Просмотр исходного кода

增加登录成功监听事件

master
WendyYang 1 год назад
Родитель
Сommit
56bb9d821c
5 измененных файлов: 148 добавлений и 17 удалений
  1. +67
    -0
      pmapi/src/main/java/com/ningdatech/pmapi/user/controller/AuthorizationEventListener.java
  2. +2
    -6
      pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/agent/AgentAuthFilter.java
  3. +3
    -6
      pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/common/CommonAuthFilter.java
  4. +3
    -5
      pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthFilter.java
  5. +73
    -0
      pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/model/WebRequestDetails.java

+ 67
- 0
pmapi/src/main/java/com/ningdatech/pmapi/user/controller/AuthorizationEventListener.java Просмотреть файл

@@ -0,0 +1,67 @@
package com.ningdatech.pmapi.user.controller;

import com.ningdatech.log.model.OptLogDTO;
import com.ningdatech.log.model.enumeration.LogType;
import com.ningdatech.log.service.OptLogService;
import com.ningdatech.log.util.AddressUtil;
import com.ningdatech.pmapi.user.security.auth.model.UserInfoDetails;
import com.ningdatech.pmapi.user.security.auth.model.WebRequestDetails;
import lombok.RequiredArgsConstructor;
import org.springframework.context.event.EventListener;
import org.springframework.scheduling.annotation.Async;
import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.authentication.event.LogoutSuccessEvent;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;

import java.time.LocalDateTime;

/**
* <p>
* AuthorizationEventListener
* </p>
*
* @author WendyYang
* @since 2023/6/7
**/
@Component
@RequiredArgsConstructor
public class AuthorizationEventListener {

private final OptLogService optLogService;

@Async
@EventListener(AuthenticationSuccessEvent.class)
public void loginSuccessListener(AuthenticationSuccessEvent event) {
optLogService.save(buildOptLog("用户登录", event));
}

@Async
@EventListener(LogoutSuccessEvent.class)
public void logoutSuccessListener(LogoutSuccessEvent event) {
optLogService.save(buildOptLog("退出登录", event));
}

private OptLogDTO buildOptLog(String description, AbstractAuthenticationEvent event) {
Authentication authentication = event.getAuthentication();
UserInfoDetails userDetails = (UserInfoDetails) authentication.getPrincipal();
WebRequestDetails webDetails = (WebRequestDetails) authentication.getDetails();
OptLogDTO log = new OptLogDTO();
log.setActionMethod(webDetails.getServletPath());
log.setDescription(description);
log.setStartTime(LocalDateTime.now());
log.setFinishTime(log.getStartTime());
log.setCreateOn(log.getStartTime());
log.setHttpMethod(webDetails.getMethod());
log.setUserName(userDetails.getUsername());
log.setCreateBy(userDetails.getUserId());
log.setRequestIp(webDetails.getRequestIp());
log.setRequestUri(webDetails.getRequestUri());
log.setRegionByIp(AddressUtil.getRegion(log.getRequestIp()));
log.setUa(webDetails.getUserAgent());
log.setType(LogType.OPT.name());
return log;
}

}

+ 2
- 6
pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/agent/AgentAuthFilter.java Просмотреть файл

@@ -1,6 +1,7 @@
package com.ningdatech.pmapi.user.security.auth.agent;

import com.ningdatech.basic.exception.BizException;
import com.ningdatech.pmapi.user.security.auth.model.WebRequestDetails;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationServiceException;
@@ -49,8 +50,7 @@ public class AgentAuthFilter extends AbstractAuthenticationProcessingFilter {
userId = trim(userId);
try {
AgentAuthToken authRequest = new AgentAuthToken(userId, userId);
// Allow subclasses to set the "details" property
setDetails(request, authRequest);
authRequest.setDetails(new WebRequestDetails(request));
return this.getAuthenticationManager().authenticate(authRequest);
} catch (AuthenticationException e) {
throw new BadCredentialsException("用户id 不能为空");
@@ -61,10 +61,6 @@ public class AgentAuthFilter extends AbstractAuthenticationProcessingFilter {
}
}

protected void setDetails(HttpServletRequest request, AgentAuthToken authRequest) {
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
}

private String trim(String trimStr) {
if (StringUtils.isNotBlank(trimStr)) {
return trimStr.trim();


+ 3
- 6
pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/common/CommonAuthFilter.java Просмотреть файл

@@ -1,6 +1,7 @@
package com.ningdatech.pmapi.user.security.auth.common;

import com.ningdatech.basic.exception.BizException;
import com.ningdatech.pmapi.user.security.auth.model.WebRequestDetails;
import com.ningdatech.pmapi.user.security.auth.validate.CommonLoginException;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpMethod;
@@ -55,8 +56,8 @@ public class CommonAuthFilter extends AbstractAuthenticationProcessingFilter {
platform = trim(platform);
credential = trim(credential);
try {
CommonAuthToken authRequest = new CommonAuthToken(platform,credential);
setDetails(request, authRequest);
CommonAuthToken authRequest = new CommonAuthToken(platform, credential);
authRequest.setDetails(new WebRequestDetails(request));
return this.getAuthenticationManager().authenticate(authRequest);
} catch (AuthenticationException e) {
throw new BadCredentialsException("用户状态");
@@ -67,10 +68,6 @@ public class CommonAuthFilter extends AbstractAuthenticationProcessingFilter {
}
}

protected void setDetails(HttpServletRequest request, CommonAuthToken authRequest) {
authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
}

private String trim(String trimStr) {
if (StringUtils.isNotBlank(trimStr)) {
return trimStr.trim();


+ 3
- 5
pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/credential/CredentialAuthFilter.java Просмотреть файл

@@ -2,6 +2,7 @@ package com.ningdatech.pmapi.user.security.auth.credential;

import com.ningdatech.basic.exception.BizException;
import com.ningdatech.pmapi.user.constant.LoginTypeEnum;
import com.ningdatech.pmapi.user.security.auth.model.WebRequestDetails;
import com.ningdatech.pmapi.user.security.auth.validate.CommonLoginException;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpMethod;
@@ -59,17 +60,14 @@ public class CredentialAuthFilter extends AbstractAuthenticationProcessingFilter
loginType = trim(loginType);
try {
CredentialAuthToken authRequest = new CredentialAuthToken(identifier, credential, loginType);
// Allow subclasses to set the "details" property
setDetails(request, authRequest);
authRequest.setDetails(new WebRequestDetails(request));
return this.getAuthenticationManager().authenticate(authRequest);
} catch (CommonLoginException e) {
throw new CommonLoginException(e.getMessage());
} catch (BadCredentialsException e) {
} catch (BadCredentialsException | BizException e) {
throw new BadCredentialsException(e.getMessage());
} catch (AuthenticationException e) {
throw new BadCredentialsException("账号或密码错误");
} catch (BizException e) {
throw new BadCredentialsException(e.getMessage());
} catch (Exception e) {
throw new InternalAuthenticationServiceException("授权失败:", e);
}


+ 73
- 0
pmapi/src/main/java/com/ningdatech/pmapi/user/security/auth/model/WebRequestDetails.java Просмотреть файл

@@ -0,0 +1,73 @@
package com.ningdatech.pmapi.user.security.auth.model;

import cn.hutool.core.util.StrUtil;
import cn.hutool.extra.servlet.ServletUtil;
import org.springframework.security.web.authentication.WebAuthenticationDetails;

import javax.servlet.http.HttpServletRequest;

/**
* <p>
* WebRequestDetails
* </p>
*
* @author WendyYang
* @since 2023/6/7
**/
public class WebRequestDetails extends WebAuthenticationDetails {

private static final long serialVersionUID = -4466339683132696235L;

private final String requestIp;

private final String requestUri;

private final String method;

private final String servletPath;

private final String requestUrl;

private final String userAgent;

/**
* Records the remote address and will also set the session Id if a session already
* exists (it won't create one).
*
* @param request that the authentication request was received from
*/
public WebRequestDetails(HttpServletRequest request) {
super(request);
this.requestUri = request.getRequestURI();
this.method = request.getMethod();
this.servletPath = request.getServletPath();
this.requestUrl = request.getRequestURL().toString();
this.requestIp = ServletUtil.getClientIP(request);
this.userAgent = StrUtil.sub(request.getHeader("user-agent"), 0, 500);
}

public String getRequestIp() {
return requestIp;
}

public String getRequestUri() {
return requestUri;
}

public String getMethod() {
return method;
}

public String getServletPath() {
return servletPath;
}

public String getRequestUrl() {
return requestUrl;
}

public String getUserAgent() {
return userAgent;
}

}

Загрузка…
Отмена
Сохранить