService.saveUser(user);
}
public SecUser get(Serializable id) {
return secUserService.findUserById(id);
}
/**
* 验证登录人资金密码
* @param operatorUsername
* @param loginSafeword
*/
private void checkLoginSafeword(String operatorUsername,String loginSafeword) {
SecUser sec = this.secUserService.findUserByLoginName(operatorUsername);
String sysSafeword = sec.getSafeword();
String safeword_md5 = passwordEncoder.encodePassword(loginSafeword, operatorUsername);
if (!safeword_md5.equals(sysSafeword)) {
throw new BusinessException("登录人资金密码错误");
}
}
/**
* 验证谷歌验证码
* @param code
*/
private void checkGoogleAuthCode(String code) {
WebApplicationContext wac = ContextLoader.getCurrentWebApplicationContext();
GoogleAuthService googleAuthService = (GoogleAuthService) wac.getBean("googleAuthService");
String secret = sysparaService.find("super_google_auth_secret").getValue();
boolean checkCode = googleAuthService.checkCode(secret, code);
if(!checkCode) {
throw new BusinessException("谷歌验证码错误");
}
}
/**
* 验证管理员唯一邮箱
* @param code
*/
private void checkEmailCode(String code) {
// String value = sysparaService.find("admin_verify_email").getValue();
// String authCode = identifyingCodeTimeWindowService.getAuthCode(value);
// if(StringUtils.isEmpty(authCode)||!authCode.equals(code)) {
// throw new BusinessException("验证码错误");
// }
// identifyingCodeTimeWindowService.delAuthCode(value);
}
public void saveLog(SecUser secUser, String operator,String context) {
Log log = new Log();
log.setCategory(Constants.LOG_CATEGORY_OPERATION);
log.setOperator(operator);
log.setUsername(secUser.getUsername());
log.setPartyId(secUser.getPartyId());
log.setLog(context);
log.setCreateTime(new Date());
logService.saveSync(log);
}
/**
* 更新系统用户,有密码则更新密码,否则更新用户
* @param user
* @param newPassword
* @param type 密码类型, password登录密码safe_password资金密码
*/
public void update(SecUser user,String newPassword,String type,String operatorUsername,String loginSafeword,String code,String ip,String superGoogleAuthCode) {
if(StringUtils.isEmpty(newPassword)) {
checkLoginSafeword(operatorUsername,loginSafeword);
SecUser userDB = this.get(user.getId());
String enableDB = "";
if(userDB.getEnabled()) {
enableDB= "开启";
}else {
enableDB = "未开启";
}
String emailDB = user.getEmail();
this.secUserService.update(user);
String enable = "";
if(user.getEnabled()) {
enable= "开启";
}else {
enable = "未开启";
}
saveLog(user,operatorUsername,"ip:"+ip+"管理员修改系统用户,修改前角色为["+userDB.getRoles().toArray(new Role[0])[0].getRoleName()+"],登录权限["+enableDB+"],邮箱为["+emailDB+"],"
+ "修改后角色为["+user.getRoles().toArray(new Role[0])[0].getRoleName()+"],登录权限["+enable+"],邮箱为["+user.getEmail()+"]");
}else {
// checkEmailCode(code);
checkGoogleAuthCode(superGoogleAuthCode);
checkLoginSafeword(operatorUsername,loginSafeword);
switch(type) {
case "password":this.secUserService.updatePassword(user.getUsername(), newPassword);
saveLog(user,operatorUsername,"ip:"+ip+"管理员修改系统用户登录密码,验证码:["+code+"]");break;
case "safe_password":this.secUserService.updateSafeword(user.getUsername(), newPassword);
saveLog(user,operatorUsername,"ip:"+ip+"管理员修改系统用户资金密码,验证码:["+code+"]");break;
default:break;
}
}
}
/**
* 删除系统用户
*/
public void delete(SecUser user, String operatorUsername, String loginSafeword, String ip, String superGoogleAuthCode) {
this.checkGoogleAuthCode(superGoogleAuthCode);
this.checkLoginSafeword(operatorUsername, loginSafeword);
SecUser userDB = this.get(user.getId());
String enableDB = "";
if(userDB.getEnabled()) {
enableDB= "开启";
}else {
enableDB = "未开启";
}
String emailDB = user.getEmail();
this.secUserService.deleteUser(user);
this.saveLog(user, operatorUsername, "ip:"+ip+"管理员删除系统用户,系统用户角色为["+userDB.getRoles().toArray(new Role[0])[0].getRoleName()+"],登录权限["+enableDB+"],邮箱为["+emailDB+"]");
}
public Page pagedQuery(int pageNo,int pageSize ,String usernamePara) {
StringBuffer queryString = new StringBuffer();
queryString.append(" FROM SecUser ");
queryString.append("WHERE 1=1 ");
queryString.append("AND (partyId is null OR partyId='') ");
Map<String,Object> parameters = new HashMap<String,Object>();
queryString.append("AND id not in(:roles) ");
parameters.put("roles", new String[] {"SROOT"});
if(StringUtils.isNotEmpty(usernamePara)) {
queryString.append("AND username like:username ");
parameters.put("username", "%"+usernamePara+"%");
}
queryString.append("ORDER BY createTime asc ");
Page page = pagedQueryDao.pagedQueryHql(pageNo, pageSize, queryString.toString(), parameters);
for(SecUser user:(List<SecUser>)page.getElements()) {
user.setRoleName(((Role)(Arrays.asList(user.getRoles().toArray(new Role[0])).get(0))).getRoleName());
}
return page;
}
public Map<String,String> findRoleMap() {
Map<String,String> map = new HashMap<>();
List<Role> all = roleService.getAll();
for(Role role:all) {
if(
// !Constants.SECURITY_ROLE_CUSTOMER.equals(role.getRoleName())&& //排除客服
Constants.ROLE_MAP.containsKey(role.getRoleName()))
continue;
map.put(role.getRoleName(), Constants.ROLE_MAP.containsKey(role.getRoleName())?Constants.ROLE_MAP.get(role.getRoleName()):role.getRoleName());
}
return map;
}
public PagedQueryDao getPagedQueryDao() {
return pagedQueryDao;
}
public void setPagedQueryDao(PagedQueryDao pagedQueryDao) {
this.pagedQueryDao = pagedQueryDao;
}
public void setRoleService(RoleService roleService) {
this.roleService = roleService;
}
public SecUserService getSecUserService() {
return secUserService;
}
public void setSecUserService(SecUserService secUserService) {
this.secUserService = secUserService;
}
public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
this.passwordEncoder = passwordEncoder;
}
public void setLogService(LogService logService) {
this.logService = logService;
}
// public void setIdentifyingCodeService(IdentifyingCodeService identifyingCodeService) {
// this.identifyingCodeService = identifyingCodeService;
// }
public void setSysparaService(SysparaService sysparaService) {
this.sysparaService = sysparaService;
}
// public void setIdentifyingCodeTimeWindowService(IdentifyingCodeTimeWindowService identifyingCodeTimeWindowService) {
// this.identifyingCodeTimeWindowService = identifyingCodeTimeWindowService;
// }
// public void setGoogleAuthService(GoogleAuthService googleAuthService) {
// this.googleAuthService = googleAuthService;
// }
}

90
comm/Security/src/systemuser/internal/CustomerServiceImpl.java Executable file
View File

@@ -0,0 +1,90 @@
package systemuser.internal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.collections.Predicate;
import org.springframework.orm.hibernate5.support.HibernateDaoSupport;
import systemuser.CustomerService;
import systemuser.model.Customer;
public class CustomerServiceImpl extends HibernateDaoSupport implements CustomerService {
private Map<String, Customer> cache = new ConcurrentHashMap<String, Customer>();
public void init() {
List<Customer> list = (List<Customer>) this.getHibernateTemplate().find(" FROM Customer ");
for (Customer customer : list) {
cache.put(customer.getUsername(), customer);
}
}
public void save(Customer entity) {
this.getHibernateTemplate().save(entity);
cache.put(entity.getUsername(), entity);
}
/**
* 更新
*
* @param entity
* @param isOnline true:必须在线才更新false都能更新
*/
public boolean update(Customer entity, boolean isOnline) {
if (isOnline&&cacheByUsername(entity.getUsername()).getOnline_state() != 1) {
return false;
}
getHibernateTemplate().update(entity);
cache.put(entity.getUsername(), entity);
return true;
}
public void delete(String username) {
Customer entity = cacheByUsername(username);
getHibernateTemplate().delete(entity);
cache.remove(entity.getUsername());
}
public Customer cacheByUsername(String username) {
return cache.get(username);
}
/**
* 分配一个在线客服给用户
*
* @return
*/
public Customer cacheOnlineOne() {
List<Customer> list = new ArrayList<Customer>(cache.values());
CollectionUtils.filter(list, new Predicate() {// 在线客服
@Override
public boolean evaluate(Object arg0) {
// TODO Auto-generated method stub
return ((Customer) arg0).getOnline_state() == 1;
}
});
if (CollectionUtils.isEmpty(list))
return null;
Collections.sort(list, new Comparator<Customer>() {
@Override
public int compare(Customer arg0, Customer arg1) {
// TODO Auto-generated method stub
if (arg0.getLast_customer_time() == null) {
return -1;
} else if (arg1.getLast_customer_time() == null) {
return 1;
}
return (int) (arg0.getLast_customer_time().getTime() - arg1.getLast_customer_time().getTime());
}
});
return list.get(0);
}
}

20
comm/Security/src/systemuser/internal/ResourceMappingServiceImpl.java Executable file
View File

@@ -0,0 +1,20 @@
package systemuser.internal;
import java.util.ArrayList;
import java.util.List;
import org.springframework.orm.hibernate5.support.HibernateDaoSupport;
import systemuser.ResourceMappingService;
import systemuser.model.ResourceMapping;
public class ResourceMappingServiceImpl extends HibernateDaoSupport implements ResourceMappingService {
public List<ResourceMapping> findBySetIds(List<String> ids){
List<String> param_ids = new ArrayList<String>();
for(String id:ids) {
param_ids.add("'"+id+"'");
}
return (List<ResourceMapping>) this.getHibernateTemplate().find(" FROM ResourceMapping WHERE set_id in("+String.join(",", param_ids)+")");
}
}

32
comm/Security/src/systemuser/model/Customer.hbm.xml Executable file
View File

@@ -0,0 +1,32 @@
<?xml version="1.0"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping>
<class name="systemuser.model.Customer" table="T_CUSTOMER">
<id name="id" type="java.lang.String">
<column name="UUID" />
<generator class="uuid.hex" />
</id>
<property name="username" type="java.lang.String">
<column name="USERNAME" />
</property>
<property name="online_state" type="int">
<column name="ONLINE_STATE" />
</property>
<property name="last_customer_time" type="timestamp">
<column name="LAST_CUSTOMER_TIME" />
</property>
<property name="last_online_time" type="timestamp">
<column name="LAST_ONLINE_TIME" />
</property>
<property name="last_offline_time" type="timestamp">
<column name="LAST_OFFLINE_TIME" />
</property>
<property name="create_time" type="timestamp">
<column name="CREATE_TIME" />
</property>
<property name="auto_answer" type="java.lang.String">
<column name="AUTO_ANSWER" />
</property>
</class>
</hibernate-mapping>

111
comm/Security/src/systemuser/model/Customer.java Executable file
View File

@@ -0,0 +1,111 @@
package systemuser.model;
import java.util.Date;
import kernel.bo.EntityObject;
public class Customer extends EntityObject {
/**
*
*/
private static final long serialVersionUID = -166660582843198652L;
/**
* 客服名称
*/
private String username;
/**
* 在线状态,0:下线1在线
*/
private int online_state;
/**
* 最后一次分配的时间
*/
private Date last_customer_time;
/**
* 最后一次分配的用户
*/
private String last_message_user;
/**
* 最后一次上线的时间
*/
private Date last_online_time;
/**
* 最后一次下线的时间
*/
private Date last_offline_time;
/**
* 创建时间
*/
private Date create_time;
/**
* 自动回复语句
*/
private String auto_answer;
public String getUsername() {
return username;
}
public int getOnline_state() {
return online_state;
}
public Date getLast_customer_time() {
return last_customer_time;
}
public void setUsername(String username) {
this.username = username;
}
public void setOnline_state(int online_state) {
this.online_state = online_state;
}
public void setLast_customer_time(Date last_customer_time) {
this.last_customer_time = last_customer_time;
}
public Date getCreate_time() {
return create_time;
}
public void setCreate_time(Date create_time) {
this.create_time = create_time;
}
public Date getLast_online_time() {
return last_online_time;
}
public void setLast_online_time(Date last_online_time) {
this.last_online_time = last_online_time;
}
public Date getLast_offline_time() {
return last_offline_time;
}
public void setLast_offline_time(Date last_offline_time) {
this.last_offline_time = last_offline_time;
}
public String getLast_message_user() {
return last_message_user;
}
public void setLast_message_user(String last_message_user) {
this.last_message_user = last_message_user;
}
public String getAuto_answer() {
return auto_answer;
}
public void setAuto_answer(String auto_answer) {
this.auto_answer = auto_answer;
}
}

14
comm/Security/src/systemuser/model/ResourceMapping.hbm.xml Executable file
View File

@@ -0,0 +1,14 @@
<?xml version="1.0"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping>
<class name="systemuser.model.ResourceMapping" table="SCT_RESOURCE_MAPPING">
<id name="resource_id" type="java.lang.String">
<column name="RESOURCE_UUID" />
<generator class="assigned"></generator>
</id>
<property name="set_id" type="java.lang.String">
<column name="SET_UUID" />
</property>
</class>
</hibernate-mapping>

39
comm/Security/src/systemuser/model/ResourceMapping.java Executable file
View File

@@ -0,0 +1,39 @@
package systemuser.model;
import kernel.bo.EntityObject;
/**
* 权限资源映射
*
*/
public class ResourceMapping extends EntityObject {
private static final long serialVersionUID = 3575411649937943312L;
/**
* 关联ResourceSetName表UUID
*/
private String set_id;
/**
* 关联Resource表UUID
*/
private String resource_id;
public String getSet_id() {
return set_id;
}
public void setSet_id(String set_id) {
this.set_id = set_id;
}
public String getResource_id() {
return resource_id;
}
public void setResource_id(String resource_id) {
this.resource_id = resource_id;
}
}

14
comm/Security/src/systemuser/model/ResourceSetName.hbm.xml Executable file
View File

@@ -0,0 +1,14 @@
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping>
<class name="systemuser.model.ResourceSetName" table="SCT_RESOURCE_SET_NAME">
<id name="id" type="java.lang.String">
<column name="UUID" />
<generator class="uuid.hex" />
</id>
<property name="name" type="java.lang.String">
<column name="NAME"/>
</property>
</class>
</hibernate-mapping>

24
comm/Security/src/systemuser/model/ResourceSetName.java Executable file
View File

@@ -0,0 +1,24 @@
package systemuser.model;
import kernel.bo.EntityObject;
/**
* 权限资源集
*
*/
public class ResourceSetName extends EntityObject {
private static final long serialVersionUID = 3575411649937943312L;
private String name;
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
}