966120
blame | 历史 | 原始文档
wlzboy
5 天以前 7de1396e315896dbc72a9d54e44f77434ea90f18 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

package com.ruoyi.framework.security;


 


import com.ruoyi.common.core.domain.entity.SysUser;


import com.ruoyi.common.core.domain.model.LoginUser;


import com.ruoyi.common.utils.StringUtils;


import com.ruoyi.framework.web.service.SysPermissionService;


import com.ruoyi.system.service.ISysUserService;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.security.authentication.AuthenticationProvider;


import org.springframework.security.authentication.BadCredentialsException;


import org.springframework.security.core.Authentication;


import org.springframework.security.core.AuthenticationException;


import org.springframework.stereotype.Component;


import java.util.Set;


 


/**


 * 微信登录认证提供者


 * 类似于DaoAuthenticationProvider


 * 


 * @author ruoyi


 */


@Component


public class WechatAuthenticationProvider implements AuthenticationProvider


{


    @Autowired


    private ISysUserService userService;


 


    @Autowired


    private SysPermissionService permissionService;


 


    @Override


    public Authentication authenticate(Authentication authentication) throws AuthenticationException


    {


        WechatAuthenticationToken wechatToken = (WechatAuthenticationToken) authentication;


        


        String openId = (String) wechatToken.getPrincipal();


        String unionId = (String) wechatToken.getCredentials();


        


        // 根据OpenID查询用户


        SysUser user = userService.selectUserByOpenId(openId);


        


        if (user == null)


        {


            throw new BadCredentialsException("该微信账号尚未绑定系统用户");


        }


        


        // 如果传入了unionId,进行额外验证


        if (StringUtils.isNotEmpty(unionId))


        {


            if (StringUtils.isNotEmpty(user.getUnionId()))


            {


                if (!unionId.equals(user.getUnionId()))


                {


                    throw new BadCredentialsException("微信账号验证失败");


                }


            }


        }


        


        // 检查用户状态


        if ("1".equals(user.getStatus()))


        {


            throw new BadCredentialsException("用户已被停用,请联系管理员");


        }


        


        if ("1".equals(user.getDelFlag()))


        {


            throw new BadCredentialsException("用户已被删除,请联系管理员");


        }


        


        // 获取用户权限


        Set<String> permissions = permissionService.getMenuPermission(user);


        


        // 创建LoginUser对象


        LoginUser loginUser = new LoginUser(user.getUserId(), user.getDeptId(), user, permissions);


        


        // 返回已认证的Token


        return new WechatAuthenticationToken(loginUser, unionId, loginUser.getAuthorities());


    }


 


    @Override


    public boolean supports(Class<?> authentication)


    {


        return WechatAuthenticationToken.class.isAssignableFrom(authentication);


    }


}