fix: 重构登录验证拦截器

src/main/java/com/uas/platform/b2b/filter/B2bAbstractSSOInterceptor.java

@@ -23,15 +23,9 @@ public abstract class B2bAbstractSSOInterceptor extends HandlerInterceptorAdapte
 
     protected abstract boolean onAuthenticateSuccess(HttpServletRequest var1, HttpServletResponse var2);
 
-    protected void sendRedirect(HttpServletRequest request, HttpServletResponse response) throws IOException {
-        boolean cross = SSOHelper.isCrossDomain(request);
-        if (cross) {
-            request.getSession().setAttribute("SSOReferer", request.getRequestURL());
-            response.sendRedirect(SSOHelper.getSSOService().getConfig().getCrossProxyUri());
-        } else {
-            SSOHelper.clearRedirectLogin(request, response);
-        }
-
+    @Override
+    public final boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        return super.preHandle(request, response, handler) ? this.authenticate(request, response) : false;
     }
 
     private final boolean authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException {
@@ -53,9 +47,15 @@ public abstract class B2bAbstractSSOInterceptor extends HandlerInterceptorAdapte
         }
     }
 
-    @Override
-    public final boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
-        return super.preHandle(request, response, handler) ? this.authenticate(request, response) : false;
+    protected void sendRedirect(HttpServletRequest request, HttpServletResponse response) throws IOException {
+        boolean cross = SSOHelper.isCrossDomain(request);
+        if (cross) {
+            request.getSession().setAttribute("SSOReferer", request.getRequestURL());
+            response.sendRedirect(SSOHelper.getSSOService().getConfig().getCrossProxyUri());
+        } else {
+            SSOHelper.clearRedirectLogin(request, response);
+        }
+
     }
 
     protected boolean isRedirectAble(HttpServletRequest request) {

src/main/java/com/uas/platform/b2b/filter/SSOInterceptor.java

@@ -25,7 +25,6 @@ import com.uas.sso.SSOConfig;
 import com.uas.sso.SSOHelper;
 import com.uas.sso.SSOToken;
 import com.uas.sso.entity.UserAccount;
-import com.uas.sso.web.spring.AbstractSSOInterceptor;
 import org.apache.commons.collections.CollectionUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -39,6 +38,7 @@ import org.springframework.mobile.device.site.SitePreference;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
+import org.springframework.security.access.method.P;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -109,50 +109,14 @@ public class SSOInterceptor extends B2bAbstractSSOInterceptor {
     static final String UU_REGEXP = "^\\d{4,}$";
 
 
+	private final static String PARAM_ACCESS_TOKEN = "access_token";
+	private final static String PARAM_CLIENT_TYPE = "client_type";
+	private final static String CLIENT_TYPE_MANAGE = "manage";
+
+
 	private HashMap<String, Collection<ConfigAttribute>> resourceMap;
 	private HashMap<Long, Collection<GrantedAuthority>> authorities;
 
-    /**
-     * 从token获取用户信息
-     *
-     * @param token token
-     * @return User
-     */
-	private User getUserByToken(SSOToken token) {
-	    // 授权登录用户
-		User authorizedUser = null;
-		if (null != token && token.getData() != null) {
-			UserAccount tokenUser = FlexJsonUtils.fromJson(token.getData(), UserAccount.class);
-			if (!StringUtils.isEmpty(tokenUser.getUserUU())) {
-				// dialectUID表示client系统自己的唯一标识，比如user_uu，手机号没设置的情况下使用
-                authorizedUser = userService.findUserByUserUU(tokenUser.getUserUU());
-			} else if (!StringUtils.isEmpty(tokenUser.getMobile())) {
-				// UID表示所有系统公认的唯一标识，这里统一使用手机号
-                authorizedUser = userService.findUserByUserTel(tokenUser.getMobile());
-			} else if (!StringUtils.isEmpty(tokenUser.getEmail())) {
-				// UID表示所有系统公认的唯一标识，这里统一使用手机号
-                authorizedUser = userService.findUserByUserEmail(tokenUser.getEmail());
-			} else {
-				logger.error(String.format("invalid user %s, please set uid or dialectUID", tokenUser.getVipName()));
-			}
-			if (authorizedUser != null && authorizedUser.getEnterprises() != null) {
-				// 企业资料在client系统自己的唯一标识，比如en_uu
-				if (tokenUser.getSpaceUU() != null) {
-                    authorizedUser.setCurrentEnterprise(tokenUser.getSpaceUU());
-				} else if (!StringUtils.isEmpty(tokenUser.getBusinessCode())) {
-					for (Enterprise enterprise : authorizedUser.getEnterprises()) {
-						// 企业资料在所有系统公认的唯一标识，这里使用商业登记证号
-						if (tokenUser.getBusinessCode().equals(enterprise.getEnBussinessCode())) {
-                            authorizedUser.setEnterprise(enterprise);
-							break;
-						}
-					}
-				}
-			}
-		}
-		return authorizedUser;
-	}
-
     /**
      * 验证失败
      *
@@ -162,93 +126,53 @@ public class SSOInterceptor extends B2bAbstractSSOInterceptor {
      */
 	@Override
 	protected boolean onAuthenticateFailed(HttpServletRequest request, HttpServletResponse response) {
-		SystemSession.clear();
-		User user = (User) request.getSession().getAttribute("user");
-        if (user == null) {
-			user = getUserByAccessToken(request);
-			if (user != null) {
-				user.setIp(AgentUtils.getIp(request));
-				request.getSession().setAttribute("user", user);
-				setGrantedAuthorities(user);
-			} else {
-				user = autoLogin(request);
-			}
-		}
+		// 验证是否来自管理后台虚拟用户
+		User user = getUserByAccessToken(request);
 		if (user != null) {
-        	// 个人用户，跳转至提示页面
-            if (checkIsPersonal(user)) {
-				try {
-					response.sendRedirect("/error_personal");
-				} catch (IOException e) {
-					e.printStackTrace();
-				}
-				return false;
-			}
-            // 登录之前判断在当前企业的角色信息
-            if (null != user.getEnterprise() && user.getEnterprise().getEnAdminuu().equals(user.getUserUU())) {
-                Enterprise enterprise = user.getEnterprise();
-                user = checkRoleAndReturnUserInfo(user, enterprise);
-                user.setCurrentEnterprise(enterprise.getUu());
-            }
-			SystemSession.setUser(user);
-			try {
-				accessDecision(request, user);
-			} catch (IOException e) {
-				e.printStackTrace();
-			}
-            setResponseAuthorized(response, user, true);
-            return true;
-		} else {
-			if (SecurityConstant.AUTHENTICATION_URL.equals(request.getRequestURI())) {
-				return true;
-			}
-			AntPathRequestMatcher matcher = new AntPathRequestMatcher("/account/enterprise/info/**");
-			if (matcher.matches(request)) {
-				return true;
-			}
-            setResponseAuthorized(response, user, false);
-            if (!isRedirectAble(request)) {
-                try {
-                    printJson(response, new ModelMap("loginUrl", getLoginPage(request, response)));
-                } catch (IOException e) {
-                    e.printStackTrace();
-                }
-            }
-			return false;
+			// 管理后台虚拟用户都是管理员角色，不需要验证权限
+			parseAuthenticationSuccess(request, response, user);
+			return true;
 		}
-    }
 
-    /**
-     * 校验角色信息，返回用户信息
-     *
-     * @param user 用户
-     * @param enterprise 当前企业
-     * @return User
-     */
-    private User checkRoleAndReturnUserInfo(User user, Enterprise enterprise) {
-        // 设置为本企业管理员
-        List<Role> adminList = roleDao.findByEnUUAndDesc(enterprise.getUu(), "管理员");
-        Set<Role> existRoles = user.getRoles();
-        if (!org.springframework.util.CollectionUtils.isEmpty(adminList)) {
-            final boolean[] exist = {false};
-            existRoles.forEach(role -> {
-                if (Objects.equals(role.getId(), adminList.get(0).getId())) {
-                    exist[0] = true;
-                }
-            });
-            if (!exist[0]) {
-                user.getRoles().add(adminList.get(0));
-                try {
-                    user = userDao.save(user);
-                } catch (Exception e) {
-                    // 这里存储异常情况通常是角色存在，因为上面已经添加角色信息，这里直接返回user，不做处理
-                   logger.info("存储异常" + e.getMessage());
-                }
-            }
-        }
-        return user;
+		return parseAuthenticateFailed(request, response);
     }
 
+	/**
+	 * access_token验证登录
+	 *
+	 * @param request
+	 */
+	private User getUserByAccessToken(HttpServletRequest request) {
+		String token = request.getParameter(PARAM_ACCESS_TOKEN);
+		String type = request.getParameter(PARAM_CLIENT_TYPE);
+		// 发现有采用access_token方式
+		if (CLIENT_TYPE_MANAGE.equals(type) && token != null) {
+			// 清除上一次访问的数据
+			Object sessionUser = request.getSession().getAttribute("user");
+			if (sessionUser != null) {
+				// session里面原先存在user信息，接下来要判断此user是否与token绑定的user信息一致
+				// 一致则跳过，无需再次验证；不一致则替换
+				User user = (User) sessionUser;
+				if (UserCreater.isVirtual(user)) {
+					return user;
+				}
+			} else {
+				Map<String, Object> data = accessTokenService.validFormManage(token);
+				if (data.containsKey("user") && data.containsKey("bind")) {
+					long enUU = Long.parseLong(data.get("bind").toString());
+					Enterprise enterprise = enterpriseService.findById(enUU);
+					if (enterprise != null) {
+						List<Role> roles = roleService.findByEnterprise(enUU);
+						// 虚拟用户
+						User user = UserCreater.createVirtual(String.valueOf(data.get("user")), enterprise, roles);
+						return user;
+					}
+				}
+			}
+		}
+		return null;
+	}
+
     /**
      * 获取登录地址
      *
@@ -285,16 +209,64 @@ public class SSOInterceptor extends B2bAbstractSSOInterceptor {
      * @param response response
      * @param authorized 验证是否通过
      */
-    protected void setResponseAuthorized(HttpServletResponse response, User user, boolean authorized) {
+    protected void setResponseAuthorized(HttpServletResponse response, boolean authorized) {
         Integer status = authorized ? HttpStatus.OK.value() : HttpStatus.UNAUTHORIZED.value();
         response.setStatus(status);
-        if (null != user && null != user.getEnterprise()) {
-            response.setStatus(authorized ? HttpStatus.OK.value() : HttpStatus.UNAUTHORIZED.value());
-            String authorizedValue = authorized ? HttpStatus.OK.name() : HttpStatus.UNAUTHORIZED.name();
-            response.setHeader("authorized", authorizedValue);
-        }
+		String authorizedValue = authorized ? HttpStatus.OK.name() : HttpStatus.UNAUTHORIZED.name();
+		response.setHeader("authorized", authorizedValue);
     }
 
+	/**
+	 * 处理验证失败，有两种情况：<br/>
+	 * 1. cookie没有带uid<br/>
+	 * 2. cookie有带uid，但找不到有效的用户
+	 * @param request
+	 * @param response
+	 * @return
+	 */
+    private boolean parseAuthenticateFailed(HttpServletRequest request, HttpServletResponse response) {
+    	request.getSession().removeAttribute("user");
+		SystemSession.clear();
+
+		if (isRedirectAble(request)) {
+			logger.info("logout. request url:" + request.getRequestURL());
+			try {
+				sendRedirect(request, response);
+			} catch (IOException e) {
+				e.printStackTrace();
+			}
+		} else {
+			if (SecurityConstant.AUTHENTICATION_URL.equals(request.getRequestURI())) {
+				return true;
+			}
+			AntPathRequestMatcher matcher = new AntPathRequestMatcher("/account/enterprise/info/**");
+			if (matcher.matches(request)) {
+				return true;
+			}
+			setResponseAuthorized(response, false);
+			if (!isRedirectAble(request)) {
+				try {
+					printJson(response, new ModelMap("loginUrl", getLoginPage(request, response)));
+				} catch (IOException e) {
+					e.printStackTrace();
+				}
+			}
+		}
+		return false;
+	}
+
+	/**
+	 * 处理验证成功
+	 * @param request
+	 * @param response
+	 * @param user
+	 */
+	private void parseAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, User user) {
+		request.getSession().setAttribute("user", user);
+		SystemSession.setUser(user);
+		setResponseAuthorized(response, true);
+	}
+
     /**
      * 验证成功
      *
@@ -303,105 +275,124 @@ public class SSOInterceptor extends B2bAbstractSSOInterceptor {
      */
 	@Override
 	protected boolean onAuthenticateSuccess(HttpServletRequest request, HttpServletResponse response) {
-		User user = (User) request.getSession().getAttribute("user");
 		SSOToken token = SSOHelper.attrToken(request);
-		// cookie变化的情况下，session可能还未变化
-        boolean onAuthenticateFailed = user == null || (user.getUserTel() != null && !token.getUid().equals(user.getUserTel()));
-		if (onAuthenticateFailed) {
-			user = getUserByToken(token);
-			if (user != null) {
-				user.setIp(AgentUtils.getIp(request));
-				request.getSession().setAttribute("user", user);
-				setGrantedAuthorities(user);
-				log(request, user);
+		User user = getUserByToken(token);
+
+		if (user == null) {
+			return parseAuthenticateFailed(request, response);
+		}
+
+		if (user.getEnterprise() == null) {
+			// 如果个人用户跳转至提示页面
+			return sendRedirectPersonal(response);
+		}
+
+		// 记录日志
+		log(request, user);
+
+		// 验证管理员权限是否初始化
+		if (user.getUserUU().equals(user.getEnterprise().getEnAdminuu())) {
+			checkRoleAndReturnUserInfo(user);
+		}
+
+		// 设置权限
+		setGrantedAuthorities(user);
+		// 进行权限验证
+		accessDecision(request, user);
+
+		parseAuthenticationSuccess(request, response, user);
+		return true;
+	}
+
+	/**
+	 * 从token获取用户信息
+	 *
+	 * @param token token
+	 * @return User
+	 */
+	private User getUserByToken(SSOToken token) {
+		// 授权登录用户
+		User user = null;
+		if (null != token && token.getData() != null) {
+			UserAccount tokenUser = FlexJsonUtils.fromJson(token.getData(), UserAccount.class);
+			if (!StringUtils.isEmpty(tokenUser.getUserUU())) {
+				// dialectUID表示client系统自己的唯一标识，比如user_uu，手机号没设置的情况下使用
+				user = userService.findUserByUserUU(tokenUser.getUserUU());
+			} else if (!StringUtils.isEmpty(tokenUser.getMobile())) {
+				// UID表示所有系统公认的唯一标识，这里统一使用手机号
+				user = userService.findUserByUserTel(tokenUser.getMobile());
+			} else if (!StringUtils.isEmpty(tokenUser.getEmail())) {
+				// UID表示所有系统公认的唯一标识，这里统一使用手机号
+				user = userService.findUserByUserEmail(tokenUser.getEmail());
+			} else {
+				logger.error(String.format("invalid user %s, please set uid or dialectUID", tokenUser.getVipName()));
 			}
-		} else {
-			// 从其他应用切换了企业的情况
-			if (token.getData() != null) {
-				UserAccount tokenUser = FlexJsonUtils.fromJson(token.getData(), UserAccount.class);
-				if (StringUtils.isEmpty(tokenUser.getBusinessCode()) || StringUtils.isEmpty(tokenUser.getSpaceUU())) {
-					// 如果个人用户跳转至提示页面
-					try {
-						response.sendRedirect("/error_personal");
-					} catch (IOException e) {
-						e.printStackTrace();
-					}
-					return false;
-                }
-				// 如果是从个人用户切换或者当前企业切换
-				boolean flag = null == user.getEnterprise() || !user.getEnterprise().getUu().equals(tokenUser.getSpaceUU());
-				if (!StringUtils.isEmpty(tokenUser.getSpaceUU()) && flag) {
-					user = getUserByToken(user, tokenUser);
+			if (user != null && user.getEnterprises() != null) {
+				// 企业资料在client系统自己的唯一标识，比如en_uu
+				if (tokenUser.getSpaceUU() != null) {
 					user.setCurrentEnterprise(tokenUser.getSpaceUU());
-					request.getSession().setAttribute("user", user);
+				} else if (!StringUtils.isEmpty(tokenUser.getBusinessCode())) {
+					for (Enterprise enterprise : user.getEnterprises()) {
+						// 企业资料在所有系统公认的唯一标识，这里使用商业登记证号
+						if (tokenUser.getBusinessCode().equals(enterprise.getEnBussinessCode())) {
+							user.setEnterprise(enterprise);
+							break;
+						}
+					}
 				}
 			}
 		}
-		if (user != null) {
-		    // 判断是否个人用户，如果个人用户跳转至提示页面
-            if (checkIsPersonal(user)) {
-				try {
-					response.sendRedirect("/error_personal");
-				} catch (IOException e) {
-					e.printStackTrace();
-				}
-				return false;
-			}
-            // 登录之前判断在当前企业的角色信息
-            if (null != user.getEnterprise() && user.getEnterprise().getEnAdminuu().equals(user.getUserUU())) {
-                Enterprise enterprise = user.getEnterprise();
-                user = checkRoleAndReturnUserInfo(user, enterprise);
-                user.setCurrentEnterprise(enterprise.getUu());
-            }
-			SystemSession.setUser(user);
-            setResponseAuthorized(response, user, true);
-			try {
-				accessDecision(request, user);
-			} catch (IOException e) {
-				e.printStackTrace();
-			}
+		return user;
+	}
+
+	/**
+	 * 跳转至个人用户提示页面
+	 * @param response
+	 */
+	private boolean sendRedirectPersonal(HttpServletResponse response) {
+		try {
+			response.sendRedirect("/error_personal");
+		} catch (IOException e) {
+			e.printStackTrace();
 		}
-		return true;
+		return false;
 	}
 
 	/**
-	 * 处理在商城注册企业并切换到新企业未同步到商城问题
-	 * @param user
-	 * @param tokenUser
-	 * @return
+	 * 校验角色信息，返回用户信息
+	 *
+	 * @param user 用户
+	 * @return User
 	 */
-	private User getUserByToken(User user, UserAccount tokenUser) {
-		Set<Enterprise> enterprises = user.getEnterprises();
-		if (!CollectionUtils.isEmpty(enterprises)) {
-			List<Enterprise> correctEnterprises = enterprises.stream().filter(enter -> enter.getUu().equals(tokenUser.getSpaceUU())).collect(Collectors.toList());
-			if (CollectionUtils.isEmpty(correctEnterprises)) {
-				cacheManager.getCacheManager().clearAllStartingWith("com.uas.platform.b2b.model.User");
-				User current = userDao.findOne(tokenUser.getUserUU());
-				if (!StringUtils.isEmpty(current)) {
-					user = current;
-					logger.info("从数据库查找的企业:" + tokenUser.getSpaceUU());
-				} else {
-					logger.info("未查询到用户信息" + tokenUser.getUserUU());
+	private void checkRoleAndReturnUserInfo(User user) {
+		// 设置为本企业管理员
+		List<Role> adminList = roleDao.findByEnUUAndDesc(user.getEnterprise().getUu(), "管理员");
+		Set<Role> existRoles = user.getRoles();
+		if (!org.springframework.util.CollectionUtils.isEmpty(adminList)) {
+			final boolean[] exist = {false};
+			existRoles.forEach(role -> {
+				if (Objects.equals(role.getId(), adminList.get(0).getId())) {
+					exist[0] = true;
+				}
+			});
+			if (!exist[0]) {
+				user.getRoles().add(adminList.get(0));
+				try {
+					userDao.save(user);
+				} catch (Exception e) {
+					// 这里存储异常情况通常是角色存在，因为上面已经添加角色信息，这里直接返回user，不做处理
+					logger.info("存储异常" + e.getMessage());
 				}
 			}
 		}
-		return user;
 	}
 
-    /**
-     * 检验是否个人用户
-     *
-     * @param user 用户信息
-     */
-    private boolean checkIsPersonal(User user) {
-	    boolean personalAccount = null == user.getEnterprise() || (null != user.getEnterprise() && null == user.getEnterprise().getUu());
-	    return personalAccount;
-    }
-
-    /**
-	 * 权限验证
+	/**
+	 * 验证权限
+	 * @param request
+	 * @param user
 	 */
-	private void accessDecision(HttpServletRequest request, User user) throws IOException {
+	private void accessDecision(HttpServletRequest request, User user) {
 		Collection<ConfigAttribute> configAttributes = getAttributes(request);
 		if (null == configAttributes || configAttributes.size() == 0 || user.isSys() || user.getUserUU() < 0) {
 			return;
@@ -485,77 +476,13 @@ public class SSOInterceptor extends B2bAbstractSSOInterceptor {
 	}
 
 	private void setGrantedAuthorities(User user) {
-		Set<GrantedAuthority> authSet = new HashSet<GrantedAuthority>();
-		user.setCurrentEnterpriseRoles();
-		Set<Role> roles = user.getRoles();
-		if (!CollectionUtils.isEmpty(roles)) {
-			for (Role role : roles) {
-				// 超级账号
-				if (role.isSys()) {
-					user.setIssys(Constant.YES);
-					break;
-				}
-				Set<ResourceItem> resourceItems = role.getResourceItems();
-				if (!CollectionUtils.isEmpty(resourceItems)) {
-					for (ResourceItem res : resourceItems) {
-						authSet.add(new SimpleGrantedAuthority(res.getName()));
-					}
-				}
-			}
-		}
+		Set<GrantedAuthority> authSet = user.getAuthSet();
 		if (authorities == null) {
 			authorities = new HashMap<>(1);
 		}
 		authorities.put(user.getUserUU(), authSet);
 	}
 
-	private final static String tokenParam = "access_token";
-	private final static String typeParam = "client_type";
-
-	/**
-	 * access_token验证登录
-	 *
-	 * @param request
-	 */
-	private User getUserByAccessToken(HttpServletRequest request) {
-		String token = request.getParameter(tokenParam);
-        // 发现有采用access_token方式
-		if (token != null) {
-		    // 清除上一次访问的数据
-            SystemSession.clear();
-			Object sUser = request.getSession().getAttribute("user");
-			User user = null;
-			if (sUser != null) {
-				// session里面原先存在user信息，接下来要判断此user是否与token绑定的user信息一致
-				// 一致则跳过，无需再次验证；不一致则替换
-				user = (User) sUser;
-			}
-			String type = request.getParameter(typeParam);
-			String MANAGE_TYPE = "manage";
-			if (MANAGE_TYPE.equals(type)) {
-				if (user != null && UserCreater.isVirtual(user)) {
-					return user;
-				}
-				Map<String, Object> data = accessTokenService.validFormManage(token);
-				// user key
-				String USER_KEY = "user";
-				// bind key
-				String BIND_KEY = "bind";
-				if (data.containsKey(USER_KEY) && data.containsKey(BIND_KEY)) {
-					long enUU = Long.parseLong(data.get("bind").toString());
-					Enterprise enterprise = enterpriseService.findById(enUU);
-					if (enterprise != null) {
-						List<Role> roles = roleService.findByEnterprise(enUU);
-						// 虚拟用户
-						user = UserCreater.createVirtual(String.valueOf(data.get("user")), enterprise, roles);
-						return user;
-					}
-				}
-			}
-		}
-		return null;
-	}
-
     /**
      * 记录登录日志
      *
@@ -564,6 +491,7 @@ public class SSOInterceptor extends B2bAbstractSSOInterceptor {
      */
 	private void log(HttpServletRequest request, User user) {
 		SitePreference preference = getDefaultSitePreferenceForDevice(this.deviceResolver.resolveDevice(request));
+		user.setIp(AgentUtils.getIp(request));
 		signinLogService.save(new SigninLog(user, preference, true));
 	}
 
@@ -586,60 +514,4 @@ public class SSOInterceptor extends B2bAbstractSSOInterceptor {
 		return SitePreference.NORMAL;
 	}
 
-	/**
-	 * 自动登录
-	 * 
-	 * <pre>
-	 * 旧方式
-	 * </pre>
-	 */
-	@Deprecated
-	private User autoLogin(HttpServletRequest request) {
-		String enUU = request.getParameter("b_enuu");
-		String username = request.getParameter("b_username");
-		String password = request.getParameter("b_password");
-		User user = null;
-		if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
-            // 邮箱登录
-            String MAIL_SIGN = "@";
-			if (username.contains(MAIL_SIGN)) {
-				user = userService.findUserByUserEmail(username);
-			} else if (username.matches(TEL_REGEXP)) {
-                // 手机号登录
-				user = userService.findUserByUserTel(username);
-			} else if (username.matches(UU_REGEXP)) {
-				user = userService.findUserByUserUU(Long.parseLong(username));
-			}
-			if (user != null && user.getUserPwd().equals(Md5Utils.encode(password, user.getUserUU()))) {
-				checkEnterprise(user, enUU);
-				user.setIp(AgentUtils.getIp(request));
-				request.getSession().setAttribute("user", user);
-				setGrantedAuthorities(user);
-			} else {
-				throw new UsernameNotFoundException(username + " 账号或密码错误");
-			}
-		}
-		return user;
-	}
-
-    /**
-     * 绑定企业
-     *
-     * @param user 用户信息
-     * @param enUU 企业UU
-     */
-	private void checkEnterprise(User user, String enUU) {
-		boolean chosen  = false;
-		for (Enterprise enterprise : user.getEnterprises()) {
-			if (enterprise.getUu().toString().equals(enUU)) {
-				user.setEnterprise(enterprise);
-                chosen  = true;
-				break;
-			}
-		}
-		if (!chosen) {
-			throw new UsernameNotFoundException("企业与用户不匹配");
-		}
-	}
-
 }

src/main/java/com/uas/platform/b2b/filter/SecurityInterceptor.java

@@ -349,22 +349,7 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 	}
 
 	private Set<GrantedAuthority> getGrantedAuthorities(User user) {
-		Set<GrantedAuthority> authSet = new HashSet<GrantedAuthority>();
-		Set<Role> roles = user.getRoles();
-		if (!CollectionUtils.isEmpty(roles)) {
-			for (Role role : roles) {
-				if (role.isSys()) {// 超级账号
-					user.setIssys(Constant.YES);
-					break;
-				}
-				Set<ResourceItem> resourceItems = role.getResourceItems();
-				if (!CollectionUtils.isEmpty(resourceItems)) {
-					for (ResourceItem res : resourceItems) {
-						authSet.add(new SimpleGrantedAuthority(res.getName()));
-					}
-				}
-			}
-		}
+		Set<GrantedAuthority> authSet = user.getAuthSet();
 		return authSet;
 	}
 

src/main/java/com/uas/platform/b2b/model/User.java

@@ -12,6 +12,8 @@ import org.hibernate.annotations.CacheConcurrencyStrategy;
 import org.hibernate.annotations.NotFound;
 import org.hibernate.annotations.NotFoundAction;
 import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
@@ -502,4 +504,32 @@ public class User implements Serializable {
             this.roles = null;
         }
     }
+
+	/**
+	 * 获取个人权限集合
+	 * @return
+	 */
+	@JsonIgnore
+    @JSONField(serialize = false)
+    public Set<GrantedAuthority> getAuthSet() {
+		Set<GrantedAuthority> authSet = new HashSet<GrantedAuthority>();
+		setCurrentEnterpriseRoles();
+		Set<Role> roles = getRoles();
+		if (CollectionUtils.isEmpty(roles)) {
+			for (Role role : roles) {
+				// 管理员角色
+				if (role.isSys()) {
+					setIssys(Constant.YES);
+					break;
+				}
+				Set<ResourceItem> resourceItems = role.getResourceItems();
+				if (!org.apache.commons.collections.CollectionUtils.isEmpty(resourceItems)) {
+					for (ResourceItem res : resourceItems) {
+						authSet.add(new SimpleGrantedAuthority(res.getName()));
+					}
+				}
+			}
+		}
+		return authSet;
+	}
 }

src/main/java/com/uas/platform/b2b/openapi/controller/AuthedWebPageController.java

@@ -92,22 +92,7 @@ public class AuthedWebPageController {
 	}
 
 	private Set<GrantedAuthority> getGrantedAuthorities(User user) {
-		Set<GrantedAuthority> authSet = new HashSet<GrantedAuthority>();
-		Set<Role> roles = user.getRoles();
-		if (!CollectionUtils.isEmpty(roles)) {
-			for (Role role : roles) {
-				if (role.isSys()) {// 超级账号
-					user.setIssys(Constant.YES);
-					break;
-				}
-				Set<ResourceItem> resourceItems = role.getResourceItems();
-				if (!CollectionUtils.isEmpty(resourceItems)) {
-					for (ResourceItem res : resourceItems) {
-						authSet.add(new SimpleGrantedAuthority(res.getName()));
-					}
-				}
-			}
-		}
+		Set<GrantedAuthority> authSet = user.getAuthSet();
 		return authSet;
 	}
 

src/main/java/com/uas/platform/b2b/support/CustomAccessDecisionManager.java

@@ -1,70 +0,0 @@
-package com.uas.platform.b2b.support;
-
-import java.util.Collection;
-import java.util.Iterator;
-
-//import org.apache.log4j.Logger;
-import org.springframework.security.access.AccessDecisionManager;
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.authentication.InsufficientAuthenticationException;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-
-/**
- * 访问决策器，决定某个用户具有的角色，是否有足够的权限去访问某个资源 ;做最终的访问控制决定
- * 
- * @author yingp
- * @version 1.0
- * 
- */
-public class CustomAccessDecisionManager implements AccessDecisionManager {
-
-	/**
-	 * @param authentication
-	 * @param object
-	 * @param configAttributes
-	 * @throws AccessDeniedException
-	 * @throws InsufficientAuthenticationException
-	 */
-	@Override
-    public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes)
-			throws AccessDeniedException, InsufficientAuthenticationException {
-		if (null == configAttributes || configAttributes.size() == 0) {
-			return;
-		}
-		Iterator<ConfigAttribute> iterator = configAttributes.iterator();
-		String needPermission = null;
-		while (iterator.hasNext()) {
-			ConfigAttribute configAttribute = iterator.next();
-			needPermission = configAttribute.getAttribute();
-			for (GrantedAuthority ga : authentication.getAuthorities()) {
-				if (needPermission.equals(ga.getAuthority())) {
-					return;
-				}
-			}
-		}
-		if (needPermission != null) {
-            throw new AccessDeniedException("无法访问，没有 " + needPermission + " 权限！");
-        }
-	}
-
-	/**
-	 * @param attribute
-	 * @return
-	 */
-	@Override
-    public boolean supports(ConfigAttribute attribute) {
-		return true;
-	}
-
-	/**
-	 * @param clazz
-	 * @return
-	 */
-	@Override
-    public boolean supports(Class<?> clazz) {
-		return true;
-	}
-
-}

src/main/java/com/uas/platform/b2b/support/CustomAccessDeniedHandler.java

@@ -1,32 +0,0 @@
-package com.uas.platform.b2b.support;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.security.access.AccessDeniedException;
-import org.springframework.security.web.access.AccessDeniedHandler;
-
-/**
- * 权限验证未通过，禁止访问时的处理
- * 
- * @author yingp
- *
- */
-public class CustomAccessDeniedHandler implements AccessDeniedHandler {
-
-	@Override
-	public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException exception) throws IOException,
-			ServletException {
-		response.setHeader("Content-Type", "application/text;charset=UTF-8");
-		response.setStatus(HttpServletResponse.SC_FORBIDDEN);
-		PrintWriter printWriter = response.getWriter();
-		printWriter.append(exception.getMessage());
-		printWriter.flush();
-		printWriter.close();
-	}
-
-}

src/main/java/com/uas/platform/b2b/support/CustomAuthenticationFailureHandler.java

@@ -1,33 +0,0 @@
-package com.uas.platform.b2b.support;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
-
-/**
- * @date 2016年8月31日上午10:55:13
- *       <p>
- *       切换到单点登录
- *       </p>
- * @author yingp
- *
- */
-@Deprecated
-public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
-	@Override
-	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
-			throws IOException, ServletException {
-		response.setHeader("Content-Type", "application/text;charset=UTF-8");
-		response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-		PrintWriter printWriter = response.getWriter();
-		printWriter.append(exception.getMessage());
-		printWriter.flush();
-		printWriter.close();
-	}
-}

src/main/java/com/uas/platform/b2b/support/CustomAuthenticationSuccessHandler.java

@@ -1,189 +0,0 @@
-package com.uas.platform.b2b.support;
-
-import com.uas.platform.b2b.model.Enterprise;
-import com.uas.platform.b2b.model.Role;
-import com.uas.platform.b2b.model.SigninLog;
-import com.uas.platform.b2b.model.User;
-import com.uas.platform.b2b.service.SigninLogService;
-import com.uas.platform.b2b.service.UserService;
-import com.uas.platform.core.model.Constant;
-import com.uas.platform.core.util.AgentUtils;
-import com.uas.platform.core.util.serializer.FlexJsonUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpStatus;
-import org.springframework.mobile.device.Device;
-import org.springframework.mobile.device.DeviceResolver;
-import org.springframework.mobile.device.LiteDeviceResolver;
-import org.springframework.mobile.device.site.SitePreference;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
-import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
-import org.springframework.security.web.savedrequest.RequestCache;
-import org.springframework.security.web.savedrequest.SavedRequest;
-import org.springframework.util.CollectionUtils;
-import org.springframework.util.StringUtils;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.*;
-
-/**
- * @date 2016年8月31日上午10:55:13
- *       <p>
- *       切换到单点登录
- *       </p>
- * @author yingp
- *
- */
-@Deprecated
-public class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
-
-	@Autowired
-	private UserService userService;
-
-	@Autowired
-	private SigninLogService signinLogService;
-
-	private final static String paramEN = "t_enuu";
-
-	private RequestCache requestCache = new HttpSessionRequestCache();
-
-	private final DeviceResolver deviceResolver;
-
-	public CustomAuthenticationSuccessHandler() {
-		this(new LiteDeviceResolver());
-	}
-
-	public CustomAuthenticationSuccessHandler(DeviceResolver deviceResolver) {
-		this.deviceResolver = deviceResolver;
-	}
-
-	@Override
-	public void onAuthenticationSuccess(final HttpServletRequest request, final HttpServletResponse response,
-			final Authentication authentication) throws ServletException, IOException {
-		User user = userService.findUserByUserUU(Long.parseLong(authentication.getName()));
-		if (CollectionUtils.isEmpty(user.getEnterprises())) {
-			response.setStatus(HttpStatus.BAD_REQUEST.value());
-			response.addHeader("Content-Type", "application/text; charset=utf-8");
-			PrintWriter printWriter = response.getWriter();
-			printWriter.append("您的账号未绑定企业或已被删除！");
-			printWriter.flush();
-			printWriter.close();
-			return;
-		}
-		// Device device = this.deviceResolver.resolveDevice(request);
-		if (user.getEnterprises().size() > 1) {// need to choose enterprise
-			if (!chooseEnterprise(request, response, user)) {
-				response.setStatus(HttpStatus.MULTI_STATUS.value());
-				response.addHeader("Content-Type", "application/json; charset=utf-8");
-				PrintWriter printWriter = response.getWriter();
-				printWriter.append(FlexJsonUtils.toJsonArray(getEnterprises(user)));
-				printWriter.flush();
-				printWriter.close();
-				return;
-			}
-		} else {
-			user.setCurrentEnterprise();
-		}
-
-		logSession(request, user);
-
-		final SavedRequest savedRequest = requestCache.getRequest(request, response);
-
-		if (savedRequest == null) {
-			clearAuthenticationAttributes(request);
-			return;
-		}
-		final String targetUrlParameter = getTargetUrlParameter();
-		if (isAlwaysUseDefaultTargetUrl() || (targetUrlParameter != null && StringUtils.hasText(request.getParameter(targetUrlParameter)))) {
-			requestCache.removeRequest(request, response);
-			clearAuthenticationAttributes(request);
-			return;
-		}
-
-		clearAuthenticationAttributes(request);
-		PrintWriter printWriter = response.getWriter();
-		printWriter.append(savedRequest.getRedirectUrl());
-		printWriter.flush();
-		printWriter.close();
-	}
-
-	public void setRequestCache(final RequestCache requestCache) {
-		this.requestCache = requestCache;
-	}
-
-	/**
-	 * 登录认证成功后，user写到session
-	 * 
-	 * @param request
-	 * @param authentication
-	 */
-	private void logSession(HttpServletRequest request, User user) {
-		Set<Role> roles = user.getRoles();
-		if (!CollectionUtils.isEmpty(roles)) {
-			for (Role role : roles) {
-				if (role.isSys()) {// 超级账号
-					user.setIssys(Constant.YES);
-					break;
-				}
-			}
-		}
-		user.setIp(AgentUtils.getIp(request));
-		request.getSession().setAttribute("user", user);
-		// 记录登录日志
-		SitePreference preference = getDefaultSitePreferenceForDevice(this.deviceResolver.resolveDevice(request));
-		signinLogService.save(new SigninLog(user, preference, false));
-
-	}
-
-	private SitePreference getDefaultSitePreferenceForDevice(Device device) {
-		if (device == null) {
-			return null;
-		}
-		if (device.isMobile()) {
-			return SitePreference.MOBILE;
-		}
-		if (device.isTablet()) {
-			return SitePreference.TABLET;
-		}
-		return SitePreference.NORMAL;
-	}
-
-	private boolean chooseEnterprise(final HttpServletRequest request, final HttpServletResponse response, User user) throws IOException {
-		String enUU = request.getParameter(paramEN);
-		boolean choosed = false;
-		if (enUU != null) {
-			for (Enterprise enterprise : user.getEnterprises()) {
-				if (enterprise.getUu().toString().equals(enUU)) {
-					user.setEnterprise(enterprise);
-					choosed = true;
-					break;
-				}
-			}
-		}
-		return choosed;
-	}
-
-	private List<Map<String, Object>> getEnterprises(User user) {
-		List<Map<String, Object>> list = new ArrayList<Map<String, Object>>();
-		SigninLog log = signinLogService.findLast(user.getUserUU());
-		Long lastEn = null;
-		if (log != null) {
-            lastEn = log.getEnUU();// 可以优先选中最近一次登录的企业
-        }
-		for (Enterprise enterprise : user.getEnterprises()) {
-			Map<String, Object> map = new HashMap<String, Object>();
-			map.put("enName", enterprise.getEnName());
-			map.put("uu", enterprise.getUu());
-			if (lastEn != null && enterprise.getUu().equals(lastEn)) {
-                map.put("isLast", true);
-            }
-			list.add(map);
-		}
-		return list;
-	}
-
-}

src/main/java/com/uas/platform/b2b/support/CustomLogoutSuccessHandler.java

@@ -1,31 +0,0 @@
-package com.uas.platform.b2b.support;
-
-import java.io.IOException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
-import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
-
-/**
- * 
- * @since 2016年8月31日上午10:55:13
- *        <p>
- *        切换到单点登录
- *        </p>
- * @author yingp
- *
- */
-@Deprecated
-public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler implements LogoutSuccessHandler {
-	@Override
-	public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
-			throws IOException, ServletException {
-		SystemSession.clear();
-		response.setHeader("Content-Type", "application/json;charset=UTF-8");
-		response.setStatus(HttpServletResponse.SC_OK);
-	}
-}

src/main/java/com/uas/platform/b2b/support/CustomSecurityMetadataSource.java

@@ -1,114 +0,0 @@
-package com.uas.platform.b2b.support;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.List;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.access.ConfigAttribute;
-import org.springframework.security.access.SecurityConfig;
-import org.springframework.security.web.FilterInvocation;
-import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
-import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
-
-import com.uas.platform.b2b.dao.ResourceItemDao;
-import com.uas.platform.b2b.model.ResourceItem;
-
-/**
- * 资源数据定义，将所有的资源和权限对应关系建立起来，即定义某一资源可以被哪些角色访问
- * 
- * @author yingp
- * @version 1.0
- */
-public class CustomSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
-
-	@Autowired
-	private ResourceItemDao resourceItemDao;
-
-	/**
-	 * LOGGER 日志对象
-	 */
-	private final static Logger LOGGER = LoggerFactory.getLogger(CustomSecurityMetadataSource.class);
-
-	private HashMap<String, Collection<ConfigAttribute>> resourceMap;
-
-	/**
-	 * 加载资源，初始化资源变量
-	 * 
-	 */
-	private void loadResourceDefine() {
-		if (resourceMap == null) {
-			resourceMap = new HashMap<String, Collection<ConfigAttribute>>();
-			List<ResourceItem> resources = resourceItemDao.findAll();
-			for (ResourceItem resource : resources) {
-				Collection<ConfigAttribute> configAttributes = new ArrayList<ConfigAttribute>();
-				ConfigAttribute configAttribute = new SecurityConfig(resource.getName());
-				configAttributes.add(configAttribute);
-				resourceMap.put(resource.getMethod() + ":" + resource.getUrl(), configAttributes);
-			}
-		}
-	}
-
-	public CustomSecurityMetadataSource() {
-
-	}
-
-	/**
-	 * 根据路径获取访问权限的集合接口
-	 * 
-	 * @param object
-	 * @return
-	 * @throws IllegalArgumentException
-	 */
-	@Override
-    public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
-
-		if (resourceMap == null) {
-            loadResourceDefine();
-        }
-		HttpServletRequest request = ((FilterInvocation) object).getRequest();
-		for (Iterator<String> iter = resourceMap.keySet().iterator(); iter.hasNext();) {
-			String resourceKey = iter.next();
-			String[] resourceParam = resourceKey.split(":");
-			String resourceMethod = resourceParam[0];
-			String resourceUrl = resourceParam[1];
-			AntPathRequestMatcher matcher = new AntPathRequestMatcher(resourceUrl);
-			if (null != resourceUrl && request.getMethod().equals(resourceMethod) && matcher.matches(request)) {
-				return resourceMap.get(resourceKey);
-			}
-		}
-		return null;
-	}
-
-	public String getRequestPath(HttpServletRequest request) {
-		String url = request.getServletPath();
-		if (request.getPathInfo() != null) {
-            url = url + request.getPathInfo();
-        }
-		return url;
-	}
-
-	/**
-	 * @return
-	 */
-	@Override
-    public Collection<ConfigAttribute> getAllConfigAttributes() {
-		return null;
-	}
-
-	/**
-	 * @param clazz
-	 * @return
-	 */
-	@Override
-    public boolean supports(Class<?> clazz) {
-		return true;
-	}
-
-}

src/main/java/com/uas/platform/b2b/support/CustomUserDetailsService.java

@@ -1,94 +0,0 @@
-package com.uas.platform.b2b.support;
-
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.dao.DataAccessException;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.util.CollectionUtils;
-
-import com.uas.platform.b2b.model.ResourceItem;
-import com.uas.platform.b2b.model.Role;
-import com.uas.platform.b2b.service.UserService;
-import com.uas.platform.core.model.Constant;
-
-/**
- * 获得用户验证信息
- * 
- * @author yingp
- * 
- * @since 2016年8月31日上午10:55:13
- *        <p>
- *        切换到单点登录
- *        </p>
- */
-@Deprecated
-public class CustomUserDetailsService implements UserDetailsService {
-
-	private ThreadLocal<User> currentUser = new ThreadLocal<User>();
-
-	@Autowired
-	private UserService userService;
-
-	static final String TEL_REGEXP = "^((\\(\\d{3}\\))|(\\d{3}\\-))?(13|15|17|18)\\d{9}$";
-
-	static final String UU_REGEXP = "^\\d{4,}$";
-
-	private static String EMAIL_SIGN = "@";
-
-	/**
-	 * @param username
-	 * @return
-	 * @throws UsernameNotFoundException
-	 * @throws DataAccessException
-	 */
-	@Override
-    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
-		try {
-			com.uas.platform.b2b.model.User userinfo = null;
-			// 邮箱登录
-			if (username.contains(EMAIL_SIGN)) {
-				userinfo = userService.findUserByUserEmail(username);
-			// 手机号登录
-			} else if (username.matches(TEL_REGEXP)) {
-				userinfo = userService.findUserByUserTel(username);
-			} else if (username.matches(UU_REGEXP)) {
-				userinfo = userService.findUserByUserUU(Long.parseLong(username));
-			}
-			Collection<GrantedAuthority> array = getGrantedAuthorities(userinfo);
-			User user = new User(String.valueOf(userinfo.getUserUU()), userinfo.getUserPwd(), true, true, true, true, array);
-			currentUser.set(user);
-			return user;
-		} catch (Exception e) {
-			throw new UsernameNotFoundException(username + " 不存在的账号!");
-		}
-	}
-
-	private Set<GrantedAuthority> getGrantedAuthorities(com.uas.platform.b2b.model.User user) {
-		Set<GrantedAuthority> authSet = new HashSet<GrantedAuthority>();
-		Set<Role> roles = user.getRoles();
-		if (!CollectionUtils.isEmpty(roles)) {
-			for (Role role : roles) {
-				// 超级账号
-				if (role.isSys()) {
-					user.setIssys(Constant.YES);
-					break;
-				}
-				Set<ResourceItem> resourceItems = role.getResourceItems();
-				if (!CollectionUtils.isEmpty(resourceItems)) {
-					for (ResourceItem res : resourceItems) {
-						authSet.add(new SimpleGrantedAuthority(res.getName()));
-					}
-				}
-			}
-		}
-		return authSet;
-	}
-}