修改无权限提示,优化防注入校验规则,新增菜单读取sql,优化缓存读取时屏蔽逻辑删除,优化通用删除接口添加非空判断,优化shiro,新增spring-aop-starter依赖
This commit is contained in:
@@ -59,6 +59,10 @@
|
||||
<artifactId>spring-boot-starter-tomcat</artifactId>
|
||||
<scope>provided</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-aop</artifactId>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.aspectj</groupId>
|
||||
<artifactId>aspectjrt</artifactId>
|
||||
|
||||
@@ -122,7 +122,7 @@ public class ResultVO<T> {
|
||||
* @return ResultVO
|
||||
*/
|
||||
public static <T> ResultVO<T> getNoAuthorization() {
|
||||
return new ResultVO<T>(NOAUTH, "用户没有操作权限,请重新登录");
|
||||
return new ResultVO<T>(NOAUTH, "用户没有操作权限");
|
||||
}
|
||||
|
||||
public static <T> ResultVO<T> getException(Throwable exp) {
|
||||
|
||||
@@ -5,8 +5,8 @@ import static org.thymeleaf.util.StringUtils.split;
|
||||
public class XssClass {
|
||||
|
||||
public static boolean sqlInj(String str){
|
||||
String injStr = "'|and|exec|insert|select|delete|update|"+
|
||||
"count|*|%|chr|mid|master|truncate|char|declare|;|or|+|,|<script>";
|
||||
String injStr = "'| and | exec | insert | select | delete | update |"+
|
||||
" count |*|%| chr | mid | master | truncate | char | declare |;| or |+|,|<script>";
|
||||
String[] injStra = split(injStr,"|");
|
||||
for (String s : injStra) {
|
||||
if (str.contains(s)) {
|
||||
@@ -17,8 +17,8 @@ public class XssClass {
|
||||
}
|
||||
|
||||
public static boolean sqlInjLike(String str){
|
||||
String injStr = "'|and|exec|insert|select|delete|update|"+
|
||||
"count|*|chr|mid|master|truncate|char|declare|;|or|+|,|<script>";
|
||||
String injStr = "'| and | exec | insert | select | delete | update |"+
|
||||
" count |*| chr | mid | master | truncate | char | declare |;| or |+|,|<script>";
|
||||
String[] injStra = split(injStr,"|");
|
||||
for (String s : injStra) {
|
||||
if (str.contains(s)) {
|
||||
|
||||
@@ -2,8 +2,10 @@ package com.hcframe.base.module.auth.dao;
|
||||
|
||||
import com.hcframe.base.common.Mapper;
|
||||
import com.hcframe.base.module.auth.entity.OsSysMenu;
|
||||
import org.apache.ibatis.annotations.Param;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* 菜单权限表(OsSysMenu)表数据库访问层
|
||||
@@ -14,4 +16,10 @@ import java.util.List;
|
||||
public interface OsSysMenuDao extends Mapper<OsSysMenu> {
|
||||
|
||||
List<OsSysMenu> selectMenu();
|
||||
|
||||
List<OsSysMenu> selectMenuByUser(@Param("paths")String paths);
|
||||
|
||||
Set<String> selectAllAuth();
|
||||
|
||||
List<OsSysMenu> selectMenuList(@Param("menu")OsSysMenu osSysMenu);
|
||||
}
|
||||
|
||||
@@ -1,10 +1,12 @@
|
||||
package com.hcframe.base.module.auth.entity;
|
||||
|
||||
import com.hcframe.base.module.data.annotation.DataIgnore;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Builder;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import javax.persistence.Id;
|
||||
import javax.persistence.Table;
|
||||
import java.io.Serializable;
|
||||
import java.util.Date;
|
||||
@@ -33,6 +35,7 @@ public class OsSysMenu implements Serializable {
|
||||
/**
|
||||
* 菜单ID
|
||||
*/
|
||||
@Id
|
||||
private Long menuId;
|
||||
/**
|
||||
* 菜单名称
|
||||
@@ -109,6 +112,13 @@ public class OsSysMenu implements Serializable {
|
||||
*/
|
||||
private String affix;
|
||||
|
||||
private Long osId;
|
||||
|
||||
private Integer version;
|
||||
|
||||
private Integer deleted;
|
||||
|
||||
@DataIgnore
|
||||
private List<OsSysMenu> children;
|
||||
|
||||
}
|
||||
|
||||
@@ -7,6 +7,7 @@ import com.hcframe.base.module.cache.emum.CacheType;
|
||||
import com.hcframe.base.module.data.controller.TableController;
|
||||
import com.hcframe.base.module.data.module.BaseMapper;
|
||||
import com.hcframe.base.module.data.module.BaseMapperImpl;
|
||||
import com.hcframe.base.module.data.module.Condition;
|
||||
import com.hcframe.base.module.tableconfig.dao.OsSysTableMapper;
|
||||
import com.hcframe.base.module.tableconfig.entity.OsSysTable;
|
||||
import org.slf4j.Logger;
|
||||
@@ -88,10 +89,13 @@ public class TableCache implements CacheService {
|
||||
break;
|
||||
case baseCache:
|
||||
OsSysTable osSysTable1 = getCacheValue(CacheType.tableCache, key, OsSysTable.class);
|
||||
List<Map<String, Object>> baseList = baseMapper.selectAll(osSysTable1.getTableName());
|
||||
Condition condition = Condition.creatCriteria().andEqual("DELETED",1).build();
|
||||
List<Map<String, Object>> baseList = baseMapper.selectByCondition(osSysTable1.getTableName(),condition);
|
||||
JudgeException.isNull(baseList, "can not find key " + key + " in cache which cache name is " + name);
|
||||
baseCache.add(name.toString(), key, baseList, List.class);
|
||||
break;
|
||||
default:
|
||||
throw new SecurityException("noValue!");
|
||||
}
|
||||
}
|
||||
return baseCache.get(name.toString(), key, tClass);
|
||||
|
||||
@@ -6,6 +6,7 @@ import com.alibaba.fastjson.JSONObject;
|
||||
import com.hcframe.base.common.ResultVO;
|
||||
import com.hcframe.base.common.ServiceException;
|
||||
import com.hcframe.base.common.WebPageInfo;
|
||||
import com.hcframe.base.common.utils.JudgeException;
|
||||
import com.hcframe.base.common.utils.TableNameUtil;
|
||||
import com.hcframe.base.module.data.constants.FieldConstants;
|
||||
import com.hcframe.base.module.data.constants.QueryConstants;
|
||||
@@ -110,6 +111,7 @@ public class TableServiceImpl implements TableService {
|
||||
|
||||
@Override
|
||||
public ResultVO<Integer> delete(OsSysTable osSysTable, String ids) {
|
||||
JudgeException.isNull(ids,"ids 不能为空");
|
||||
int i = baseMapper.deleteInPk(DataMap.builder().sysOsTable(osSysTable).ids(ids).build());
|
||||
SqlException.operation(i, "删除失败");
|
||||
return ResultVO.getSuccess(i);
|
||||
|
||||
@@ -33,7 +33,6 @@ public class CustomRealm extends AuthorizingRealm {
|
||||
|
||||
@Override
|
||||
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
|
||||
//1. 从 PrincipalCollection 中来获取登录用户的信息
|
||||
Object user = principalCollection.getPrimaryPrincipal();
|
||||
return systemRealm.setAuthoriztion(user);
|
||||
}
|
||||
|
||||
@@ -45,25 +45,27 @@ public class ShiroConfig {
|
||||
public CustomRealm myShiroRealm() {
|
||||
CustomRealm customRealm = new CustomRealm();
|
||||
customRealm.setCachingEnabled(false);
|
||||
return new CustomRealm();
|
||||
return customRealm;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return org.apache.shiro.web.mgt.DefaultWebSubjectFactory
|
||||
* @author lhc
|
||||
* @description // 自定义subject工厂
|
||||
* @date 4:50 下午 2021/4/19
|
||||
* @params []
|
||||
* @return org.apache.shiro.web.mgt.DefaultWebSubjectFactory
|
||||
**/
|
||||
@Bean
|
||||
public DefaultWebSubjectFactory subjectFactory() {
|
||||
return new StatelessDefaultSubjectFactory();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return org.apache.shiro.session.mgt.SessionManager
|
||||
* @author lhc
|
||||
* @description // 自定义session管理器
|
||||
* @date 5:50 下午 2021/4/19
|
||||
* @params []
|
||||
* @return org.apache.shiro.session.mgt.SessionManager
|
||||
**/
|
||||
@Bean
|
||||
public SessionManager sessionManager() {
|
||||
@@ -89,7 +91,7 @@ public class ShiroConfig {
|
||||
securityManager.setSubjectFactory(subjectFactory());
|
||||
// 设置自定义session管理器
|
||||
securityManager.setSessionManager(sessionManager());
|
||||
// 设置自定义realm
|
||||
// 设置自定义realm
|
||||
securityManager.setRealm(myShiroRealm());
|
||||
return securityManager;
|
||||
}
|
||||
@@ -103,7 +105,7 @@ public class ShiroConfig {
|
||||
ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
|
||||
shiroFilterFactoryBean.setSecurityManager(securityManager());
|
||||
Map<String, Filter> filters = new HashMap<>(1);
|
||||
filters.put("auth", new NoStateFilter());
|
||||
filters.put("auth", new AuthFilter());
|
||||
shiroFilterFactoryBean.setFilters(filters);
|
||||
shiroFilterFactoryBean.setFilterChainDefinitionMap(systemRealm.setShiroUrl());
|
||||
return shiroFilterFactoryBean;
|
||||
@@ -113,9 +115,9 @@ public class ShiroConfig {
|
||||
* 加入注解的使用,不加入这个注解不生效
|
||||
*/
|
||||
@Bean
|
||||
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
|
||||
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor() {
|
||||
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
|
||||
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
|
||||
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager());
|
||||
return authorizationAttributeSourceAdvisor;
|
||||
}
|
||||
|
||||
|
||||
@@ -23,35 +23,115 @@
|
||||
<result property="alwaysShow" column="AlWAYSSHOW" jdbcType="VARCHAR"/>
|
||||
<result property="affix" column="AFFIX" jdbcType="VARCHAR"/>
|
||||
<result property="breadcrumb" column="BREADCRUMB" jdbcType="VARCHAR"/>
|
||||
<result property="osId" column="OS_ID" jdbcType="BIGINT"/>
|
||||
<result property="version" column="VERSION" jdbcType="INTEGER"/>
|
||||
<result property="deleted" column="DELETED" jdbcType="INTEGER"/>
|
||||
</resultMap>
|
||||
<select id="selectMenu" resultMap="BaseResultMap">
|
||||
SELECT
|
||||
OS_SYS_MENU.MENU_ID,
|
||||
OS_SYS_MENU.MENU_NAME,
|
||||
OS_SYS_MENU.PARENT_ID,
|
||||
OS_SYS_MENU.PATH,
|
||||
OS_SYS_MENU.COMPONENT,
|
||||
OS_SYS_MENU.IS_CACHE,
|
||||
OS_SYS_MENU.VISIBLE,
|
||||
OS_SYS_MENU.IS_FRAME,
|
||||
OS_SYS_MENU.MENU_TYPE,
|
||||
OS_SYS_MENU.ORDER_NUM,
|
||||
OS_SYS_MENU.MENU_STATUS,
|
||||
OS_SYS_MENU.PERMS,
|
||||
OS_SYS_MENU.AFFIX,
|
||||
OS_SYS_MENU.BREADCRUMB,
|
||||
OS_SYS_MENU.AlWAYSSHOW,
|
||||
OS_SYS_MENU.REMARK,
|
||||
OS_SYS_MENU.UPDATE_TIME,
|
||||
OS_SYS_MENU.CREATE_TIME,
|
||||
OS_SYS_MENU.ICON
|
||||
FROM
|
||||
OS_SYS_MENU
|
||||
WHERE
|
||||
MENU_STATUS = 1 AND
|
||||
MENU_TYPE IN ('C','M')
|
||||
ORDER BY
|
||||
OS_SYS_MENU.PARENT_ID ASC,
|
||||
OS_SYS_MENU.ORDER_NUM ASC
|
||||
SELECT OS_SYS_MENU.MENU_ID,
|
||||
OS_SYS_MENU.MENU_NAME,
|
||||
OS_SYS_MENU.PARENT_ID,
|
||||
OS_SYS_MENU.PATH,
|
||||
OS_SYS_MENU.COMPONENT,
|
||||
OS_SYS_MENU.IS_CACHE,
|
||||
OS_SYS_MENU.VISIBLE,
|
||||
OS_SYS_MENU.IS_FRAME,
|
||||
OS_SYS_MENU.MENU_TYPE,
|
||||
OS_SYS_MENU.ORDER_NUM,
|
||||
OS_SYS_MENU.MENU_STATUS,
|
||||
OS_SYS_MENU.PERMS,
|
||||
OS_SYS_MENU.AFFIX,
|
||||
OS_SYS_MENU.BREADCRUMB,
|
||||
OS_SYS_MENU.AlWAYSSHOW,
|
||||
OS_SYS_MENU.REMARK,
|
||||
OS_SYS_MENU.UPDATE_TIME,
|
||||
OS_SYS_MENU.CREATE_TIME,
|
||||
OS_SYS_MENU.ICON,
|
||||
OS_SYS_MENU.OS_ID,
|
||||
OS_SYS_MENU.VERSION,
|
||||
OS_SYS_MENU.DELETED
|
||||
FROM OS_SYS_MENU
|
||||
WHERE MENU_STATUS = 1
|
||||
AND MENU_TYPE IN ('C', 'M')
|
||||
AND DELETED = 1
|
||||
ORDER BY OS_SYS_MENU.PARENT_ID ASC,
|
||||
OS_SYS_MENU.ORDER_NUM ASC
|
||||
</select>
|
||||
<select id="selectMenuByUser" resultMap="BaseResultMap">
|
||||
SELECT OS_SYS_MENU.MENU_ID,
|
||||
OS_SYS_MENU.MENU_NAME,
|
||||
OS_SYS_MENU.PARENT_ID,
|
||||
OS_SYS_MENU.PATH,
|
||||
OS_SYS_MENU.COMPONENT,
|
||||
OS_SYS_MENU.IS_CACHE,
|
||||
OS_SYS_MENU.VISIBLE,
|
||||
OS_SYS_MENU.IS_FRAME,
|
||||
OS_SYS_MENU.MENU_TYPE,
|
||||
OS_SYS_MENU.ORDER_NUM,
|
||||
OS_SYS_MENU.MENU_STATUS,
|
||||
OS_SYS_MENU.PERMS,
|
||||
OS_SYS_MENU.AFFIX,
|
||||
OS_SYS_MENU.BREADCRUMB,
|
||||
OS_SYS_MENU.AlWAYSSHOW,
|
||||
OS_SYS_MENU.REMARK,
|
||||
OS_SYS_MENU.UPDATE_TIME,
|
||||
OS_SYS_MENU.CREATE_TIME,
|
||||
OS_SYS_MENU.ICON,
|
||||
OS_SYS_MENU.OS_ID,
|
||||
OS_SYS_MENU.VERSION,
|
||||
OS_SYS_MENU.DELETED
|
||||
FROM OS_SYS_MENU
|
||||
WHERE MENU_STATUS = 1
|
||||
AND MENU_TYPE IN ('C', 'M')
|
||||
AND DELETED = 1
|
||||
AND PATH IN (${paths})
|
||||
ORDER BY OS_SYS_MENU.PARENT_ID ASC,
|
||||
OS_SYS_MENU.ORDER_NUM ASC
|
||||
</select>
|
||||
<select id="selectAllAuth" resultType="java.lang.String">
|
||||
SELECT OS_SYS_MENU.PATH
|
||||
FROM OS_SYS_MENU
|
||||
WHERE MENU_STATUS = 1
|
||||
ORDER BY OS_SYS_MENU.PARENT_ID ASC,
|
||||
OS_SYS_MENU.ORDER_NUM ASC
|
||||
</select>
|
||||
<select id="selectMenuList" resultMap="BaseResultMap">
|
||||
SELECT OS_SYS_MENU.MENU_ID,
|
||||
OS_SYS_MENU.MENU_NAME,
|
||||
OS_SYS_MENU.PARENT_ID,
|
||||
OS_SYS_MENU.PATH,
|
||||
OS_SYS_MENU.COMPONENT,
|
||||
OS_SYS_MENU.IS_CACHE,
|
||||
OS_SYS_MENU.VISIBLE,
|
||||
OS_SYS_MENU.IS_FRAME,
|
||||
OS_SYS_MENU.MENU_TYPE,
|
||||
OS_SYS_MENU.ORDER_NUM,
|
||||
OS_SYS_MENU.MENU_STATUS,
|
||||
OS_SYS_MENU.PERMS,
|
||||
OS_SYS_MENU.AFFIX,
|
||||
OS_SYS_MENU.BREADCRUMB,
|
||||
OS_SYS_MENU.AlWAYSSHOW,
|
||||
OS_SYS_MENU.REMARK,
|
||||
OS_SYS_MENU.UPDATE_TIME,
|
||||
OS_SYS_MENU.CREATE_TIME,
|
||||
OS_SYS_MENU.ICON,
|
||||
OS_SYS_MENU.OS_ID,
|
||||
OS_SYS_MENU.VERSION,
|
||||
OS_SYS_MENU.DELETED
|
||||
FROM OS_SYS_MENU
|
||||
WHERE MENU_STATUS = 1
|
||||
AND MENU_TYPE IN ('C', 'M')
|
||||
AND DELETED = 1
|
||||
<if test="menu.menuName!=null and menu.menuName!=''">
|
||||
AND MENU_NAME like CONCAT('%',#{menu.menuName},'%')
|
||||
</if>
|
||||
<if test="menu.osId!=null and menu.osId!=''">
|
||||
AND OS_ID = #{menu.osId}
|
||||
</if>
|
||||
<if test="menu.status!=null and menu.status!=''">
|
||||
AND MENU_STATUS = #{menu.status}
|
||||
</if>
|
||||
ORDER BY OS_SYS_MENU.PARENT_ID ASC,
|
||||
OS_SYS_MENU.ORDER_NUM ASC
|
||||
</select>
|
||||
</mapper>
|
||||
|
||||
@@ -6,6 +6,7 @@
|
||||
<result column="FIELD_NAME" jdbcType="VARCHAR" property="fieldName" />
|
||||
<result column="NAME_CN" jdbcType="VARCHAR" property="nameCn" />
|
||||
<result column="JAVA_TYPE" jdbcType="VARCHAR" property="javaType" />
|
||||
<result column="JAVA_FIELD" jdbcType="VARCHAR" property="javaField" />
|
||||
<result column="WEB_TYPE" jdbcType="VARCHAR" property="webType" />
|
||||
<result column="NOT_NULL" jdbcType="VARCHAR" property="notNull" />
|
||||
<result column="IS_CHANGE" jdbcType="VARCHAR" property="isChange" />
|
||||
|
||||
Reference in New Issue
Block a user