完善security权限验证

Blog.iml

@@ -140,6 +140,7 @@
     <orderEntry type="library" scope="TEST" name="Maven: com.vaadin.external.google:android-json:0.0.20131108.vaadin1" level="project" />
     <orderEntry type="library" scope="TEST" name="Maven: org.springframework:spring-test:5.2.1.RELEASE" level="project" />
     <orderEntry type="library" scope="TEST" name="Maven: org.xmlunit:xmlunit-core:2.6.3" level="project" />
+    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-devtools:2.1.6.RELEASE" level="project" />
     <orderEntry type="library" name="Maven: javax.activation:activation:1.1.1" level="project" />
     <orderEntry type="library" name="Maven: javax.mail:javax.mail-api:1.5.5" level="project" />
     <orderEntry type="library" name="Maven: com.sun.mail:javax.mail:1.5.5" level="project" />

pom.xml

@@ -138,6 +138,16 @@
             </exclusions>
         </dependency>
 
+
+        <!-- spring boot热部署 -->
+        <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-devtools -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-devtools</artifactId>
+            <version>2.1.6.RELEASE</version>
+        </dependency>
+
+
         <dependency>
             <groupId>javax.activation</groupId>
             <artifactId>activation</artifactId>

src/main/java/com/lingxiao/blog/aspect/LogAspect.java

@@ -3,20 +3,20 @@
 import com.lingxiao.blog.annotation.OperationLogDetail;
 import com.lingxiao.blog.bean.OperationLog;
 import com.lingxiao.blog.bean.User;
-import com.lingxiao.blog.bean.UserInfo;
 import com.lingxiao.blog.enums.OperationType;
-import com.lingxiao.blog.exception.BlogException;
-import com.lingxiao.blog.global.LoginInterceptor;
+import com.lingxiao.blog.global.ContentValue;
 import com.lingxiao.blog.mapper.UserMapper;
-import com.lingxiao.blog.service.OperationLogService;
+import com.lingxiao.blog.service.system.OperationLogService;
+import com.lingxiao.blog.service.user.UserService;
 import com.lingxiao.blog.utils.IPUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.aspectj.lang.JoinPoint;
 import org.aspectj.lang.ProceedingJoinPoint;
-import org.aspectj.lang.Signature;
 import org.aspectj.lang.annotation.*;
 import org.aspectj.lang.reflect.MethodSignature;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 
 import javax.servlet.http.HttpServletRequest;
@@ -36,6 +36,8 @@ public class LogAspect {
     private UserMapper userMapper;
     @Autowired
     private HttpServletRequest request;
+    @Autowired
+    private UserService userService;
     /**
      * 切入点为注解的方式
      */
@@ -59,37 +61,40 @@ public Object doAround(ProceedingJoinPoint joinPoint) throws Throwable {
         long time = System.currentTimeMillis();
         res =  joinPoint.proceed();
         time = System.currentTimeMillis() - time;
+        OperationLog operationLog = new OperationLog();
         try {
             //方法执行完成后增加日志
             OperationLogDetail detail = getOperationLogDetail(joinPoint);
             log.debug("方法执行环绕后 ,{}",detail.detail());
-            UserInfo userInfo = LoginInterceptor.getUserInfo();
-            User user = userMapper.selectByPrimaryKey(userInfo.getId());
-            OperationLog operationLog = new OperationLog();
-            operationLog.setUsername(user.getUsername());
-            operationLog.setNickname(user.getNickname());
             operationLog.setOperationType(detail.operationType().getCode());
             operationLog.setOperationContent(detail.detail());
             operationLog.setRunTakes(time);
             operationLog.setUserIp(IPUtils.ipToNum(IPUtils.getIpAddress2(request)));
             operationLog.setBrowser(IPUtils.getBrowserName(request));
             operationLog.setCreateAt(new Date());
-            logService.setOperationLog(operationLog);
+            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+            //anonymousUser
+            if (!ContentValue.ANONYMOUSUSER.equals(authentication.getPrincipal())){
+                User user = (User) authentication.getPrincipal();
+                operationLog.setUsername(user.getUsername());
+                operationLog.setNickname(user.getNickname());
+            }
         } catch (Exception e) {
             e.printStackTrace();
+        }finally {
+            logService.setOperationLog(operationLog);
         }
-
         return res;
     }
 
     @AfterThrowing(value = "operationLog()", throwing = "throwable")
     public void afterThrowing(JoinPoint joinPoint, Throwable throwable){
         OperationLogDetail detail = null;
+        OperationLog operationLog = new OperationLog();
         try {
-            UserInfo userInfo = LoginInterceptor.getUserInfo();
-            OperationLog operationLog = new OperationLog();
-            if (userInfo != null){
-                User user = userMapper.selectByPrimaryKey(userInfo.getId());
+            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+            if (!ContentValue.ANONYMOUSUSER.equals(authentication.getPrincipal())){
+                User user = (User) authentication.getPrincipal();
                 operationLog.setUsername(user.getUsername());
                 operationLog.setNickname(user.getNickname());
             }
@@ -112,11 +117,11 @@ public void afterThrowing(JoinPoint joinPoint, Throwable throwable){
             operationLog.setExceptionInfo(result);
             printWriter.close();
             writer.close();
-
-            logService.setOperationLog(operationLog);
             log.debug("方法执行异常。操作：{},异常：{}",detail.detail(),throwable);
         } catch (Exception e) {
             e.printStackTrace();
+        }finally {
+            logService.setOperationLog(operationLog);
         }
     }
 

src/main/java/com/lingxiao/blog/bean/Role.java

@@ -5,7 +5,9 @@
 
 import javax.persistence.Id;
 import javax.persistence.Table;
+import javax.persistence.Transient;
 import javax.validation.constraints.NotBlank;
+import java.util.List;
 
 @Table(name = "role")
 @Data
@@ -18,4 +20,9 @@ public class Role {
     @NotBlank(message = "角色类型不能为空")
     private String roleTag;
     private String roleDescription;
+    private Integer roleLevel;
+
+    @Transient
+    private List<Menu> menuList;
+
 }

src/main/java/com/lingxiao/blog/bean/User.java

@@ -7,6 +7,7 @@
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.util.CollectionUtils;
 
 import javax.persistence.Id;
 import javax.persistence.Table;
@@ -70,6 +71,7 @@ public String getPassword() {
     @Override
     public Collection<? extends GrantedAuthority> getAuthorities() {
         List<GrantedAuthority> authorities = new ArrayList<>();
+        if (CollectionUtils.isEmpty(roles)) return authorities;
         for (Role role : roles) {
             authorities.add(new SimpleGrantedAuthority("ROLE_" + role.getRoleTag()));
         }

src/main/java/com/lingxiao/blog/controller/FileController.java

@@ -5,7 +5,7 @@
 import com.lingxiao.blog.global.OssProperties;
 import com.lingxiao.blog.global.api.PageResult;
 import com.lingxiao.blog.global.api.ResponseResult;
-import com.lingxiao.blog.service.FileService;
+import com.lingxiao.blog.service.file.FileService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;

src/main/java/com/lingxiao/blog/controller/FrontController.java

@@ -9,10 +9,10 @@
 import com.lingxiao.blog.enums.OperationType;
 import com.lingxiao.blog.global.api.PageResult;
 import com.lingxiao.blog.global.api.ResponseResult;
-import com.lingxiao.blog.service.ArticleService;
-import com.lingxiao.blog.service.CategoryService;
-import com.lingxiao.blog.service.CommentService;
-import com.lingxiao.blog.service.FriendLinkService;
+import com.lingxiao.blog.service.article.ArticleService;
+import com.lingxiao.blog.service.article.CategoryService;
+import com.lingxiao.blog.service.user.CommentService;
+import com.lingxiao.blog.service.system.FriendLinkService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;

src/main/java/com/lingxiao/blog/controller/ArticleController.java → src/main/java/com/lingxiao/blog/controller/article/ArticleController.java

@@ -1,11 +1,11 @@
-package com.lingxiao.blog.controller;
+package com.lingxiao.blog.controller.article;
 
 import com.lingxiao.blog.annotation.OperationLogDetail;
 import com.lingxiao.blog.bean.Article;
 import com.lingxiao.blog.enums.OperationType;
 import com.lingxiao.blog.global.api.PageResult;
 import com.lingxiao.blog.global.api.ResponseResult;
-import com.lingxiao.blog.service.ArticleService;
+import com.lingxiao.blog.service.article.ArticleService;
 import com.lingxiao.blog.bean.vo.ArticleDetailVo;
 import com.lingxiao.blog.bean.vo.ArticleVo;
 import io.swagger.annotations.Api;
@@ -17,7 +17,6 @@
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
-import java.util.List;
 
 @RestController
 @Api(value = "文章接口")

src/main/java/com/lingxiao/blog/controller/CategoryController.java → src/main/java/com/lingxiao/blog/controller/article/CategoryController.java

@@ -1,10 +1,10 @@
-package com.lingxiao.blog.controller;
+package com.lingxiao.blog.controller.article;
 
 import com.lingxiao.blog.annotation.OperationLogDetail;
 import com.lingxiao.blog.bean.Category;
 import com.lingxiao.blog.enums.OperationType;
 import com.lingxiao.blog.global.api.ResponseResult;
-import com.lingxiao.blog.service.CategoryService;
+import com.lingxiao.blog.service.article.CategoryService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiOperation;

src/main/java/com/lingxiao/blog/controller/LabelController.java → src/main/java/com/lingxiao/blog/controller/article/LabelController.java

@@ -1,10 +1,10 @@
-package com.lingxiao.blog.controller;
+package com.lingxiao.blog.controller.article;
 
 import com.lingxiao.blog.annotation.OperationLogDetail;
 import com.lingxiao.blog.bean.Label;
 import com.lingxiao.blog.enums.OperationType;
 import com.lingxiao.blog.global.api.PageResult;
-import com.lingxiao.blog.service.LabelService;
+import com.lingxiao.blog.service.article.LabelService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;

src/main/java/com/lingxiao/blog/controller/EmailController.java → src/main/java/com/lingxiao/blog/controller/system/EmailController.java

@@ -1,10 +1,10 @@
-package com.lingxiao.blog.controller;
+package com.lingxiao.blog.controller.system;
 
 import com.lingxiao.blog.annotation.OperationLogDetail;
 import com.lingxiao.blog.bean.Email;
 import com.lingxiao.blog.enums.OperationType;
 import com.lingxiao.blog.global.api.PageResult;
-import com.lingxiao.blog.service.EmailService;
+import com.lingxiao.blog.service.system.EmailService;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;
 import io.swagger.annotations.ApiOperation;

src/main/java/com/lingxiao/blog/controller/FriendLinkController.java → src/main/java/com/lingxiao/blog/controller/system/FriendLinkController.java

@@ -1,10 +1,10 @@
-package com.lingxiao.blog.controller;
+package com.lingxiao.blog.controller.system;
 
 import com.lingxiao.blog.annotation.OperationLogDetail;
 import com.lingxiao.blog.bean.FriendLink;
 import com.lingxiao.blog.enums.OperationType;
 import com.lingxiao.blog.global.api.PageResult;
-import com.lingxiao.blog.service.FriendLinkService;
+import com.lingxiao.blog.service.system.FriendLinkService;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;
 import io.swagger.annotations.ApiOperation;

src/main/java/com/lingxiao/blog/controller/MenuController.java → src/main/java/com/lingxiao/blog/controller/system/MenuController.java

@@ -1,8 +1,8 @@
-package com.lingxiao.blog.controller;
+package com.lingxiao.blog.controller.system;
 
 import com.lingxiao.blog.bean.Menu;
 import com.lingxiao.blog.global.api.ResponseResult;
-import com.lingxiao.blog.service.MenuService;
+import com.lingxiao.blog.service.system.MenuService;
 import io.swagger.annotations.*;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;

src/main/java/com/lingxiao/blog/controller/OperationLogController.java → src/main/java/com/lingxiao/blog/controller/system/OperationLogController.java

@@ -1,20 +1,15 @@
-package com.lingxiao.blog.controller;
+package com.lingxiao.blog.controller.system;
 
-import com.lingxiao.blog.bean.OperationLog;
 import com.lingxiao.blog.bean.vo.OperationLogVo;
-import com.lingxiao.blog.enums.OperationType;
 import com.lingxiao.blog.global.api.PageResult;
-import com.lingxiao.blog.global.api.ResponseResult;
-import com.lingxiao.blog.service.OperationLogService;
+import com.lingxiao.blog.service.system.OperationLogService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.List;
-
 @RestController
 @RequestMapping("/log")
 public class OperationLogController {

src/main/java/com/lingxiao/blog/controller/StatisticController.java → src/main/java/com/lingxiao/blog/controller/system/StatisticController.java

@@ -1,12 +1,10 @@
-package com.lingxiao.blog.controller;
+package com.lingxiao.blog.controller.system;
 
 import com.google.gson.Gson;
 import com.google.gson.reflect.TypeToken;
-import com.lingxiao.blog.bean.statistics.WeekData;
 import com.lingxiao.blog.global.ContentValue;
-import com.lingxiao.blog.global.api.PageResult;
 import com.lingxiao.blog.global.api.ResponseResult;
-import com.lingxiao.blog.service.StatisticService;
+import com.lingxiao.blog.service.system.StatisticService;
 import com.lingxiao.blog.utils.CookieUtils;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
@@ -20,7 +18,6 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.lang.reflect.Type;
-import java.util.List;
 import java.util.Map;
 
 @RestController

src/main/java/com/lingxiao/blog/controller/SystemInfoController.java → src/main/java/com/lingxiao/blog/controller/system/SystemInfoController.java

@@ -1,7 +1,7 @@
-package com.lingxiao.blog.controller;
+package com.lingxiao.blog.controller.system;
 
 import com.lingxiao.blog.global.api.ResponseResult;
-import com.lingxiao.blog.service.SystemInfoService;
+import com.lingxiao.blog.service.system.SystemInfoService;
 import com.lingxiao.blog.utils.SystemUtil;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;

src/main/java/com/lingxiao/blog/controller/ThemeController.java → src/main/java/com/lingxiao/blog/controller/system/ThemeController.java

@@ -1,8 +1,8 @@
-package com.lingxiao.blog.controller;
+package com.lingxiao.blog.controller.system;
 
 import com.lingxiao.blog.bean.Theme;
 import com.lingxiao.blog.global.api.ResponseResult;
-import com.lingxiao.blog.service.ThemeService;
+import com.lingxiao.blog.service.system.ThemeService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiOperation;

src/main/java/com/lingxiao/blog/controller/CommentController.java → src/main/java/com/lingxiao/blog/controller/user/CommentController.java

@@ -1,11 +1,11 @@
-package com.lingxiao.blog.controller;
+package com.lingxiao.blog.controller.user;
 
 import com.lingxiao.blog.annotation.OperationLogDetail;
 import com.lingxiao.blog.bean.Comment;
 import com.lingxiao.blog.bean.vo.CommentVo;
 import com.lingxiao.blog.enums.OperationType;
 import com.lingxiao.blog.global.api.PageResult;
-import com.lingxiao.blog.service.CommentService;
+import com.lingxiao.blog.service.user.CommentService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiImplicitParam;
 import io.swagger.annotations.ApiImplicitParams;
@@ -15,7 +15,6 @@
 import org.springframework.web.bind.annotation.*;
 
 import javax.validation.Valid;
-import java.net.URLDecoder;
 import java.util.List;
 
 @Api(value = "评论接口")