Revert "!22 sa-token"

This reverts commit e465fdbf0a, reversing
changes made to c6d7ae9f46.

smart-admin-api/pom.xml

@@ -46,7 +46,6 @@
         <jjwt.version>0.9.1</jjwt.version>
         <jwks-rsa.version>0.9.0</jwks-rsa.version>
         <velocity-tools.version>3.1</velocity-tools.version>
-        <sa-token-version>1.35.0.RC</sa-token-version>
     </properties>
 
     <dependencyManagement>
@@ -110,23 +109,6 @@
                 <version>${swagger.version}</version>
             </dependency>
 
-            <!-- Sa-Token 权限认证，在线文档：https://sa-token.cc -->
-            <!-- 依赖下载失败 请看：https://sa-token.cc/doc.html#/start/maven-pull -->
-            <dependency>
-                <groupId>cn.dev33</groupId>
-                <artifactId>sa-token-spring-boot-starter</artifactId>
-                <version>${sa-token-version}</version>
-            </dependency>
-
-            <!-- Sa-Token 整合 Redis （使用 jackson 序列化方式） -->
-            <dependency>
-                <groupId>cn.dev33</groupId>
-                <artifactId>sa-token-redis-jackson</artifactId>
-                <version>${sa-token-version}</version>
-            </dependency>
-
-            <!-- sa-token end -->
-
             <dependency>
                 <groupId>com.alibaba</groupId>
                 <artifactId>fastjson</artifactId>

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/config/JweAspectConfig.java

@@ -4,6 +4,8 @@ import net.lab1024.sa.common.common.domain.RequestUser;
 import net.lab1024.sa.common.common.util.SmartRequestUtil;
 import net.lab1024.sa.common.module.support.jwe.JweAspect;
 import net.lab1024.sa.common.module.support.jwe.JweUserKey;
+import net.lab1024.sa.common.module.support.operatelog.core.OperateLogAspect;
+import net.lab1024.sa.common.module.support.operatelog.core.OperateLogConfig;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
@@ -25,7 +27,7 @@ public class JweAspectConfig {
     @Bean
     public JweAspect jweConfig() {
         return new JweAspect((request -> {
-            RequestUser requestUser = SmartRequestUtil.getUser();
+            RequestUser requestUser = SmartRequestUtil.getRequestUser();
             JweUserKey userKey = new JweUserKey();
             userKey.setUserId(requestUser.getUserId());
             userKey.setUserName(requestUser.getUserName());

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/config/SaTokenConfig.java

@@ -1,37 +0,0 @@
-package net.lab1024.sa.admin.config;
-
-import cn.dev33.satoken.interceptor.SaInterceptor;
-import cn.dev33.satoken.router.SaRouter;
-import cn.dev33.satoken.stp.StpUtil;
-import net.lab1024.sa.admin.module.system.menu.service.MenuCacheService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-import java.util.List;
-
-/**
- * sa-token 配置
- *
- * @author Turbolisten
- * @date 2023/7/13 16:57
- */
-@Configuration
-public class SaTokenConfig {
-
-    @Autowired
-    private MenuCacheService menuService;
-
-    /**
-     * 定义 Sa-Token 拦截器，定义详细认证规则
-     */
-    @Bean
-    public SaInterceptor saInterceptor() {
-        // 关闭注解鉴权 只做路由拦截校验
-        return new SaInterceptor(handler -> {
-            // 查询数据表中 需要校验权限的url
-            List<String> urlList = menuService.queryNeedCheckPermissionsUrl();
-            urlList.forEach(url -> SaRouter.match(url, r -> StpUtil.checkPermission(url)));
-        }).isAnnotation(false);
-    }
-}

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/config/SecurityConfig.java

@@ -0,0 +1,40 @@
+package net.lab1024.sa.admin.config;
+
+import net.lab1024.sa.admin.module.system.login.service.LoginService;
+import net.lab1024.sa.common.common.security.AbstractSecurityConfig;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.function.BiFunction;
+
+/**
+ * 权限配置
+ *
+ * @Author 1024创新实验室: 罗伊
+ * @Date 2022-05-30 21:22:12
+ * @Wechat zhuoda1024
+ * @Email lab1024@163.com
+ * @Copyright 1024创新实验室 （ https://1024lab.net ）
+ */
+@Configuration
+public class SecurityConfig extends AbstractSecurityConfig {
+    /**
+     * 获取TOKEN 解析类
+     */
+    @Autowired
+    private LoginService loginService;
+
+    @Override
+    protected BiFunction<String, HttpServletRequest, UserDetails> userFunction() {
+        return (token, request) -> loginService.getLoginUserDetail(token, request);
+    }
+
+    @Override
+    protected String[] getAuthenticatedUrlPatterns() {
+        return new String[]{"/**"};
+    }
+
+
+}

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/config/SecurityMethodConfig.java

@@ -0,0 +1,50 @@
+package net.lab1024.sa.admin.config;
+
+import net.lab1024.sa.admin.module.system.login.domain.LoginEmployeeDetail;
+import net.lab1024.sa.common.common.annoation.SaAuth;
+import net.lab1024.sa.common.common.security.SecurityMethodSource;
+import net.lab1024.sa.common.common.security.SecurityPermissionCheckService;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory;
+import org.springframework.security.access.method.MethodSecurityMetadataSource;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
+import org.springframework.security.core.Authentication;
+
+/**
+ * 1、以类名加方法名为权限字符串的校验模式 <br>
+ * 2、重写MethodSecurityMetadataSource将优化security配置，只需在方法上加上@saAuth注解，方法上就会存在权限（权限字符串为类名加方法名），而无需另外手动设置，减轻后端开发成本<br>
+ * 3、security将不再依据权限字符串进行权限控制，<br>
+ * 4、security将依据对应权限字符串下的接口权限进行控制 <br>
+ * 5、采用此配置原@PreAuthorize依然有效 <br>
+ * 6、如若无需此配置，需将@EnableGlobalMethodSecurity注解添加至SecurityConfig类上
+ *
+ * @Author 1024创新实验室: 罗伊
+ * @Date 2021-08-31 0:01
+ * @Wechat zhuoda1024
+ * @Email lab1024@163.com
+ * @Copyright 1024创新实验室 （ https://1024lab.net ）
+ */
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+public class SecurityMethodConfig extends GlobalMethodSecurityConfiguration {
+
+    @Bean(SaAuth.saAuth)
+    public SecurityPermissionCheckService securityPermissionCheckService() {
+        return new SecurityPermissionCheckService() {
+            @Override
+            public boolean checkPermission(Authentication authentication, String permission) {
+                LoginEmployeeDetail loginEmployeeDetail = (LoginEmployeeDetail) authentication.getPrincipal();
+                if (loginEmployeeDetail.getAdministratorFlag()) {
+                    return true;
+                }
+                return super.permissionJudge(loginEmployeeDetail, permission);
+            }
+        };
+    }
+
+    @Override
+    public MethodSecurityMetadataSource customMethodSecurityMetadataSource() {
+        ExpressionBasedAnnotationAttributeFactory attributeFactory = new ExpressionBasedAnnotationAttributeFactory(this.getExpressionHandler());
+        return new SecurityMethodSource(attributeFactory, SaAuth.saAuth);
+    }
+}

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/interceptor/AdminInterceptor.java

@@ -1,69 +0,0 @@
-package net.lab1024.sa.admin.interceptor;
-
-import com.google.common.collect.Lists;
-import net.lab1024.sa.common.common.domain.RequestUser;
-import net.lab1024.sa.common.common.enumeration.UserTypeEnum;
-import net.lab1024.sa.common.common.interceptor.AbstractInterceptor;
-import org.springframework.context.annotation.Configuration;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.List;
-
-/**
- * admin 拦截器
- *
- * @author: listen
- * @date: 2023/7/12 21:00
- */
-@Configuration
-public class AdminInterceptor extends AbstractInterceptor {
-
-    /**
-     * 此处可根据需要
-     * 自行查询用户信息
-     */
-    @Override
-    public RequestUser getDevUser(Long userId) {
-        RequestUser requestUser = new RequestUser();
-        requestUser.setUserId(userId);
-        requestUser.setUserName("dev");
-        requestUser.setUserType(this.getUserType());
-        return requestUser;
-    }
-
-    @Override
-    public UserTypeEnum getUserType() {
-        return UserTypeEnum.ADMIN_EMPLOYEE;
-    }
-
-    /**
-     * 配置拦截路径
-     *
-     * @return
-     */
-    @Override
-    public List<String> pathPatterns() {
-        return Lists.newArrayList("/**");
-    }
-
-    /**
-     * 如果没有需要处理的业务
-     * 那就没有必要重写了 可以删除这个方法
-     *
-     * @param request
-     * @param response
-     * @param handler
-     * @return
-     * @throws Exception
-     */
-    @Override
-    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
-        boolean isHandle = super.preHandle(request, response, handler);
-        if (!isHandle) {
-            return false;
-        }
-        // 如有业务需处理 写在此处
-        return true;
-    }
-}

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/goods/controller/GoodsController.java

@@ -14,6 +14,7 @@ import net.lab1024.sa.common.common.domain.ResponseDTO;
 import net.lab1024.sa.common.common.domain.ValidateList;
 import net.lab1024.sa.common.module.support.operatelog.annoation.OperateLog;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
@@ -37,30 +38,35 @@ public class GoodsController extends AdminBaseController {
 
     @ApiOperation("分页查询 @author 胡克")
     @PostMapping("/goods/query")
+    @PreAuthorize("@saAuth.checkPermission('goods:query')")
     public ResponseDTO<PageResult<GoodsVO>> query(@RequestBody @Valid GoodsQueryForm queryForm) {
         return goodsService.query(queryForm);
     }
 
     @ApiOperation("添加商品 @author 胡克")
     @PostMapping("/goods/add")
+    @PreAuthorize("@saAuth.checkPermission('goods:add')")
     public ResponseDTO<String> add(@RequestBody @Valid GoodsAddForm addForm) {
         return goodsService.add(addForm);
     }
 
     @ApiOperation("更新商品 @author 胡克")
     @PostMapping("/goods/update")
+    @PreAuthorize("@saAuth.checkPermission('goods:update')")
     public ResponseDTO<String> update(@RequestBody @Valid GoodsUpdateForm updateForm) {
         return goodsService.update(updateForm);
     }
 
     @ApiOperation("删除 @author 卓大")
     @GetMapping("/goods/delete/{goodsId}")
+    @PreAuthorize("@saAuth.checkPermission('goods:delete')")
     public ResponseDTO<String> delete(@PathVariable Long goodsId) {
         return goodsService.delete(goodsId);
     }
 
     @ApiOperation("批量 @author 卓大")
     @PostMapping("/goods/batchDelete")
+    @PreAuthorize("@saAuth.checkPermission('goods:batchDelete')")
     public ResponseDTO<String> batchDelete(@RequestBody @Valid ValidateList<Long> idList) {
         return goodsService.batchDelete(idList);
     }

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/oa/bank/BankController.java

@@ -54,7 +54,7 @@ public class BankController {
     @ApiOperation(value = "新建银行信息 @author 善逸")
     @PostMapping("/oa/bank/create")
     public ResponseDTO<String> createBank(@RequestBody @Valid BankCreateForm createVO) {
-        RequestUser requestUser = SmartRequestUtil.getUser();
+        RequestUser requestUser = SmartRequestUtil.getRequestUser();
         createVO.setCreateUserId(requestUser.getUserId());
         createVO.setCreateUserName(requestUser.getUserName());
         return bankService.createBank(createVO);

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/oa/enterprise/EnterpriseController.java

@@ -8,6 +8,7 @@ import net.lab1024.sa.admin.module.business.oa.enterprise.domain.form.*;
 import net.lab1024.sa.admin.module.business.oa.enterprise.domain.vo.EnterpriseEmployeeVO;
 import net.lab1024.sa.admin.module.business.oa.enterprise.domain.vo.EnterpriseListVO;
 import net.lab1024.sa.admin.module.business.oa.enterprise.domain.vo.EnterpriseVO;
+import net.lab1024.sa.common.common.annoation.SaAuth;
 import net.lab1024.sa.common.common.domain.PageResult;
 import net.lab1024.sa.common.common.domain.RequestUser;
 import net.lab1024.sa.common.common.domain.ResponseDTO;
@@ -39,20 +40,23 @@ public class EnterpriseController {
 
     @ApiOperation(value = "分页查询企业模块 @author 开云")
     @PostMapping("/oa/enterprise/page/query")
+    @SaAuth
     public ResponseDTO<PageResult<EnterpriseVO>> queryByPage(@RequestBody @Valid EnterpriseQueryForm queryDTO) {
         return enterpriseService.queryByPage(queryDTO);
     }
 
     @ApiOperation(value = "查询企业详情 @author 开云")
     @GetMapping("/oa/enterprise/get/{enterpriseId}")
+    @SaAuth
     public ResponseDTO<EnterpriseVO> getDetail(@PathVariable Long enterpriseId) {
         return ResponseDTO.ok(enterpriseService.getDetail(enterpriseId));
     }
 
     @ApiOperation(value = "新建企业 @author 开云")
     @PostMapping("/oa/enterprise/create")
+    @SaAuth
     public ResponseDTO<String> createEnterprise(@RequestBody @Valid EnterpriseCreateForm createVO) {
-        RequestUser requestUser = SmartRequestUtil.getUser();
+        RequestUser requestUser = SmartRequestUtil.getRequestUser();
         createVO.setCreateUserId(requestUser.getUserId());
         createVO.setCreateUserName(requestUser.getUserName());
         return enterpriseService.createEnterprise(createVO);
@@ -60,18 +64,21 @@ public class EnterpriseController {
 
     @ApiOperation(value = "编辑企业 @author 开云")
     @PostMapping("/oa/enterprise/update")
+    @SaAuth
     public ResponseDTO<String> updateEnterprise(@RequestBody @Valid EnterpriseUpdateForm updateVO) {
         return enterpriseService.updateEnterprise(updateVO);
     }
 
     @ApiOperation(value = "删除企业 @author 开云")
     @GetMapping("/oa/enterprise/delete/{enterpriseId}")
+    @SaAuth
     public ResponseDTO<String> deleteEnterprise(@PathVariable Long enterpriseId) {
         return enterpriseService.deleteEnterprise(enterpriseId);
     }
 
     @ApiOperation(value = "企业列表查询 @author 开云")
     @GetMapping("/oa/enterprise/query/list")
+    @SaAuth
     public ResponseDTO<List<EnterpriseListVO>> queryList(@RequestParam(value = "type", required = false) Integer type) {
         return enterpriseService.queryList(type);
     }
@@ -79,18 +86,21 @@ public class EnterpriseController {
 
     @ApiOperation(value = "企业添加员工 @author 罗伊")
     @PostMapping("/oa/enterprise/employee/add")
+    @SaAuth
     public ResponseDTO<String> addEmployee(@RequestBody @Valid EnterpriseEmployeeForm enterpriseEmployeeForm) {
         return enterpriseService.addEmployee(enterpriseEmployeeForm);
     }
 
     @ApiOperation(value = "查询企业全部员工 @author 罗伊")
     @PostMapping("/oa/enterprise/employee/list")
+    @SaAuth
     public ResponseDTO<List<EnterpriseEmployeeVO>> employeeList(@RequestBody @Valid List<Long> enterpriseIdList) {
         return ResponseDTO.ok(enterpriseService.employeeList(enterpriseIdList));
     }
 
     @ApiOperation(value = "分页查询企业员工 @author 卓大")
     @PostMapping("/oa/enterprise/employee/queryPage")
+    @SaAuth
     public ResponseDTO<PageResult<EnterpriseEmployeeVO>> queryPageEmployeeList(@RequestBody @Valid EnterpriseEmployeeQueryForm queryForm) {
         return ResponseDTO.ok(enterpriseService.queryPageEmployeeList(queryForm));
     }
@@ -98,6 +108,7 @@ public class EnterpriseController {
 
     @ApiOperation(value = "企业删除员工 @author 罗伊")
     @PostMapping("/oa/enterprise/employee/delete")
+    @SaAuth
     public ResponseDTO<String> deleteEmployee(@RequestBody @Valid EnterpriseEmployeeForm enterpriseEmployeeForm) {
         return enterpriseService.deleteEmployee(enterpriseEmployeeForm);
     }

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/oa/invoice/InvoiceController.java

@@ -52,7 +52,7 @@ public class InvoiceController {
     @ApiOperation(value = "新建发票信息 @author 善逸")
     @PostMapping("/oa/invoice/create")
     public ResponseDTO<String> createInvoice(@RequestBody @Valid InvoiceAddForm createVO) {
-        RequestUser requestUser = SmartRequestUtil.getUser();
+        RequestUser requestUser = SmartRequestUtil.getRequestUser();
         createVO.setCreateUserId(requestUser.getUserId());
         createVO.setCreateUserName(requestUser.getUserName());
         return invoiceService.createInvoice(createVO);

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/business/oa/notice/controller/NoticeController.java

@@ -9,6 +9,7 @@ import net.lab1024.sa.admin.module.business.oa.notice.domain.vo.*;
 import net.lab1024.sa.admin.module.business.oa.notice.service.NoticeEmployeeService;
 import net.lab1024.sa.admin.module.business.oa.notice.service.NoticeService;
 import net.lab1024.sa.admin.module.business.oa.notice.service.NoticeTypeService;
+import net.lab1024.sa.common.common.annoation.SaAuth;
 import net.lab1024.sa.common.common.domain.PageResult;
 import net.lab1024.sa.common.common.domain.ResponseDTO;
 import net.lab1024.sa.common.common.util.SmartRequestUtil;
@@ -72,6 +73,7 @@ public class NoticeController {
 
     @ApiOperation("【管理】通知公告-分页查询 @author 卓大")
     @PostMapping("/oa/notice/query")
+    @SaAuth
     public ResponseDTO<PageResult<NoticeVO>> query(@RequestBody @Valid NoticeQueryForm queryForm) {
         return ResponseDTO.ok(noticeService.query(queryForm));
     }
@@ -79,26 +81,30 @@ public class NoticeController {
     @ApiOperation("【管理】通知公告-添加 @author 卓大")
     @PostMapping("/oa/notice/add")
     @RepeatSubmit
+    @SaAuth
     public ResponseDTO<String> add(@RequestBody @Valid NoticeAddForm addForm) {
-        addForm.setCreateUserId(SmartRequestUtil.getUserId());
+        addForm.setCreateUserId(SmartRequestUtil.getRequestUserId());
         return noticeService.add(addForm);
     }
 
     @ApiOperation("【管理】通知公告-更新 @author 卓大")
     @PostMapping("/oa/notice/update")
     @RepeatSubmit
+    @SaAuth
     public ResponseDTO<String> update(@RequestBody @Valid NoticeUpdateForm updateForm) {
         return noticeService.update(updateForm);
     }
 
     @ApiOperation("【管理】通知公告-更新详情 @author 卓大")
     @GetMapping("/oa/notice/getUpdateVO/{noticeId}")
+    @SaAuth
     public ResponseDTO<NoticeUpdateFormVO> getUpdateFormVO(@PathVariable Long noticeId) {
         return ResponseDTO.ok(noticeService.getUpdateFormVO(noticeId));
     }
 
     @ApiOperation("【管理】通知公告-删除 @author 卓大")
     @GetMapping("/oa/notice/delete/{noticeId}")
+    @SaAuth
     public ResponseDTO<String> delete(@PathVariable Long noticeId) {
         return noticeService.delete(noticeId);
     }
@@ -108,7 +114,7 @@ public class NoticeController {
     @GetMapping("/oa/notice/employee/view/{noticeId}")
     public ResponseDTO<NoticeDetailVO> view(@PathVariable Long noticeId, HttpServletRequest request) {
         return noticeEmployeeService.view(
-                SmartRequestUtil.getUserId(),
+                SmartRequestUtil.getRequestUserId(),
                 noticeId,
                 ServletUtil.getClientIP(request),
                 request.getHeader("User-Agent")
@@ -118,7 +124,7 @@ public class NoticeController {
     @ApiOperation("【员工】通知公告-查询全部 @author 卓大")
     @PostMapping("/oa/notice/employee/query")
     public ResponseDTO<PageResult<NoticeEmployeeVO>> queryEmployeeNotice(@RequestBody @Valid NoticeEmployeeQueryForm noticeEmployeeQueryForm) {
-        return noticeEmployeeService.queryList(SmartRequestUtil.getUserId(), noticeEmployeeQueryForm);
+        return noticeEmployeeService.queryList(SmartRequestUtil.getRequestUserId(), noticeEmployeeQueryForm);
     }
 
     @ApiOperation("【员工】通知公告-查询 查看记录 @author 卓大")

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/datascope/service/DataScopeSqlConfigService.java

@@ -1,11 +1,11 @@
 package net.lab1024.sa.admin.module.system.datascope.service;
 
 import lombok.extern.slf4j.Slf4j;
-import net.lab1024.sa.admin.module.system.datascope.DataScope;
 import net.lab1024.sa.admin.module.system.datascope.constant.DataScopeTypeEnum;
 import net.lab1024.sa.admin.module.system.datascope.constant.DataScopeViewTypeEnum;
 import net.lab1024.sa.admin.module.system.datascope.constant.DataScopeWhereInTypeEnum;
 import net.lab1024.sa.admin.module.system.datascope.domain.DataScopeSqlConfig;
+import net.lab1024.sa.admin.module.system.datascope.DataScope;
 import net.lab1024.sa.admin.module.system.datascope.strategy.DataScopePowerStrategy;
 import net.lab1024.sa.common.common.util.SmartRequestUtil;
 import org.apache.commons.collections4.CollectionUtils;
@@ -108,7 +108,7 @@ public class DataScopeSqlConfigService {
     public String getJoinSql(Map<String, Object> paramMap, DataScopeSqlConfig sqlConfigDTO) {
         DataScopeTypeEnum dataScopeTypeEnum = sqlConfigDTO.getDataScopeType();
         String joinSql = sqlConfigDTO.getJoinSql();
-        Long employeeId = SmartRequestUtil.getUserId();
+        Long employeeId = SmartRequestUtil.getRequestUserId();
         if (employeeId == null) {
             return "";
         }

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/department/controller/DepartmentController.java

@@ -12,6 +12,7 @@ import net.lab1024.sa.admin.module.system.department.service.DepartmentService;
 import net.lab1024.sa.common.common.domain.ResponseDTO;
 import net.lab1024.sa.common.module.support.operatelog.annoation.OperateLog;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
@@ -42,18 +43,21 @@ public class DepartmentController extends AdminBaseController {
 
     @ApiOperation(value = "添加部门 @author 卓大")
     @PostMapping("/department/add")
+    @PreAuthorize("@saAuth.checkPermission('system:department:add')")
     public ResponseDTO<String> addDepartment(@Valid @RequestBody DepartmentAddForm createDTO) {
         return departmentService.addDepartment(createDTO);
     }
 
     @ApiOperation(value = "更新部门 @author 卓大")
     @PostMapping("/department/update")
+    @PreAuthorize("@saAuth.checkPermission('system:department:update')")
     public ResponseDTO<String> updateDepartment(@Valid @RequestBody DepartmentUpdateForm updateDTO) {
         return departmentService.updateDepartment(updateDTO);
     }
 
     @ApiOperation(value = "删除部门 @author 卓大")
     @GetMapping("/department/delete/{departmentId}")
+    @PreAuthorize("@saAuth.checkPermission('system:department:delete')")
     public ResponseDTO<String> deleteDepartment(@PathVariable Long departmentId) {
         return departmentService.deleteDepartment(departmentId);
     }

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/employee/controller/EmployeeController.java

@@ -12,6 +12,7 @@ import net.lab1024.sa.common.common.domain.ResponseDTO;
 import net.lab1024.sa.common.common.util.SmartRequestUtil;
 import net.lab1024.sa.common.module.support.operatelog.annoation.OperateLog;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
@@ -42,30 +43,35 @@ public class EmployeeController extends AdminBaseController {
 
     @ApiOperation(value = "添加员工(返回添加员工的密码) @author 卓大")
     @PostMapping("/employee/add")
+    @PreAuthorize("@saAuth.checkPermission('system:employee:add')")
     public ResponseDTO<String> addEmployee(@Valid @RequestBody EmployeeAddForm employeeAddForm) {
         return employeeService.addEmployee(employeeAddForm);
     }
 
     @ApiOperation(value = "更新员工 @author 卓大")
     @PostMapping("/employee/update")
+    @PreAuthorize("@saAuth.checkPermission('system:employee:update')")
     public ResponseDTO<String> updateEmployee(@Valid @RequestBody EmployeeUpdateForm employeeUpdateForm) {
         return employeeService.updateEmployee(employeeUpdateForm);
     }
 
     @ApiOperation(value = "更新员工禁用/启用状态 @author 卓大")
     @GetMapping("/employee/update/disabled/{employeeId}")
+    @PreAuthorize("@saAuth.checkPermission('system:employee:disabled')")
     public ResponseDTO<String> updateDisableFlag(@PathVariable Long employeeId) {
         return employeeService.updateDisableFlag(employeeId);
     }
 
     @ApiOperation(value = "批量删除员工 @author 卓大")
     @PostMapping("/employee/update/batch/delete")
+    @PreAuthorize("@saAuth.checkPermission('system:employee:delete')")
     public ResponseDTO<String> batchUpdateDeleteFlag(@RequestBody List<Long> employeeIdList) {
         return employeeService.batchUpdateDeleteFlag(employeeIdList);
     }
 
     @ApiOperation(value = "批量调整员工部门 @author 卓大")
     @PostMapping("/employee/update/batch/department")
+    @PreAuthorize("@saAuth.checkPermission('system:employee:department:update')")
     public ResponseDTO<String> batchUpdateDepartment(@Valid @RequestBody EmployeeBatchUpdateDepartmentForm batchUpdateDepartmentForm) {
         return employeeService.batchUpdateDepartment(batchUpdateDepartmentForm);
     }
@@ -73,12 +79,13 @@ public class EmployeeController extends AdminBaseController {
     @ApiOperation(value = "修改密码 @author 卓大")
     @PostMapping("/employee/update/password")
     public ResponseDTO<String> updatePassword(@Valid @RequestBody EmployeeUpdatePasswordForm updatePasswordForm) {
-        updatePasswordForm.setEmployeeId(SmartRequestUtil.getUserId());
+        updatePasswordForm.setEmployeeId(SmartRequestUtil.getRequestUserId());
         return employeeService.updatePassword(updatePasswordForm);
     }
 
     @ApiOperation(value = "重置员工密码 @author 卓大")
     @GetMapping("/employee/update/password/reset/{employeeId}")
+    @PreAuthorize("@saAuth.checkPermission('system:employee:password:reset')")
     public ResponseDTO<String> resetPassword(@PathVariable Integer employeeId) {
         return employeeService.resetPassword(employeeId);
     }

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/employee/service/EmployeePermissionService.java

@@ -1,24 +1,18 @@
 package net.lab1024.sa.admin.module.system.employee.service;
 
-import cn.dev33.satoken.session.SaSession;
+import net.lab1024.sa.admin.module.system.menu.constant.MenuPermsTypeEnum;
-import cn.dev33.satoken.session.SaSessionCustomUtil;
-import cn.dev33.satoken.stp.StpInterface;
-import cn.dev33.satoken.stp.StpUtil;
-import com.google.common.collect.Lists;
-import net.lab1024.sa.admin.module.system.menu.constant.MenuTypeEnum;
-import net.lab1024.sa.admin.module.system.menu.domain.entity.MenuEntity;
 import net.lab1024.sa.admin.module.system.menu.domain.vo.MenuVO;
-import net.lab1024.sa.admin.module.system.role.dao.RoleMenuDao;
 import net.lab1024.sa.admin.module.system.role.service.RoleEmployeeService;
 import net.lab1024.sa.admin.module.system.role.service.RoleMenuService;
-import net.lab1024.sa.common.common.enumeration.UserTypeEnum;
+import org.apache.commons.lang3.StringUtils;
-import net.lab1024.sa.common.module.support.token.TokenService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.stereotype.Service;
 
-import java.util.ArrayList;
+import java.util.HashSet;
 import java.util.List;
-import java.util.Objects;
+import java.util.Set;
 import java.util.stream.Collectors;
 
 /**
@@ -31,7 +25,7 @@ import java.util.stream.Collectors;
  * @Copyright 1024创新实验室 （ https://1024lab.net ）
  */
 @Service
-public class EmployeePermissionService implements StpInterface {
+public class EmployeePermissionService {
 
     @Autowired
     private RoleEmployeeService roleEmployeeService;
@@ -39,23 +33,39 @@ public class EmployeePermissionService implements StpInterface {
     @Autowired
     private RoleMenuService roleMenuService;
 
-    @Autowired
-    private RoleMenuDao roleMenuDao;
-
     /**
-     * 员工关联权限 缓存key
+     * 构建权限集合
+     *
+     * @param menuAndPointsList
      */
-    private static final String USER_ROLE_CACHE_KEY = "RoleList";
+    public Set<? extends GrantedAuthority> buildAuthorities(List<MenuVO> menuAndPointsList) {
+        HashSet<String> permissionList = new HashSet<>();
+        for (MenuVO menu : menuAndPointsList) {
+            if(menu.getPermsType() == null){
+                continue;
+            }
 
-    /**
+            String perms = null;
-     * 角色关联功能点 缓存key
+            if(menu.getPermsType().equals(MenuPermsTypeEnum.SPRING_SECURITY.getValue())){
-     */
+                perms = menu.getWebPerms();
-    private static final String ROLE_CACHE_KEY = "role:";
+            }else{
+                perms = menu.getApiPerms();
+            }
 
-    /**
+            if (StringUtils.isEmpty(perms)) {
-     * 角色关联功能点 缓存key
+                continue;
-     */
+            }
-    private static final String ROLE_PERMISSION_CACHE_KEY = "PermissionList";
+            //接口权限
+            String[] split = perms.split(",");
+            for (String perm : split) {
+                permissionList.add(perm);
+            }
+        }
+
+        Set<GrantedAuthority> authorities = new HashSet<>();
+        authorities.addAll(permissionList.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toSet()));
+        return authorities;
+    }
 
     /**
      * 查询用户拥有的前端菜单项 用于登陆返回 前端动态路由配置
@@ -68,61 +78,4 @@ public class EmployeePermissionService implements StpInterface {
         return roleMenuService.getMenuList(roleIdList, administratorFlag);
     }
 
-    @Override
-    public List<String> getPermissionList(Object loginId, String loginType) {
-        // 权限集合
-        List<String> permissionList = new ArrayList<>();
-
-        // 遍历角色列表，查询拥有的权限
-        List<String> roleList = this.getRoleList(loginId, loginType);
-        for (String roleId : roleList) {
-            // 查询缓存
-            SaSession roleSession = SaSessionCustomUtil.getSessionById(ROLE_CACHE_KEY + roleId);
-            List<String> list = roleSession.get(ROLE_PERMISSION_CACHE_KEY, () -> {
-                // 从数据库查询这个角色所拥有的权限列表
-                return roleMenuDao.selectMenuListByRoleIdList(Lists.newArrayList(Long.parseLong(roleId)), false)
-                        .stream()
-                        .filter(e -> MenuTypeEnum.POINTS.equalsValue(e.getMenuType()))
-                        .map(MenuEntity::getApiPerms).filter(Objects::nonNull).distinct()
-                        .collect(Collectors.toList());
-            });
-            permissionList.addAll(list);
-        }
-        // 返回权限集合
-        return permissionList;
-    }
-
-    @Override
-    public List<String> getRoleList(Object loginId, String loginType) {
-        SaSession session = StpUtil.getSessionByLoginId(loginId);
-        // 查询员工关联角色缓存
-        Long employeeId = TokenService.getUserId((String) loginId);
-        return session.get(USER_ROLE_CACHE_KEY, () -> {
-            // 数据库中查询员工角色
-            return roleEmployeeService.getRoleIdList(employeeId).stream().map(String::valueOf).collect(Collectors.toList());
-        });
-    }
-
-    /**
-     * 清理角色关联权限 缓存
-     *
-     * @param roleId
-     */
-    public static void clearRoleCache(Long roleId) {
-        SaSessionCustomUtil.deleteSessionById(ROLE_CACHE_KEY + roleId);
-    }
-
-    /**
-     * 清理 员工关联角色 缓存
-     *
-     * @param employeeId
-     */
-    public static void clearUserRoleCache(Long employeeId) {
-        String loginId = TokenService.generateLoginId(employeeId, UserTypeEnum.ADMIN_EMPLOYEE);
-        SaSession session = StpUtil.getSessionByLoginId(loginId, false);
-        if (null == session) {
-            return;
-        }
-        session.delete(USER_ROLE_CACHE_KEY);
-    }
 }

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/employee/service/EmployeeService.java

@@ -211,7 +211,7 @@ public class EmployeeService {
         employeeDao.updateDisableFlag(employeeId, disableFlag);
 
         if (employeeEntity.getDisabledFlag()) {
-            tokenService.removeToken(employeeId, UserTypeEnum.ADMIN_EMPLOYEE);
+            tokenService.batchRemoveRedisToken(employeeId, UserTypeEnum.ADMIN_EMPLOYEE);
         }
 
         return ResponseDTO.ok();
@@ -240,7 +240,9 @@ public class EmployeeService {
         }).collect(Collectors.toList());
         employeeManager.updateBatchById(deleteList);
 
-        tokenService.removeToken(employeeIdList, UserTypeEnum.ADMIN_EMPLOYEE);
+        for (Long employeeId : employeeIdList) {
+            tokenService.batchRemoveRedisToken(employeeId, UserTypeEnum.ADMIN_EMPLOYEE);
+        }
         return ResponseDTO.ok();
     }
 

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/controller/LoginController.java

@@ -8,15 +8,17 @@ import net.lab1024.sa.admin.module.system.login.domain.LoginEmployeeDetail;
 import net.lab1024.sa.admin.module.system.login.domain.LoginForm;
 import net.lab1024.sa.admin.module.system.login.service.LoginService;
 import net.lab1024.sa.common.common.annoation.NoNeedLogin;
+import net.lab1024.sa.common.common.code.UserErrorCode;
 import net.lab1024.sa.common.common.constant.RequestHeaderConst;
 import net.lab1024.sa.common.common.domain.ResponseDTO;
 import net.lab1024.sa.common.common.util.SmartRequestUtil;
 import net.lab1024.sa.common.module.support.captcha.domain.CaptchaVO;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.security.core.Authentication;
-import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.*;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.validation.Valid;
@@ -38,38 +40,51 @@ public class LoginController {
     private LoginService loginService;
 
     @NoNeedLogin
-    @ApiOperation("登录 @author 卓大")
     @PostMapping("/login")
-    public ResponseDTO<LoginEmployeeDetail> login(@Valid @RequestBody LoginForm loginForm, HttpServletRequest request) {
+    @ApiOperation("登录 @author 卓大")
+    public ResponseDTO<LoginEmployeeDetail> login(@Valid @RequestBody LoginForm loginForm) {
+        HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
         String ip = ServletUtil.getClientIP(request);
         String userAgent = ServletUtil.getHeaderIgnoreCase(request, RequestHeaderConst.USER_AGENT);
         return loginService.login(loginForm, ip, userAgent);
     }
 
-    @ApiOperation("刷新用户信息（包含用户基础信息、权限信息等等）  @author 卓大")
     @GetMapping("/login/refresh")
+    @ApiOperation("刷新用户信息（包含用户基础信息、权限信息等等）  @author 卓大")
     public ResponseDTO<String> refresh() {
-        loginService.removeLoginUserDetailCache(SmartRequestUtil.getUserId());
+        loginService.removeLoginUserDetailCache(SmartRequestUtil.getRequestUserId());
         return ResponseDTO.ok();
     }
 
-    @ApiOperation("获取登录结果信息  @author 卓大")
     @GetMapping("/login/getLoginInfo")
+    @ApiOperation("获取登录结果信息  @author 卓大")
     public ResponseDTO<LoginEmployeeDetail> getLoginInfo() {
-        LoginEmployeeDetail loginEmployeeDetail = loginService.getLoginUserDetailCache(SmartRequestUtil.getUserId());
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        if (authentication == null) {
+            return ResponseDTO.error(UserErrorCode.LOGIN_STATE_INVALID);
+        }
+
+        Object principal = authentication.getPrincipal();
+        if (!(principal instanceof LoginEmployeeDetail)) {
+            return ResponseDTO.error(UserErrorCode.LOGIN_STATE_INVALID);
+        }
+
+        LoginEmployeeDetail loginEmployeeDetail = (LoginEmployeeDetail) authentication.getPrincipal();
+        loginEmployeeDetail.setLoginPassword(null);
         return ResponseDTO.ok(loginEmployeeDetail);
     }
 
-    @ApiOperation("退出登录  @author 卓大")
+    @ApiOperation("退出登陆  @author 卓大")
     @GetMapping("/login/logout")
-    public ResponseDTO<String> logout() {
+    public ResponseDTO<String> logout(@RequestHeader(value = RequestHeaderConst.TOKEN, required = false) String token) {
-        return loginService.logout(SmartRequestUtil.getUser());
+        return loginService.logout(token, SmartRequestUtil.getRequestUser());
     }
 
-    @NoNeedLogin
     @ApiOperation("获取验证码  @author 卓大")
     @GetMapping("/login/getCaptcha")
+    @NoNeedLogin
     public ResponseDTO<CaptchaVO> getCaptcha() {
         return loginService.getCaptcha();
     }
+
 }

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/domain/LoginEmployeeDetail.java

@@ -4,12 +4,17 @@ import com.fasterxml.jackson.annotation.JsonIgnore;
 import io.swagger.annotations.ApiModelProperty;
 import lombok.Data;
 import net.lab1024.sa.admin.module.system.menu.domain.vo.MenuVO;
+import net.lab1024.sa.common.common.domain.RequestUser;
 import net.lab1024.sa.common.common.enumeration.GenderEnum;
 import net.lab1024.sa.common.common.enumeration.UserTypeEnum;
 import net.lab1024.sa.common.common.swagger.ApiModelPropertyEnum;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
 
 import java.time.LocalDateTime;
+import java.util.Collection;
 import java.util.List;
+import java.util.Set;
 
 /**
  * 员工登录
@@ -21,7 +26,7 @@ import java.util.List;
  * @Copyright 1024创新实验室 （ https://1024lab.net ），2012-2022
  */
 @Data
-public class LoginEmployeeDetail {
+public class LoginEmployeeDetail implements UserDetails, RequestUser {
 
     @ApiModelProperty("token")
     private String token;
@@ -73,4 +78,88 @@ public class LoginEmployeeDetail {
 
     @ApiModelProperty("请求user-agent")
     private String userAgent;
+
+    /**
+     * security 权限串
+     */
+    private Set<? extends GrantedAuthority> authorities;
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return authorities;
+    }
+
+    @Override
+    @JsonIgnore
+    public String getPassword() {
+        return this.loginPassword;
+    }
+
+    @Override
+    public String getUsername() {
+        return this.getLoginName();
+    }
+
+    /**
+     * 账户是否未过期,过期无法验证
+     */
+    @Override
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    /**
+     * 指定用户是否解锁,锁定的用户无法进行身份验证
+     *
+     * @return
+     */
+    @Override
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    /**
+     * 指示是否已过期的用户的凭据(密码),过期的凭据防止认证
+     *
+     * @return
+     */
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    /**
+     * 是否可用 ,禁用的用户不能身份验证
+     *
+     * @return
+     */
+    @Override
+    public boolean isEnabled() {
+        return true;
+    }
+
+    @Override
+    public Long getUserId() {
+        return employeeId;
+    }
+
+    @Override
+    public String getUserName() {
+        return actualName;
+    }
+
+    @Override
+    public UserTypeEnum getUserType() {
+        return userType;
+    }
+
+    @Override
+    public String getIp() {
+        return this.ip;
+    }
+
+    @Override
+    public String getUserAgent() {
+        return this.userAgent;
+    }
 }

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/domain/LoginForm.java

@@ -24,8 +24,8 @@ import javax.validation.constraints.Pattern;
 @Data
 public class LoginForm extends CaptchaForm {
 
-    @ApiModelProperty("登录账号")
+    @ApiModelProperty("登录名")
-    @NotBlank(message = "登录账号不能为空")
+    @NotBlank(message = "登录名不能为空")
     @Length(max = 30, message = "登录账号最多30字符")
     private String loginName;
 
@@ -34,7 +34,8 @@ public class LoginForm extends CaptchaForm {
     @Pattern(regexp = SmartVerificationUtil.PWD_REGEXP, message = "请输入6-15位密码(数字|大小写字母|小数点)")
     private String password;
 
-    @ApiModelPropertyEnum(desc = "登录终端", value = LoginDeviceEnum.class)
+    @ApiModelProperty(value = "登录终端")
-    @CheckEnum(value = LoginDeviceEnum.class, required = true, message = "登录终端类型错误")
+    @ApiModelPropertyEnum(LoginDeviceEnum.class)
+    @CheckEnum(value = LoginDeviceEnum.class, required = true, message = "此终端不允许登录")
     private Integer loginDevice;
 }

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/login/service/LoginService.java

@@ -1,5 +1,6 @@
 package net.lab1024.sa.admin.module.system.login.service;
 
+import cn.hutool.extra.servlet.ServletUtil;
 import com.googlecode.concurrentlinkedhashmap.ConcurrentLinkedHashMap;
 import lombok.extern.slf4j.Slf4j;
 import net.lab1024.sa.admin.module.system.department.domain.vo.DepartmentVO;
@@ -10,6 +11,7 @@ import net.lab1024.sa.admin.module.system.employee.service.EmployeeService;
 import net.lab1024.sa.admin.module.system.login.domain.LoginEmployeeDetail;
 import net.lab1024.sa.admin.module.system.login.domain.LoginForm;
 import net.lab1024.sa.admin.module.system.menu.domain.vo.MenuVO;
+import net.lab1024.sa.common.common.constant.RequestHeaderConst;
 import net.lab1024.sa.common.common.constant.StringConst;
 import net.lab1024.sa.common.common.domain.RequestUser;
 import net.lab1024.sa.common.common.domain.ResponseDTO;
@@ -29,6 +31,7 @@ import net.lab1024.sa.common.module.support.token.TokenService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import javax.servlet.http.HttpServletRequest;
 import java.time.LocalDateTime;
 import java.util.List;
 import java.util.concurrent.ConcurrentMap;
@@ -52,6 +55,9 @@ public class LoginService {
     @Autowired
     private DepartmentService departmentService;
 
+    @Autowired
+    private TokenService tokenService;
+
     @Autowired
     private CaptchaService captchaService;
 
@@ -64,9 +70,6 @@ public class LoginService {
     @Autowired
     private LoginLogService loginLogService;
 
-    @Autowired
-    private TokenService tokenService;
-
     /**
      * 登录信息二级缓存
      */
@@ -85,11 +88,13 @@ public class LoginService {
      * 员工登陆
      *
      * @param loginForm
-     * @param ip
-     * @param userAgent
      * @return 返回用户登录信息
      */
     public ResponseDTO<LoginEmployeeDetail> login(LoginForm loginForm, String ip, String userAgent) {
+        LoginDeviceEnum loginDeviceEnum = SmartEnumUtil.getEnumByValue(loginForm.getLoginDevice(), LoginDeviceEnum.class);
+        if (loginDeviceEnum == null) {
+            return ResponseDTO.userErrorParam("登录设备暂不支持！");
+        }
         // 校验 图形验证码
         ResponseDTO<String> checkCaptcha = captchaService.checkCaptcha(loginForm);
         if (!checkCaptcha.getOk()) {
@@ -121,9 +126,8 @@ public class LoginService {
         }
 
         // 生成 登录token，保存token
-        boolean superPasswordFlag = superPassword.equals(requestPassword);
+        Boolean superPasswordFlag = superPassword.equals(requestPassword);
-        LoginDeviceEnum loginDeviceEnum = SmartEnumUtil.getEnumByValue(loginForm.getLoginDevice(), LoginDeviceEnum.class);
+        String token = tokenService.generateToken(employeeEntity.getEmployeeId(), employeeEntity.getActualName(), UserTypeEnum.ADMIN_EMPLOYEE, loginDeviceEnum, superPasswordFlag);
-        String token = tokenService.generateToken(employeeEntity.getEmployeeId(), employeeEntity.getActualName(), UserTypeEnum.ADMIN_EMPLOYEE, loginDeviceEnum);
 
         //获取员工登录信息
         LoginEmployeeDetail loginEmployeeDetail = loadLoginInfo(employeeEntity);
@@ -160,6 +164,8 @@ public class LoginService {
         List<MenuVO> menuAndPointsList = employeePermissionService.getEmployeeMenuAndPointsList(employeeEntity.getEmployeeId(), employeeEntity.getAdministratorFlag());
         //前端菜单
         loginEmployeeDetail.setMenuList(menuAndPointsList);
+        //后端权限
+        loginEmployeeDetail.setAuthorities(employeePermissionService.buildAuthorities(menuAndPointsList));
 
         //上次登录信息
         LoginLogVO loginLogVO = loginLogService.queryLastByUserId(employeeEntity.getEmployeeId(), UserTypeEnum.ADMIN_EMPLOYEE);
@@ -193,15 +199,6 @@ public class LoginService {
         loginLogService.log(loginEntity);
     }
 
-    /**
-     * 查询用户信息缓存
-     *
-     * @param requestUserId
-     */
-    public LoginEmployeeDetail getLoginUserDetailCache(Long requestUserId) {
-        return loginUserDetailCache.get(requestUserId);
-    }
-
 
     /**
      * 移除用户信息缓存
@@ -212,14 +209,47 @@ public class LoginService {
         loginUserDetailCache.remove(requestUserId);
     }
 
+    /**
+     * 根据登陆token 获取员请求工信息
+     *
+     * @param
+     * @return
+     */
+    public LoginEmployeeDetail getLoginUserDetail(String token, HttpServletRequest request) {
+        Long requestUserId = tokenService.getUserIdAndValidateToken(token);
+        if (requestUserId == null) {
+            return null;
+        }
+        // 查询用户信息
+        LoginEmployeeDetail loginEmployeeDetail = loginUserDetailCache.get(requestUserId);
+        if (loginEmployeeDetail == null) {
+            // 员工基本信息
+            EmployeeEntity employeeEntity = employeeService.getById(requestUserId);
+            if (employeeEntity == null) {
+                return null;
+            }
+
+            loginEmployeeDetail = this.loadLoginInfo(employeeEntity);
+            loginEmployeeDetail.setToken(token);
+            loginUserDetailCache.put(requestUserId, loginEmployeeDetail);
+        }
+
+        //更新请求ip和user agent
+        loginEmployeeDetail.setUserAgent(ServletUtil.getHeaderIgnoreCase(request, RequestHeaderConst.USER_AGENT));
+        loginEmployeeDetail.setIp(ServletUtil.getClientIP(request));
+
+        return loginEmployeeDetail;
+    }
+
+
     /**
      * 退出登陆，清除token缓存
      *
      * @return
      */
-    public ResponseDTO<String> logout(RequestUser requestUser) {
+    public ResponseDTO<String> logout(String token, RequestUser requestUser) {
         loginUserDetailCache.remove(requestUser.getUserId());
-        tokenService.removeToken();
+        tokenService.removeToken(token);
         //保存登出日志
         saveLogoutLog(requestUser, requestUser.getIp(), requestUser.getUserAgent());
         return ResponseDTO.ok();

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/menu/constant/MenuTypeEnum.java

@@ -1,8 +1,6 @@
 package net.lab1024.sa.admin.module.system.menu.constant;
 
 
-import lombok.AllArgsConstructor;
-import lombok.Getter;
 import net.lab1024.sa.common.common.enumeration.BaseEnum;
 
 /**
@@ -14,8 +12,6 @@ import net.lab1024.sa.common.common.enumeration.BaseEnum;
  * @Email lab1024@163.com
  * @Copyright 1024创新实验室 （ https://1024lab.net ）
  */
-@Getter
-@AllArgsConstructor
 public enum MenuTypeEnum implements BaseEnum {
     /**
      * 目录
@@ -30,7 +26,23 @@ public enum MenuTypeEnum implements BaseEnum {
      */
     POINTS(3, "功能点");
 
-    private final Integer value;
+    private Integer value;
 
-    private final String desc;
+    private String desc;
+
+
+    MenuTypeEnum(Integer value, String desc) {
+        this.value = value;
+        this.desc = desc;
+    }
+
+    @Override
+    public Integer getValue() {
+        return value;
+    }
+
+    @Override
+    public String getDesc() {
+        return desc;
+    }
 }

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/menu/controller/MenuController.java

@@ -14,6 +14,7 @@ import net.lab1024.sa.common.common.domain.ResponseDTO;
 import net.lab1024.sa.common.common.util.SmartRequestUtil;
 import net.lab1024.sa.common.module.support.operatelog.annoation.OperateLog;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
@@ -38,22 +39,25 @@ public class MenuController extends AdminBaseController {
 
     @ApiOperation(value = "添加菜单 @author 卓大")
     @PostMapping("/menu/add")
+    @PreAuthorize("@saAuth.checkPermission('system:menu:add')")
     public ResponseDTO<String> addMenu(@RequestBody @Valid MenuAddForm menuAddForm) {
-        menuAddForm.setCreateUserId(SmartRequestUtil.getUserId());
+        menuAddForm.setCreateUserId(SmartRequestUtil.getRequestUserId());
         return menuService.addMenu(menuAddForm);
     }
 
     @ApiOperation(value = "更新菜单 @author 卓大")
     @PostMapping("/menu/update")
+    @PreAuthorize("@saAuth.checkPermission('system:menu:update')")
     public ResponseDTO<String> updateMenu(@RequestBody @Valid MenuUpdateForm menuUpdateForm) {
-        menuUpdateForm.setUpdateUserId(SmartRequestUtil.getUserId());
+        menuUpdateForm.setUpdateUserId(SmartRequestUtil.getRequestUserId());
         return menuService.updateMenu(menuUpdateForm);
     }
 
     @ApiOperation(value = "批量删除菜单 @author 卓大")
     @GetMapping("/menu/batchDelete")
+    @PreAuthorize("@saAuth.checkPermission('system:menu:delete,system:menu:batch:delete')")
     public ResponseDTO<String> batchDeleteMenu(@RequestParam("menuIdList") List<Long> menuIdList) {
-        return menuService.batchDeleteMenu(menuIdList, SmartRequestUtil.getUserId());
+        return menuService.batchDeleteMenu(menuIdList, SmartRequestUtil.getRequestUserId());
     }
 
     @ApiOperation(value = "查询菜单列表 @author 卓大")

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/menu/service/MenuCacheService.java

@@ -1,55 +0,0 @@
-package net.lab1024.sa.admin.module.system.menu.service;
-
-import net.lab1024.sa.admin.module.system.menu.constant.MenuTypeEnum;
-import net.lab1024.sa.admin.module.system.menu.dao.MenuDao;
-import net.lab1024.sa.admin.module.system.menu.domain.entity.MenuEntity;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Service;
-
-import java.util.List;
-import java.util.Objects;
-import java.util.stream.Collectors;
-
-/**
- * 功能菜单业务
- *
- * @author Turbolisten
- * @date 2023/7/20 19:04
- */
-@Service
-public class MenuCacheService {
-
-    @Autowired
-    private MenuDao menuDao;
-
-    private static volatile List<String> MENU_URL_CACHE = null;
-
-    /**
-     * 查询 需要校验权限的url
-     *
-     * @return
-     */
-    public List<String> queryNeedCheckPermissionsUrl() {
-        if (null != MENU_URL_CACHE) {
-            return MENU_URL_CACHE;
-        }
-        synchronized (MenuCacheService.class) {
-            if (null != MENU_URL_CACHE) {
-                return MENU_URL_CACHE;
-            }
-            // TODO listen 待确定哪个字段做为url
-            MENU_URL_CACHE = menuDao.queryMenuByType(MenuTypeEnum.POINTS.getValue(), false, false)
-                    .stream()
-                    .map(MenuEntity::getApiPerms)
-                    .filter(Objects::nonNull)
-                    .distinct()
-                    .collect(Collectors.toList());
-            return MENU_URL_CACHE;
-        }
-    }
-
-    public static void clearCache() {
-        MENU_URL_CACHE = null;
-    }
-
-}

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/menu/service/MenuService.java

@@ -65,12 +65,6 @@ public class MenuService {
             menuEntity.setApiPerms(perms);
         }
         menuDao.insert(menuEntity);
-
-        // 清除权限缓存
-        if (MenuTypeEnum.POINTS.equalsValue(menuEntity.getMenuType())) {
-            MenuCacheService.clearCache();
-        }
-
         return ResponseDTO.ok();
     }
 
@@ -108,11 +102,6 @@ public class MenuService {
             menuEntity.setApiPerms(perms);
         }
         menuDao.updateById(menuEntity);
-
-        // 清除权限缓存
-        if (MenuTypeEnum.POINTS.equalsValue(menuEntity.getMenuType())) {
-            MenuCacheService.clearCache();
-        }
         return ResponseDTO.ok();
     }
 
@@ -129,11 +118,8 @@ public class MenuService {
             return ResponseDTO.userErrorParam("所选菜单不能为空");
         }
         menuDao.deleteByMenuIdList(menuIdList, employeeId, Boolean.TRUE);
-        // 子节点也需要删除
+        //孩子节点也需要删除
         this.recursiveDeleteChildren(menuIdList, employeeId);
-
-        // 清除权限缓存
-        MenuCacheService.clearCache();
         return ResponseDTO.ok();
     }
 

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/role/controller/RoleController.java

@@ -11,6 +11,7 @@ import net.lab1024.sa.admin.module.system.role.service.RoleService;
 import net.lab1024.sa.common.common.domain.ResponseDTO;
 import net.lab1024.sa.common.module.support.operatelog.annoation.OperateLog;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
@@ -35,18 +36,21 @@ public class RoleController extends AdminBaseController {
 
     @ApiOperation("添加角色 @author 卓大")
     @PostMapping("/role/add")
+    @PreAuthorize("@saAuth.checkPermission('system:role:add')")
     public ResponseDTO addRole(@Valid @RequestBody RoleAddForm roleAddForm) {
         return roleService.addRole(roleAddForm);
     }
 
     @ApiOperation("删除角色 @author 卓大")
     @GetMapping("/role/delete/{roleId}")
+    @PreAuthorize("@saAuth.checkPermission('system:role:delete')")
     public ResponseDTO<String> deleteRole(@PathVariable Long roleId) {
         return roleService.deleteRole(roleId);
     }
 
     @ApiOperation("更新角色 @author 卓大")
     @PostMapping("/role/update")
+    @PreAuthorize("@saAuth.checkPermission('system:role:update')")
     public ResponseDTO<String> updateRole(@Valid @RequestBody RoleUpdateForm roleUpdateDTO) {
         return roleService.updateRole(roleUpdateDTO);
     }

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/role/controller/RoleDataScopeController.java

@@ -10,6 +10,7 @@ import net.lab1024.sa.admin.module.system.role.service.RoleDataScopeService;
 import net.lab1024.sa.common.common.domain.ResponseDTO;
 import net.lab1024.sa.common.module.support.operatelog.annoation.OperateLog;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
@@ -40,6 +41,7 @@ public class RoleDataScopeController extends AdminBaseController {
 
     @ApiOperation(value = "批量设置某角色数据范围 @author 卓大")
     @PostMapping("/role/dataScope/updateRoleDataScopeList")
+    @PreAuthorize("@saAuth.checkPermission('system:role:dataScope:update')")
     public ResponseDTO<String> updateRoleDataScopeList(@RequestBody @Valid RoleDataScopeUpdateForm roleDataScopeUpdateForm) {
         return roleDataScopeService.updateRoleDataScopeList(roleDataScopeUpdateForm);
     }

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/role/controller/RoleEmployeeController.java

@@ -13,6 +13,7 @@ import net.lab1024.sa.common.common.domain.PageResult;
 import net.lab1024.sa.common.common.domain.ResponseDTO;
 import net.lab1024.sa.common.module.support.operatelog.annoation.OperateLog;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
@@ -49,18 +50,21 @@ public class RoleEmployeeController extends AdminBaseController {
 
     @ApiOperation(value = "从角色成员列表中移除员工 @author 卓大")
     @GetMapping("/role/employee/removeEmployee")
+    @PreAuthorize("@saAuth.checkPermission('system:role:employee:delete')")
     public ResponseDTO<String> removeEmployee(Long employeeId, Long roleId) {
         return roleEmployeeService.removeRoleEmployee(employeeId, roleId);
     }
 
     @ApiOperation(value = "从角色成员列表中批量移除员工 @author 卓大")
     @PostMapping("/role/employee/batchRemoveRoleEmployee")
+    @PreAuthorize("@saAuth.checkPermission('system:role:employee:batch:delete')")
     public ResponseDTO<String> batchRemoveEmployee(@Valid @RequestBody RoleEmployeeUpdateForm updateForm) {
         return roleEmployeeService.batchRemoveRoleEmployee(updateForm);
     }
 
     @ApiOperation(value = "角色成员列表中批量添加员工 @author 卓大")
     @PostMapping("/role/employee/batchAddRoleEmployee")
+    @PreAuthorize("@saAuth.checkPermission('system:role:employee:add')")
     public ResponseDTO<String> addEmployeeList(@Valid @RequestBody RoleEmployeeUpdateForm addForm) {
         return roleEmployeeService.batchAddRoleEmployee(addForm);
     }

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/role/controller/RoleMenuController.java

@@ -10,6 +10,7 @@ import net.lab1024.sa.admin.module.system.role.service.RoleMenuService;
 import net.lab1024.sa.common.common.domain.ResponseDTO;
 import net.lab1024.sa.common.module.support.operatelog.annoation.OperateLog;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
@@ -33,6 +34,7 @@ public class RoleMenuController extends AdminBaseController {
 
     @ApiOperation("更新角色权限 @author 卓大")
     @PostMapping("/role/menu/updateRoleMenu")
+    @PreAuthorize("@saAuth.checkPermission('system:role:menu:update')")
     public ResponseDTO<String> updateRoleMenu(@Valid @RequestBody RoleMenuUpdateForm updateDTO) {
         return roleMenuService.updateRoleMenu(updateDTO);
     }

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/role/service/RoleEmployeeService.java

@@ -1,23 +1,23 @@
 package net.lab1024.sa.admin.module.system.role.service;
 
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
-import net.lab1024.sa.admin.module.system.department.dao.DepartmentDao;
-import net.lab1024.sa.admin.module.system.department.domain.entity.DepartmentEntity;
-import net.lab1024.sa.admin.module.system.employee.domain.vo.EmployeeVO;
-import net.lab1024.sa.admin.module.system.employee.service.EmployeePermissionService;
 import net.lab1024.sa.admin.module.system.role.dao.RoleDao;
 import net.lab1024.sa.admin.module.system.role.dao.RoleEmployeeDao;
-import net.lab1024.sa.admin.module.system.role.domain.entity.RoleEmployeeEntity;
 import net.lab1024.sa.admin.module.system.role.domain.entity.RoleEntity;
 import net.lab1024.sa.admin.module.system.role.domain.form.RoleEmployeeQueryForm;
 import net.lab1024.sa.admin.module.system.role.domain.form.RoleEmployeeUpdateForm;
 import net.lab1024.sa.admin.module.system.role.domain.vo.RoleSelectedVO;
-import net.lab1024.sa.admin.module.system.role.manager.RoleEmployeeManager;
+import net.lab1024.sa.common.common.code.UserErrorCode;
 import net.lab1024.sa.common.common.constant.StringConst;
 import net.lab1024.sa.common.common.domain.PageResult;
 import net.lab1024.sa.common.common.domain.ResponseDTO;
 import net.lab1024.sa.common.common.util.SmartBeanUtil;
 import net.lab1024.sa.common.common.util.SmartPageUtil;
+import net.lab1024.sa.admin.module.system.department.dao.DepartmentDao;
+import net.lab1024.sa.admin.module.system.department.domain.entity.DepartmentEntity;
+import net.lab1024.sa.admin.module.system.employee.domain.vo.EmployeeVO;
+import net.lab1024.sa.admin.module.system.role.domain.entity.RoleEmployeeEntity;
+import net.lab1024.sa.admin.module.system.role.manager.RoleEmployeeManager;
 import org.apache.commons.collections4.CollectionUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
@@ -90,9 +90,6 @@ public class RoleEmployeeService {
             return ResponseDTO.userErrorParam();
         }
         roleEmployeeDao.deleteByEmployeeIdRoleId(employeeId, roleId);
-
-        // 清理员工角色缓存
-        EmployeePermissionService.clearUserRoleCache(employeeId);
         return ResponseDTO.ok();
     }
 
@@ -103,11 +100,7 @@ public class RoleEmployeeService {
      * @return ResponseDTO<String>
      */
     public ResponseDTO<String> batchRemoveRoleEmployee(RoleEmployeeUpdateForm roleEmployeeUpdateForm) {
-        List<Long> employeeIdList = roleEmployeeUpdateForm.getEmployeeIdList();
+        roleEmployeeDao.batchDeleteEmployeeRole(roleEmployeeUpdateForm.getRoleId(), roleEmployeeUpdateForm.getEmployeeIdList());
-        roleEmployeeDao.batchDeleteEmployeeRole(roleEmployeeUpdateForm.getRoleId(), employeeIdList);
-
-        // 清理员工角色缓存
-        employeeIdList.forEach(EmployeePermissionService::clearUserRoleCache);
         return ResponseDTO.ok();
     }
 
@@ -129,9 +122,6 @@ public class RoleEmployeeService {
         }
         // 保存数据
         roleEmployeeManager.saveRoleEmployee(roleId, roleEmployeeList);
-
-        // 清理员工角色缓存
-        employeeIdList.forEach(EmployeePermissionService::clearUserRoleCache);
         return ResponseDTO.ok();
     }
 

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/role/service/RoleMenuService.java

@@ -1,7 +1,6 @@
 package net.lab1024.sa.admin.module.system.role.service;
 
 import com.google.common.collect.Lists;
-import net.lab1024.sa.admin.module.system.employee.service.EmployeePermissionService;
 import net.lab1024.sa.admin.module.system.menu.dao.MenuDao;
 import net.lab1024.sa.admin.module.system.menu.domain.entity.MenuEntity;
 import net.lab1024.sa.admin.module.system.menu.domain.vo.MenuSimpleTreeVO;
@@ -68,10 +67,7 @@ public class RoleMenuService {
             roleMenuEntity.setMenuId(menuId);
             roleMenuEntityList.add(roleMenuEntity);
         }
-        roleMenuManager.updateRoleMenu(roleId, roleMenuEntityList);
+        roleMenuManager.updateRoleMenu(roleMenuUpdateForm.getRoleId(), roleMenuEntityList);
-
-        // 清理角色缓存
-        EmployeePermissionService.clearRoleCache(roleId);
         return ResponseDTO.ok();
     }
 
@@ -81,9 +77,9 @@ public class RoleMenuService {
      * @param roleIdList
      * @return
      */
-    public List<MenuVO> getMenuList(List<Long> roleIdList, Boolean adminFlag) {
+    public List<MenuVO> getMenuList(List<Long> roleIdList, Boolean administratorFlag) {
-        // 超管返回所有菜单
+        //管理员返回所有菜单
-        if(adminFlag){
+        if(administratorFlag){
             List<MenuEntity> menuEntityList = roleMenuDao.selectMenuListByRoleIdList(Lists.newArrayList(), false);
             return SmartBeanUtil.copyList(menuEntityList, MenuVO.class);
         }

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/role/service/RoleService.java

@@ -1,6 +1,5 @@
 package net.lab1024.sa.admin.module.system.role.service;
 
-import net.lab1024.sa.admin.module.system.employee.service.EmployeePermissionService;
 import net.lab1024.sa.admin.module.system.role.dao.RoleDao;
 import net.lab1024.sa.admin.module.system.role.dao.RoleEmployeeDao;
 import net.lab1024.sa.admin.module.system.role.dao.RoleMenuDao;
@@ -69,9 +68,6 @@ public class RoleService {
         roleDao.deleteById(roleId);
         roleMenuDao.deleteByRoleId(roleId);
         roleEmployeeDao.deleteByRoleId(roleId);
-
-        // 清理角色缓存
-        EmployeePermissionService.clearRoleCache(roleId);
         return ResponseDTO.ok();
     }
 

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminCacheController.java

@@ -7,6 +7,7 @@ import net.lab1024.sa.common.common.domain.ResponseDTO;
 import net.lab1024.sa.common.constant.SwaggerTagConst;
 import net.lab1024.sa.common.module.support.cache.CacheService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RestController;
@@ -37,6 +38,7 @@ public class AdminCacheController extends SupportBaseController {
 
 
     @ApiOperation(value = "移除某个缓存 @author 罗伊")
+    @PreAuthorize("@saAuth.checkPermission('support:cache:delete')")
     @GetMapping("/cache/remove/{cacheName}")
     public ResponseDTO<String> removeCache(@PathVariable String cacheName) {
         cacheService.removeCache(cacheName);
@@ -45,6 +47,7 @@ public class AdminCacheController extends SupportBaseController {
 
 
     @ApiOperation(value = "获取某个缓存的所有key @author 罗伊")
+    @PreAuthorize("@saAuth.checkPermission('support:cache:keys')")
     @GetMapping("/cache/keys/{cacheName}")
     public ResponseDTO<List<String>> cacheKeys(@PathVariable String cacheName) {
         return ResponseDTO.ok(cacheService.cacheKey(cacheName));

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminChangeLogController.java

@@ -9,6 +9,7 @@ import net.lab1024.sa.common.module.support.changelog.domain.form.ChangeLogAddFo
 import net.lab1024.sa.common.module.support.changelog.domain.form.ChangeLogUpdateForm;
 import net.lab1024.sa.common.module.support.changelog.service.ChangeLogService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
@@ -30,23 +31,27 @@ public class AdminChangeLogController {
 
     @ApiOperation("添加 @author 卓大")
     @PostMapping("/changeLog/add")
+    @PreAuthorize("@saAuth.checkPermission('changeLog:add')")
     public ResponseDTO<String> add(@RequestBody @Valid ChangeLogAddForm addForm) {
         return changeLogService.add(addForm);
     }
 
     @ApiOperation("更新 @author 卓大")
+    @PreAuthorize("@saAuth.checkPermission('changeLog:update')")
     @PostMapping("/changeLog/update")
     public ResponseDTO<String> update(@RequestBody @Valid ChangeLogUpdateForm updateForm) {
         return changeLogService.update(updateForm);
     }
 
     @ApiOperation("批量删除 @author 卓大")
+    @PreAuthorize("@saAuth.checkPermission('changeLog:batchDelete')")
     @PostMapping("/changeLog/batchDelete")
     public ResponseDTO<String> batchDelete(@RequestBody ValidateList<Long> idList) {
         return changeLogService.batchDelete(idList);
     }
 
     @ApiOperation("单个删除 @author 卓大")
+    @PreAuthorize("@saAuth.checkPermission('changeLog:delete')")
     @GetMapping("/changeLog/delete/{changeLogId}")
     public ResponseDTO<String> batchDelete(@PathVariable Long changeLogId) {
         return changeLogService.delete(changeLogId);

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminConfigController.java

@@ -12,6 +12,7 @@ import net.lab1024.sa.common.module.support.config.domain.ConfigQueryForm;
 import net.lab1024.sa.common.module.support.config.domain.ConfigUpdateForm;
 import net.lab1024.sa.common.module.support.config.domain.ConfigVO;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
@@ -35,18 +36,21 @@ public class AdminConfigController extends SupportBaseController {
     private ConfigService configService;
 
     @ApiOperation("分页查询系统配置 @author 卓大")
+    @PreAuthorize("@saAuth.checkPermission('support:config:query')")
     @PostMapping("/config/query")
     public ResponseDTO<PageResult<ConfigVO>> querySystemConfigPage(@RequestBody @Valid ConfigQueryForm queryForm) {
         return configService.queryConfigPage(queryForm);
     }
 
     @ApiOperation("添加配置参数 @author 卓大")
+    @PreAuthorize("@saAuth.checkPermission('support:config:add')")
     @PostMapping("/config/add")
     public ResponseDTO<String> addSystemConfig(@RequestBody @Valid ConfigAddForm configAddForm) {
         return configService.add(configAddForm);
     }
 
     @ApiOperation("修改配置参数 @author 卓大")
+    @PreAuthorize("@saAuth.checkPermission('support:config:update')")
     @PostMapping("/config/update")
     public ResponseDTO<String> updateSystemConfig(@RequestBody @Valid ConfigUpdateForm updateForm) {
         return configService.updateSystemConfig(updateForm);

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminFileController.java

@@ -10,6 +10,7 @@ import net.lab1024.sa.common.module.support.file.domain.form.FileQueryForm;
 import net.lab1024.sa.common.module.support.file.domain.vo.FileVO;
 import net.lab1024.sa.common.module.support.file.service.FileService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
@@ -33,6 +34,7 @@ public class AdminFileController extends SupportBaseController {
     private FileService fileService;
 
     @ApiOperation("分页查询 @author 1024创新实验室-主任-卓大")
+    @PreAuthorize("@saAuth.checkPermission('support:file:query')")
     @PostMapping("/file/queryPage")
     public ResponseDTO<PageResult<FileVO>> queryPage(@RequestBody @Valid FileQueryForm queryForm) {
         return ResponseDTO.ok(fileService.queryPage(queryForm));

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminHelpDocController.java

@@ -13,6 +13,7 @@ import net.lab1024.sa.common.module.support.helpdoc.service.HelpDocCatalogServic
 import net.lab1024.sa.common.module.support.helpdoc.service.HelpDocService;
 import net.lab1024.sa.common.module.support.repeatsubmit.annoation.RepeatSubmit;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
@@ -41,12 +42,14 @@ public class AdminHelpDocController extends SupportBaseController {
 
 
     @ApiOperation("帮助文档目录-添加 @author 卓大")
+    @PreAuthorize("@saAuth.checkPermission('helpDocCatalog:addCategory')")
     @PostMapping("/helpDoc/helpDocCatalog/add")
     public ResponseDTO<String> addHelpDocCatalog(@RequestBody @Valid HelpDocCatalogAddForm helpDocCatalogAddForm) {
         return helpDocCatalogService.add(helpDocCatalogAddForm);
     }
 
     @ApiOperation("帮助文档目录-更新 @author 卓大")
+    @PreAuthorize("@saAuth.checkPermission('helpDocCatalog:edit')")
     @PostMapping("/helpDoc/helpDocCatalog/update")
     public ResponseDTO<String> updateHelpDocCatalog(@RequestBody @Valid HelpDocCatalogUpdateForm helpDocCatalogUpdateForm) {
         return helpDocCatalogService.update(helpDocCatalogUpdateForm);
@@ -61,6 +64,7 @@ public class AdminHelpDocController extends SupportBaseController {
     // --------------------- 帮助文档 【管理:增、删、查、改】-------------------------
 
     @ApiOperation("【管理】帮助文档-分页查询 @author 卓大")
+    @PreAuthorize("@saAuth.checkPermission('helpDoc:query')")
     @PostMapping("/helpDoc/query")
     public ResponseDTO<PageResult<HelpDocVO>> query(@RequestBody @Valid HelpDocQueryForm queryForm) {
         return ResponseDTO.ok(helpDocService.query(queryForm));
@@ -73,6 +77,7 @@ public class AdminHelpDocController extends SupportBaseController {
     }
 
     @ApiOperation("【管理】帮助文档-添加 @author 卓大")
+    @PreAuthorize("@saAuth.checkPermission('helpDoc:add')")
     @PostMapping("/helpDoc/add")
     @RepeatSubmit
     public ResponseDTO<String> add(@RequestBody @Valid HelpDocAddForm addForm) {
@@ -80,6 +85,7 @@ public class AdminHelpDocController extends SupportBaseController {
     }
 
     @ApiOperation("【管理】帮助文档-更新 @author 卓大")
+    @PreAuthorize("@saAuth.checkPermission('helpDoc:update')")
     @PostMapping("/helpDoc/update")
     @RepeatSubmit
     public ResponseDTO<String> update(@RequestBody @Valid HelpDocUpdateForm updateForm) {
@@ -87,6 +93,7 @@ public class AdminHelpDocController extends SupportBaseController {
     }
 
     @ApiOperation("【管理】帮助文档-删除 @author 卓大")
+    @PreAuthorize("@saAuth.checkPermission('helpDoc:delete')")
     @GetMapping("/helpDoc/delete/{helpDocId}")
     public ResponseDTO<String> delete(@PathVariable Long helpDocId) {
         return helpDocService.delete(helpDocId);

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminLoginLogController.java

@@ -10,6 +10,7 @@ import net.lab1024.sa.common.module.support.loginlog.LoginLogService;
 import net.lab1024.sa.common.module.support.loginlog.domain.LoginLogQueryForm;
 import net.lab1024.sa.common.module.support.loginlog.domain.LoginLogVO;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RestController;
@@ -31,6 +32,7 @@ public class AdminLoginLogController extends SupportBaseController {
     private LoginLogService loginLogService;
 
     @ApiOperation(value = "分页查询 @author 卓大")
+    @PreAuthorize("@saAuth.checkPermission('loginLog:query')")
     @PostMapping("/loginLog/page/query")
     public ResponseDTO<PageResult<LoginLogVO>> queryByPage(@RequestBody LoginLogQueryForm queryForm) {
         return loginLogService.queryByPage(queryForm);

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminOperateLogController.java

@@ -10,6 +10,7 @@ import net.lab1024.sa.common.module.support.operatelog.OperateLogService;
 import net.lab1024.sa.common.module.support.operatelog.domain.OperateLogQueryForm;
 import net.lab1024.sa.common.module.support.operatelog.domain.OperateLogVO;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 /**
@@ -29,12 +30,14 @@ public class AdminOperateLogController extends SupportBaseController {
     private OperateLogService operateLogService;
 
     @ApiOperation(value = "分页查询 @author 罗伊")
+    @PreAuthorize("@saAuth.checkPermission('operateLog:query')")
     @PostMapping("/operateLog/page/query")
     public ResponseDTO<PageResult<OperateLogVO>> queryByPage(@RequestBody OperateLogQueryForm queryForm) {
         return operateLogService.queryByPage(queryForm);
     }
 
     @ApiOperation(value = "详情 @author 罗伊")
+    @PreAuthorize("@saAuth.checkPermission('operateLog:detail')")
     @GetMapping("/operateLog/detail/{operateLogId}")
     public ResponseDTO<OperateLogVO> detail(@PathVariable Long operateLogId) {
         return operateLogService.detail(operateLogId);

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminReloadController.java

@@ -10,6 +10,7 @@ import net.lab1024.sa.common.module.support.reload.domain.ReloadForm;
 import net.lab1024.sa.common.module.support.reload.domain.ReloadItemVO;
 import net.lab1024.sa.common.module.support.reload.domain.ReloadResultVO;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
@@ -38,12 +39,14 @@ public class AdminReloadController extends SupportBaseController {
     }
 
     @ApiOperation(value = "获取reload result @author 开云")
+    @PreAuthorize("@saAuth.checkPermission('support:reload:result')")
     @GetMapping("/reload/result/{tag}")
     public ResponseDTO<List<ReloadResultVO>> queryReloadResult(@PathVariable("tag") String tag) {
         return reloadService.queryReloadItemResult(tag);
     }
 
     @ApiOperation(value = "通过tag更新标识 @author 开云")
+    @PreAuthorize("@saAuth.checkPermission('support:reload:execute')")
     @PostMapping("/reload/update")
     public ResponseDTO<String> updateByTag(@RequestBody @Valid ReloadForm reloadForm) {
         return reloadService.updateByTag(reloadForm);

smart-admin-api/sa-admin/src/main/java/net/lab1024/sa/admin/module/system/support/AdminSerialNumberController.java

@@ -16,6 +16,7 @@ import net.lab1024.sa.common.module.support.serialnumber.domain.SerialNumberReco
 import net.lab1024.sa.common.module.support.serialnumber.service.SerialNumberRecordService;
 import net.lab1024.sa.common.module.support.serialnumber.service.SerialNumberService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -47,6 +48,7 @@ public class AdminSerialNumberController extends SupportBaseController {
     private SerialNumberRecordService serialNumberRecordService;
 
     @ApiOperation("生成单号 @author 卓大")
+    @PreAuthorize("@saAuth.checkPermission('support:serial:number:generate')")
     @PostMapping("/serialNumber/generate")
     public ResponseDTO<List<String>> generate(@RequestBody @Valid SerialNumberGenerateForm generateForm) {
         SerialNumberIdEnum serialNumberIdEnum = SmartEnumUtil.getEnumByValue(generateForm.getSerialNumberId(), SerialNumberIdEnum.class);
@@ -63,6 +65,7 @@ public class AdminSerialNumberController extends SupportBaseController {
     }
 
     @ApiOperation("获取生成记录 @author 卓大")
+    @PreAuthorize("@saAuth.checkPermission('support:serial:number:record')")
     @PostMapping("/serialNumber/queryRecord")
     public ResponseDTO<PageResult<SerialNumberRecordEntity>> queryRecord(@RequestBody @Valid SerialNumberRecordQueryForm queryForm) {
         return ResponseDTO.ok(serialNumberRecordService.query(queryForm));

smart-admin-api/sa-common/pom.xml

@@ -49,19 +49,12 @@
             </exclusions>
         </dependency>
 
-        <!-- sa-token start -->
+        <!-- spring security -->
         <dependency>
-            <groupId>cn.dev33</groupId>
+            <groupId>org.springframework.boot</groupId>
-            <artifactId>sa-token-spring-boot-starter</artifactId>
+            <artifactId>spring-boot-starter-security</artifactId>
         </dependency>
 
-        <dependency>
-            <groupId>cn.dev33</groupId>
-            <artifactId>sa-token-redis-jackson</artifactId>
-        </dependency>
-
-        <!-- sa-token end -->
-
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-log4j2</artifactId>

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/annoation/SaAuth.java

@@ -0,0 +1,22 @@
+package net.lab1024.sa.common.common.annoation;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * 校验权限注解
+ *
+ * @Author 1024创新实验室: 罗伊
+ * @Date 2022-05-30 21:22:12
+ * @Wechat zhuoda1024
+ * @Email lab1024@163.com
+ * @Copyright 1024创新实验室 （ https://1024lab.net ）
+ */
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.METHOD)
+public @interface SaAuth {
+
+    String saAuth = "saAuth";
+}

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/code/UserErrorCode.java

@@ -24,7 +24,7 @@ public enum UserErrorCode implements ErrorCode {
 
     REPEAT_SUBMIT(30004, "亲~您操作的太快了，请稍等下再操作~"),
 
-    NO_PERMISSION(30005, "对不起，您无法访问此内容哦~"),
+    NO_PERMISSION(30005, "对不起，您无法访问此资源哦~"),
 
     DEVELOPING(30006, "系統正在紧急开发中，敬请期待~"),
 
@@ -32,11 +32,7 @@ public enum UserErrorCode implements ErrorCode {
 
     USER_STATUS_ERROR(30008, "用户状态异常"),
 
-    FORM_REPEAT_SUBMIT(30009, "请勿重复提交"),
+    FORM_REPEAT_SUBMIT(30009, "请勿重复提交");
-
-    LOGIN_FROM_OTHER(30010, "您的账号已在其他地方登录"),
-
-    ;
 
     private final int code;
 

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/constant/StringConst.java

@@ -26,11 +26,6 @@ public class StringConst {
      */
     public static final String HORIZONTAL = "-";
 
-    /**
-     * 全局通用 冒号
-     */
-    public static final String COLON = ":";
-
     /**
      * 全局通用分隔符
      */

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/domain/RequestUrlVO.java

@@ -18,6 +18,9 @@ public class RequestUrlVO {
     @ApiModelProperty("注释说明")
     private String comment;
 
+    @ApiModelProperty("controller.method")
+    private String name;
+
     @ApiModelProperty("url")
     private String url;
 }

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/domain/RequestUser.java

@@ -1,11 +1,9 @@
 package net.lab1024.sa.common.common.domain;
 
-import lombok.Data;
 import net.lab1024.sa.common.common.enumeration.UserTypeEnum;
 
 /**
  * 请求用户
- * 多系统用户 可以继承此类
  *
  * @Author 1024创新实验室-主任: 卓大
  * @Date 2021-12-21 19:55:07
@@ -13,25 +11,39 @@ import net.lab1024.sa.common.common.enumeration.UserTypeEnum;
  * @Email lab1024@163.com
  * @Copyright 1024创新实验室 （ https://1024lab.net ）
  */
-@Data
+public interface RequestUser {
-public class RequestUser {
 
     /**
-     * 当前请求用户id
+     * 请求用户id
+     *
+     * @return
      */
-    private Long userId;
+    Long getUserId();
 
     /**
-     * 当前请求用户名称
+     * 请求用户名称
+     *
+     * @return
      */
-    private String userName;
+    String getUserName();
 
     /**
-     * 当前请求用户类型
+     * 获取用户类型
      */
-    private UserTypeEnum userType;
+    UserTypeEnum getUserType();
 
-    private String ip;
+    /**
+     * 获取请求的IP
+     *
+     * @return
+     */
+    String getIp();
+
+    /**
+     * 获取请求 user-agent
+     *
+     * @return
+     */
+    String getUserAgent();
 
-    private String userAgent;
 }

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/domain/SystemEnvironment.java

@@ -3,7 +3,7 @@ package net.lab1024.sa.common.common.domain;
 
 import lombok.AllArgsConstructor;
 import lombok.Getter;
-import net.lab1024.sa.common.common.enumeration.SystemEnvEnum;
+import net.lab1024.sa.common.common.enumeration.SystemEnvironmentEnum;
 
 /**
  * 系统环境
@@ -16,7 +16,7 @@ import net.lab1024.sa.common.common.enumeration.SystemEnvEnum;
  */
 @AllArgsConstructor
 @Getter
-public class SystemEnv {
+public class SystemEnvironment {
 
     /**
      * 是否位生产环境
@@ -31,5 +31,5 @@ public class SystemEnv {
     /**
      * 当前环境
      */
-    private SystemEnvEnum currentEnv;
+    private SystemEnvironmentEnum currentEnvironment;
 }

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/enumeration/SystemEnvironmentEnum.java

@@ -15,32 +15,32 @@ import lombok.Getter;
  */
 @AllArgsConstructor
 @Getter
-public enum SystemEnvEnum implements BaseEnum {
+public enum SystemEnvironmentEnum implements BaseEnum {
     /**
      * dev
      */
-    DEV(EnvConst.DEV, "开发环境"),
+    DEV(SystemEnvironmentNameConst.DEV, "开发环境"),
 
     /**
      * test
      */
-    TEST(EnvConst.TEST, "测试环境"),
+    TEST(SystemEnvironmentNameConst.TEST, "测试环境"),
 
     /**
      * pre
      */
-    PRE(EnvConst.PRE, "预发布环境"),
+    PRE(SystemEnvironmentNameConst.PRE, "预发布环境"),
 
     /**
      * prod
      */
-    PROD(EnvConst.PROD, "生产环境");
+    PROD(SystemEnvironmentNameConst.PROD, "生产环境");
 
     private final String value;
 
     private final String desc;
 
-    public static final class EnvConst {
+    public static final class SystemEnvironmentNameConst {
         public static final String DEV = "dev";
         public static final String TEST = "test";
         public static final String PRE = "pre";

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/enumeration/UserTypeEnum.java

@@ -1,8 +1,5 @@
 package net.lab1024.sa.common.common.enumeration;
 
-import lombok.AllArgsConstructor;
-import lombok.Getter;
-
 /**
  * 用户类型
  *
@@ -12,16 +9,29 @@ import lombok.Getter;
  * @Email lab1024@163.com
  * @Copyright 1024创新实验室 （ https://1024lab.net ），2012-2022
  */
-@Getter
-@AllArgsConstructor
 public enum UserTypeEnum implements BaseEnum {
 
     /**
      * 管理端 员工用户
      */
-    ADMIN_EMPLOYEE(1, "管理端-员工");
+    ADMIN_EMPLOYEE(1, "员工");
 
-    private final Integer value;
+    private Integer type;
 
-    private final String desc;
+    private String desc;
+
+    UserTypeEnum(Integer type, String desc) {
+        this.type = type;
+        this.desc = desc;
+    }
+
+    @Override
+    public Integer getValue() {
+        return type;
+    }
+
+    @Override
+    public String getDesc() {
+        return desc;
+    }
 }

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/interceptor/AbstractInterceptor.java

@@ -1,27 +1,17 @@
 package net.lab1024.sa.common.common.interceptor;
 
-import cn.dev33.satoken.exception.NotLoginException;
-import cn.dev33.satoken.session.SaSession;
-import cn.dev33.satoken.stp.StpUtil;
-import cn.hutool.extra.servlet.ServletUtil;
 import com.alibaba.fastjson.JSONObject;
-import com.google.common.collect.Lists;
 import net.lab1024.sa.common.common.annoation.NoNeedLogin;
 import net.lab1024.sa.common.common.code.UserErrorCode;
 import net.lab1024.sa.common.common.constant.RequestHeaderConst;
 import net.lab1024.sa.common.common.domain.RequestUser;
 import net.lab1024.sa.common.common.domain.ResponseDTO;
-import net.lab1024.sa.common.common.domain.SystemEnv;
-import net.lab1024.sa.common.common.enumeration.SystemEnvEnum;
-import net.lab1024.sa.common.common.enumeration.UserTypeEnum;
 import net.lab1024.sa.common.common.util.SmartRequestUtil;
-import net.lab1024.sa.common.module.support.token.TokenService;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.lang3.math.NumberUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
-import org.springframework.http.MediaType;
+import org.springframework.util.CollectionUtils;
 import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.HandlerInterceptor;
 
@@ -29,56 +19,48 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.List;
+import java.util.function.Function;
 
 /**
  * 抽象拦截器
- * 只校验了登录处理
- * 自定义的拦截器 可以继承此类
  *
- * @author huke
+ * @Author 1024创新实验室: 罗伊
- * @date 2023-07-12 21:56:14
+ * @Date 2021-10-09 20:56:14
+ * @Wechat zhuoda1024
+ * @Email lab1024@163.com
+ * @Copyright 1024创新实验室 （ https://1024lab.net ）
  */
 public abstract class AbstractInterceptor implements HandlerInterceptor {
 
     @Autowired
-    private SystemEnv systemEnv;
+    private List<String> ignoreUrlList;
+
 
     /**
-     * 校验 token
+     * Token获取用户信息
      *
-     * @param userId
+     * @return
      */
-    public abstract RequestUser getDevUser(Long userId);
+    protected abstract Function<String, RequestUser> userFunction();
-
-    /**
-     * 校验 当前服务用户类型
-     */
-    public abstract UserTypeEnum getUserType();
 
     /**
      * 拦截路径
      *
      * @return
      */
-    public abstract List<String> pathPatterns();
+    public abstract String[] pathPatterns();
 
     /**
      * 忽略的url集合
      *
      * @return
      */
-    public List<String> getIgnoreUrlList() {
+    protected List<String> getIgnoreUrlList() {
-        List<String> ignoreUrlList = Lists.newArrayList();
-        ignoreUrlList.add("/swagger-ui.html");
-        ignoreUrlList.add("/swagger-resources/**");
-        ignoreUrlList.add("/webjars/**");
-        ignoreUrlList.add("/druid/**");
-        ignoreUrlList.add("/*/api-docs");
         return ignoreUrlList;
     }
 
     /**
-     * 拦截处理登录 token
+     * 拦截服务器端响应处理ajax请求返回结果
      *
      * @param request
      * @param response
@@ -89,81 +71,60 @@ public abstract class AbstractInterceptor implements HandlerInterceptor {
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
         // OPTIONS请求直接return
-        if (StringUtils.equalsIgnoreCase(HttpMethod.OPTIONS.name(), request.getMethod())) {
+        if (HttpMethod.OPTIONS.toString().equals(request.getMethod())) {
             response.setStatus(HttpStatus.NO_CONTENT.value());
             return false;
         }
+
         boolean isHandler = handler instanceof HandlerMethod;
         if (!isHandler) {
             return true;
         }
-        // 校验 token
+        //放行的Uri前缀
-        ResponseDTO<RequestUser> res = this.checkTokenAndGetUser(request);
+        String uri = request.getRequestURI();
-        if (res.getOk()) {
+        String contextPath = request.getContextPath();
-            SmartRequestUtil.setUser(res.getData());
+        String target = uri.replaceFirst(contextPath, "");
+        if (this.contain(this.getIgnoreUrlList(), target)) {
             return true;
         }
         //不需要登录
         NoNeedLogin noNeedLogin = ((HandlerMethod) handler).getMethodAnnotation(NoNeedLogin.class);
+        // 检查是否包含 token
+        String xRequestToken = request.getParameter(RequestHeaderConst.TOKEN);
+        String xHeaderToken = request.getHeader(RequestHeaderConst.TOKEN);
+        String xAccessToken = StringUtils.isNotBlank(xRequestToken) ? xRequestToken : xHeaderToken;
+        // 包含token 则获取用户信息 并保存
+        if (StringUtils.isNotBlank(xAccessToken)) {
+            RequestUser requestUser = userFunction().apply(xAccessToken);
+            if (requestUser != null) {
+                SmartRequestUtil.setRequestUser(requestUser);
+            }
+            // 有token 无需登录
             if (null != noNeedLogin) {
                 return true;
             }
-        this.outputResult(response, res);
+        }
+        // 无token 无需登录
+        if (null != noNeedLogin) {
+            return true;
+        }
+        if (StringUtils.isBlank(xAccessToken)) {
+            this.outputResult(response, ResponseDTO.error(UserErrorCode.LOGIN_STATE_INVALID));
             return false;
         }
-
+        return true;
-    /**
-     * 判断 sa-token 未登录场景值
-     * 自己根据业务在下面 switch 添加分支判断
-     * NotLoginException.NOT_TOKEN 无token
-     * NotLoginException.INVALID_TOKEN token无效
-     * NotLoginException.TOKEN_TIMEOUT token过期
-     * NotLoginException.NO_PREFIX token缺少前缀
-     * NotLoginException.KICK_OUT 已被踢下线
-     * NotLoginException.TOKEN_FREEZE 已被冻结
-     * <p>
-     * ps :之所以没有在全局异常里处理 是因为后续还有操作
-     */
-    public ResponseDTO<RequestUser> checkTokenAndGetUser(HttpServletRequest request) {
-        /**
-         * 处理【非生产环境】的测试 token ，便于开发调试
-         * 如不需要 可以删除此段判断代码
-         */
-        if (SystemEnvEnum.PROD != systemEnv.getCurrentEnv()) {
-            String tokenValue = StpUtil.getTokenValue();
-            if (NumberUtils.isDigits(tokenValue)) {
-                RequestUser user = this.getDevUser(NumberUtils.createLong(tokenValue));
-                this.handleRequestIpAndAgent(user, request);
-                // sa token 登录身份临时切换
-                StpUtil.switchTo(TokenService.generateLoginId(user.getUserId(), user.getUserType()));
-                return ResponseDTO.ok(user);
-            }
     }
 
-        try {
+    public Boolean contain(List<String> ignores, String uri) {
-            /**
+        if (CollectionUtils.isEmpty(ignores)) {
-             * sa-token 会从当前请求 header or body 中获取token
+            return false;
-             * 检验当前会话是否已经登录, 如果未登录，则抛出异常：`NotLoginException`
+        }
-             */
+        for (String ignoreUrl : ignores) {
-            StpUtil.checkLogin();
+            if (uri.startsWith(ignoreUrl)) {
-        } catch (NotLoginException e) {
+                return true;
-            switch (e.getType()) {
-                case NotLoginException.BE_REPLACED:
-                    // token 已被顶下线
-                    return ResponseDTO.error(UserErrorCode.LOGIN_FROM_OTHER);
-                // case NotLoginException.TOKEN_FREEZE:
-                // case NotLoginException.KICK_OUT:
-                default:
-                    return ResponseDTO.error(UserErrorCode.LOGIN_STATE_INVALID);
             }
         }
-        // 校验token的用户类型
+        return false;
-        UserTypeEnum systemUserTypeEnum = this.getUserType();
-        RequestUser user = this.buildCurrentUser(request);
-        if (null == user || systemUserTypeEnum != user.getUserType()) {
-            return ResponseDTO.error(UserErrorCode.LOGIN_STATE_INVALID);
-        }
-        return ResponseDTO.ok(user);
     }
 
     /**
@@ -175,40 +136,13 @@ public abstract class AbstractInterceptor implements HandlerInterceptor {
      */
     private void outputResult(HttpServletResponse response, ResponseDTO responseDTO) throws IOException {
         String msg = JSONObject.toJSONString(responseDTO);
-        response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
+        response.setContentType("application/json;charset=UTF-8");
         response.getWriter().write(msg);
         response.flushBuffer();
     }
 
-    /**
+    @Override
-     * build 当前请求用户
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
-     *
+        SmartRequestUtil.remove();
-     * @param request
-     * @return
-     */
-    public RequestUser buildCurrentUser(HttpServletRequest request) {
-        // 获取额外数据
-        SaSession session = StpUtil.getSession();
-        UserTypeEnum userTypeEnum = (UserTypeEnum) session.get(TokenService.EXTRA_KEY_USER_TYPE);
-        String userName = session.getString(TokenService.EXTRA_KEY_USER_NAME);
-
-        // 当前请求对象
-        RequestUser user = new RequestUser();
-        user.setUserId(TokenService.getUserId((String) StpUtil.getLoginId()));
-        user.setUserName(userName);
-        user.setUserType(userTypeEnum);
-        this.handleRequestIpAndAgent(user, request);
-        return user;
-    }
-
-    /**
-     * 设置 当前请求ip agent
-     *
-     * @param requestUser
-     * @param request
-     */
-    private void handleRequestIpAndAgent(RequestUser requestUser, HttpServletRequest request) {
-        requestUser.setUserAgent(ServletUtil.getHeaderIgnoreCase(request, RequestHeaderConst.USER_AGENT));
-        requestUser.setIp(ServletUtil.getClientIP(request));
     }
 }

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/security/AbstractSecurityConfig.java

@@ -0,0 +1,93 @@
+package net.lab1024.sa.common.common.security;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.filter.CorsFilter;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.List;
+import java.util.function.BiFunction;
+import java.util.function.Function;
+
+/**
+ * Spring Security
+ *
+ * @Author 1024创新实验室-主任: 卓大
+ * @Date 2021/8/3 17:50
+ * @Wechat zhuoda1024
+ * @Email lab1024@163.com
+ * @Copyright 1024创新实验室 （ https://1024lab.net ）
+ */
+public abstract class AbstractSecurityConfig extends WebSecurityConfigurerAdapter {
+    @Autowired
+    private CorsFilter corsFilter;
+
+    @Autowired
+    private List<String> noNeedLoginUrlList;
+
+    @Autowired
+    private List<String> ignoreUrlList;
+
+    /**
+     * Token获取用户信息
+     *
+     * @return
+     */
+    protected abstract BiFunction<String, HttpServletRequest, UserDetails> userFunction();
+
+    /**
+     * 需要认证的url集合
+     *
+     * @return
+     */
+    protected abstract String[] getAuthenticatedUrlPatterns();
+
+    /**
+     * 不需要登录的url集合
+     *
+     * @return
+     */
+    protected String[] getNoNeedLoginUrl() {
+        return noNeedLoginUrlList.toArray(new String[noNeedLoginUrlList.size()]);
+    }
+
+    /**
+     * 忽略的url集合
+     *
+     * @return
+     */
+    protected String[] getIgnoreUrlList() {
+        return ignoreUrlList.toArray(new String[ignoreUrlList.size()]);
+    }
+
+    @Override
+    protected void configure(HttpSecurity httpSecurity) throws Exception {
+        httpSecurity
+                // CSRF禁用，因为不使用session
+                .csrf().disable()
+                // 认证失败处理类
+                .exceptionHandling().authenticationEntryPoint(new SecurityAuthenticationFailHandler()).and()
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
+                // 过滤请求
+                .authorizeRequests()
+                //忽略的url
+                .antMatchers(this.getIgnoreUrlList()).permitAll()
+                // 不需要登陆的url
+                .antMatchers(this.getNoNeedLoginUrl()).permitAll()
+                //需要校验权限的url
+                .antMatchers(getAuthenticatedUrlPatterns()).authenticated();
+
+        // token filter 进行校验
+        httpSecurity.addFilterBefore(new SecurityTokenFilter(this.userFunction()), UsernamePasswordAuthenticationFilter.class);
+        httpSecurity.addFilterBefore(corsFilter, SecurityTokenFilter.class);
+        // 禁用spring security 使用 X-Frame-Options防止网页被Frame
+        httpSecurity.headers().frameOptions().disable();
+
+    }
+
+
+}

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/security/SecurityAuthenticationFailHandler.java

@@ -0,0 +1,43 @@
+package net.lab1024.sa.common.common.security;
+
+import com.alibaba.fastjson.JSONObject;
+import net.lab1024.sa.common.common.code.ErrorCode;
+import net.lab1024.sa.common.common.code.UserErrorCode;
+import net.lab1024.sa.common.common.domain.ResponseDTO;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * 登录认证失败处理
+ *
+ * @Author 1024创新实验室: 罗伊
+ * @Date 2022-08-26 20:21:10
+ * @Wechat zhuoda1024
+ * @Email lab1024@163.com
+ * @Copyright 1024创新实验室 （ https://1024lab.net ）
+ */
+public class SecurityAuthenticationFailHandler implements AuthenticationEntryPoint {
+
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException {
+        this.outputResult(response, UserErrorCode.LOGIN_STATE_INVALID);
+    }
+
+    /**
+     * 输出
+     *
+     * @param response
+     * @param errorCode
+     * @throws IOException
+     */
+    private void outputResult(HttpServletResponse response, ErrorCode errorCode) throws IOException {
+        String msg = JSONObject.toJSONString(ResponseDTO.error(errorCode));
+        response.setContentType("application/json;charset=UTF-8");
+        response.getWriter().write(msg);
+        response.flushBuffer();
+    }
+}

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/security/SecurityMethodSource.java

@@ -0,0 +1,66 @@
+package net.lab1024.sa.common.common.security;
+
+import net.lab1024.sa.common.common.annoation.SaAuth;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.prepost.PreInvocationAttribute;
+import org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource;
+import org.springframework.security.access.prepost.PrePostInvocationAttributeFactory;
+
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Collection;
+
+/**
+ * 此类用于默认给所有接口添加权限 @saAuth.checkPermission('%s')
+ * %s 为类名.方法名
+ * 和使用@PreAuthorize("@saAuth.checkPermission('%s')") 效果一致
+ * 避免所有接口都添加一遍 减轻工作量
+ *
+ * @Author 1024创新实验室: 罗伊
+ * @Date 2021-08-30 23:08
+ * @Wechat zhuoda1024
+ * @Email lab1024@163.com
+ * @Copyright 1024创新实验室 （ https://1024lab.net ）
+ */
+public class SecurityMethodSource extends PrePostAnnotationSecurityMetadataSource {
+
+
+    private static String EXPRESSION_FORMAT = "@%s.checkPermission('%s')";
+
+    private final PrePostInvocationAttributeFactory attributeFactory;
+
+    private String beanName;
+
+
+    public SecurityMethodSource(PrePostInvocationAttributeFactory attributeFactory, String beanName) {
+        super(attributeFactory);
+        this.attributeFactory = attributeFactory;
+        this.beanName = beanName;
+    }
+
+
+    @Override
+    public Collection<ConfigAttribute> getAttributes(Method method, Class<?> targetClass) {
+        //如果不存在SaAuth采用security认证模式
+        SaAuth saAuth = method.getAnnotation(SaAuth.class);
+        if (saAuth == null) {
+            return super.getAttributes(method, targetClass);
+        }
+
+        //存在添加以URL为权限字符串的校验模式
+        ArrayList<ConfigAttribute> configAttributes = new ArrayList(1);
+        String classFullName = targetClass.getName();
+        String methodName = method.getName();
+        String[] classNameArray = StringUtils.split(classFullName, "\\.");
+        String controllerName = classNameArray[classNameArray.length - 1];
+        String privilegeName = controllerName + "." + methodName;
+        String preAuthorizeAttribute = String.format(EXPRESSION_FORMAT, beanName, privilegeName);
+        PreInvocationAttribute pre = this.attributeFactory.createPreInvocationAttribute(null, null, preAuthorizeAttribute);
+        if (pre != null) {
+            configAttributes.add(pre);
+        }
+        return configAttributes;
+    }
+
+}

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/security/SecurityPermissionCheckService.java

@@ -0,0 +1,74 @@
+package net.lab1024.sa.common.common.security;
+
+import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import java.util.Arrays;
+import java.util.Optional;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+/**
+ * 校验权限
+ *
+ * @Author 1024创新实验室: 罗伊
+ * @Date 2022/5/12 21:50
+ * @Wechat zhuoda1024
+ * @Email lab1024@163.com
+ * @Copyright 1024创新实验室 （ https://1024lab.net ）
+ */
+public abstract class SecurityPermissionCheckService {
+
+
+    /**
+     * 校验是否有权限
+     *
+     * @param permission
+     * @return
+     */
+    public boolean checkPermission(String permission) {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        if (authentication == null) {
+            return false;
+        }
+        return checkPermission(authentication, permission);
+    }
+
+    /**
+     * 校验是否有权限
+     *
+     * @param authentication
+     * @param permission
+     * @return
+     */
+    public abstract boolean checkPermission(Authentication authentication, String permission);
+
+    /**
+     * 判断
+     *
+     * @param userDetails
+     * @param permissionStr
+     * @return
+     */
+    protected boolean permissionJudge(UserDetails userDetails, String permissionStr) {
+        if (CollectionUtils.isEmpty(userDetails.getAuthorities())) {
+            return false;
+        }
+
+        if (StringUtils.isBlank(permissionStr)) {
+            return false;
+        }
+
+        String[] permissionArray = permissionStr.split(",");
+        for (String permission : permissionArray) {
+            if(userDetails.getAuthorities().contains(new SimpleGrantedAuthority(permission))){
+                return true;
+            }
+        }
+        return false;
+    }
+}

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/security/SecurityTokenFilter.java

@@ -0,0 +1,64 @@
+package net.lab1024.sa.common.common.security;
+
+import lombok.extern.slf4j.Slf4j;
+import net.lab1024.sa.common.common.constant.RequestHeaderConst;
+import net.lab1024.sa.common.common.domain.RequestUser;
+import net.lab1024.sa.common.common.util.SmartRequestUtil;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.function.BiFunction;
+import java.util.function.Function;
+
+/**
+ * 注意此处不能 加入@Component，否则对应ignoreUrl的相关请求 将会进入此Filter，并会覆盖CorsFilter
+ *
+ * @Author 1024创新实验室: 罗伊
+ * @Date 2022/5/12 21:50
+ * @Wechat zhuoda1024
+ * @Email lab1024@163.com
+ * @Copyright 1024创新实验室 （ https://1024lab.net ）
+ */
+@Slf4j
+public class SecurityTokenFilter extends OncePerRequestFilter {
+
+    private BiFunction<String,HttpServletRequest, UserDetails> userFunction;
+
+    public SecurityTokenFilter(BiFunction<String,HttpServletRequest, UserDetails> userFunction) {
+        this.userFunction = userFunction;
+    }
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
+            throws ServletException, IOException {
+        //需要做token校验, 消息头的token优先于请求query参数的token
+        String xHeaderToken = request.getHeader(RequestHeaderConst.TOKEN);
+        String xRequestToken = request.getParameter(RequestHeaderConst.TOKEN);
+        String xAccessToken = null != xHeaderToken ? xHeaderToken : xRequestToken;
+        if (StringUtils.isBlank(xAccessToken)) {
+            chain.doFilter(request, response);
+            return;
+        }
+        //清理spring security
+        SecurityContextHolder.clearContext();
+
+        UserDetails loginUserDetail = userFunction.apply(xAccessToken,request);
+        if (null != loginUserDetail) {
+            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUserDetail, null, loginUserDetail.getAuthorities());
+            authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+            SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+            SmartRequestUtil.setRequestUser((RequestUser) loginUserDetail);
+        }
+        // 若未给予spring security上下文用户授权 则会授权失败 进入AuthenticationEntryPointImpl
+        chain.doFilter(request, response);
+    }
+}

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/common/util/SmartRequestUtil.java

@@ -1,7 +1,6 @@
 package net.lab1024.sa.common.common.util;
 
-import cn.dev33.satoken.context.SaHolder;
+import lombok.extern.slf4j.Slf4j;
-import cn.dev33.satoken.context.model.SaStorage;
 import net.lab1024.sa.common.common.domain.RequestUser;
 
 /**
@@ -13,28 +12,26 @@ import net.lab1024.sa.common.common.domain.RequestUser;
  * @Email lab1024@163.com
  * @Copyright 1024创新实验室 （ https://1024lab.net ）
  */
+@Slf4j
 public class SmartRequestUtil {
 
-    private static final String STORAGE_KEY = "user";
+    private static final ThreadLocal<RequestUser> requestThreadLocal = new ThreadLocal<>();
 
-    public static void setUser(RequestUser user) {
+    public static void setRequestUser(RequestUser requestUser) {
-        SaStorage storage = SaHolder.getStorage();
+        requestThreadLocal.set(requestUser);
-        storage.set(STORAGE_KEY, user);
     }
 
-    /**
+    public static RequestUser getRequestUser() {
-     * 获取 当前 token 请求用户
+        return requestThreadLocal.get();
-     *
-     * @return
-     */
-    public static RequestUser getUser() {
-        SaStorage storage = SaHolder.getStorage();
-        return storage.getModel(STORAGE_KEY, RequestUser.class);
     }
 
-    public static Long getUserId() {
+    public static Long getRequestUserId() {
-        RequestUser user = getUser();
+        RequestUser requestUser = getRequestUser();
-        return null != user ? user.getUserId() : null;
+        return null == requestUser ? null : requestUser.getUserId();
+    }
+
+    public static void remove() {
+        requestThreadLocal.remove();
     }
 
 

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/config/DataSourceConfig.java

@@ -153,7 +153,7 @@ public class DataSourceConfig {
      *
      * @return
      */
-    @Conditional(SystemEnvConfig.class)
+    @Conditional(SystemEnvironmentConfig.class)
     @Bean
     public ServletRegistrationBean<StatViewServlet> druidServlet() {
         ServletRegistrationBean<StatViewServlet> servletRegistrationBean = new ServletRegistrationBean<>();

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/config/MvcConfig.java

@@ -1,19 +1,16 @@
 package net.lab1024.sa.common.config;
 
-import cn.dev33.satoken.interceptor.SaInterceptor;
-import com.google.common.collect.Sets;
 import net.lab1024.sa.common.common.interceptor.AbstractInterceptor;
 import org.apache.commons.collections4.CollectionUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
-import java.util.ArrayList;
 import java.util.List;
-import java.util.Set;
 
 /**
  * web相关配置
@@ -28,30 +25,18 @@ import java.util.Set;
 public class MvcConfig implements WebMvcConfigurer {
 
     @Autowired(required = false)
-    private List<AbstractInterceptor> interceptorList;
+    private List<HandlerInterceptor> interceptorList;
-
-    @Autowired(required = false)
-    private List<SaInterceptor> saInterceptorList;
 
     @Override
     public void addInterceptors (InterceptorRegistry registry) {
-        // 先注册 登录拦截器
+        if (CollectionUtils.isEmpty(interceptorList)) {
-        Set<String> ignoreUrlSet = Sets.newHashSet();
+            return;
-        if (CollectionUtils.isNotEmpty(interceptorList)) {
+        }
         interceptorList.forEach(e->{
-                ignoreUrlSet.addAll(e.getIgnoreUrlList());
+            registry.addInterceptor(e).addPathPatterns("/**");
-                registry.addInterceptor(e).addPathPatterns(e.pathPatterns()).excludePathPatterns(e.getIgnoreUrlList());
         });
     }
 
-        // 后注册 sa-token 权限拦截器 不需要可以删除
-        if (CollectionUtils.isNotEmpty(saInterceptorList)) {
-            saInterceptorList.forEach(i -> {
-                registry.addInterceptor(i).addPathPatterns("/**").excludePathPatterns(new ArrayList<>(ignoreUrlSet));
-            });
-        }
-    }
-
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
         registry.addResourceHandler("/preview/**");

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/config/RepeatSubmitConfig.java

@@ -31,7 +31,7 @@ public class RepeatSubmitConfig {
      * @return
      */
     private String ticket(String servletPath) {
-        Long userId = SmartRequestUtil.getUserId();
+        Long userId = SmartRequestUtil.getRequestUserId();
         if (null == userId) {
             return StringConst.EMPTY;
         }

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/config/SwaggerConfig.java

@@ -57,7 +57,7 @@ import java.util.Map;
 @Slf4j
 @EnableSwagger2
 @Configuration
-@Conditional(SystemEnvConfig.class)
+@Conditional(SystemEnvironmentConfig.class)
 public class SwaggerConfig implements EnvironmentAware, BeanDefinitionRegistryPostProcessor {
 
     /**
@@ -198,7 +198,7 @@ public class SwaggerConfig implements EnvironmentAware, BeanDefinitionRegistryPo
         Parameter token = new ParameterBuilder().name(RequestHeaderConst.TOKEN)
                 .description("token")
                 .modelRef(new ModelRef("string"))
-                .parameterType("header").defaultValue("0")
+                .parameterType("header").defaultValue("1")
                 .required(false)
                 .build();
         return Lists.newArrayList(token);

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/config/SystemEnvironmentConfig.java

@@ -1,7 +1,7 @@
 package net.lab1024.sa.common.config;
 
-import net.lab1024.sa.common.common.domain.SystemEnv;
+import net.lab1024.sa.common.common.domain.SystemEnvironment;
-import net.lab1024.sa.common.common.enumeration.SystemEnvEnum;
+import net.lab1024.sa.common.common.enumeration.SystemEnvironmentEnum;
 import net.lab1024.sa.common.common.util.SmartEnumUtil;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Value;
@@ -21,7 +21,7 @@ import org.springframework.core.type.AnnotatedTypeMetadata;
  * @Copyright 1024创新实验室 （ https://1024lab.net ）
  */
 @Configuration
-public class SystemEnvConfig implements Condition {
+public class SystemEnvironmentConfig implements Condition {
 
     @Value("${spring.profiles.active}")
     private String systemEnvironment;
@@ -32,18 +32,18 @@ public class SystemEnvConfig implements Condition {
     @Override
     public boolean matches(ConditionContext conditionContext, AnnotatedTypeMetadata annotatedTypeMetadata) {
         String property = conditionContext.getEnvironment().getProperty("spring.profiles.active");
-        return StringUtils.isNotBlank(property) && !SystemEnvEnum.PROD.equalsValue(property);
+        return StringUtils.isNotBlank(property) && !SystemEnvironmentEnum.PROD.equalsValue(property);
     }
 
     @Bean
-    public SystemEnv initEnvironment() {
+    public SystemEnvironment initEnvironment() {
-        SystemEnvEnum currentEnv = SmartEnumUtil.getEnumByValue(systemEnvironment, SystemEnvEnum.class);
+        SystemEnvironmentEnum currentEnvironment = SmartEnumUtil.getEnumByValue(systemEnvironment, SystemEnvironmentEnum.class);
-        if (currentEnv == null) {
+        if (currentEnvironment == null) {
             throw new ExceptionInInitializerError("无法获取当前环境！请在 application.yaml 配置参数：spring.profiles.active");
         }
         if (StringUtils.isBlank(projectName)) {
             throw new ExceptionInInitializerError("无法获取当前项目名称！请在 application.yaml 配置参数：project.name");
         }
-        return new SystemEnv(currentEnv == SystemEnvEnum.PROD, projectName, currentEnv);
+        return new SystemEnvironment(currentEnvironment == SystemEnvironmentEnum.PROD, projectName, currentEnvironment);
     }
 }

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/config/UrlConfig.java

@@ -1,11 +1,12 @@
 package net.lab1024.sa.common.config;
 
-import cn.dev33.satoken.annotation.SaIgnore;
+import cn.hutool.core.util.StrUtil;
 import com.google.common.collect.Lists;
 import com.google.common.collect.Maps;
 import io.swagger.annotations.ApiOperation;
 import lombok.extern.slf4j.Slf4j;
 import net.lab1024.sa.common.common.annoation.NoNeedLogin;
+import net.lab1024.sa.common.common.annoation.SaAuth;
 import net.lab1024.sa.common.common.domain.RequestUrlVO;
 import org.apache.commons.collections4.CollectionUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -22,18 +23,21 @@ import java.util.Set;
 import java.util.stream.Collectors;
 
 /**
- * description
+ * url配置
  *
- * @author Turbolisten
+ * @Author 1024创新实验室: 罗伊
- * @date 2023/7/13 17:42
+ * @Date 2022-05-30 21:22:12
+ * @Wechat zhuoda1024
+ * @Email lab1024@163.com
+ * @Copyright 1024创新实验室 （ https://1024lab.net ）
  */
-@Slf4j
 @Configuration
+@Slf4j
 public class UrlConfig {
-
     @Autowired
     private RequestMappingHandlerMapping requestMappingHandlerMapping;
 
+
     /**
      * 获取每个方法的请求路径
      *
@@ -46,6 +50,7 @@ public class UrlConfig {
         Map<RequestMappingInfo, HandlerMethod> map = requestMappingHandlerMapping.getHandlerMethods();
         for (Map.Entry<RequestMappingInfo, HandlerMethod> entry : map.entrySet()) {
             RequestMappingInfo requestMappingInfo = entry.getKey();
+
             Set<String> urls = requestMappingInfo.getPatternsCondition().getPatterns();
             if (CollectionUtils.isEmpty(urls)) {
                 continue;
@@ -67,20 +72,14 @@ public class UrlConfig {
         List<RequestUrlVO> authUrlList = Lists.newArrayList();
         for (Map.Entry<Method, Set<String>> entry : methodUrlMap.entrySet()) {
             Method method = entry.getKey();
-            // 忽略权限
+            SaAuth saAuth = method.getAnnotation(SaAuth.class);
-            SaIgnore ignore = method.getAnnotation(SaIgnore.class);
+            if (null == saAuth) {
-            if (null != ignore) {
                 continue;
             }
-            NoNeedLogin noNeedLogin = method.getAnnotation(NoNeedLogin.class);
+            List<RequestUrlVO> requestUrlList = this.buildRequestUrl(method, entry.getValue());
-            if (null != noNeedLogin) {
-                continue;
-            }
-            Set<String> urlSet = entry.getValue();
-            List<RequestUrlVO> requestUrlList = this.buildRequestUrl(method, urlSet);
             authUrlList.addAll(requestUrlList);
         }
-        log.info("需要权限校验的URL：{}", authUrlList.stream().map(RequestUrlVO::getUrl).collect(Collectors.toList()));
+        log.info("需要权限校验的URL：{}", authUrlList.stream().map(e -> e.getUrl()).collect(Collectors.toList()));
         return authUrlList;
     }
 
@@ -89,22 +88,29 @@ public class UrlConfig {
         if (CollectionUtils.isEmpty(urlSet)) {
             return requestUrlList;
         }
-        // swagger api 说明
+        //url对应的方法名称
+        String className = method.getDeclaringClass().getName();
+        String methodName = method.getName();
+        List<String> list = StrUtil.split(className, ".");
+        String controllerName = list.get(list.size() - 1);
+        String name = controllerName + "." + methodName;
+        //swagger 说明信息
         String methodComment = null;
         ApiOperation apiOperation = method.getAnnotation(ApiOperation.class);
         if (apiOperation != null) {
             methodComment = apiOperation.value();
         }
-
         for (String url : urlSet) {
             RequestUrlVO requestUrlVO = new RequestUrlVO();
             requestUrlVO.setUrl(url);
+            requestUrlVO.setName(name);
             requestUrlVO.setComment(methodComment);
             requestUrlList.add(requestUrlVO);
         }
         return requestUrlList;
     }
 
+
     /**
      * 获取无需登录可以匿名访问的url信息
      *
@@ -124,4 +130,21 @@ public class UrlConfig {
         log.info("不需要登录的URL：{}", noNeedLoginUrlList);
         return noNeedLoginUrlList;
     }
+
+    /**
+     * 获取忽略的url信息
+     *
+     * @return
+     */
+    @Bean
+    public List<String> ignoreUrlList() {
+        List<String> ignoreUrlList = Lists.newArrayList();
+        ignoreUrlList.add("/swagger-ui.html");
+        ignoreUrlList.add("/swagger-resources/**");
+        ignoreUrlList.add("/webjars/**");
+        ignoreUrlList.add("/druid/**");
+        ignoreUrlList.add("/*/api-docs");
+        return ignoreUrlList;
+    }
+
 }

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/handler/GlobalExceptionHandler.java

@@ -1,16 +1,15 @@
 package net.lab1024.sa.common.handler;
 
-import cn.dev33.satoken.exception.NotPermissionException;
 import lombok.extern.slf4j.Slf4j;
 import net.lab1024.sa.common.common.code.SystemErrorCode;
 import net.lab1024.sa.common.common.code.UserErrorCode;
 import net.lab1024.sa.common.common.domain.ResponseDTO;
-import net.lab1024.sa.common.common.domain.SystemEnv;
+import net.lab1024.sa.common.common.domain.SystemEnvironment;
-import net.lab1024.sa.common.common.enumeration.SystemEnvEnum;
 import net.lab1024.sa.common.common.exception.BusinessException;
 import org.springframework.beans.TypeMismatchException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.converter.HttpMessageNotReadableException;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.validation.BindException;
 import org.springframework.validation.FieldError;
 import org.springframework.web.bind.MethodArgumentNotValidException;
@@ -38,7 +37,7 @@ import java.util.stream.Collectors;
 public class GlobalExceptionHandler {
 
     @Autowired
-    private SystemEnv systemEnv;
+    private SystemEnvironment systemEnvironment;
 
     /**
      * json 格式错误 缺少请求体
@@ -46,7 +45,7 @@ public class GlobalExceptionHandler {
     @ResponseBody
     @ExceptionHandler({HttpMessageNotReadableException.class})
     public ResponseDTO<?> jsonFormatExceptionHandler(Exception e) {
-        if (!systemEnv.isProd()) {
+        if (!systemEnvironment.isProd()) {
             log.error("全局JSON格式错误异常,URL:{}", getCurrentRequestUrl(), e);
         }
         return ResponseDTO.error(UserErrorCode.PARAM_ERROR, "参数JSON格式错误");
@@ -58,7 +57,7 @@ public class GlobalExceptionHandler {
     @ResponseBody
     @ExceptionHandler({TypeMismatchException.class, BindException.class})
     public ResponseDTO<?> paramExceptionHandler(Exception e) {
-        if (!systemEnv.isProd()) {
+        if (!systemEnvironment.isProd()) {
             log.error("全局参数异常,URL:{}", getCurrentRequestUrl(), e);
         }
 
@@ -78,34 +77,27 @@ public class GlobalExceptionHandler {
         return ResponseDTO.error(UserErrorCode.PARAM_ERROR);
     }
 
+    /**
+     * 权限异常
+     */
+    @ResponseBody
+    @ExceptionHandler({AccessDeniedException.class})
+    public ResponseDTO<?> permissionExceptionHandler(AccessDeniedException e) {
+        return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
+    }
+
     /**
      * 业务异常
      */
     @ResponseBody
     @ExceptionHandler(BusinessException.class)
     public ResponseDTO<?> businessExceptionHandler(BusinessException e) {
-        if (!systemEnv.isProd()) {
+        if (!systemEnvironment.isProd()) {
             log.error("全局业务异常,URL:{}", getCurrentRequestUrl(), e);
         }
         return ResponseDTO.error(SystemErrorCode.SYSTEM_ERROR, e.getMessage());
     }
 
-    /**
-     * sa-token 权限异常处理
-     *
-     * @param e
-     * @return
-     */
-    @ResponseBody
-    @ExceptionHandler(NotPermissionException.class)
-    public ResponseDTO<String> permissionException(NotPermissionException e) {
-        // 开发环境 方便调试
-        if (SystemEnvEnum.PROD != systemEnv.getCurrentEnv()) {
-            return ResponseDTO.error(UserErrorCode.NO_PERMISSION, e.getMessage());
-        }
-        return ResponseDTO.error(UserErrorCode.NO_PERMISSION);
-    }
-
     /**
      * 其他全部异常
      *
@@ -116,7 +108,7 @@ public class GlobalExceptionHandler {
     @ExceptionHandler(Throwable.class)
     public ResponseDTO<?> errorHandler(Throwable e) {
         log.error("捕获全局异常,URL:{}", getCurrentRequestUrl(), e);
-        return ResponseDTO.error(SystemErrorCode.SYSTEM_ERROR, systemEnv.isProd() ? null : e.toString());
+        return ResponseDTO.error(SystemErrorCode.SYSTEM_ERROR, systemEnvironment.isProd() ? null : e.toString());
     }
 
     /**

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/module/support/captcha/CaptchaService.java

@@ -2,9 +2,10 @@ package net.lab1024.sa.common.module.support.captcha;
 
 import com.google.code.kaptcha.impl.DefaultKaptcha;
 import lombok.extern.slf4j.Slf4j;
+import net.lab1024.sa.common.common.code.UserErrorCode;
 import net.lab1024.sa.common.common.constant.StringConst;
 import net.lab1024.sa.common.common.domain.ResponseDTO;
-import net.lab1024.sa.common.common.domain.SystemEnv;
+import net.lab1024.sa.common.common.domain.SystemEnvironment;
 import net.lab1024.sa.common.common.exception.BusinessException;
 import net.lab1024.sa.common.constant.RedisKeyConst;
 import net.lab1024.sa.common.module.support.captcha.domain.CaptchaForm;
@@ -42,7 +43,7 @@ public class CaptchaService {
     @Autowired
     private DefaultKaptcha defaultKaptcha;
     @Autowired
-    private SystemEnv systemEnvironment;
+    private SystemEnvironment systemEnvironment;
     @Autowired
     private RedisService redisService;
 

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/module/support/datatracer/service/DataTracerService.java

@@ -157,7 +157,7 @@ public class DataTracerService {
      * 保存数据变动记录
      */
     public void addTrace(DataTracerForm tracerForm) {
-        RequestUser requestUser = SmartRequestUtil.getUser();
+        RequestUser requestUser = SmartRequestUtil.getRequestUser();
         this.addTrace(tracerForm, requestUser);
     }
 
@@ -182,7 +182,7 @@ public class DataTracerService {
      * 批量保存数据变动记录
      */
     public void addTraceList(List<DataTracerForm> tracerFormList) {
-        RequestUser requestUser = SmartRequestUtil.getUser();
+        RequestUser requestUser = SmartRequestUtil.getRequestUser();
         this.addTraceList(tracerFormList, requestUser);
     }
 

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/module/support/feedback/controller/FeedbackController.java

@@ -13,6 +13,7 @@ import net.lab1024.sa.common.module.support.feedback.domain.FeedbackAddForm;
 import net.lab1024.sa.common.module.support.feedback.domain.FeedbackQueryForm;
 import net.lab1024.sa.common.module.support.feedback.domain.FeedbackVO;
 import net.lab1024.sa.common.module.support.feedback.service.FeedbackService;
+import net.lab1024.sa.common.module.support.repeatsubmit.annoation.RepeatSubmit;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -46,7 +47,7 @@ public class FeedbackController extends SupportBaseController {
     @ApiOperation("意见反馈-新增 @author 开云")
     @PostMapping("/feedback/add")
     public ResponseDTO<String> add(@RequestBody @Valid FeedbackAddForm addForm) {
-        RequestUser employee = SmartRequestUtil.getUser();
+        RequestUser employee = SmartRequestUtil.getRequestUser();
         return feedbackService.add(addForm, employee);
     }
 }

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/module/support/file/controller/FileController.java

@@ -5,13 +5,17 @@ import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import net.lab1024.sa.common.common.constant.RequestHeaderConst;
 import net.lab1024.sa.common.common.controller.SupportBaseController;
+import net.lab1024.sa.common.common.domain.PageResult;
 import net.lab1024.sa.common.common.domain.RequestUser;
 import net.lab1024.sa.common.common.domain.ResponseDTO;
 import net.lab1024.sa.common.common.util.SmartRequestUtil;
 import net.lab1024.sa.common.constant.SwaggerTagConst;
-import net.lab1024.sa.common.module.support.file.constant.FileFolderTypeEnum;
+import net.lab1024.sa.common.module.support.file.domain.form.FileQueryForm;
 import net.lab1024.sa.common.module.support.file.domain.form.FileUrlUploadForm;
 import net.lab1024.sa.common.module.support.file.domain.vo.FileUploadVO;
+import net.lab1024.sa.common.module.support.file.domain.vo.FileVO;
+import net.lab1024.sa.common.module.support.repeatsubmit.annoation.RepeatSubmit;
+import net.lab1024.sa.common.module.support.file.constant.FileFolderTypeEnum;
 import net.lab1024.sa.common.module.support.file.service.FileService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
@@ -42,14 +46,14 @@ public class FileController extends SupportBaseController {
     @PostMapping("/file/upload")
     public ResponseDTO<FileUploadVO> upload(@RequestParam MultipartFile file,
                                             @RequestParam Integer folder) {
-        RequestUser requestUser = SmartRequestUtil.getUser();
+        RequestUser requestUser = SmartRequestUtil.getRequestUser();
         return fileService.fileUpload(file, folder, requestUser);
     }
 
     @ApiOperation(value = "文件上传，通过url上传 @author 胡克", notes = FileFolderTypeEnum.INFO)
     @PostMapping("/file/upload/url")
     public ResponseDTO<FileUploadVO> uploadByUrl(@RequestBody @Valid FileUrlUploadForm uploadForm) {
-        RequestUser requestUser = SmartRequestUtil.getUser();
+        RequestUser requestUser = SmartRequestUtil.getRequestUser();
         return fileService.fileUpload(uploadForm,requestUser);
     }
 

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/module/support/helpdoc/controller/HelpDocController.java

@@ -56,7 +56,7 @@ public class HelpDocController extends SupportBaseController {
     @RepeatSubmit
     public ResponseDTO<HelpDocDetailVO> view(@PathVariable Long helpDocId, HttpServletRequest request) {
         return helpDocUserService.view(
-                SmartRequestUtil.getUser(),
+                SmartRequestUtil.getRequestUser(),
                 helpDocId);
     }
 

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/module/support/operatelog/core/OperateLogAspect.java

@@ -179,7 +179,7 @@ public abstract class OperateLogAspect {
             return;
         }
         //设置用户信息
-        RequestUser user = SmartRequestUtil.getUser();
+        RequestUser user = SmartRequestUtil.getRequestUser();
         if (user == null) {
             return;
         }

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/module/support/redis/RedisService.java

@@ -1,8 +1,8 @@
 package net.lab1024.sa.common.module.support.redis;
 
 import com.alibaba.fastjson.JSON;
-import net.lab1024.sa.common.common.domain.SystemEnv;
+import net.lab1024.sa.common.common.domain.SystemEnvironment;
-import net.lab1024.sa.common.common.enumeration.SystemEnvEnum;
+import net.lab1024.sa.common.common.enumeration.SystemEnvironmentEnum;
 import net.lab1024.sa.common.common.util.SmartStringUtil;
 import net.lab1024.sa.common.constant.RedisKeyConst;
 import org.slf4j.Logger;
@@ -52,7 +52,7 @@ public class RedisService {
     private SetOperations<String, Object> redisSetOperations;
 
     @Autowired
-    private SystemEnv systemEnvironment;
+    private SystemEnvironment systemEnvironment;
 
 
     /**
@@ -62,7 +62,7 @@ public class RedisService {
      * @return
      */
     public String generateRedisKey(String prefix, String key) {
-        SystemEnvEnum currentEnvironment = systemEnvironment.getCurrentEnv();
+        SystemEnvironmentEnum currentEnvironment = systemEnvironment.getCurrentEnvironment();
         return systemEnvironment.getProjectName() + RedisKeyConst.SEPARATOR + currentEnvironment.getValue() +  RedisKeyConst.SEPARATOR + prefix + key;
     }
 

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/module/support/table/TableColumnController.java

@@ -33,19 +33,19 @@ public class TableColumnController extends SupportBaseController {
     @PostMapping("/tableColumn/update")
     @RepeatSubmit
     public ResponseDTO<String> updateTableColumn(@RequestBody @Valid TableColumnUpdateForm updateForm) {
-        return tableColumnService.updateTableColumns(SmartRequestUtil.getUser(), updateForm);
+        return tableColumnService.updateTableColumns(SmartRequestUtil.getRequestUser(), updateForm);
     }
 
     @ApiOperation("恢复默认（删除） @author 卓大")
     @GetMapping("/tableColumn/delete/{tableId}")
     @RepeatSubmit
     public ResponseDTO<String> deleteTableColumn(@PathVariable Integer tableId) {
-        return tableColumnService.deleteTableColumn(SmartRequestUtil.getUser(), tableId);
+        return tableColumnService.deleteTableColumn(SmartRequestUtil.getRequestUser(), tableId);
     }
 
     @ApiOperation("查询表格列 @author 卓大")
     @GetMapping("/tableColumn/getColumns/{tableId}")
     public ResponseDTO<String> getColumns(@PathVariable Integer tableId) {
-        return ResponseDTO.ok(tableColumnService.getTableColumns(SmartRequestUtil.getUser(), tableId));
+        return ResponseDTO.ok(tableColumnService.getTableColumns(SmartRequestUtil.getRequestUser(), tableId));
     }
 }

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/module/support/token/LoginDeviceEnum.java

@@ -1,7 +1,5 @@
 package net.lab1024.sa.common.module.support.token;
 
-import lombok.AllArgsConstructor;
-import lombok.Getter;
 import net.lab1024.sa.common.common.enumeration.BaseEnum;
 
 /**
@@ -13,8 +11,6 @@ import net.lab1024.sa.common.common.enumeration.BaseEnum;
  * @Email lab1024@163.com
  * @Copyright 1024创新实验室 （ https://1024lab.net ）
  */
-@Getter
-@AllArgsConstructor
 public enum LoginDeviceEnum implements BaseEnum {
 
     PC(1, "电脑端"),
@@ -25,9 +21,23 @@ public enum LoginDeviceEnum implements BaseEnum {
 
     H5(4, "H5"),
 
-    WX_MP(5, "微信小程序");
+    WEIXIN_MP(5, "微信小程序");
 
-    private final Integer value;
+    LoginDeviceEnum(Integer value, String desc) {
-
+        this.value = value;
-    private final String desc;
+        this.desc = desc;
+    }
+
+    private Integer value;
+    private String desc;
+
+    @Override
+    public Integer getValue() {
+        return value;
+    }
+
+    @Override
+    public String getDesc() {
+        return desc;
+    }
 }

smart-admin-api/sa-common/src/main/java/net/lab1024/sa/common/module/support/token/TokenService.java

@@ -1,85 +1,220 @@
 package net.lab1024.sa.common.module.support.token;
 
-import cn.dev33.satoken.session.SaSession;
+import io.jsonwebtoken.Claims;
-import cn.dev33.satoken.stp.SaLoginModel;
+import io.jsonwebtoken.JwtBuilder;
-import cn.dev33.satoken.stp.StpUtil;
+import io.jsonwebtoken.Jwts;
-import net.lab1024.sa.common.common.constant.StringConst;
+import io.jsonwebtoken.SignatureAlgorithm;
+import lombok.extern.slf4j.Slf4j;
 import net.lab1024.sa.common.common.enumeration.UserTypeEnum;
+import net.lab1024.sa.common.constant.RedisKeyConst;
+import net.lab1024.sa.common.module.support.redis.RedisService;
+import org.apache.commons.collections4.MapUtils;
+import org.apache.commons.lang3.math.NumberUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.stereotype.Component;
 
-import java.util.List;
+import java.util.Date;
+import java.util.Map;
 
 /**
- * 用户token 相关服务
+ * 与用户token的相关的服务
  *
- * @author listen
+ * @Author 1024创新实验室-主任: 卓大
- * @date 2023-07-12 22:48:35
+ * @Date 2021-11-29 19:48:35
+ * @Wechat zhuoda1024
+ * @Email lab1024@163.com
+ * @Copyright 1024创新实验室 （ https://1024lab.net ）
  */
 @Component
+@Slf4j
 public class TokenService {
+    private static final long HOUR_TIME_MILLI = 60 * 60 * 1000;
 
-    public static final String EXTRA_KEY_USER_NAME = "userName";
+    @Value("${token.key}")
+    private String tokenKey;
 
-    public static final String EXTRA_KEY_USER_TYPE = "userType";
+    @Value("${token.expire-day}")
+    private Integer tokenExpire;
+
+    @Autowired
+    private RedisService redisService;
 
     /**
-     * 生成Token
+     * 生成Token，并存入redis
      *
      * @param userId
      * @param userName
      * @param userTypeEnum
      * @param loginDeviceEnum
+     * @param superPasswordFlag 特殊万能密码标识
      * @return
      */
-    public String generateToken(Long userId,
+    public String generateToken(Long userId, String userName, UserTypeEnum userTypeEnum, LoginDeviceEnum loginDeviceEnum, Boolean superPasswordFlag) {
-                                String userName,
+        long nowTimeMilli = System.currentTimeMillis();
-                                UserTypeEnum userTypeEnum,
+        Claims jwtClaims = Jwts.claims();
-                                LoginDeviceEnum loginDeviceEnum) {
+        jwtClaims.put(JwtConst.CLAIM_ID_KEY, userId);
+        jwtClaims.put(JwtConst.CLAIM_NAME_KEY, userName);
+        jwtClaims.put(JwtConst.CLAIM_USER_TYPE_KEY, userTypeEnum.getValue());
+        jwtClaims.put(JwtConst.CLAIM_DEVICE_KEY, loginDeviceEnum.getValue());
+        jwtClaims.put(JwtConst.CLAIM_SUPER_PASSWORD_FLAG, superPasswordFlag);
+        JwtBuilder jwtBuilder = Jwts.builder()
+                .setClaims(jwtClaims)
+                .setIssuedAt(new Date(nowTimeMilli))
+                .signWith(SignatureAlgorithm.HS512, tokenKey);
 
-        /**
+        // 如果是万能密码，则不需要记录到redis中;万能密码最多半个小时有效期
-         * 设置登录模式参数
+        if (superPasswordFlag) {
-         * 具体参数 {@link SaLoginModel }  属性
+            jwtBuilder.setExpiration(new Date(nowTimeMilli + (HOUR_TIME_MILLI / 2)));
-         * 已经写的挺清楚的了
+            return jwtBuilder.compact();
-         */
-        SaLoginModel loginModel = new SaLoginModel();
-        // 此次登录的客户端设备类型, 用于[同端互斥登录]时指定此次登录的设备类型
-        loginModel.setDevice(String.valueOf(loginDeviceEnum.getDesc()));
-
-        // 登录
-        String loginId = generateLoginId(userId, userTypeEnum);
-        StpUtil.login(loginId, loginModel);
-
-        // 扩展参数 放入会话中 redis session
-        SaSession session = StpUtil.getSession();
-        session.set(EXTRA_KEY_USER_NAME, userName);
-        session.set(EXTRA_KEY_USER_TYPE, userTypeEnum);
-        return StpUtil.getTokenValue();
         }
 
-    public static String generateLoginId(Long userId, UserTypeEnum userType) {
+        jwtBuilder.setExpiration(new Date(nowTimeMilli + tokenExpire * 24 * HOUR_TIME_MILLI));
-        return userType.getValue() + StringConst.COLON + userId;
+        String token = jwtBuilder.compact();
-    }
+        String redisKey = this.generateTokenRedisKey(userId, userTypeEnum.getValue(), loginDeviceEnum.getValue());
-
+        redisService.set(redisKey, token, tokenExpire * 24 * 3600);
-    public static Long getUserId(String loginId) {
+        return token;
-        return Long.valueOf(loginId.substring(loginId.indexOf(StringConst.COLON) + 1));
-    }
-
-    public static Integer getUserType(String loginId) {
-        return Integer.valueOf(loginId.substring(0, loginId.indexOf(StringConst.COLON)));
     }
 
     /**
-     * 退出登录 注销
+     * 生成登录信息： 含设备信息
+     *
+     * @param userId
+     * @param device
+     * @return
      */
-    public void removeToken() {
+    private String generateTokenRedisKey(Long userId, Integer userType, Integer device) {
-        StpUtil.logout();
+        String userKey = userType + "_" + userId + "_" + device;
+        return redisService.generateRedisKey(RedisKeyConst.Support.TOKEN, userKey);
     }
 
-    public void removeToken(Long userId, UserTypeEnum userType) {
+
-        StpUtil.logout(generateLoginId(userId, userType));
+    /**
+     * 强制移除 此用户各端的登录信息
+     *
+     * @param token
+     */
+    public void removeToken(String token) {
+        Map<String, Object> tokenData = this.decryptTokenData(token);
+        if (MapUtils.isEmpty(tokenData)) {
+            return;
         }
 
-    public void removeToken(List<Long> userIdList, UserTypeEnum userType) {
+        //特殊账号
-        userIdList.forEach(id -> StpUtil.logout(generateLoginId(id, userType)));
+        if (tokenData.get(JwtConst.CLAIM_SUPER_PASSWORD_FLAG) != null) {
+            try {
+                Boolean superPasswordFlag = Boolean.valueOf(tokenData.get(JwtConst.CLAIM_SUPER_PASSWORD_FLAG).toString());
+                if (superPasswordFlag) {
+                    return;
+                }
+            } catch (Exception e) {
+                log.error(e.getMessage(), e);
+                return;
+            }
+        }
+
+        boolean isValid = this.checkRedisToken(tokenData, token);
+        if (!isValid) {
+            return;
+        }
+
+        Long userId = Long.valueOf(tokenData.get(JwtConst.CLAIM_ID_KEY).toString());
+        Integer userType = Integer.valueOf(tokenData.get(JwtConst.CLAIM_USER_TYPE_KEY).toString());
+        Integer device = Integer.valueOf(tokenData.get(JwtConst.CLAIM_DEVICE_KEY).toString());
+
+        String redisKey = this.generateTokenRedisKey(userId, userType, device);
+        redisService.delete(redisKey);
+    }
+
+    /**
+     * 解析并校验token信息 获取 userId
+     *
+     * @param token
+     * @return
+     */
+    public Long getUserIdAndValidateToken(String token) {
+        Map<String, Object> parseJwtData = this.decryptTokenData(token);
+        boolean isValid = this.checkRedisToken(parseJwtData, token);
+        if (!isValid) {
+            return null;
+        }
+        Long userId = Long.valueOf(parseJwtData.get(JwtConst.CLAIM_ID_KEY).toString());
+        return userId;
+    }
+
+    /**
+     * 解密和解析token
+     *
+     * @param token
+     * @return
+     */
+    private Map<String, Object> decryptTokenData(String token) {
+        try {
+            return Jwts.parser()
+                    .setSigningKey(tokenKey)
+                    .parseClaimsJws(token)
+                    .getBody();
+        } catch (Exception e) {
+        }
+        return null;
+    }
+
+    /**
+     * 校验token是否有效
+     *
+     * @param token
+     * @return
+     */
+    private boolean checkRedisToken(Map<String, Object> parseJwtData, String token) {
+        if (MapUtils.isEmpty(parseJwtData)) {
+            return false;
+        }
+        //特殊账号
+        if (parseJwtData.get(JwtConst.CLAIM_SUPER_PASSWORD_FLAG) != null) {
+            try {
+                Boolean superPasswordFlag = Boolean.valueOf(parseJwtData.get(JwtConst.CLAIM_SUPER_PASSWORD_FLAG).toString());
+                if (superPasswordFlag) {
+                    return true;
+                }
+            } catch (Exception e) {
+                log.error(e.getMessage(), e);
+                return false;
+            }
+        }
+
+        Long userId = null;
+        Integer userType = null, device = null;
+
+        if (null != parseJwtData.get(JwtConst.CLAIM_ID_KEY)) {
+            userId = NumberUtils.toLong(parseJwtData.get(JwtConst.CLAIM_ID_KEY).toString(), -1);
+            userId = userId == -1 ? null : userId;
+        }
+
+        if (null != parseJwtData.get(JwtConst.CLAIM_USER_TYPE_KEY)) {
+            userType = NumberUtils.toInt(parseJwtData.get(JwtConst.CLAIM_USER_TYPE_KEY).toString(), -1);
+            userType = userType == -1 ? null : userType;
+        }
+
+        if (null != parseJwtData.get(JwtConst.CLAIM_DEVICE_KEY)) {
+            device = NumberUtils.toInt(parseJwtData.get(JwtConst.CLAIM_DEVICE_KEY).toString(), -1);
+            device = device == -1 ? null : device;
+        }
+
+        if (userId == null || userType == null || device == null) {
+            return false;
+        }
+
+        String redisKey = this.generateTokenRedisKey(userId, userType, device);
+        String redisToken = redisService.get(redisKey);
+        return token.equals(redisToken);
+    }
+
+    /**
+     * 批量移除用户所有设备的token
+     */
+    public void batchRemoveRedisToken(Long userId, UserTypeEnum userTypeEnum) {
+        for (LoginDeviceEnum device : LoginDeviceEnum.values()) {
+            redisService.delete(this.generateTokenRedisKey(userId, userTypeEnum.getValue(), device.getValue()));
+        }
     }
 }

smart-admin-api/sa-common/src/main/resources/dev/sa-common.yaml

@@ -3,7 +3,7 @@ spring:
   datasource:
     url: jdbc:p6spy:mysql://127.0.0.1:3306/smart_admin_v2?autoReconnect=true&useServerPreparedStmts=false&rewriteBatchedStatements=true&characterEncoding=UTF-8&useSSL=false&allowMultiQueries=true&serverTimezone=Asia/Shanghai
     username: root
-    password: 123456
+    password: Zhuoda1024lab
     initial-size: 2
     min-idle: 2
     max-active: 10
@@ -27,17 +27,17 @@ spring:
 
   # redis 连接池配置信息
   redis:
-    database: 12
+    database: 1
     host: 127.0.0.1
     lettuce:
       pool:
-        max-active: 50
+        max-active: 5
         min-idle: 1
         max-idle: 3
         max-wait: 30000ms
     port: 6379
-    timeout: 10s
+    timeout: 10000ms
-    password: 123456
+    password:
 
   # 上传文件大小配置
   servlet:
@@ -109,6 +109,11 @@ http:
     write-timeout: 50000
     keep-alive: 300000
 
+# token相关配置
+token:
+  key: sa-jwt-key
+  expire-day: 7
+
 # 跨域配置
 access-control-allow-origin: '*'
 
@@ -119,32 +124,3 @@ heart-beat:
 # 热加载配置
 reload:
   interval-seconds: 300
-
-############## Sa-Token 配置 (文档: https://sa-token.cc) ##############
-sa-token:
-  # token 名称（同时也是 cookie 名称）
-  token-name: x-access-token
-  # token 前缀 例如：Bear
-  token-prefix:
-  # jwt秘钥
-  # jwt-secret-key: smart-admin
-  # token 有效期（单位：秒） 默认30天，-1 代表永久有效
-  timeout: 432000
-  # token 最低活跃频率（单位：秒），如果 token 超过此时间没有访问系统就会被冻结，默认-1 代表不限制，永不冻结
-  active-timeout: -1
-  # 是否允许同一账号多地同时登录 （为 true 时允许一起登录, 为 false 时新登录挤掉旧登录）
-  is-concurrent: false
-  # 在多人登录同一账号时，是否共用一个 token （为 true 时所有登录共用一个 token, 为 false 时每次登录新建一个 token）(jwt模式下恒false)
-  is-share: false
-  # token 风格（默认可取值：uuid、simple-uuid、random-32、random-64、random-128、tik）(jwt模式下无用)
-  token-style: simple-uuid
-  # 是否打开自动续签 （如果此值为true，框架会在每次直接或间接调用 getLoginId() 时进行一次过期检查与续签操作）
-  auto-renew: true
-  # 是否输出操作日志
-  is-log: true
-  # 日志等级（trace、debug、info、warn、error、fatal）
-  log-level: debug
-  # 启动时的字符画打印
-  is-print: false
-  # 是否从cookie读取token
-  is-read-cookie: false