diff --git a/src/main/java/com/boot/security/server/config/SecurityConfig.java b/src/main/java/com/boot/security/server/config/SecurityConfig.java index b7644e6..9ef0017 100644 --- a/src/main/java/com/boot/security/server/config/SecurityConfig.java +++ b/src/main/java/com/boot/security/server/config/SecurityConfig.java @@ -47,8 +47,9 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { .loginProcessingUrl("/login").successHandler(authenticationSuccessHandler) .failureHandler(authenticationFailureHandler).and().logout().logoutUrl("/logout") .logoutSuccessHandler(logoutSuccessHandler); - http.csrf().disable().headers().frameOptions().sameOrigin(); - + http.csrf().disable(); + http.headers().frameOptions().sameOrigin(); + http.headers().cacheControl(); } @Override diff --git a/src/main/java/com/boot/security/server/dto/LoginUser.java b/src/main/java/com/boot/security/server/dto/LoginUser.java index 9e75b4b..56c5237 100644 --- a/src/main/java/com/boot/security/server/dto/LoginUser.java +++ b/src/main/java/com/boot/security/server/dto/LoginUser.java @@ -2,46 +2,58 @@ package com.boot.security.server.dto; import java.util.Collection; import java.util.Set; +import java.util.stream.Collectors; import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import com.boot.security.server.model.SysUser; +import com.fasterxml.jackson.annotation.JsonIgnore; public class LoginUser extends SysUser implements UserDetails { private static final long serialVersionUID = 1422037805178348848L; - private Set authorities; + private Set permissions; - public void setAuthorities(Set authorities) { - this.authorities = authorities; + public Set getPermissions() { + return permissions; + } + + public void setPermissions(Set permissions) { + this.permissions = permissions; } @Override + @JsonIgnore public Collection getAuthorities() { - return authorities; + return permissions.parallelStream().map(a -> new SimpleGrantedAuthority(a)).collect(Collectors.toSet()); } // 账户是否未过期 + @JsonIgnore @Override public boolean isAccountNonExpired() { return true; } // 账户是否未锁定 + @JsonIgnore @Override public boolean isAccountNonLocked() { return getStatus() != Status.LOCKED; } // 密码是否未过期 + @JsonIgnore @Override public boolean isCredentialsNonExpired() { return true; } // 账户是否激活 + @JsonIgnore @Override public boolean isEnabled() { return true; diff --git a/src/main/java/com/boot/security/server/filter/TokenFilter.java b/src/main/java/com/boot/security/server/filter/TokenFilter.java index 51761f2..6d84809 100644 --- a/src/main/java/com/boot/security/server/filter/TokenFilter.java +++ b/src/main/java/com/boot/security/server/filter/TokenFilter.java @@ -47,6 +47,7 @@ public class TokenFilter extends OncePerRequestFilter { SecurityContextHolder.getContext().setAuthentication(authentication); filterChain.doFilter(request, response); + return; } } diff --git a/src/main/java/com/boot/security/server/service/impl/UserDetailsServiceImpl.java b/src/main/java/com/boot/security/server/service/impl/UserDetailsServiceImpl.java index a330b6b..3285f6b 100644 --- a/src/main/java/com/boot/security/server/service/impl/UserDetailsServiceImpl.java +++ b/src/main/java/com/boot/security/server/service/impl/UserDetailsServiceImpl.java @@ -1,16 +1,14 @@ package com.boot.security.server.service.impl; -import java.util.HashSet; import java.util.List; import java.util.Set; +import java.util.stream.Collectors; import org.springframework.beans.BeanUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.authentication.DisabledException; import org.springframework.security.authentication.LockedException; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; @@ -45,16 +43,12 @@ public class UserDetailsServiceImpl implements UserDetailsService { // 查询权限 List permissionList = permissionDao.listByUserId(sysUser.getId()); - - Set authorities = new HashSet<>(); - permissionList.parallelStream().filter(p -> !StringUtils.isEmpty(p.getPermission())).forEach(p -> { - GrantedAuthority grantedAuthority = new SimpleGrantedAuthority(p.getPermission()); - authorities.add(grantedAuthority); - }); + Set permissions = permissionList.parallelStream().filter(p -> !StringUtils.isEmpty(p.getPermission())) + .map(Permission::getPermission).collect(Collectors.toSet()); LoginUser loginUser = new LoginUser(); BeanUtils.copyProperties(sysUser, loginUser); - loginUser.setAuthorities(authorities); + loginUser.setPermissions(permissions); return loginUser; }