feat: use sa-token

pom.xml

@@ -122,21 +122,19 @@
 		<!--swagger end-->
 
 
-		<!-- shiro start-->
+		<!-- Sa-Token 权限认证, 在线文档：http://sa-token.dev33.cn/ -->
 		<dependency>
-			<groupId>org.apache.shiro</groupId>
-			<artifactId>shiro-spring-boot-web-starter</artifactId>
-			<version>1.8.0</version>
+			<groupId>cn.dev33</groupId>
+			<artifactId>sa-token-spring-boot-starter</artifactId>
+			<version>1.29.0</version>
 		</dependency>
-		<!-- shiro end-->
 
-		<!-- jwt start -->
+		<!-- Sa-Token 整合 jwt -->
 		<dependency>
-			<groupId>com.auth0</groupId>
-			<artifactId>java-jwt</artifactId>
-			<version>3.18.3</version>
+			<groupId>cn.dev33</groupId>
+			<artifactId>sa-token-jwt</artifactId>
+			<version>1.29.0</version>
 		</dependency>
-		<!-- end start -->
 	</dependencies>
 
 	<profiles>

src/main/java/com/yunzhi/nanyang/common/BaseController.java

@@ -1,19 +1,14 @@
 package com.yunzhi.nanyang.common;
 
+import cn.dev33.satoken.stp.StpUtil;
 import com.yunzhi.nanyang.entity.SysUser;
 import com.yunzhi.nanyang.entity.TaPerson;
 import com.yunzhi.nanyang.service.ISysUserDataScopeService;
 import com.yunzhi.nanyang.service.ISysUserService;
 import com.yunzhi.nanyang.service.ITaPersonService;
-import com.yunzhi.nanyang.shiro.realms.manager.ManagerRealm;
-import com.yunzhi.nanyang.shiro.utils.JWTUtil;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.subject.Subject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import java.util.Arrays;
-import java.util.Collection;
 import java.util.List;
 
 @Component
@@ -29,13 +24,7 @@ public class BaseController {
     ISysUserDataScopeService iSysUserDataScopeService;
 
     public String getLoginId() {
-        Subject subject = SecurityUtils.getSubject();
-        String token = subject.getPrincipal().toString();
-
-//        List<Object> list = Arrays.asList(subject.getPrincipals().fromRealm("managerRealm").toArray());
-//        String token = list.get(0).toString();
-
-        return JWTUtil.getLoginId(token);
+        return StpUtil.getLoginIdAsString();
     }
 
     public SysUser currentUser() throws Exception {

src/main/java/com/yunzhi/nanyang/config/SaTokenConfigure.java

@@ -0,0 +1,44 @@
+package com.yunzhi.nanyang.config;
+
+import cn.dev33.satoken.interceptor.SaRouteInterceptor;
+import cn.dev33.satoken.jwt.StpLogicJwtForStateless;
+import cn.dev33.satoken.stp.StpLogic;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import java.util.ArrayList;
+import java.util.List;
+
+@Configuration
+public class SaTokenConfigure implements WebMvcConfigurer {
+    // 注册拦截器
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+
+        List<String> anonList = new ArrayList<>();
+        anonList.add("/swagger-ui/**");
+        anonList.add("/swagger-resources/**");
+        anonList.add("/v2/**");
+        anonList.add("/wxpay/notify/**");
+        anonList.add("/**/sms-captcha");
+        anonList.add("/**/**/sms-captcha");
+        anonList.add("/**/preload");
+        anonList.add("/**/login");
+        anonList.add("/**/**/login");
+
+        // 注册Sa-Token的路由拦截器
+        registry.addInterceptor(new SaRouteInterceptor())
+                .addPathPatterns("/**")
+                .excludePathPatterns(anonList.toArray(new String[0]));
+    }
+
+
+
+    // Sa-Token 整合 jwt (Style模式)
+    @Bean
+    public StpLogic getStpLogicJwt() {
+        return new StpLogicJwtForStateless();
+    }
+}

src/main/java/com/yunzhi/nanyang/controller/LoginController.java

@@ -1,21 +1,18 @@
 package com.yunzhi.nanyang.controller;
 
+import cn.dev33.satoken.stp.StpUtil;
 import com.yunzhi.nanyang.common.*;
 import com.yunzhi.nanyang.entity.SysLogin;
 import com.yunzhi.nanyang.entity.SysUser;
 import com.yunzhi.nanyang.service.ISysLoginService;
 import com.yunzhi.nanyang.service.ISysUserService;
-import com.yunzhi.nanyang.shiro.utils.JWTUtil;
 import com.yunzhi.nanyang.vo.LoginParam;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.subject.Subject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 
-import java.util.HashMap;
 import java.util.Map;
 
 
@@ -64,9 +61,8 @@ public class LoginController extends BaseController {
 
         Map<String, Object> res = iSysUserService.getUerProfile(sysUser.getUserId(), sysUser);
 
-        // 生成 token
-        String token = JWTUtil.sign(sysLogin.getLoginId().toString(), sysLogin.getPassword());
-        res.put("token", token);
+        StpUtil.login(sysLogin.getLoginId(), "admin");
+        res.put("token", StpUtil.getTokenValue());
 
         return ResponseBean.success(res);
     }
@@ -83,8 +79,7 @@ public class LoginController extends BaseController {
     @PostMapping("/admin/logout")
     @ApiOperation(value="登出", notes = "登出", httpMethod = "POST", response = ResponseBean.class)
     public ResponseBean logout() throws Exception {
-        Subject subject = SecurityUtils.getSubject();
-        subject.logout();
+        StpUtil.logout();
         return ResponseBean.success("success");
     }
 

src/main/java/com/yunzhi/nanyang/controller/MobileController.java

@@ -1,11 +1,11 @@
 package com.yunzhi.nanyang.controller;
 
+import cn.dev33.satoken.stp.StpUtil;
 import com.yunzhi.nanyang.common.*;
 import com.yunzhi.nanyang.entity.SysUser;
 import com.yunzhi.nanyang.entity.TaPerson;
 import com.yunzhi.nanyang.service.ISysUserService;
 import com.yunzhi.nanyang.service.ITaPersonService;
-import com.yunzhi.nanyang.shiro.utils.JWTUtil;
 import com.yunzhi.nanyang.vo.LoginParam;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
@@ -75,12 +75,10 @@ public class MobileController extends BaseController {
             iTaPersonService.tryBindUser(taPerson);
         }
 
-        // 生成 token
-        String token = JWTUtil.sign(taPerson.getPersonId(), taPerson.getPersonId());
-
+        StpUtil.login(taPerson.getPersonId(), clientId);
         Map<String, Object> res = new HashMap<>();
         res.put("person", taPerson);
-        res.put("token", token);
+        res.put("token", StpUtil.getTokenValue());
 
         return ResponseBean.success(res);
     }

src/main/java/com/yunzhi/nanyang/controller/SysMenuController.java

@@ -10,7 +10,7 @@ import com.yunzhi.nanyang.entity.SysUser;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;

src/main/java/com/yunzhi/nanyang/controller/SysRoleController.java

@@ -11,7 +11,7 @@ import com.yunzhi.nanyang.service.ISysUserRoleService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -79,7 +79,7 @@ public class SysRoleController extends BaseController {
      */
     @RequestMapping(value="/admin/role",method= RequestMethod.POST)
     @ApiOperation(value="保存", notes = "保存", httpMethod = "POST", response = ResponseBean.class)
-    @RequiresPermissions("role:add")
+    @SaCheckPermission("role:add")
     public ResponseBean sysRoleAdd(@ApiParam("保存内容") @RequestBody SysRole sysRole) throws Exception{
         sysRole.setRoleId(null);
 
@@ -105,7 +105,7 @@ public class SysRoleController extends BaseController {
      */
     @RequestMapping(value="/admin/role/{id}", method= RequestMethod.DELETE)
     @ApiOperation(value="删除", notes = "删除", httpMethod = "DELETE", response = ResponseBean.class)
-    @RequiresPermissions("role:delete")
+    @SaCheckPermission("role:delete")
     public ResponseBean sysRoleDelete(@ApiParam("对象ID") @PathVariable String id) throws Exception{
 
         int cnt = iSysUserRoleService.countBy("role_id", id, false);
@@ -131,7 +131,7 @@ public class SysRoleController extends BaseController {
      */
     @RequestMapping(value="/admin/role/{id}",method= RequestMethod.PUT)
     @ApiOperation(value="更新", notes = "更新", httpMethod = "PUT", response = ResponseBean.class)
-    @RequiresPermissions("role:update")
+    @SaCheckPermission("role:update")
     public ResponseBean sysRoleUpdate(@ApiParam("对象ID") @PathVariable String id,
                                         @ApiParam("更新内容") @RequestBody SysRole sysRole) throws Exception{
 
@@ -159,7 +159,7 @@ public class SysRoleController extends BaseController {
      */
     @RequestMapping(value="/admin/role/{id}",method= RequestMethod.GET)
     @ApiOperation(value="详情", notes = "详情", httpMethod = "GET", response = ResponseBean.class)
-    @RequiresPermissions("role:view")
+    @SaCheckPermission("role:view")
     public ResponseBean sysRoleGet(@ApiParam("对象ID") @PathVariable String id) throws Exception{
         return ResponseBean.success(iSysRoleService.getById(id));
     }

src/main/java/com/yunzhi/nanyang/controller/SysRolePermissionController.java

@@ -1,8 +1,6 @@
 package com.yunzhi.nanyang.controller;
 
-import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
-import com.baomidou.mybatisplus.core.metadata.IPage;
-import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import com.yunzhi.nanyang.common.BaseController;
 import com.yunzhi.nanyang.common.Constants;
 import com.yunzhi.nanyang.common.ResponseBean;
@@ -10,7 +8,6 @@ import com.yunzhi.nanyang.common.StringUtils;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -23,7 +20,6 @@ import com.yunzhi.nanyang.service.ISysRolePermissionService;
 import com.yunzhi.nanyang.entity.SysRolePermission;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -71,7 +67,7 @@ public class SysRolePermissionController extends BaseController {
      */
     @RequestMapping(value="/admin/role/{roleId}/permission",method= RequestMethod.POST)
     @ApiOperation(value="保存", notes = "保存", httpMethod = "POST", response = ResponseBean.class)
-    @RequiresPermissions("role:add")
+    @SaCheckPermission("role:add")
     public ResponseBean sysRolePermissionAdd(@ApiParam("角色ID") @PathVariable String roleId,
                                              @ApiParam("保存内容") @RequestBody List<SysRolePermission> sysRolePermissionList) throws Exception{
 
@@ -110,7 +106,7 @@ public class SysRolePermissionController extends BaseController {
      */
     @RequestMapping(value="/admin/role-permission/{id}", method= RequestMethod.DELETE)
     @ApiOperation(value="删除", notes = "删除", httpMethod = "DELETE", response = ResponseBean.class)
-    @RequiresPermissions("role:delete")
+    @SaCheckPermission("role:delete")
     public ResponseBean sysRolePermissionDelete(@ApiParam("对象ID") @PathVariable Integer id) throws Exception{
 
         SysRolePermission rolePermission = iSysRolePermissionService.getById(id);

src/main/java/com/yunzhi/nanyang/controller/SysSettingController.java

@@ -9,7 +9,7 @@ import com.yunzhi.nanyang.common.ResponseBean;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -71,7 +71,7 @@ public class SysSettingController extends BaseController {
      */
     @RequestMapping(value="/admin/setting/{id}",method= RequestMethod.PUT)
     @ApiOperation(value="更新", notes = "更新", httpMethod = "PUT", response = ResponseBean.class)
-    @RequiresPermissions("setting:update")
+    @SaCheckPermission("setting:update")
     public ResponseBean sysSettingUpdate(@ApiParam("对象ID") @PathVariable String id,
                                         @ApiParam("更新内容") @RequestBody SysSetting sysSetting) throws Exception{
 

src/main/java/com/yunzhi/nanyang/controller/SysUserController.java

@@ -10,7 +10,7 @@ import com.yunzhi.nanyang.service.ISysUserDataScopeService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -88,7 +88,7 @@ public class SysUserController extends BaseController {
      */
     @RequestMapping(value="/admin/user",method= RequestMethod.POST)
     @ApiOperation(value="保存", notes = "保存", httpMethod = "POST", response = ResponseBean.class)
-    @RequiresPermissions("user:add")
+    @SaCheckPermission("user:add")
     public ResponseBean sysUserAdd(@ApiParam("保存内容") @RequestBody SysUser sysUser) throws Exception{
         String userId = currentUser().getUserId();
         sysUser.setUserId(null);
@@ -135,7 +135,7 @@ public class SysUserController extends BaseController {
      */
     @RequestMapping(value="/admin/user/{id}", method= RequestMethod.DELETE)
     @ApiOperation(value="删除", notes = "删除", httpMethod = "DELETE", response = ResponseBean.class)
-    @RequiresPermissions("user:delete")
+    @SaCheckPermission("user:delete")
     public ResponseBean sysUserDelete(@ApiParam("对象ID") @PathVariable String id) throws Exception{
         SysUser sysUser = iSysUserService.getExistBy("user_id", id, false, true);
         if (sysUser == null) {
@@ -164,7 +164,7 @@ public class SysUserController extends BaseController {
      */
     @RequestMapping(value="/admin/user/{id}",method= RequestMethod.PUT)
     @ApiOperation(value="更新", notes = "更新", httpMethod = "PUT", response = ResponseBean.class)
-    @RequiresPermissions("user:update")
+    @SaCheckPermission("user:update")
     public ResponseBean sysUserUpdate(@ApiParam("对象ID") @PathVariable String id,
                                         @ApiParam("更新内容") @RequestBody SysUser sysUser) throws Exception{
         String userId = currentUser().getUserId();
@@ -233,7 +233,7 @@ public class SysUserController extends BaseController {
      */
     @RequestMapping(value="/admin/user/{id}",method= RequestMethod.GET)
     @ApiOperation(value="详情", notes = "详情", httpMethod = "GET", response = ResponseBean.class)
-    @RequiresPermissions("user:view")
+    @SaCheckPermission("user:view")
     public ResponseBean sysUserGet(@ApiParam("对象ID") @PathVariable String id) throws Exception{
         SysUser sysUser = iSysUserService.getExistBy("user_id", id, false, true);
 
@@ -255,7 +255,7 @@ public class SysUserController extends BaseController {
      */
     @RequestMapping(value="/admin/user/default/password",method= RequestMethod.GET)
     @ApiOperation(value="查询用户默认密码", notes = "查询用户默认密码", httpMethod = "GET", response = ResponseBean.class)
-    @RequiresPermissions("user:view")
+    @SaCheckPermission("user:view")
     public ResponseBean getDefaultPassword() throws Exception{
         return ResponseBean.success(defaultPassword);
     }

src/main/java/com/yunzhi/nanyang/controller/SysUserRoleController.java

@@ -14,7 +14,7 @@ import com.yunzhi.nanyang.service.ISysUserService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -75,7 +75,7 @@ public class SysUserRoleController extends BaseController {
      */
     @RequestMapping(value="/admin/user/{userId}/role",method= RequestMethod.POST)
     @ApiOperation(value="保存", notes = "保存", httpMethod = "POST", response = ResponseBean.class)
-    @RequiresPermissions("user:add")
+    @SaCheckPermission("user:add")
     public ResponseBean sysUserRoleAdd(@ApiParam("用户ID") @PathVariable String userId,
                                        @ApiParam("保存内容") @RequestBody List<SysUserRole> sysUserRoleList) throws Exception{
         // 不能编辑管理员权限
@@ -133,7 +133,7 @@ public class SysUserRoleController extends BaseController {
      */
     @RequestMapping(value="/admin/user/{userId}/role", method= RequestMethod.DELETE)
     @ApiOperation(value="删除", notes = "删除", httpMethod = "DELETE", response = ResponseBean.class)
-    @RequiresPermissions("user:delete")
+    @SaCheckPermission("user:delete")
     public ResponseBean sysUserRoleDelete(@ApiParam("对象ID") @PathVariable String userId) throws Exception{
         // 不能编辑管理员权限
         if (Constants.ADMIN_ID.equals(userId)) {

src/main/java/com/yunzhi/nanyang/controller/TaAccountLogController.java

@@ -12,7 +12,7 @@ import com.yunzhi.nanyang.vo.AccountRecord;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -57,7 +57,7 @@ public class TaAccountLogController extends BaseController {
      */
     @RequestMapping(value="/admin/account-log",method= RequestMethod.GET)
     @ApiOperation(value="列表", notes = "列表", httpMethod = "GET", response = ResponseBean.class)
-    @RequiresPermissions("fi-system:view")
+    @SaCheckPermission("fi-system:view")
     public ResponseBean taAccountLogList(@ApiParam("页码") @RequestParam(value ="pageNum",defaultValue = "1") Integer pageNum,
                                          @ApiParam("单页数据量") @RequestParam(value ="pageSize",defaultValue = "10") Integer pageSize,
                                          @ApiParam(value = "合作社ID") @RequestParam(value ="orgId", required = false) String orgId,

src/main/java/com/yunzhi/nanyang/controller/TaBannerController.java

@@ -10,7 +10,7 @@ import com.yunzhi.nanyang.common.StringUtils;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -98,7 +98,7 @@ public class TaBannerController extends BaseController {
      */
     @RequestMapping(value="/admin/banner",method= RequestMethod.POST)
     @ApiOperation(value="保存", notes = "保存", httpMethod = "POST", response = ResponseBean.class)
-    @RequiresPermissions("banner:add")
+    @SaCheckPermission("banner:add")
     public ResponseBean taBannerAdd(@ApiParam("保存内容") @RequestBody TaBanner taBanner) throws Exception{
         if (StringUtils.isEmpty(taBanner.getTitle())) {
             return ResponseBean.error("标题不能为空");
@@ -125,7 +125,7 @@ public class TaBannerController extends BaseController {
      */
     @RequestMapping(value="/admin/banner/{id}", method= RequestMethod.DELETE)
     @ApiOperation(value="删除", notes = "删除", httpMethod = "DELETE", response = ResponseBean.class)
-    @RequiresPermissions("banner:delete")
+    @SaCheckPermission("banner:delete")
     public ResponseBean taBannerDelete(@ApiParam("对象ID") @PathVariable String id) throws Exception{
         if(iTaBannerService.removeLogicById(id)){
             return ResponseBean.success("success");
@@ -142,7 +142,7 @@ public class TaBannerController extends BaseController {
      */
     @RequestMapping(value="/admin/banner/{id}",method= RequestMethod.PUT)
     @ApiOperation(value="更新", notes = "更新", httpMethod = "PUT", response = ResponseBean.class)
-    @RequiresPermissions("banner:update")
+    @SaCheckPermission("banner:update")
     public ResponseBean taBannerUpdate(@ApiParam("对象ID") @PathVariable String id,
                                         @ApiParam("更新内容") @RequestBody TaBanner taBanner) throws Exception{
         taBanner.setBannerId(id);

src/main/java/com/yunzhi/nanyang/controller/TaDispatchController.java

@@ -12,7 +12,7 @@ import com.yunzhi.nanyang.service.*;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -105,7 +105,7 @@ public class TaDispatchController extends BaseController {
      */
     @RequestMapping(value="/admin/dispatch",method= RequestMethod.POST)
     @ApiOperation(value="保存", notes = "保存", httpMethod = "POST", response = ResponseBean.class)
-    @RequiresPermissions("orderjob:add")
+    @SaCheckPermission("orderjob:add")
     public ResponseBean taDispatchAdd(@ApiParam("保存内容") @RequestBody TaDispatch taDispatch) throws Exception{
         taDispatch.setDispatchId(null);
 
@@ -151,7 +151,7 @@ public class TaDispatchController extends BaseController {
      */
     @RequestMapping(value="/admin/dispatch/{id}", method= RequestMethod.DELETE)
     @ApiOperation(value="删除", notes = "删除", httpMethod = "DELETE", response = ResponseBean.class)
-    @RequiresPermissions("orderjob:delete")
+    @SaCheckPermission("orderjob:delete")
     public ResponseBean taDispatchDelete(@ApiParam("对象ID") @PathVariable String id) throws Exception{
         TaDispatch taDispatch = iTaDispatchService.getById(id);
 

src/main/java/com/yunzhi/nanyang/controller/TaFeedbackController.java

@@ -10,7 +10,7 @@ import com.yunzhi.nanyang.common.StringUtils;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -91,7 +91,7 @@ public class TaFeedbackController extends BaseController {
      */
     @RequestMapping(value="/admin/feedback/{id}",method= RequestMethod.PUT)
     @ApiOperation(value="更新", notes = "更新", httpMethod = "PUT", response = ResponseBean.class)
-    @RequiresPermissions("feedback:update")
+    @SaCheckPermission("feedback:update")
     public ResponseBean taFeedbackUpdate(@ApiParam("对象ID") @PathVariable String id,
                                         @ApiParam("更新内容") @RequestBody TaFeedback taFeedback) throws Exception{
         if (iTaFeedbackService.updateById(taFeedback)){

src/main/java/com/yunzhi/nanyang/controller/TaMachineryController.java

@@ -16,7 +16,7 @@ import com.yunzhi.nanyang.vo.MachineSummary;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -124,7 +124,7 @@ public class TaMachineryController extends BaseController {
      */
     @RequestMapping(value="/admin/machinery",method= RequestMethod.POST)
     @ApiOperation(value="保存", notes = "保存", httpMethod = "POST", response = ResponseBean.class)
-    @RequiresPermissions("machinery:add")
+    @SaCheckPermission("machinery:add")
     public ResponseBean taMachineryAdd(@ApiParam("保存内容") @RequestBody TaMachinery taMachinery) throws Exception{
         SysUser sysUser = currentUser();
 
@@ -150,7 +150,7 @@ public class TaMachineryController extends BaseController {
      */
     @RequestMapping(value="/admin/machinery/{id}", method= RequestMethod.DELETE)
     @ApiOperation(value="删除", notes = "删除", httpMethod = "DELETE", response = ResponseBean.class)
-    @RequiresPermissions("machinery:delete")
+    @SaCheckPermission("machinery:delete")
     public ResponseBean taMachineryDelete(@ApiParam("对象ID") @PathVariable String id) throws Exception{
         TaMachinery taMachinery = iTaMachineryService.getExistBy("machinery_id", id, false, true);
         if (null == taMachinery) {
@@ -174,7 +174,7 @@ public class TaMachineryController extends BaseController {
      */
     @RequestMapping(value="/admin/machinery/{id}",method= RequestMethod.PUT)
     @ApiOperation(value="更新", notes = "更新", httpMethod = "PUT", response = ResponseBean.class)
-    @RequiresPermissions("machinery:update")
+    @SaCheckPermission("machinery:update")
     public ResponseBean taMachineryUpdate(@ApiParam("对象ID") @PathVariable String id,
                                         @ApiParam("更新内容") @RequestBody TaMachinery taMachinery) throws Exception{
         if (StringUtils.isEmpty(taMachinery.getOrgId())) {

src/main/java/com/yunzhi/nanyang/controller/TaNewsController.java

@@ -14,7 +14,7 @@ import com.yunzhi.nanyang.service.ITaNewsTypeService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -119,7 +119,7 @@ public class TaNewsController extends BaseController {
      */
     @RequestMapping(value="/admin/news",method= RequestMethod.POST)
     @ApiOperation(value="保存", notes = "保存", httpMethod = "POST", response = ResponseBean.class)
-    @RequiresPermissions("news:add")
+    @SaCheckPermission("news:add")
     public ResponseBean taNewsAdd(@ApiParam("保存内容") @RequestBody TaNews taNews) throws Exception{
         SysUser sysUser = currentUser();
 
@@ -143,7 +143,7 @@ public class TaNewsController extends BaseController {
      */
     @RequestMapping(value="/admin/news/{id}", method= RequestMethod.DELETE)
     @ApiOperation(value="删除", notes = "删除", httpMethod = "DELETE", response = ResponseBean.class)
-    @RequiresPermissions("news:delete")
+    @SaCheckPermission("news:delete")
     public ResponseBean taNewsDelete(@ApiParam("对象ID") @PathVariable String id) throws Exception{
         if(iTaNewsService.removeLogicById(id)){
             return ResponseBean.success("success");
@@ -160,7 +160,7 @@ public class TaNewsController extends BaseController {
      */
     @RequestMapping(value="/admin/news/{id}",method= RequestMethod.PUT)
     @ApiOperation(value="更新", notes = "更新", httpMethod = "PUT", response = ResponseBean.class)
-    @RequiresPermissions("news:update")
+    @SaCheckPermission("news:update")
     public ResponseBean taNewsUpdate(@ApiParam("对象ID") @PathVariable String id,
                                         @ApiParam("更新内容") @RequestBody TaNews taNews) throws Exception{
         taNews.setNewsId(id);

src/main/java/com/yunzhi/nanyang/controller/TaNewsTypeController.java

@@ -11,7 +11,7 @@ import com.yunzhi.nanyang.service.ITaNewsService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -75,7 +75,7 @@ public class TaNewsTypeController extends BaseController {
      */
     @RequestMapping(value="/admin/news-type",method= RequestMethod.POST)
     @ApiOperation(value="保存", notes = "保存", httpMethod = "POST", response = ResponseBean.class)
-    @RequiresPermissions("news:add")
+    @SaCheckPermission("news:add")
     public ResponseBean taNewsTypeAdd(@ApiParam("保存内容") @RequestBody TaNewsType taNewsType) throws Exception{
         taNewsType.setTypeId(null);
 
@@ -102,7 +102,7 @@ public class TaNewsTypeController extends BaseController {
      */
     @RequestMapping(value="/admin/news-type/{id}", method= RequestMethod.DELETE)
     @ApiOperation(value="删除", notes = "删除", httpMethod = "DELETE", response = ResponseBean.class)
-    @RequiresPermissions("news:delete")
+    @SaCheckPermission("news:delete")
     public ResponseBean taNewsTypeDelete(@ApiParam("对象ID") @PathVariable String id) throws Exception{
         TaNewsType taNewsType = iTaNewsTypeService.getExistBy("type_id", id, false, true);
         if (null == taNewsType) {
@@ -129,7 +129,7 @@ public class TaNewsTypeController extends BaseController {
      */
     @RequestMapping(value="/admin/news-type/{id}",method= RequestMethod.PUT)
     @ApiOperation(value="更新", notes = "更新", httpMethod = "PUT", response = ResponseBean.class)
-    @RequiresPermissions("news:update")
+    @SaCheckPermission("news:update")
     public ResponseBean taNewsTypeUpdate(@ApiParam("对象ID") @PathVariable String id,
                                         @ApiParam("更新内容") @RequestBody TaNewsType taNewsType) throws Exception{
         taNewsType.setTypeId(id);

src/main/java/com/yunzhi/nanyang/controller/TaOrgController.java

@@ -12,7 +12,7 @@ import com.yunzhi.nanyang.service.ISysUserService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -63,7 +63,7 @@ public class TaOrgController extends BaseController {
      */
     @RequestMapping(value="/admin/org",method= RequestMethod.GET)
     @ApiOperation(value="列表", notes = "列表", httpMethod = "GET", response = ResponseBean.class)
-    @RequiresPermissions("org:view")
+    @SaCheckPermission("org:view")
     public ResponseBean taOrgList(@ApiParam("页码") @RequestParam(value ="pageNum",defaultValue = "1") Integer pageNum,
                                   @ApiParam("单页数据量") @RequestParam(value ="pageSize",defaultValue = "10") Integer pageSize,
                                   @ApiParam("名称") @RequestParam(value ="name", required = false) String name) throws Exception{
@@ -82,7 +82,7 @@ public class TaOrgController extends BaseController {
      */
     @RequestMapping(value="/admin/org",method= RequestMethod.POST)
     @ApiOperation(value="保存", notes = "保存", httpMethod = "POST", response = ResponseBean.class)
-    @RequiresPermissions("org:add")
+    @SaCheckPermission("org:add")
     public ResponseBean taOrgAdd(@ApiParam("保存内容") @RequestBody TaOrg taOrg) throws Exception{
 
         SysUser sysUser = currentUser();
@@ -103,7 +103,7 @@ public class TaOrgController extends BaseController {
      */
     @RequestMapping(value="/admin/org/{id}", method= RequestMethod.DELETE)
     @ApiOperation(value="删除", notes = "删除", httpMethod = "DELETE", response = ResponseBean.class)
-    @RequiresPermissions("org:delete")
+    @SaCheckPermission("org:delete")
     public ResponseBean taOrgDelete(@ApiParam("对象ID") @PathVariable String id) throws Exception{
 
         int cnt = iSysUserService.countBy("org_id", id, true);
@@ -130,7 +130,7 @@ public class TaOrgController extends BaseController {
      */
     @RequestMapping(value="/admin/org/{id}",method= RequestMethod.PUT)
     @ApiOperation(value="更新", notes = "更新", httpMethod = "PUT", response = ResponseBean.class)
-    @RequiresPermissions("org:update")
+    @SaCheckPermission("org:update")
     public ResponseBean taOrgUpdate(@ApiParam("对象ID") @PathVariable String id,
                                         @ApiParam("更新内容") @RequestBody TaOrg taOrg) throws Exception{
 
@@ -159,7 +159,7 @@ public class TaOrgController extends BaseController {
      */
     @RequestMapping(value="/admin/org/{id}",method= RequestMethod.GET)
     @ApiOperation(value="详情", notes = "详情", httpMethod = "GET", response = ResponseBean.class)
-    @RequiresPermissions("org:view")
+    @SaCheckPermission("org:view")
     public ResponseBean taOrgGet(@ApiParam("对象ID") @PathVariable String id) throws Exception{
         if (!iTaOrgService.canAccessData(id, currentUser().getUserId())) {
             return ResponseBean.error("无权限或者ID不正确");

src/main/java/com/yunzhi/nanyang/controller/TaPersonController.java

@@ -1,12 +1,12 @@
 package com.yunzhi.nanyang.controller;
 
+import cn.dev33.satoken.stp.StpUtil;
 import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.yunzhi.nanyang.common.*;
 import com.yunzhi.nanyang.entity.SysUser;
 import com.yunzhi.nanyang.service.ISysUserService;
-import com.yunzhi.nanyang.shiro.utils.JWTUtil;
 import com.yunzhi.nanyang.vo.PhoneParam;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
@@ -18,7 +18,6 @@ import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RequestParam;
 import com.yunzhi.nanyang.service.ITaPersonService;
 import com.yunzhi.nanyang.entity.TaPerson;
 import org.springframework.web.bind.annotation.RestController;
@@ -222,11 +221,11 @@ public class TaPersonController extends BaseController {
         }
 
         if (iTaPersonService.updateById(taPerson)){
-            // 因为有可能修改 person 为 app 端的人员, 所以此处刷新一次 token
-            String token = JWTUtil.sign(taPerson.getPersonId(), taPerson.getPersonId());
+            StpUtil.logout();
+            StpUtil.login(taPerson.getPersonId(), clientId);
             Map<String, Object> res = new HashMap<>();
             res.put("person", taPerson);
-            res.put("token", token);
+            res.put("token", StpUtil.getTokenValue());
             return ResponseBean.success(res);
         }else {
             return ResponseBean.error("修改失败, 请重试", ResponseBean.ERROR_UNAVAILABLE);

src/main/java/com/yunzhi/nanyang/controller/TaRegionController.java

@@ -9,7 +9,7 @@ import com.yunzhi.nanyang.service.ITaMachineryService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -53,7 +53,7 @@ public class TaRegionController extends BaseController {
      */
     @RequestMapping(value="/admin/region",method= RequestMethod.GET)
     @ApiOperation(value="列表", notes = "列表", httpMethod = "GET", response = ResponseBean.class)
-    @RequiresPermissions("region:view")
+    @SaCheckPermission("region:view")
     public ResponseBean taRegionList(@ApiParam("页码") @RequestParam(value ="pageNum",defaultValue = "1") Integer pageNum,
 									 @ApiParam("单页数据量") @RequestParam(value ="pageSize",defaultValue = "10") Integer pageSize,
                                      @ApiParam("名称") @RequestParam(value ="name", required = false) String name) throws Exception{
@@ -71,7 +71,7 @@ public class TaRegionController extends BaseController {
      */
     @RequestMapping(value="/admin/region",method= RequestMethod.POST)
     @ApiOperation(value="保存", notes = "保存", httpMethod = "POST", response = ResponseBean.class)
-    @RequiresPermissions("region:add")
+    @SaCheckPermission("region:add")
     public ResponseBean taRegionAdd(@ApiParam("保存内容") @RequestBody TaRegion taRegion) throws Exception{
 
         taRegion.setRegionId(null);
@@ -98,7 +98,7 @@ public class TaRegionController extends BaseController {
      */
     @RequestMapping(value="/admin/region/{id}", method= RequestMethod.DELETE)
     @ApiOperation(value="删除", notes = "删除", httpMethod = "DELETE", response = ResponseBean.class)
-    @RequiresPermissions("region:delete")
+    @SaCheckPermission("region:delete")
     public ResponseBean taRegionDelete(@ApiParam("对象ID") @PathVariable String id) throws Exception{
         if(iTaRegionService.removeLogicById(id)){
             return ResponseBean.success("success");
@@ -115,7 +115,7 @@ public class TaRegionController extends BaseController {
      */
     @RequestMapping(value="/admin/region/{id}",method= RequestMethod.PUT)
     @ApiOperation(value="更新", notes = "更新", httpMethod = "PUT", response = ResponseBean.class)
-    @RequiresPermissions("region:update")
+    @SaCheckPermission("region:update")
     public ResponseBean taRegionUpdate(@ApiParam("对象ID") @PathVariable String id,
                                         @ApiParam("更新内容") @RequestBody TaRegion taRegion) throws Exception {
 
@@ -144,7 +144,7 @@ public class TaRegionController extends BaseController {
      */
     @RequestMapping(value="/admin/region/{id}",method= RequestMethod.GET)
     @ApiOperation(value="详情", notes = "详情", httpMethod = "GET", response = ResponseBean.class)
-    @RequiresPermissions("region:view")
+    @SaCheckPermission("region:view")
     public ResponseBean taRegionGet(@ApiParam("对象ID") @PathVariable String id) throws Exception{
         return ResponseBean.success(iTaRegionService.getExistBy("region_id", id, false, true));
     }

src/main/java/com/yunzhi/nanyang/controller/TaUserMachineryController.java

@@ -11,7 +11,7 @@ import com.yunzhi.nanyang.service.ISysUserService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -76,7 +76,7 @@ public class TaUserMachineryController extends BaseController {
      */
     @RequestMapping(value="/admin/user/{userId}/machinery",method= RequestMethod.POST)
     @ApiOperation(value="保存", notes = "保存", httpMethod = "POST", response = ResponseBean.class)
-    @RequiresPermissions("user:update")
+    @SaCheckPermission("user:update")
     public ResponseBean taUserMachineryAdd(@ApiParam("用户ID") @PathVariable String userId,
                                            @ApiParam("保存内容") @RequestBody List<TaUserMachinery> userMachineryList) throws Exception{
 

src/main/java/com/yunzhi/nanyang/controller/TdMachineryTypeController.java

@@ -11,7 +11,7 @@ import com.yunzhi.nanyang.service.ITaMachineryService;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.authz.annotation.RequiresPermissions;
+import cn.dev33.satoken.annotation.SaCheckPermission;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -101,7 +101,7 @@ public class TdMachineryTypeController extends BaseController {
      */
     @RequestMapping(value="/admin/machinery-type",method= RequestMethod.POST)
     @ApiOperation(value="保存", notes = "保存", httpMethod = "POST", response = ResponseBean.class)
-    @RequiresPermissions("machinetype:add")
+    @SaCheckPermission("machinetype:add")
     public ResponseBean tdMachineryTypeAdd(@ApiParam("保存内容") @RequestBody TdMachineryType tdMachineryType) throws Exception{
 
         tdMachineryType.setTypeId(null);
@@ -128,7 +128,7 @@ public class TdMachineryTypeController extends BaseController {
      */
     @RequestMapping(value="/admin/machinery-type/{id}", method= RequestMethod.DELETE)
     @ApiOperation(value="删除", notes = "删除", httpMethod = "DELETE", response = ResponseBean.class)
-    @RequiresPermissions("machinetype:delete")
+    @SaCheckPermission("machinetype:delete")
     public ResponseBean tdMachineryTypeDelete(@ApiParam("对象ID") @PathVariable String id) throws Exception{
 
         TdMachineryType tdMachineryType = iTdMachineryTypeService.getExistBy("type_id", id, false, true);
@@ -157,7 +157,7 @@ public class TdMachineryTypeController extends BaseController {
      */
     @RequestMapping(value="/admin/machinery-type/{id}",method= RequestMethod.PUT)
     @ApiOperation(value="更新", notes = "更新", httpMethod = "PUT", response = ResponseBean.class)
-    @RequiresPermissions("machinetype:update")
+    @SaCheckPermission("machinetype:update")
     public ResponseBean tdMachineryTypeUpdate(@ApiParam("对象ID") @PathVariable String id,
                                         @ApiParam("更新内容") @RequestBody TdMachineryType tdMachineryType) throws Exception{
         tdMachineryType.setTypeId(id);

src/main/java/com/yunzhi/nanyang/controller/WxMaController.java

@@ -4,6 +4,7 @@ import cn.binarywang.wx.miniapp.api.WxMaService;
 import cn.binarywang.wx.miniapp.bean.WxMaJscode2SessionResult;
 import cn.binarywang.wx.miniapp.bean.WxMaPhoneNumberInfo;
 import cn.binarywang.wx.miniapp.bean.WxMaUserInfo;
+import cn.dev33.satoken.stp.StpUtil;
 import com.yunzhi.nanyang.common.*;
 import com.yunzhi.nanyang.entity.SysMiniapp;
 import com.yunzhi.nanyang.entity.TaMessageTemplate;
@@ -11,7 +12,6 @@ import com.yunzhi.nanyang.entity.TaPerson;
 import com.yunzhi.nanyang.service.ISysMiniappService;
 import com.yunzhi.nanyang.service.ITaMessageTemplateService;
 import com.yunzhi.nanyang.service.ITaPersonService;
-import com.yunzhi.nanyang.shiro.utils.JWTUtil;
 import com.yunzhi.nanyang.vo.LoginParam;
 import com.yunzhi.nanyang.vo.WxMaAuthParam;
 import com.yunzhi.nanyang.vo.WxMaPreload;
@@ -114,12 +114,10 @@ public class WxMaController extends BaseController {
             iTaPersonService.tryBindUser(taPerson);
         }
 
-        // 生成 token
-        String token = JWTUtil.sign(taPerson.getPersonId(), taPerson.getPersonId());
-
+        StpUtil.login(taPerson.getPersonId(), clientId);
         Map<String, Object> res = new HashMap<>();
         res.put("person", taPerson);
-        res.put("token", token);
+        res.put("token", StpUtil.getTokenValue());
         res.put("sessionKey", sessionKey);
 
         return ResponseBean.success(res);

src/main/java/com/yunzhi/nanyang/exception/GlobalExceptionHandler.java

@@ -1,8 +1,8 @@
 package com.yunzhi.nanyang.exception;
 
+import cn.dev33.satoken.exception.SaTokenException;
 import com.yunzhi.nanyang.common.ResponseBean;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.shiro.authz.UnauthorizedException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
@@ -16,7 +16,7 @@ public class GlobalExceptionHandler {
     public ResponseBean handleException(Exception e){
         e.printStackTrace();
 
-        if (e instanceof UnauthorizedException) {
+        if (e instanceof SaTokenException) {
             return ResponseBean.error("暂无权限进行当前操作", ResponseBean.ERROR_UNAUTHORIZED);
         }
 

src/main/java/com/yunzhi/nanyang/mapper/SysRoleMapper.java

@@ -7,7 +7,7 @@ import org.apache.ibatis.annotations.Mapper;
 import org.apache.ibatis.annotations.Param;
 import org.apache.ibatis.annotations.Select;
 
-import java.util.Set;
+import java.util.List;
 
 /**
  * <p>
@@ -21,7 +21,7 @@ import java.util.Set;
 public interface SysRoleMapper extends BaseMapper<SysRole> {
 
     @Select("select role_id from sys_role")
-    Set<String> getAllRole();
+    List<String> getAllRole();
 
     IPage<SysRole> getPageBy(IPage<SysRole> pg,
                              @Param("isAdmin") boolean isAdmin,

src/main/java/com/yunzhi/nanyang/mapper/SysRolePermissionMapper.java

@@ -6,7 +6,6 @@ import org.apache.ibatis.annotations.Mapper;
 import org.apache.ibatis.annotations.Param;
 
 import java.util.List;
-import java.util.Set;
 
 /**
  * <p>
@@ -19,7 +18,7 @@ import java.util.Set;
 @Mapper
 public interface SysRolePermissionMapper extends BaseMapper<SysRolePermission> {
 
-    Set<String> getPermissionByUser(@Param("isAdmin") boolean isAdmin,
+    List<String> getPermissionByUser(@Param("isAdmin") boolean isAdmin,
                                     @Param("userId") String userId);
 
     List<SysRolePermission> listBy(@Param("roleId") String roleId);

src/main/java/com/yunzhi/nanyang/mapper/SysUserRoleMapper.java

@@ -6,7 +6,6 @@ import org.apache.ibatis.annotations.Mapper;
 import org.apache.ibatis.annotations.Param;
 
 import java.util.List;
-import java.util.Set;
 
 /**
  * <p>
@@ -19,7 +18,7 @@ import java.util.Set;
 @Mapper
 public interface SysUserRoleMapper extends BaseMapper<SysUserRole> {
 
-    Set<String> getRoleByUser(@Param("userId") String userId);
+    List<String> getRoleByUser(@Param("userId") String userId);
 
     List<SysUserRole> listByUser(@Param("userId") String userId);
 }

src/main/java/com/yunzhi/nanyang/service/impl/ManagerServiceImpl.java

@@ -1,16 +1,17 @@
 package com.yunzhi.nanyang.service.impl;
 
+import cn.dev33.satoken.stp.StpInterface;
 import com.yunzhi.nanyang.common.Constants;
 import com.yunzhi.nanyang.entity.*;
 import com.yunzhi.nanyang.mapper.*;
-import com.yunzhi.nanyang.shiro.realms.manager.IManagerService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import java.util.List;
 import java.util.Set;
 
 @Service
-public class ManagerServiceImpl implements IManagerService {
+public class ManagerServiceImpl implements StpInterface {
 
     @Autowired
     SysLoginMapper sysLoginMapper;
@@ -31,18 +32,8 @@ public class ManagerServiceImpl implements IManagerService {
     SysPermissionMapper sysPermissionMapper;
 
     @Override
-    public Boolean verify(String id) {
-        SysLogin sysLogin = sysLoginMapper.selectById(id);
-        if (null == sysLogin || sysLogin.getStatus() != Constants.STATUS_NORMAL) {
-            return false;
-        }
-
-        return true;
-    }
-
-    @Override
-    public Set<String> getRolesByLoginId(String id) {
-        SysLogin sysLogin = sysLoginMapper.selectById(id);
+    public List<String> getRoleList(Object loginId, String loginType) {
+        SysLogin sysLogin = sysLoginMapper.selectById(loginId.toString());
 
         if (sysLogin.getUserId().equals(Constants.ADMIN_ID)) {
             return sysRoleMapper.getAllRole();
@@ -52,8 +43,8 @@ public class ManagerServiceImpl implements IManagerService {
     }
 
     @Override
-    public Set<String> getPermissionsLoginId(String id) {
-        SysLogin sysLogin = sysLoginMapper.selectById(id);
+    public List<String> getPermissionList(Object loginId, String loginType) {
+        SysLogin sysLogin = sysLoginMapper.selectById(loginId.toString());
         String userId = sysLogin.getUserId();
         boolean isAdmin = userId.equals(Constants.ADMIN_ID);
 

src/main/java/com/yunzhi/nanyang/shiro/ShiroConfig.java

@@ -1,106 +0,0 @@
-package com.yunzhi.nanyang.shiro;
-
-import com.yunzhi.nanyang.shiro.filters.JWTFilter;
-import com.yunzhi.nanyang.shiro.filters.ManagerFilter;
-import com.yunzhi.nanyang.shiro.filters.MiniappFilter;
-import com.yunzhi.nanyang.shiro.matcher.JWTCredentialsMatcher;
-import com.yunzhi.nanyang.shiro.realms.manager.IManagerService;
-import com.yunzhi.nanyang.shiro.realms.manager.ManagerRealm;
-import com.yunzhi.nanyang.shiro.realms.miniapp.MiniappRealm;
-import org.apache.shiro.authc.Authenticator;
-import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
-import org.apache.shiro.authc.pam.FirstSuccessfulStrategy;
-import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
-import org.apache.shiro.authz.Authorizer;
-import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
-import org.apache.shiro.mgt.DefaultSubjectDAO;
-import org.apache.shiro.realm.Realm;
-import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
-import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-import javax.servlet.Filter;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-@Configuration
-public class ShiroConfig {
-
-    @Autowired
-    IManagerService iManagerService;
-
-    @Value("${shiro.unauthorizedUrl}")
-    private String unauthorizedUrl;
-
-    @Value("#{${shiro.filterRuleMap}}")
-    private Map<String, String> filterRuleMap;
-
-    @Bean
-    public ManagerRealm managerRealm() {
-        ManagerRealm realm = new ManagerRealm();
-        realm.setManagerService(iManagerService);
-        realm.setCredentialsMatcher(new JWTCredentialsMatcher());
-        return realm;
-    }
-
-    @Bean
-    public MiniappRealm miniappRealm() {
-        MiniappRealm realm = new MiniappRealm();
-        realm.setCredentialsMatcher(new JWTCredentialsMatcher());
-        return realm;
-    }
-
-    @Bean("shiroFilterFactoryBean")
-    public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
-        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
-
-        // 手动加入 Filter
-        ManagerFilter managerFilter = new ManagerFilter();
-        managerFilter.setUnauthorizedUrl(unauthorizedUrl);
-        MiniappFilter miniappFilter = new MiniappFilter();
-        miniappFilter.setUnauthorizedUrl(unauthorizedUrl);
-
-        Map<String, Filter> filterMap = new HashMap<>();
-        filterMap.put("manager", managerFilter);
-        filterMap.put("miniapp", miniappFilter);
-        factoryBean.setFilters(filterMap);
-
-        factoryBean.setSecurityManager(securityManager);
-        factoryBean.setUnauthorizedUrl(unauthorizedUrl);
-
-        factoryBean.setFilterChainDefinitionMap(filterRuleMap);
-        return factoryBean;
-    }
-
-    @Bean("securityManager")
-    public DefaultWebSecurityManager securityManager() {
-        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
-        // 修改多 Realm 的处理逻辑
-        ModularRealmAuthenticator realmAuthenticator = (ModularRealmAuthenticator) manager.getAuthenticator();
-        // 主要有一个 Realm 成功, 就立即返回
-        realmAuthenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
-
-        //  Use your own realm
-        List<Realm> realmList = new ArrayList<Realm>() {{
-            add(managerRealm());
-            add(miniappRealm());
-        }};
-        manager.setRealms(realmList);
-
-        /*
-         * 禁用 session
-         */
-        DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
-        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
-        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
-        subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
-        manager.setSubjectDAO(subjectDAO);
-
-        return manager;
-    }
-}

src/main/java/com/yunzhi/nanyang/shiro/filters/JWTFilter.java

@@ -1,84 +0,0 @@
-package com.yunzhi.nanyang.shiro.filters;
-
-import com.yunzhi.nanyang.shiro.utils.JWTUtil;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
-import org.apache.shiro.web.util.WebUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.URLEncoder;
-
-public abstract class JWTFilter extends AuthenticatingFilter {
-
-    private Logger LOGGER = LoggerFactory.getLogger(this.getClass());
-
-    public final static String JWT_HEADER = "Authorization";
-
-    // token 刷新频率
-    private final static long REFRESH_MILLS = 99 * 24 * 60 * 1000;
-
-    private String unauthorizedUrl;
-    public void setUnauthorizedUrl(String unauthorizedUrl) {
-        this.unauthorizedUrl = unauthorizedUrl;
-    }
-
-    @Override
-    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
-        try {
-            return executeLogin(request, response);
-        } catch (Exception e) {
-            response401(request, response, e);
-        }
-
-        return false;
-    }
-
-    @Override
-    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
-        return false;
-    }
-
-    @Override
-    protected abstract AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception;
-
-    // 主要用来刷新 token
-    @Override
-    protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
-        String originToken = token.getPrincipal().toString();
-
-        long diff = System.currentTimeMillis() - JWTUtil.getExpDate(originToken).getTime();
-        if (diff >= REFRESH_MILLS) {
-            HttpServletResponse httpServletResponse = WebUtils.toHttp(response);
-            httpServletResponse.setHeader(JWT_HEADER, JWTUtil.refresh(originToken));
-        }
-
-        return true;
-    }
-
-    /**
-     *Jump illegal request to / 401
-     */
-    protected void response401(ServletRequest request, ServletResponse response, Exception e) {
-        String message = "";
-        if (e != null) {
-            try {
-                message = URLEncoder.encode(e.getMessage(), "UTF-8");
-            } catch (UnsupportedEncodingException ex) {
-                //
-            }
-        }
-
-        try {
-            WebUtils.toHttp(response).sendRedirect(unauthorizedUrl + "?msg=" + message);
-        } catch (IOException e1) {
-            LOGGER.error(e1.getMessage());
-        }
-    }
-}

src/main/java/com/yunzhi/nanyang/shiro/filters/ManagerFilter.java

@@ -1,29 +0,0 @@
-package com.yunzhi.nanyang.shiro.filters;
-
-import com.yunzhi.nanyang.shiro.utils.JWTToken;
-import com.yunzhi.nanyang.shiro.utils.MiniappToken;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.web.util.WebUtils;
-
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-
-/**
- * ManagerFilter 与 MiniappFilter 实际上是一样的，只是返回的 token 类型不一致
- */
-public class ManagerFilter extends JWTFilter {
-
-    @Override
-    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
-        HttpServletRequest request = WebUtils.toHttp(servletRequest);
-        String authorization = request.getHeader(JWT_HEADER);
-        if (authorization == null || "".equals(authorization)) {
-            throw new Exception("请先登录系统");
-        }
-
-        return new JWTToken(authorization);
-    }
-
-
-}

src/main/java/com/yunzhi/nanyang/shiro/filters/MiniappFilter.java

@@ -1,24 +0,0 @@
-package com.yunzhi.nanyang.shiro.filters;
-
-import com.yunzhi.nanyang.shiro.utils.MiniappToken;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.web.util.WebUtils;
-
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-
-public class MiniappFilter  extends JWTFilter {
-
-    @Override
-    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
-        HttpServletRequest request = WebUtils.toHttp(servletRequest);
-        String authorization = request.getHeader(JWT_HEADER);
-        if (authorization == null || "".equals(authorization)) {
-            throw new Exception("请先登录系统");
-        }
-
-        return new MiniappToken(authorization);
-    }
-
-}

src/main/java/com/yunzhi/nanyang/shiro/matcher/JWTCredentialsMatcher.java

@@ -1,16 +0,0 @@
-package com.yunzhi.nanyang.shiro.matcher;
-
-import org.apache.shiro.authc.AuthenticationInfo;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.authc.credential.CredentialsMatcher;
-
-public class JWTCredentialsMatcher implements CredentialsMatcher {
-    @Override
-    public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {
-//        String token = authenticationToken.getCredentials().toString();
-//        return JWTUtil.verify(token);
-
-        // 校验在 realm 做过了
-        return true;
-    }
-}

src/main/java/com/yunzhi/nanyang/shiro/realms/manager/IManagerService.java

@@ -1,31 +0,0 @@
-package com.yunzhi.nanyang.shiro.realms.manager;
-
-import java.util.Set;
-
-/**
- *
- */
-public interface IManagerService {
-
-    /**
-     * 校验用户状态
-     * @param id
-     * @return
-     */
-    Boolean verify(String id);
-
-    /**
-     * 获取用户角色
-     * @param id
-     * @return
-     */
-    Set<String> getRolesByLoginId(String id);
-
-    /**
-     * 获取用户权限
-     * @param id
-     * @return
-     */
-    Set<String> getPermissionsLoginId(String id);
-
-}

src/main/java/com/yunzhi/nanyang/shiro/realms/manager/ManagerRealm.java

@@ -1,77 +0,0 @@
-package com.yunzhi.nanyang.shiro.realms.manager;
-
-import com.auth0.jwt.exceptions.JWTDecodeException;
-import com.auth0.jwt.exceptions.TokenExpiredException;
-import com.yunzhi.nanyang.shiro.utils.JWTToken;
-import com.yunzhi.nanyang.shiro.utils.JWTUtil;
-import lombok.extern.slf4j.Slf4j;
-import org.apache.shiro.authc.*;
-import org.apache.shiro.authz.AuthorizationInfo;
-import org.apache.shiro.authz.SimpleAuthorizationInfo;
-import org.apache.shiro.realm.AuthorizingRealm;
-import org.apache.shiro.subject.PrincipalCollection;
-
-import java.util.Set;
-
-@Slf4j
-public class ManagerRealm extends AuthorizingRealm {
-
-    IManagerService iManagerService;
-
-    @Override
-    public String getName() {
-        return "managerRealm";
-    }
-
-    public void setManagerService(IManagerService iManagerService) {
-        this.iManagerService = iManagerService;
-    }
-
-    @Override
-    public boolean supports(AuthenticationToken token) {
-        return token instanceof JWTToken;
-    }
-
-    @Override
-    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
-        // 获取用户角色，权限
-        String token = (String) principalCollection.getPrimaryPrincipal();
-        String loginId = JWTUtil.getLoginId(token);
-        Set<String> roles = iManagerService.getRolesByLoginId(loginId);
-        Set<String> permissions = iManagerService.getPermissionsLoginId(loginId);
-
-        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
-        simpleAuthorizationInfo.setStringPermissions(permissions);
-        simpleAuthorizationInfo.setRoles(roles);
-        return simpleAuthorizationInfo;
-    }
-
-    @Override
-    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
-        log.info("===========ManagerRealm===========");
-
-        String token = (String) authenticationToken.getPrincipal();
-
-        // 这里进行 token 验证, CredentialsMatcher 就不做了
-        try {
-            JWTUtil.verify(token);
-        } catch (JWTDecodeException e1) {
-            throw new AuthenticationException("非法的权限凭证");
-        } catch (TokenExpiredException e2) {
-            throw new ExpiredCredentialsException("授权过期, 请重新登录");
-        } catch (Exception e) {
-            e.printStackTrace();
-            throw new AuthenticationException("凭证校验失败, 请重新登录");
-        }
-
-
-        String loginId = JWTUtil.getLoginId(token);
-
-        if (!iManagerService.verify(loginId)) {
-            throw new LockedAccountException("用户不存在或者状态异常");
-        }
-
-        // 交给 AuthenticatingRealm 使用 CredentialsMatcher 行校验
-        return new SimpleAuthenticationInfo(token, token, getName());
-    }
-}

src/main/java/com/yunzhi/nanyang/shiro/realms/miniapp/MiniappRealm.java

@@ -1,44 +0,0 @@
-package com.yunzhi.nanyang.shiro.realms.miniapp;
-
-import com.auth0.jwt.exceptions.JWTDecodeException;
-import com.auth0.jwt.exceptions.TokenExpiredException;
-import com.yunzhi.nanyang.shiro.utils.JWTUtil;
-import com.yunzhi.nanyang.shiro.utils.MiniappToken;
-import lombok.extern.slf4j.Slf4j;
-import org.apache.shiro.authc.*;
-import org.apache.shiro.realm.AuthenticatingRealm;
-
-@Slf4j
-public class MiniappRealm extends AuthenticatingRealm {
-
-    @Override
-    public String getName() {
-        return "miniappRealm";
-    }
-
-    @Override
-    public boolean supports(AuthenticationToken token) {
-        return token instanceof MiniappToken;
-    }
-
-    @Override
-    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
-        log.info("===========MiniappRealm===========");
-
-        String token = (String) authenticationToken.getPrincipal();
-
-        // 这里进行 token 验证, CredentialsMatcher 就不做了
-        try {
-            JWTUtil.verify(token);
-        } catch (JWTDecodeException e1) {
-            throw new AuthenticationException("非法的权限凭证");
-        } catch (TokenExpiredException e2) {
-            throw new ExpiredCredentialsException("授权过期, 请重新登录");
-        } catch (Exception e) {
-            e.printStackTrace();
-            throw new AuthenticationException("凭证校验失败, 请重新登录");
-        }
-        // 交给 AuthenticatingRealm 使用 CredentialsMatcher 行校验
-        return new SimpleAuthenticationInfo(token, token, getName());
-    }
-}

src/main/java/com/yunzhi/nanyang/shiro/utils/JWTToken.java

@@ -1,23 +0,0 @@
-package com.yunzhi.nanyang.shiro.utils;
-
-import org.apache.shiro.authc.AuthenticationToken;
-
-public class JWTToken implements AuthenticationToken {
-
-    //Key
-    private String token;
-
-    public JWTToken(String token) {
-        this.token = token;
-    }
-
-    @Override
-    public Object getPrincipal() {
-        return token;
-    }
-
-    @Override
-    public Object getCredentials() {
-        return token;
-    }
-}

src/main/java/com/yunzhi/nanyang/shiro/utils/JWTUtil.java

@@ -1,66 +0,0 @@
-package com.yunzhi.nanyang.shiro.utils;
-
-import com.auth0.jwt.JWT;
-import com.auth0.jwt.algorithms.Algorithm;
-import com.auth0.jwt.exceptions.JWTDecodeException;
-import com.auth0.jwt.exceptions.JWTVerificationException;
-import com.auth0.jwt.interfaces.DecodedJWT;
-import com.auth0.jwt.interfaces.JWTVerifier;
-
-import java.util.Date;
-
-/**
- * 一个通用版本的 JWT
- */
-public class JWTUtil {
-
-    // token 生存周期
-    private static final long EXPIRE_TIME = 7 * 24 * 60 * 60 * 1000;
-
-    public static String getLoginId(String token) {
-        try {
-            DecodedJWT jwt = JWT.decode(token);
-            return jwt.getSubject();
-        } catch (JWTDecodeException e) {
-            return null;
-        }
-    }
-
-    public static Date getExpDate(String token) {
-        try {
-            DecodedJWT jwt = JWT.decode(token);
-            return jwt.getExpiresAt();
-        } catch (JWTDecodeException e) {
-            return null;
-        }
-    }
-
-    public static String sign(String loginId, String secret) {
-        Date date = new Date(System.currentTimeMillis()+EXPIRE_TIME);
-        Algorithm algorithm = Algorithm.HMAC256(secret);
-
-        return JWT.create()
-                .withSubject(loginId)
-                .withExpiresAt(date)
-                .withClaim("secret", secret)
-                .sign(algorithm);
-    }
-
-    public static String refresh(String token) throws Exception {
-        DecodedJWT jwt = JWT.decode(token);
-        String loginId = jwt.getSubject();
-        String secret = jwt.getClaim("secret").asString();
-
-        return sign(loginId, secret);
-    }
-
-    public static void verify(String token) throws JWTVerificationException {
-        DecodedJWT jwt = JWT.decode(token);
-        String loginId = jwt.getSubject();
-        String secret = jwt.getClaim("secret").asString();
-        Algorithm algorithm = Algorithm.HMAC256(secret);
-        JWTVerifier verifier = JWT.require(algorithm).withSubject(loginId).build();
-        verifier.verify(jwt);
-    }
-
-}

src/main/java/com/yunzhi/nanyang/shiro/utils/MiniappToken.java

@@ -1,23 +0,0 @@
-package com.yunzhi.nanyang.shiro.utils;
-
-import org.apache.shiro.authc.AuthenticationToken;
-
-public class MiniappToken implements AuthenticationToken {
-
-    //Key
-    private String token;
-
-    public MiniappToken(String token) {
-        this.token = token;
-    }
-
-    @Override
-    public Object getPrincipal() {
-        return token;
-    }
-
-    @Override
-    public Object getCredentials() {
-        return token;
-    }
-}

src/main/resources/application.yml

@@ -4,23 +4,24 @@ server:
   servlet:
     context-path: /api
 
-###
-shiro:
-  enabled: true
-  unauthorizedUrl: /api/401
-  filterRuleMap: '{
-    "/wxpay/notify/**": "anon",
-    "/**/sms-captcha": "anon",
-    "/**/**/sms-captcha": "anon",
-    "/**/preload": "anon",
-    "/**/login": "anon",
-    "/**/**/login": "anon",
-    "/admin/**": "manager",
-    "/wx/**": "miniapp",
-    "/android/**": "miniapp",
-    "/ios/**": "miniapp",
-    "/**": "anon"
-  }'
+# Sa-Token配置
+sa-token:
+  # jwt秘钥
+  jwt-secret-key: Q920tdPkkDxnSv4dd6cqE6jNDT2OKT7L
+  # token名称 (同时也是cookie名称)
+  token-name: Authorization
+  # token有效期，单位s 默认30天, -1代表永不过期
+  timeout: 2592000
+  # token临时有效期 (指定时间内无操作就视为token过期) 单位: 秒
+  activity-timeout: -1
+  # 是否允许同一账号并发登录 (为true时允许一起登录, 为false时新登录挤掉旧登录)
+  is-concurrent: true
+  # 在多人登录同一账号时，是否共用一个token (为true时所有登录共用一个token, 为false时每次登录新建一个token)
+  is-share: false
+  # token风格
+  token-style: uuid
+  # 是否输出操作日志
+  is-log: false
 
 ###
 mybatis-plus: