Example 1 with User
use of mingzuozhibi.persist.core.User in project mzzb-server by mingzuozhibi.
the class UserController method findAll.
@Transactional
@PreAuthorize("hasRole('ADMIN')")
@GetMapping(value = "/api/users", produces = MEDIA_TYPE)
public String findAll() {
JSONArray result = new JSONArray();
dao.findAll(User.class).forEach(user -> {
result.put(user.toJSON());
});
if (LOGGER.isDebugEnabled()) {
debugRequest("[获取多个用户成功][用户数量={}]", result.length());
}
return objectResult(result);
}
Also used :
User(mingzuozhibi.persist.core.User)
JSONArray(org.json.JSONArray)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 2 with User
use of mingzuozhibi.persist.core.User in project mzzb-server by mingzuozhibi.
the class UserController method getOne.
@Transactional
@PreAuthorize("hasRole('ADMIN')")
@GetMapping(value = "/api/users/{id}", produces = MEDIA_TYPE)
public String getOne(@PathVariable Long id) {
User user = dao.get(User.class, id);
if (user == null) {
if (LOGGER.isWarnEnabled()) {
warnRequest("[获取用户失败][指定的用户Id不存在][Id={}]", id);
}
return errorMessage("指定的用户Id不存在");
}
JSONObject result = user.toJSON();
if (LOGGER.isDebugEnabled()) {
debugRequest("[获取用户成功][用户信息={}]", result);
}
return objectResult(result);
}
Also used :
User(mingzuozhibi.persist.core.User)
JSONObject(org.json.JSONObject)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 3 with User
use of mingzuozhibi.persist.core.User in project mzzb-server by mingzuozhibi.
the class UserController method addOne.
@Transactional
@PreAuthorize("hasRole('ADMIN')")
@PostMapping(value = "/api/users", produces = MEDIA_TYPE)
public String addOne(@JsonArg String username, @JsonArg String password, @JsonArg(defaults = "true") boolean enabled) {
if (dao.lookup(User.class, "username", username) != null) {
if (LOGGER.isInfoEnabled()) {
infoRequest("[创建用户失败][该同户名称已存在][用户名={}]", username);
}
return errorMessage("该同户名称已存在");
}
User user = new User(username, password, enabled);
dao.save(user);
JSONObject result = user.toJSON();
if (LOGGER.isInfoEnabled()) {
infoRequest("[创建用户成功][用户信息={}]", result);
}
return objectResult(result);
}
Also used :
User(mingzuozhibi.persist.core.User)
JSONObject(org.json.JSONObject)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 4 with User
use of mingzuozhibi.persist.core.User in project mzzb-server by mingzuozhibi.
the class UserController method setOne.
@Transactional
@PreAuthorize("hasRole('ADMIN')")
@PutMapping(value = "/api/users/{id}", produces = MEDIA_TYPE)
public String setOne(@PathVariable Long id, @JsonArg String username, @JsonArg String password, @JsonArg boolean enabled) {
User user = dao.get(User.class, id);
if (user == null) {
if (LOGGER.isWarnEnabled()) {
warnRequest("[编辑用户失败][指定的用户Id不存在][Id={}]", id);
}
return errorMessage("指定的用户Id不存在");
}
if (LOGGER.isDebugEnabled()) {
JSONObject before = user.toJSON();
debugRequest("[编辑用户开始][修改前={}]", before);
}
user.setUsername(username);
user.setEnabled(enabled);
if (password != null && !password.isEmpty()) {
user.setPassword(password);
cleanAutoLogin(user);
}
JSONObject result = user.toJSON();
if (LOGGER.isDebugEnabled()) {
debugRequest("[编辑用户成功][修改后={}]", result);
}
return objectResult(result);
}
Also used :
User(mingzuozhibi.persist.core.User)
JSONObject(org.json.JSONObject)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
Transactional(org.springframework.transaction.annotation.Transactional)
Example 5 with User
use of mingzuozhibi.persist.core.User in project mzzb-server by mingzuozhibi.
the class SecurityConfig method configure.
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/api/session/**").permitAll().antMatchers(HttpMethod.GET).permitAll().antMatchers("/api/**").hasRole("BASIC").and().anonymous().principal("Guest").authorities("NONE").and().exceptionHandling().accessDeniedHandler(customAccessDeniedHandler).authenticationEntryPoint(customAccessDeniedHandler).and().csrf().ignoringAntMatchers("/api/session/**").ignoringAntMatchers("/management/**").and().addFilterAfter(new CsrfTokenResponseHeaderBindingFilter(), CsrfFilter.class);
Logger logger = LoggerFactory.getLogger(SecurityConfig.class);
logger.info("设置Security安全策略");
dao.execute(session -> {
String encode = new PassUtil().encode("admin", adminPassword);
User user = dao.lookup(User.class, "username", "admin");
if (user == null) {
user = new User("admin", encode, true);
user.getRoles().add("ROLE_ADMIN");
dao.save(user);
logger.info("初始化管理员用户");
} else {
if (!encode.equals(user.getPassword())) {
logger.info("更新管理员密码");
user.setPassword(encode);
}
if (!user.getRoles().contains("ROLE_BASIC")) {
logger.info("更新管理员权限");
user.getRoles().add("ROLE_BASIC");
}
if (!user.getRoles().contains("ROLE_ADMIN")) {
logger.info("更新管理员权限");
user.getRoles().add("ROLE_ADMIN");
}
if (!user.isEnabled()) {
logger.info("启用管理员用户");
user.setEnabled(true);
}
}
});
}
Also used :
CsrfTokenResponseHeaderBindingFilter(com.allanditzel.springframework.security.web.csrf.CsrfTokenResponseHeaderBindingFilter)
User(mingzuozhibi.persist.core.User)
PassUtil(mingzuozhibi.support.PassUtil)
Logger(org.slf4j.Logger)
Aggregations
User (mingzuozhibi.persist.core.User)7
JSONObject (org.json.JSONObject)4
PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)4
Transactional (org.springframework.transaction.annotation.Transactional)4
CsrfTokenResponseHeaderBindingFilter (com.allanditzel.springframework.security.web.csrf.CsrfTokenResponseHeaderBindingFilter)1
UserDetailsImpl (mingzuozhibi.security.UserDetailsImpl)1
PassUtil (mingzuozhibi.support.PassUtil)1
JSONArray (org.json.JSONArray)1
Logger (org.slf4j.Logger)1
UserDetails (org.springframework.security.core.userdetails.UserDetails)1
PostMapping (org.springframework.web.bind.annotation.PostMapping)1
