1、添加后端鉴权

atms-api/src/main/java/pwc/taxtech/atms/controller/AtmsExceptionHandler.java

@@ -5,6 +5,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
@@ -49,6 +50,21 @@ public class AtmsExceptionHandler extends ResponseEntityExceptionHandler {
         }
     }
 
+
+    @ExceptionHandler(value = AccessDeniedException.class)
+    public void accessDeniedHandle(AccessDeniedException accessDeniedException, HttpServletResponse response) {
+        accessDeniedException.printStackTrace();
+        //noinspection Duplicates
+        try {
+            response.setCharacterEncoding("UTF-8");
+            response.setContentType("application/json; charset=UTF-8");
+            response.setStatus(403);
+            response.getWriter().write(JSON.toJSONString(ApiResultDto.fail(accessDeniedException.getMessage())));
+        } catch (IOException e) {
+            logger.error("accessDenied error.", e);
+        }
+    }
+
     @ExceptionHandler(value = Throwable.class)
     public void handle(Throwable throwable, HttpServletResponse response) {
         throwable.printStackTrace();

atms-api/src/main/java/pwc/taxtech/atms/security/JwtUtil.java

@@ -11,6 +11,7 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.cache.annotation.Cacheable;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.stereotype.Component;
@@ -59,8 +60,8 @@ public class JwtUtil implements InitializingBean {
         String databaseUsername = String.valueOf(defaultClaims.get("databaseUsername"));
         String username = String.valueOf(defaultClaims.get("username"));
         String userid = String.valueOf(defaultClaims.get("userid"));
-
-        return new JwtUser(userid, username, databaseUsername, defaultClaims, getAuthorities());
+//      原版 UserDetails return new JwtUser(userid, username, databaseUsername, defaultClaims, getAuthorities());
+        return new JwtUser(userid, username, databaseUsername, defaultClaims, getAuthorities(username));
     }
 
     private List<SimpleGrantedAuthority> getAuthorities() {
@@ -70,6 +71,27 @@ public class JwtUtil implements InitializingBean {
         return list;
     }
 
+    private List<SimpleGrantedAuthority> getAuthorities(String userName) {
+        List<SimpleGrantedAuthority> list = new ArrayList<>();
+        list.add(new SimpleGrantedAuthority("ROLE_USER"));
+        list.add(new SimpleGrantedAuthority("ROLE_JWT_USER"));
+        List<String> ecApiAuthList = getApiAuthList(userName);
+        for(String ecApiAuth : ecApiAuthList){
+            list.add(new SimpleGrantedAuthority(ecApiAuth));
+        }
+        return list;
+    }
+
+    @Cacheable(value = "apiAuthCache", key = "userName")
+    public List<String> getApiAuthList(String userName) {
+        List<String> apiAuthList = new ArrayList<>();
+        apiAuthList.add("template:get");
+
+
+        // todo upm return  response
+        return apiAuthList;
+    }
+
     /***
      * @param username
      *            登录名,大小写不限，可以是全大写或全小写,如:admin, ADMIN

atms-api/src/main/java/pwc/taxtech/atms/service/impl/OrganizationStructureServiceImpl.java

@@ -136,12 +136,13 @@ public class OrganizationStructureServiceImpl {
             OrganizationStructure originOrganizationStructure = new OrganizationStructure();
             CommonUtils.copyProperties(organizationStructure, originOrganizationStructure);
 
-            if (organizationStructureDto.getIsActive() != organizationStructure.getIsActive() || organizationStructureDto.getName() != organizationStructure.getName()) {
+            if (organizationStructureDto.getIsActive().equals(organizationStructure.getIsActive())  ||
+                    org.apache.commons.lang3.StringUtils.equals( organizationStructureDto.getName(),organizationStructure.getName())) {
                 isStatusChangeOperation = true;
                 organizationStructure.setIsActive(organizationStructureDto.getIsActive());
                 organizationStructure.setName(organizationStructureDto.getName());
-                if (!organizationStructureDto.getIsActive()
-                        && organizationService.isOrganizationStructureExists(organizationStructureDto.getId())) {
+                if (!organizationStructureDto.getIsActive()&&
+                        organizationService.isOrganizationStructureExists(organizationStructureDto.getId())) {
 //                    continue;
 //                    return false;
                     throw new ApplicationException("the organization must not contain sub-organization!");

atms-api/src/main/resources/applicationContext-security.xml

@@ -5,7 +5,7 @@
 
 	<!-- <debug /> -->
 
-	<global-method-security pre-post-annotations="enabled" />
+	<global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled" secured-annotations="enabled"/>
 
 	<!-- Static resources -->
 	<http pattern="/version.html" security="none" />
@@ -31,7 +31,6 @@
 		<b:property name="authenticationSuccessHandler" ref="jwtAuthenticationSuccessHandler" />
 	</b:bean>
 
-
 	<authentication-manager alias="authenticationManager">
 		<authentication-provider ref="jwtAuthenticationProvider" />
 	</authentication-manager>

atms-api/src/main/resources/ehcache.xml

@@ -34,6 +34,16 @@
            overflowToDisk="false"
            diskPersistent="false"/>
 
+    <!-- apiAuthList缓存 -->
+    <cache name="apiAuthCache"
+           maxElementsOnDisk="10000"
+           maxElementsInMemory="10000"
+           timeToIdleSeconds="86400"
+           timeToLiveSeconds="86400"
+           eternal="true"
+           overflowToDisk="false"
+           diskPersistent="false"/>
+
 </ehcache>
         <!--
         <diskStore>==========当内存缓存中对象数量超过maxElementsInMemory时,将缓存对象写到磁盘缓存中(需对象实现序列化接口)

atms-api/src/test/java/pwc/taxtech/atms/common/DataMigration.java

@@ -49,6 +49,7 @@ public class DataMigration extends CommonIT {
 
     @Test
     public void doMigrationTemplateGroup() {
+        // todo String sql = "Select * from template_group where id=" + templateGroupId;
         String sql = "Select * from TemplateGroup_20180622 where id=" + templateGroupId;
         List<Map<String, Object>> queryForList = jdbcTemplate.queryForList(sql);
 //        sql = "DELETE FROM template_group";
@@ -109,6 +110,7 @@ public class DataMigration extends CommonIT {
      */
     private Long getIdFromExistTable(String id) {
         try {
+//          todo String sql = "SELECT name as Name,update_time as UpdateTime from template_group where id='" + id + "'";
             String sql = "SELECT `Name`,UpdateTime from TemplateGroup_20180622 where id='" + id + "'";
             Map<String, Object> result = jdbcTemplate.queryForMap(sql);
             String name = MapUtils.getString(result, "Name");
@@ -459,6 +461,7 @@ public class DataMigration extends CommonIT {
     //todo:tax_rule_setting --13
     @Test
     public void doMigrationTaxRuleSetting() {
+//        todo String sql = "Select * from tax_rule_setting";
         String sql = "Select * from TaxRuleSetting_20180622";
         System.out.println(sql);
         List<Map<String, Object>> queryForList = jdbcTemplate.queryForList(sql);
@@ -489,6 +492,7 @@ public class DataMigration extends CommonIT {
     //todo:tax_rule_setting_organization --17
     @Test
     public void doMigrationTaxRuleSettingOrganization() {
+//        todo String sql = "Select * from tax_rule_setting_organization";
         String sql = "Select * from TaxRuleSettingOrganization_20180622";
         System.out.println(sql);
         List<Map<String, Object>> queryForList = jdbcTemplate.queryForList(sql);
@@ -496,6 +500,7 @@ public class DataMigration extends CommonIT {
         System.out.println(sql);
         jdbcTemplate.execute(sql);
 
+//        todo sql = "SELECT id as ID,create_time as CreateTime FROM tax_rule_setting";
         sql = "SELECT ID,CreateTime  FROM TaxRuleSetting_20180622";
         taxRuleSetting20180622List = jdbcTemplate.queryForList(sql);
         taxRuleSettingList = taxRuleSettingMapper.selectByExample(new TaxRuleSettingExample());

atms-web/src/main/webapp/app/framework/utils/webservice.js

@@ -67,6 +67,13 @@ webservices.factory('apiInterceptor', ['$q', 'loginContext', '$log', '$window',
                 if (response.status === 401) {
                     redirectToLogOut();
                 }
+                else if (response.status === 403) {
+                    swal({
+                        title: "警告",
+                        text: "很抱歉，您没有访问该接口的权限！",
+                        type: "warning"
+                    });
+                }
                 var tmpToken = response.headers('refreshToken');
                 if (!!tmpToken) {
                     apiToken = tmpToken;
@@ -81,6 +88,13 @@ webservices.factory('apiInterceptor', ['$q', 'loginContext', '$log', '$window',
                 if (rejection.status === 401) {
                     redirectToLogOut();
                 }
+                else if (rejection.status === 403) {
+                    swal({
+                        title: "警告",
+                        text: "很抱歉，您没有访问该接口的权限！",
+                        type: "warning"
+                    });
+                }
 
                 // Return the promise rejection.
                 return $q.reject(rejection);