guns-admin集成guns-rest增加登录校验

guns-admin/src/main/java/com/stylefeng/guns/core/common/constant/JwtConstants.java

@@ -14,6 +14,6 @@ public interface JwtConstants {
 
     Long EXPIRATION = 604800L;
 
-    String AUTH_PATH = "/api/auth";
+    String AUTH_PATH = "/gunsApi/auth";
 
 }

guns-admin/src/main/java/com/stylefeng/guns/core/shiro/ShiroDbRealm.java

@@ -4,7 +4,10 @@ import com.stylefeng.guns.core.shiro.factory.IShiro;
 import com.stylefeng.guns.core.shiro.factory.ShiroFactroy;
 import com.stylefeng.guns.core.util.ToolUtil;
 import com.stylefeng.guns.modular.system.model.User;
-import org.apache.shiro.authc.*;
+import org.apache.shiro.authc.AuthenticationException;
+import org.apache.shiro.authc.AuthenticationInfo;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authc.UsernamePasswordToken;
 import org.apache.shiro.authc.credential.CredentialsMatcher;
 import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
 import org.apache.shiro.authz.AuthorizationInfo;
@@ -28,8 +31,7 @@ public class ShiroDbRealm extends AuthorizingRealm {
         UsernamePasswordToken token = (UsernamePasswordToken) authcToken;
         User user = shiroFactory.user(token.getUsername());
         ShiroUser shiroUser = shiroFactory.shiroUser(user);
-        SimpleAuthenticationInfo info = shiroFactory.info(shiroUser, user, super.getName());
-        return info;
+        return shiroFactory.info(shiroUser, user, super.getName());
     }
 
     /**

guns-admin/src/main/java/com/stylefeng/guns/core/util/JwtTokenUtil.java

@@ -97,9 +97,9 @@ public class JwtTokenUtil {
     /**
      * 生成token(通过用户名和签名时候用的随机数)
      */
-    public static String generateToken(String userName, String randomKey) {
+    public static String generateToken(String userId) {
         Map<String, Object> claims = new HashMap<>();
-        return doGenerateToken(claims, userName);
+        return doGenerateToken(claims, userId);
     }
 
     /**

guns-admin/src/main/java/com/stylefeng/guns/modular/api/ApiController.java

 package com.stylefeng.guns.modular.api;
 
 import com.stylefeng.guns.core.base.controller.BaseController;
+import com.stylefeng.guns.core.base.tips.ErrorTip;
+import com.stylefeng.guns.core.shiro.ShiroKit;
+import com.stylefeng.guns.core.shiro.ShiroUser;
 import com.stylefeng.guns.core.util.JwtTokenUtil;
+import com.stylefeng.guns.modular.system.dao.UserMapper;
+import com.stylefeng.guns.modular.system.model.User;
+import org.apache.shiro.authc.SimpleAuthenticationInfo;
+import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
+import org.apache.shiro.crypto.hash.Md5Hash;
+import org.apache.shiro.util.ByteSource;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 
+import java.util.HashMap;
+
 /**
  * 接口控制器提供
  *
@@ -16,6 +30,44 @@ import org.springframework.web.bind.annotation.RestController;
 @RequestMapping("/gunsApi")
 public class ApiController extends BaseController {
 
+    @Autowired
+    private UserMapper userMapper;
+
+    /**
+     * api登录接口，通过账号密码获取token
+     */
+    @RequestMapping("/auth")
+    public Object auth(@RequestParam("username") String username,
+                       @RequestParam("password") String password) {
+
+        //封装请求账号密码为shiro可验证的token
+        UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(username, password.toCharArray());
+
+        //获取数据库中的账号密码，准备比对
+        User user = userMapper.getByAccount(username);
+
+        String credentials = user.getPassword();
+        String salt = user.getSalt();
+        ByteSource credentialsSalt = new Md5Hash(salt);
+        SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo(
+                new ShiroUser(), credentials, credentialsSalt, "");
+
+        //校验用户账号密码
+        HashedCredentialsMatcher md5CredentialsMatcher = new HashedCredentialsMatcher();
+        md5CredentialsMatcher.setHashAlgorithmName(ShiroKit.hashAlgorithmName);
+        md5CredentialsMatcher.setHashIterations(ShiroKit.hashIterations);
+        boolean passwordTrueFlag = md5CredentialsMatcher.doCredentialsMatch(
+                usernamePasswordToken, simpleAuthenticationInfo);
+
+        if (passwordTrueFlag) {
+            HashMap<String, Object> result = new HashMap<>();
+            result.put("token", JwtTokenUtil.generateToken(String.valueOf(user.getId())));
+            return result;
+        } else {
+            return new ErrorTip(500, "账号密码错误！");
+        }
+    }
+
     /**
      * 测试接口是否走鉴权
      */
@@ -24,11 +76,5 @@ public class ApiController extends BaseController {
         return SUCCESS_TIP;
     }
 
-    /**
-     * 模拟生成一个token
-     */
-    public static void main(String[] args) {
-        System.out.println(JwtTokenUtil.generateToken("aaa", null));
-    }
 }