diff --git a/src/main/java/com/sztzjy/forex/trading_trading/config/security/AuthenticationFilter.java b/src/main/java/com/sztzjy/forex/trading_trading/config/security/AuthenticationFilter.java index 6db8493..3fca64a 100644 --- a/src/main/java/com/sztzjy/forex/trading_trading/config/security/AuthenticationFilter.java +++ b/src/main/java/com/sztzjy/forex/trading_trading/config/security/AuthenticationFilter.java @@ -5,6 +5,8 @@ import com.sztzjy.forex.trading_trading.config.Constant; import com.sztzjy.forex.trading_trading.config.exception.UnAuthorizedException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.util.AntPathMatcher; import org.springframework.util.PathMatcher; @@ -17,6 +19,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.time.LocalDateTime; +import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -54,7 +57,9 @@ public class AuthenticationFilter extends OncePerRequestFilter { throw new UnAuthorizedException("令牌错误: 缺失Bearer.."); } JwtUser currentUser = TokenProvider.getJWTUser(token); + Authentication authentication = new UsernamePasswordAuthenticationToken(currentUser, token == null ? "****" : token, currentUser.getAuthorities()); + request.getUserPrincipal(); SecurityContextHolder.getContext().setAuthentication(authentication); filterChain.doFilter(request, response); diff --git a/src/main/java/com/sztzjy/forex/trading_trading/config/security/TokenProvider.java b/src/main/java/com/sztzjy/forex/trading_trading/config/security/TokenProvider.java index b05af5c..0a5ad1c 100644 --- a/src/main/java/com/sztzjy/forex/trading_trading/config/security/TokenProvider.java +++ b/src/main/java/com/sztzjy/forex/trading_trading/config/security/TokenProvider.java @@ -2,24 +2,18 @@ package com.sztzjy.forex.trading_trading.config.security; import com.sztzjy.forex.trading_trading.config.Constant; import com.sztzjy.forex.trading_trading.config.exception.UnAuthorizedException; -import com.sztzjy.forex.trading_trading.mappers.RoleAuthorityMapper; -import com.sztzjy.forex.trading_trading.service.RoleAuthorityService; import io.jsonwebtoken.*; import io.jsonwebtoken.security.Keys; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.stereotype.Component; import org.springframework.util.StringUtils; import javax.crypto.spec.SecretKeySpec; import javax.servlet.http.HttpServletRequest; -import java.nio.charset.StandardCharsets; import java.security.Key; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; -import java.util.Base64; import java.util.Date; +import java.util.List; @Component public class TokenProvider { @@ -55,6 +49,7 @@ public class TokenProvider { jwtUser.setClassId(Integer.valueOf(claims.get("classId").toString())); jwtUser.setSchoolId(Integer.valueOf(claims.get("schoolId").toString())); jwtUser.setUsername(claims.get("username").toString()); + jwtUser.setAuthorityCodes((List) claims.get("authorityCodes")); return jwtUser; } catch (Exception e) { return null; diff --git a/src/main/java/com/sztzjy/forex/trading_trading/controller/TrainingController.java b/src/main/java/com/sztzjy/forex/trading_trading/controller/TrainingController.java index b3f1c79..b5e259b 100644 --- a/src/main/java/com/sztzjy/forex/trading_trading/controller/TrainingController.java +++ b/src/main/java/com/sztzjy/forex/trading_trading/controller/TrainingController.java @@ -20,6 +20,7 @@ import org.springframework.http.HttpStatus; import org.springframework.web.bind.annotation.*; import org.w3c.dom.stylesheets.LinkStyle; +import javax.annotation.Resource; import javax.servlet.http.HttpServletRequest; import java.util.List; import java.util.Map; @@ -30,8 +31,8 @@ import java.util.Map; @RequiredArgsConstructor public class TrainingController { - TrainingService trainingService; - HttpServletRequest request; + private final TrainingService trainingService; + private final HttpServletRequest request; @Permission(codes = PermissionType.TRAINING_MANAGEMENT_ADD) diff --git a/src/main/java/com/sztzjy/forex/trading_trading/entity/Training.java b/src/main/java/com/sztzjy/forex/trading_trading/entity/Training.java index dcf5461..e69210c 100644 --- a/src/main/java/com/sztzjy/forex/trading_trading/entity/Training.java +++ b/src/main/java/com/sztzjy/forex/trading_trading/entity/Training.java @@ -287,9 +287,10 @@ public class Training extends Base { long startTime = bo.getStartTime().getTime(); long endTime = bo.getEndTime().getTime(); long now = DateTime.now().getTime(); + long diff = endTime - startTime; Assert.isTrue(endTime > now, "结束日期必须大于当前日期"); Assert.isTrue(endTime > startTime, "结束日期必须大于开始日期"); - + Assert.isTrue(diff > 1000 * 60 * 60 * 24 * 1, "实训时间不能小于1天"); training.trainingId = IdUtil.simpleUUID(); training.startTime = bo.getStartTime(); training.endTime = bo.getEndTime();