若依 1.0

2025-09-08 21:37:42 +00:00 · 2020-05-24 20:40:55 +08:00
parent e954b812c4
commit 3da7aea540
519 changed files with 46600 additions and 3 deletions
--- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/annotation/EnableCustomConfig.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/annotation/EnableCustomConfig.java
@@ -0,0 +1,26 @@
+package com.ruoyi.common.security.annotation;
+
+import java.lang.annotation.Documented;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Inherited;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import org.mybatis.spring.annotation.MapperScan;
+import org.springframework.context.annotation.EnableAspectJAutoProxy;
+import org.springframework.scheduling.annotation.EnableAsync;
+
+@Target(ElementType.TYPE)
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+@Inherited
+// 表示通过aop框架暴露该代理对象,AopContext能够访问
+@EnableAspectJAutoProxy(exposeProxy = true)
+// 指定要扫描的Mapper类的包的路径
+@MapperScan("com.ruoyi.**.mapper")
+// 开启线程异步执行
+@EnableAsync
+public @interface EnableCustomConfig
+{
+
+}
--- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/annotation/EnableRyFeignClients.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/annotation/EnableRyFeignClients.java
@@ -0,0 +1,27 @@
+package com.ruoyi.common.security.annotation;
+
+import org.springframework.cloud.openfeign.EnableFeignClients;
+import java.lang.annotation.*;
+
+/**
+ * 自定义feign注解
+ * 添加basePackages路径
+ * 
+ * @author ruoyi
+ */
+@Target(ElementType.TYPE)
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+@EnableFeignClients
+public @interface EnableRyFeignClients
+{
+    String[] value() default {};
+
+    String[] basePackages() default { "com.ruoyi" };
+
+    Class<?>[] basePackageClasses() default {};
+
+    Class<?>[] defaultConfiguration() default {};
+
+    Class<?>[] clients() default {};
+}
--- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/config/AuthIgnoreConfig.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/config/AuthIgnoreConfig.java
@@ -0,0 +1,28 @@
+package com.ruoyi.common.security.config;
+
+import java.util.ArrayList;
+import java.util.List;
+import org.springframework.beans.factory.annotation.Configurable;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+
+/**
+ * 忽略服务间的认证
+ * 
+ * @author ruoyi
+ **/
+@Configurable
+@ConfigurationProperties(prefix = "security.oauth2.ignore")
+public class AuthIgnoreConfig
+{
+    private List<String> urls = new ArrayList<>();
+
+    public List<String> getUrls()
+    {
+        return urls;
+    }
+
+    public void setUrls(List<String> urls)
+    {
+        this.urls = urls;
+    }
+}
--- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/config/CommonUserConverter.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/config/CommonUserConverter.java
@@ -0,0 +1,75 @@
+package com.ruoyi.common.security.config;
+
+import java.util.Collection;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.oauth2.provider.token.UserAuthenticationConverter;
+import org.springframework.util.StringUtils;
+import com.ruoyi.common.core.constant.SecurityConstants;
+import com.ruoyi.common.core.text.Convert;
+import com.ruoyi.common.security.domain.LoginUser;
+
+/**
+ * https://my.oschina.net/giegie/blog/3023768 根据checktoken 的结果转化用户信息
+ * 
+ * @author lengleng
+ */
+public class CommonUserConverter implements UserAuthenticationConverter
+{
+    private static final String N_A = "N/A";
+
+    /**
+     * 将授权信息返回到资源服务
+     */
+    @Override
+    public Map<String, ?> convertUserAuthentication(Authentication userAuthentication)
+    {
+        Map<String, Object> authMap = new LinkedHashMap<>();
+        authMap.put(USERNAME, userAuthentication.getName());
+        if (userAuthentication.getAuthorities() != null && !userAuthentication.getAuthorities().isEmpty())
+        {
+            authMap.put(AUTHORITIES, AuthorityUtils.authorityListToSet(userAuthentication.getAuthorities()));
+        }
+        return authMap;
+    }
+
+    /**
+     * 获取用户认证信息
+     */
+    @Override
+    public Authentication extractAuthentication(Map<String, ?> map)
+    {
+        if (map.containsKey(USERNAME))
+        {
+            Collection<? extends GrantedAuthority> authorities = getAuthorities(map);
+
+            Long userId = Convert.toLong(map.get(SecurityConstants.DETAILS_USER_ID));
+            String username = (String) map.get(SecurityConstants.DETAILS_USERNAME);
+            LoginUser user = new LoginUser(userId, username, N_A, true, true, true, true, authorities);
+            return new UsernamePasswordAuthenticationToken(user, N_A, authorities);
+        }
+        return null;
+    }
+
+    /**
+     * 获取权限资源信息
+     */
+    private Collection<? extends GrantedAuthority> getAuthorities(Map<String, ?> map)
+    {
+        Object authorities = map.get(AUTHORITIES);
+        if (authorities instanceof String)
+        {
+            return AuthorityUtils.commaSeparatedStringToAuthorityList((String) authorities);
+        }
+        if (authorities instanceof Collection)
+        {
+            return AuthorityUtils.commaSeparatedStringToAuthorityList(
+                    StringUtils.collectionToCommaDelimitedString((Collection<?>) authorities));
+        }
+        throw new IllegalArgumentException("Authorities must be either a String or a Collection");
+    }
+}
--- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/config/ResourceServerConfig.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/config/ResourceServerConfig.java
@@ -0,0 +1,82 @@
+package com.ruoyi.common.security.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.security.oauth2.OAuth2ClientProperties;
+import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
+import org.springframework.cloud.client.loadbalancer.LoadBalanced;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
+import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
+import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
+import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
+import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
+import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
+import org.springframework.security.oauth2.provider.token.UserAuthenticationConverter;
+import org.springframework.web.client.DefaultResponseErrorHandler;
+import org.springframework.web.client.RestTemplate;
+
+/**
+ * oauth2 服务配置
+ * 
+ * @author ruoyi
+ */
+@Configuration
+@EnableResourceServer
+public class ResourceServerConfig extends ResourceServerConfigurerAdapter
+{
+    @Autowired
+    private ResourceServerProperties resourceServerProperties;
+
+    @Autowired
+    private OAuth2ClientProperties oAuth2ClientProperties;
+
+    @Bean
+    public AuthIgnoreConfig authIgnoreConfig()
+    {
+        return new AuthIgnoreConfig();
+    }
+
+    @Bean
+    @LoadBalanced
+    public RestTemplate restTemplate()
+    {
+        RestTemplate restTemplate = new RestTemplate();
+        restTemplate.setErrorHandler(new DefaultResponseErrorHandler());
+        return restTemplate;
+    }
+
+    @Bean
+    public ResourceServerTokenServices tokenServices()
+    {
+        RemoteTokenServices remoteTokenServices = new RemoteTokenServices();
+        DefaultAccessTokenConverter accessTokenConverter = new DefaultAccessTokenConverter();
+        UserAuthenticationConverter userTokenConverter = new CommonUserConverter();
+        accessTokenConverter.setUserTokenConverter(userTokenConverter);
+        remoteTokenServices.setCheckTokenEndpointUrl(resourceServerProperties.getTokenInfoUri());
+        remoteTokenServices.setClientId(oAuth2ClientProperties.getClientId());
+        remoteTokenServices.setClientSecret(oAuth2ClientProperties.getClientSecret());
+        remoteTokenServices.setRestTemplate(restTemplate());
+        remoteTokenServices.setAccessTokenConverter(accessTokenConverter);
+        return remoteTokenServices;
+    }
+
+    @Override
+    public void configure(HttpSecurity http) throws Exception
+    {
+        http.csrf().disable();
+        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = http
+                .authorizeRequests();
+        // 不登录可以访问
+        authIgnoreConfig().getUrls().forEach(url -> registry.antMatchers(url).permitAll());
+        registry.anyRequest().authenticated();
+    }
+
+    @Override
+    public void configure(ResourceServerSecurityConfigurer resources)
+    {
+        resources.tokenServices(tokenServices());
+    }
+}
--- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/domain/LoginUser.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/domain/LoginUser.java
@@ -0,0 +1,37 @@
+package com.ruoyi.common.security.domain;
+
+import java.util.Collection;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.User;
+
+/**
+ * 登录用户身份权限
+ * 
+ * @author ruoyi
+ */
+public class LoginUser extends User
+{
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * 用户ID
+     */
+    private Long userId;
+
+    public LoginUser(Long userId, String username, String password, boolean enabled, boolean accountNonExpired,
+            boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities)
+    {
+        super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
+        this.userId = userId;
+    }
+
+    public Long getUserId()
+    {
+        return userId;
+    }
+
+    public void setUserId(Long userId)
+    {
+        this.userId = userId;
+    }
+}
--- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/feign/OAuth2FeignConfig.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/feign/OAuth2FeignConfig.java
@@ -0,0 +1,20 @@
+package com.ruoyi.common.security.feign;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import feign.RequestInterceptor;
+
+/**
+ * Feign配置注册
+ *
+ * @author ruoyi
+ **/
+@Configuration
+public class OAuth2FeignConfig
+{
+    @Bean
+    public RequestInterceptor requestInterceptor()
+    {
+        return new OAuth2FeignRequestInterceptor();
+    }
+}
--- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/feign/OAuth2FeignRequestInterceptor.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/feign/OAuth2FeignRequestInterceptor.java
@@ -0,0 +1,35 @@
+package com.ruoyi.common.security.feign;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
+import org.springframework.stereotype.Component;
+import feign.RequestInterceptor;
+import feign.RequestTemplate;
+
+/**
+ * feign 请求拦截器
+ * 
+ * @author ruoyi
+ */
+@Component
+public class OAuth2FeignRequestInterceptor implements RequestInterceptor
+{
+    private final String AUTHORIZATION_HEADER = "Authorization";
+
+    private final String BEARER_TOKEN_TYPE = "Bearer";
+
+    @Override
+    public void apply(RequestTemplate requestTemplate)
+    {
+        SecurityContext securityContext = SecurityContextHolder.getContext();
+        Authentication authentication = securityContext.getAuthentication();
+        if (authentication != null && authentication.getDetails() instanceof OAuth2AuthenticationDetails)
+        {
+            OAuth2AuthenticationDetails dateils = (OAuth2AuthenticationDetails) authentication.getDetails();
+            requestTemplate.header(AUTHORIZATION_HEADER,
+                    String.format("%s %s", BEARER_TOKEN_TYPE, dateils.getTokenValue()));
+        }
+    }
+}
--- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/handler/CustomAccessDeniedHandler.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/handler/CustomAccessDeniedHandler.java
@@ -0,0 +1,33 @@
+package com.ruoyi.common.security.handler;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
+import org.springframework.stereotype.Component;
+import com.alibaba.fastjson.JSON;
+import com.ruoyi.common.core.constant.HttpStatus;
+import com.ruoyi.common.core.domain.R;
+import com.ruoyi.common.core.utils.ServletUtils;
+
+/**
+ * 自定义访问无权限资源时的异常
+ * 
+ * @author ruoyi
+ */
+@Component
+public class CustomAccessDeniedHandler extends OAuth2AccessDeniedHandler
+{
+    private final Logger logger = LoggerFactory.getLogger(CustomAccessDeniedHandler.class);
+
+    @Override
+    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException authException)
+    {
+        logger.info("权限不足，请联系管理员 {}", request.getRequestURI());
+
+        String msg = authException.getMessage();
+        ServletUtils.renderString(response, JSON.toJSONString(R.failed(HttpStatus.FORBIDDEN, msg)));
+    }
+}
--- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/service/PermissionService.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/service/PermissionService.java
@@ -0,0 +1,167 @@
+package com.ruoyi.common.security.service;
+
+import java.util.Collection;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.stereotype.Service;
+import org.springframework.util.CollectionUtils;
+import org.springframework.util.PatternMatchUtils;
+import org.springframework.util.StringUtils;
+import com.ruoyi.common.security.domain.LoginUser;
+import com.ruoyi.common.security.utils.SecurityUtils;
+
+/**
+ * 自定义权限实现
+ * 
+ * @author ruoyi
+ */
+@Service("ss")
+public class PermissionService
+{
+    /** 所有权限标识 */
+    private static final String ALL_PERMISSION = "*:*:*";
+
+    /** 管理员角色权限标识 */
+    private static final String SUPER_ADMIN = "admin";
+
+    private static final String ROLE_DELIMETER = ",";
+
+    private static final String PERMISSION_DELIMETER = ",";
+
+    /**
+     * 验证用户是否具备某权限
+     * 
+     * @param permission 权限字符串
+     * @return 用户是否具备某权限
+     */
+    public boolean hasPermi(String permission)
+    {
+        if (StringUtils.isEmpty(permission))
+        {
+            return false;
+        }
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        if (StringUtils.isEmpty(loginUser) || CollectionUtils.isEmpty(loginUser.getAuthorities()))
+        {
+            return false;
+        }
+        return hasPermissions(loginUser.getAuthorities(), permission);
+    }
+
+    /**
+     * 验证用户是否不具备某权限，与 hasPermi逻辑相反
+     *
+     * @param permission 权限字符串
+     * @return 用户是否不具备某权限
+     */
+    public boolean lacksPermi(String permission)
+    {
+        return hasPermi(permission) != true;
+    }
+
+    /**
+     * 验证用户是否具有以下任意一个权限
+     *
+     * @param permissions 以 PERMISSION_NAMES_DELIMETER 为分隔符的权限列表
+     * @return 用户是否具有以下任意一个权限
+     */
+    public boolean hasAnyPermi(String permissions)
+    {
+        if (StringUtils.isEmpty(permissions))
+        {
+            return false;
+        }
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        if (StringUtils.isEmpty(loginUser) || CollectionUtils.isEmpty(loginUser.getAuthorities()))
+        {
+            return false;
+        }
+        Collection<? extends GrantedAuthority> authorities = loginUser.getAuthorities();
+        for (String permission : permissions.split(PERMISSION_DELIMETER))
+        {
+            if (permission != null && hasPermissions(authorities, permission))
+            {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * 判断用户是否拥有某个角色
+     * 
+     * @param role 角色字符串
+     * @return 用户是否具备某角色
+     */
+    public boolean hasRole(String role)
+    {
+        if (StringUtils.isEmpty(role))
+        {
+            return false;
+        }
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        if (StringUtils.isEmpty(loginUser) || CollectionUtils.isEmpty(loginUser.getAuthorities()))
+        {
+            return false;
+        }
+        for (GrantedAuthority authorities : loginUser.getAuthorities())
+        {
+            String roleKey = authorities.getAuthority();
+            if (SUPER_ADMIN.contains(roleKey) || roleKey.contains(role))
+            {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * 验证用户是否不具备某角色，与 isRole逻辑相反。
+     *
+     * @param role 角色名称
+     * @return 用户是否不具备某角色
+     */
+    public boolean lacksRole(String role)
+    {
+        return hasRole(role) != true;
+    }
+
+    /**
+     * 验证用户是否具有以下任意一个角色
+     *
+     * @param roles 以 ROLE_NAMES_DELIMETER 为分隔符的角色列表
+     * @return 用户是否具有以下任意一个角色
+     */
+    public boolean hasAnyRoles(String roles)
+    {
+        if (StringUtils.isEmpty(roles))
+        {
+            return false;
+        }
+        LoginUser loginUser = SecurityUtils.getLoginUser();
+        if (StringUtils.isEmpty(loginUser) || CollectionUtils.isEmpty(loginUser.getAuthorities()))
+        {
+            return false;
+        }
+        for (String role : roles.split(ROLE_DELIMETER))
+        {
+            if (hasRole(role))
+            {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * 判断是否包含权限
+     * 
+     * @param permissions 权限列表
+     * @param permission 权限字符串
+     * @return 用户是否具备某权限
+     */
+    private boolean hasPermissions(Collection<? extends GrantedAuthority> authorities, String permission)
+    {
+        return authorities.stream().map(GrantedAuthority::getAuthority).filter(StringUtils::hasText)
+                .anyMatch(x -> ALL_PERMISSION.contains(x) || PatternMatchUtils.simpleMatch(permission, x));
+    }
+}
--- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/service/RedisClientDetailsService.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/service/RedisClientDetailsService.java
@@ -0,0 +1,30 @@
+package com.ruoyi.common.security.service;
+
+import javax.sql.DataSource;
+import org.springframework.cache.annotation.Cacheable;
+import org.springframework.security.oauth2.provider.ClientDetails;
+import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
+import com.ruoyi.common.core.constant.CacheConstants;
+import com.ruoyi.common.core.constant.SecurityConstants;
+
+/**
+ * 重写原生方法支持redis缓存
+ *
+ * @author ruoyi
+ */
+public class RedisClientDetailsService extends JdbcClientDetailsService
+{
+    public RedisClientDetailsService(DataSource dataSource)
+    {
+        super(dataSource);
+        super.setSelectClientDetailsSql(SecurityConstants.DEFAULT_SELECT_STATEMENT);
+        super.setFindClientDetailsSql(SecurityConstants.DEFAULT_FIND_STATEMENT);
+    }
+
+    @Override
+    @Cacheable(value = CacheConstants.CLIENT_DETAILS_KEY, key = "#clientId", unless = "#result == null")
+    public ClientDetails loadClientByClientId(String clientId)
+    {
+        return super.loadClientByClientId(clientId);
+    }
+}
--- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/service/UserDetailsServiceImpl.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/service/UserDetailsServiceImpl.java
@@ -0,0 +1,83 @@
+package com.ruoyi.common.security.service;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+import com.ruoyi.common.core.domain.R;
+import com.ruoyi.common.core.enums.UserStatus;
+import com.ruoyi.common.core.exception.BaseException;
+import com.ruoyi.common.core.utils.StringUtils;
+import com.ruoyi.common.security.domain.LoginUser;
+import com.ruoyi.system.api.RemoteUserService;
+import com.ruoyi.system.api.domain.SysUser;
+import com.ruoyi.system.api.model.UserInfo;
+
+/**
+ * 用户信息处理
+ *
+ * @author ruoyi
+ */
+@Service
+public class UserDetailsServiceImpl implements UserDetailsService
+{
+    private static final Logger log = LoggerFactory.getLogger(UserDetailsServiceImpl.class);
+
+    @Autowired
+    private RemoteUserService remoteUserService;
+
+    @Override
+    public UserDetails loadUserByUsername(String username)
+    {
+        R<UserInfo> userResult = remoteUserService.getUserInfo(username);
+        checkUser(userResult, username);
+        return getUserDetails(userResult);
+    }
+
+    public void checkUser(R<UserInfo> userResult, String username)
+    {
+        if (StringUtils.isNull(userResult) || StringUtils.isNull(userResult.getData()))
+        {
+            log.info("登录用户：{} 不存在.", username);
+            throw new UsernameNotFoundException("登录用户：" + username + " 不存在");
+        }
+        else if (UserStatus.DELETED.getCode().equals(userResult.getData().getSysUser().getDelFlag()))
+        {
+            log.info("登录用户：{} 已被删除.", username);
+            throw new BaseException("对不起，您的账号：" + username + " 已被删除");
+        }
+        else if (UserStatus.DISABLE.getCode().equals(userResult.getData().getSysUser().getStatus()))
+        {
+            log.info("登录用户：{} 已被停用.", username);
+            throw new BaseException("对不起，您的账号：" + username + " 已停用");
+        }
+    }
+
+    private UserDetails getUserDetails(R<UserInfo> result)
+    {
+        UserInfo info = result.getData();
+        Set<String> dbAuthsSet = new HashSet<String>();
+        if (StringUtils.isNotEmpty(info.getRoles()))
+        {
+            // 获取角色
+            dbAuthsSet.addAll(info.getRoles());
+            // 获取权限
+            dbAuthsSet.addAll(info.getPermissions());
+        }
+
+        Collection<? extends GrantedAuthority> authorities = AuthorityUtils
+                .createAuthorityList(dbAuthsSet.toArray(new String[0]));
+        SysUser user = info.getSysUser();
+
+        return new LoginUser(user.getUserId(), user.getUserName(), user.getPassword(), true, true, true, true,
+                authorities);
+    }
+}
--- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/utils/SecurityUtils.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/utils/SecurityUtils.java
@@ -0,0 +1,92 @@
+package com.ruoyi.common.security.utils;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import com.ruoyi.common.security.domain.LoginUser;
+
+/**
+ * 权限获取工具类
+ * 
+ * @author ruoyi
+ */
+public class SecurityUtils
+{
+    /**
+     * 获取Authentication
+     */
+    public static Authentication getAuthentication()
+    {
+        return SecurityContextHolder.getContext().getAuthentication();
+    }
+
+    /**
+     * 获取用户
+     */
+    public static String getUsername()
+    {
+        return getLoginUser().getUsername();
+    }
+
+    /**
+     * 获取用户
+     */
+    public static LoginUser getLoginUser(Authentication authentication)
+    {
+        Object principal = authentication.getPrincipal();
+        if (principal instanceof LoginUser)
+        {
+            return (LoginUser) principal;
+        }
+        return null;
+    }
+
+    /**
+     * 获取用户
+     */
+    public static LoginUser getLoginUser()
+    {
+        Authentication authentication = getAuthentication();
+        if (authentication == null)
+        {
+            return null;
+        }
+        return getLoginUser(authentication);
+    }
+
+    /**
+     * 生成BCryptPasswordEncoder密码
+     *
+     * @param password 密码
+     * @return 加密字符串
+     */
+    public static String encryptPassword(String password)
+    {
+        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+        return passwordEncoder.encode(password);
+    }
+
+    /**
+     * 判断密码是否相同
+     *
+     * @param rawPassword 真实密码
+     * @param encodedPassword 加密后字符
+     * @return 结果
+     */
+    public static boolean matchesPassword(String rawPassword, String encodedPassword)
+    {
+        BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
+        return passwordEncoder.matches(rawPassword, encodedPassword);
+    }
+
+    /**
+     * 是否为管理员
+     * 
+     * @param userId 用户ID
+     * @return 结果
+     */
+    public static boolean isAdmin(Long userId)
+    {
+        return userId != null && 1L == userId;
+    }
+}
--- a/ruoyi-common/ruoyi-common-security/src/main/resources/META-INF/spring.factories
+++ b/ruoyi-common/ruoyi-common-security/src/main/resources/META-INF/spring.factories
@@ -0,0 +1,6 @@
+org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
+  com.ruoyi.common.security.service.UserDetailsServiceImpl,\
+  com.ruoyi.common.security.handler.CustomAccessDeniedHandler,\
+  com.ruoyi.common.security.config.ResourceServerConfig
+
+