com.diboot.iam.util.IamSecurityUtils Maven / Gradle / Ivy
/*
* Copyright (c) 2015-2020, www.dibo.ltd ([email protected]).
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
package com.diboot.iam.util;
import com.diboot.core.exception.InvalidUsageException;
import com.diboot.core.util.ContextHolder;
import com.diboot.core.util.S;
import com.diboot.iam.config.Cons;
import com.diboot.iam.entity.BaseLoginUser;
import com.diboot.iam.entity.IamAccount;
import com.diboot.iam.service.IamLoginTraceService;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.cache.Cache;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.lang.util.ByteSource;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;
import java.util.Collection;
/**
* IAM认证相关工具类
*
* @author [email protected]
* @version v2.0
* @date 2019/12/26
*/
@Slf4j
public class IamSecurityUtils extends SecurityUtils {
/**
* 加密算法与hash次数
*/
private static final String ALGORITHM = "md5";
private static final int ITERATIONS = 2;
/**
* 获取当前用户类型和id信息
*
* @return
*/
public static T getCurrentUser() {
Subject subject = getSubject();
if (subject != null) {
return (T) subject.getPrincipal();
}
return null;
}
/**
* 基于 accessToken 获取登录用户信息
*/
public static BaseLoginUser getLoginUserByToken(String accessToken) {
CacheManager cacheManager = ContextHolder.getBean(CacheManager.class);
if (cacheManager != null && cacheManager.getCache(Cons.AUTHENTICATION_CAHCE_NAME) != null) {
SimpleAuthenticationInfo authInfo = (SimpleAuthenticationInfo) cacheManager.getCache(Cons.AUTHENTICATION_CAHCE_NAME).get(accessToken);
if (authInfo != null) {
SimplePrincipalCollection principalCollection = (SimplePrincipalCollection) authInfo.getPrincipals();
return (BaseLoginUser) principalCollection.getPrimaryPrincipal();
} else {
log.warn("缓存中不存在的无效token: {}", accessToken);
}
} else {
throw new InvalidUsageException("exception.invalidUsage.iamSecurityUtils.getLoginUserByToken.message");
}
return null;
}
/**
* 退出 当前登录用户
*/
public static void logout() {
BaseLoginUser user = getCurrentUser();
if (user != null) {
try {
ContextHolder.getBean(IamLoginTraceService.class).updateLogoutInfo(user.getAuthToken(), user.getClass().getSimpleName(), user.getId());
} catch (Exception e) {
log.warn("更新用户退出时间异常: {}", e.getMessage());
}
}
Subject subject = getSubject();
if (subject.isAuthenticated() || subject.getPrincipals() != null) {
subject.logout();
}
}
/**
* 退出 指定用户
*/
public static void logout(String userTypeAndId) {
CacheManager cacheManager = ContextHolder.getBean(CacheManager.class);
if (cacheManager == null || cacheManager.getCache(Cons.AUTHENTICATION_CAHCE_NAME) == null) {
log.warn("cacheManager 实例异常");
return;
}
IamLoginTraceService iamLoginTraceService = ContextHolder.getBean(IamLoginTraceService.class);
Collection