feats

deploy/bootstrap

@@ -2,4 +2,4 @@
 #
 #
 
-java -jar ./ubpa-0.0.5.jar
+java -jar ./ubpa-0.0.6.jar

deploy/s.yml

@@ -15,7 +15,7 @@ services:
         name: ubpa-func
         description: 'ubpa-func'
         ossBucket: yz-serverless
-        ossKey: ubpa/ubpa-0.0.5.zip
+        ossKey: ubpa/ubpa-0.0.6.zip
         handler: 'com.njyunzhi.ubpa.UbpaApplication::main'
         memorySize: 1024
         timeout: 30

pom.xml

@@ -10,7 +10,7 @@
 	</parent>
 	<groupId>com.njyunzhi</groupId>
 	<artifactId>ubpa</artifactId>
-	<version>0.0.5</version>
+	<version>0.0.6</version>
 	<name>ubpa</name>
 	<description>Demo project for Spring Boot</description>
 
@@ -100,22 +100,19 @@
 		</dependency>
 		<!--swagger end-->
 
-
-		<!-- shiro start-->
+		<!-- Sa-Token 权限认证, 在线文档：http://sa-token.dev33.cn/ -->
 		<dependency>
-			<groupId>org.apache.shiro</groupId>
-			<artifactId>shiro-spring-boot-web-starter</artifactId>
-			<version>1.8.0</version>
+			<groupId>cn.dev33</groupId>
+			<artifactId>sa-token-spring-boot-starter</artifactId>
+			<version>1.29.0</version>
 		</dependency>
-		<!-- shiro end-->
 
-		<!-- jwt start -->
+		<!-- Sa-Token 整合 jwt -->
 		<dependency>
-			<groupId>com.auth0</groupId>
-			<artifactId>java-jwt</artifactId>
-			<version>3.18.3</version>
+			<groupId>cn.dev33</groupId>
+			<artifactId>sa-token-jwt</artifactId>
+			<version>1.29.0</version>
 		</dependency>
-		<!-- end start -->
 
 	</dependencies>
 

src/main/java/com/njyunzhi/ubpa/common/BaseController.java

@@ -1,10 +1,10 @@
 package com.njyunzhi.ubpa.common;
 
+import cn.dev33.satoken.stp.StpUtil;
 import com.njyunzhi.ubpa.entity.SysUser;
+import com.njyunzhi.ubpa.entity.TaUser;
 import com.njyunzhi.ubpa.service.ISysUserService;
-import com.njyunzhi.ubpa.shiro.utils.JWTUtil;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.subject.Subject;
+import com.njyunzhi.ubpa.service.ITaUserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
@@ -14,23 +14,30 @@ public class BaseController {
     @Autowired
     ISysUserService iSysUserService;
 
-    public String getLoginId() {
-        Subject subject = SecurityUtils.getSubject();
-        String token = subject.getPrincipal().toString();
+    @Autowired
+    ITaUserService iTaUserService;
 
-//        List<Object> list = Arrays.asList(subject.getPrincipals().fromRealm("managerRealm").toArray());
-//        String token = list.get(0).toString();
+    public SysUser currentAdmin() throws Exception {
+        String loginId = StpUtil.getLoginIdAsString();
+        if (StringUtils.isEmpty(loginId)) {
+            throw new Exception("请先登录");
+        }
 
-        return JWTUtil.getLoginId(token);
+        SysUser user = iSysUserService.getById(loginId);
+        if (user == null || user.getStatus() == Constants.STATUS_DELETE) {
+            throw new Exception("人员不存在");
+        }
+
+        return user;
     }
 
-    public SysUser currentUser() throws Exception {
-        String loginId = getLoginId();
+    public TaUser currentUser() throws Exception {
+        String loginId = StpUtil.getLoginIdAsString();
         if (StringUtils.isEmpty(loginId)) {
             throw new Exception("请先登录");
         }
 
-        SysUser user = iSysUserService.getById(loginId);
+        TaUser user = iTaUserService.getById(loginId);
         if (user == null || user.getStatus() == Constants.STATUS_DELETE) {
             throw new Exception("人员不存在");
         }

src/main/java/com/njyunzhi/ubpa/config/SaTokenConfigure.java

@@ -0,0 +1,44 @@
+package com.njyunzhi.ubpa.config;
+
+import cn.dev33.satoken.interceptor.SaRouteInterceptor;
+import cn.dev33.satoken.jwt.StpLogicJwtForStateless;
+import cn.dev33.satoken.stp.StpLogic;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import java.util.ArrayList;
+import java.util.List;
+
+@Configuration
+public class SaTokenConfigure implements WebMvcConfigurer {
+    // 注册拦截器
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+
+        List<String> anonList = new ArrayList<>();
+        anonList.add("/swagger-ui/**");
+        anonList.add("/swagger-resources/**");
+        anonList.add("/v2/**");
+//        anonList.add("/wxpay/notify/**");
+        anonList.add("/**/sms-captcha");
+        anonList.add("/**/**/sms-captcha");
+        anonList.add("/**/preload");
+        anonList.add("/**/login");
+        anonList.add("/**/**/login");
+
+        // 注册Sa-Token的路由拦截器
+        registry.addInterceptor(new SaRouteInterceptor())
+                .addPathPatterns("/**")
+                .excludePathPatterns(anonList.toArray(new String[0]));
+    }
+
+
+
+    // Sa-Token 整合 jwt (Style模式)
+    @Bean
+    public StpLogic getStpLogicJwt() {
+        return new StpLogicJwtForStateless();
+    }
+}

src/main/java/com/njyunzhi/ubpa/controller/LoginController.java

@@ -1,18 +1,16 @@
 package com.njyunzhi.ubpa.controller;
 
+import cn.dev33.satoken.stp.StpUtil;
 import com.njyunzhi.ubpa.common.*;
 import com.njyunzhi.ubpa.entity.SysSetting;
 import com.njyunzhi.ubpa.entity.SysUser;
 import com.njyunzhi.ubpa.service.ISysSettingService;
 import com.njyunzhi.ubpa.service.ISysUserService;
-import com.njyunzhi.ubpa.shiro.utils.JWTUtil;
 import com.njyunzhi.ubpa.vo.ChangePassword;
 import com.njyunzhi.ubpa.vo.LoginParam;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
-import org.apache.shiro.SecurityUtils;
-import org.apache.shiro.subject.Subject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.*;
 
@@ -61,10 +59,11 @@ public class LoginController extends BaseController {
 
         Map<String, Object> res = new HashMap<>();
         res.put("user", sysUser);
+        res.put("roleAlias", "admin");
 
         // 生成 token
-        String token = JWTUtil.sign(sysUser.getUserId(), sysUser.getUserId());
-        res.put("token", token);
+        StpUtil.login(sysUser.getUserId(), "admin");
+        res.put("token", StpUtil.getTokenValue());
 
         // 获取填报客户端地址
         SysSetting sysSetting = iSysSettingService.getById(Constants.SETTING_REPORT_URL);
@@ -76,7 +75,7 @@ public class LoginController extends BaseController {
     @GetMapping("/admin/currentUser")
     @ApiOperation(value="当前用户", notes = "当前用户", httpMethod = "GET", response = ResponseBean.class)
     public ResponseBean getCurrentUser() throws Exception {
-        SysUser sysUser = currentUser();
+        SysUser sysUser = currentAdmin();
 
         if (sysUser.getStatus() != Constants.STATUS_NORMAL) {
             return ResponseBean.error("账户异常", ResponseBean.ERROR_ILLEGAL_PARAMS);
@@ -87,6 +86,7 @@ public class LoginController extends BaseController {
         sysUser.setPassword(null);
         Map<String, Object> res = new HashMap<>();
         res.put("user", sysUser);
+        res.put("roleAlias", "admin");
         res.put(Constants.SETTING_REPORT_URL, sysSetting.getContent());
 
         return ResponseBean.success(res);
@@ -95,8 +95,7 @@ public class LoginController extends BaseController {
     @PostMapping("/admin/logout")
     @ApiOperation(value="登出", notes = "登出", httpMethod = "POST", response = ResponseBean.class)
     public ResponseBean logout() throws Exception {
-        Subject subject = SecurityUtils.getSubject();
-        subject.logout();
+        StpUtil.logout();
         return ResponseBean.success("success");
     }
 
@@ -113,7 +112,7 @@ public class LoginController extends BaseController {
             return ResponseBean.error("原始密码或新密码不能为空", ResponseBean.ERROR_ILLEGAL_PARAMS);
         }
 
-        SysUser currentUser = currentUser();
+        SysUser currentUser = currentAdmin();
 
         if (!checkPassword(param.getOriginPassword(), currentUser.getPassword(), currentUser.getUserId())) {
             return ResponseBean.error("原始密码不正确", ResponseBean.ERROR_ILLEGAL_PARAMS);
@@ -125,7 +124,6 @@ public class LoginController extends BaseController {
         return ResponseBean.success("密码修改成功");
     }
 
-
     private boolean checkPassword(String src, String targ, String salt) {
         return EncryptUtils.md5(src, salt).equals(targ);
     }

src/main/java/com/njyunzhi/ubpa/controller/OrgLoginController.java

@@ -0,0 +1,131 @@
+package com.njyunzhi.ubpa.controller;
+
+import cn.dev33.satoken.stp.StpUtil;
+import com.njyunzhi.ubpa.common.*;
+import com.njyunzhi.ubpa.entity.SysSetting;
+import com.njyunzhi.ubpa.entity.TaUser;
+import com.njyunzhi.ubpa.service.ISysSettingService;
+import com.njyunzhi.ubpa.service.ITaUserService;
+import com.njyunzhi.ubpa.vo.ChangePassword;
+import com.njyunzhi.ubpa.vo.LoginParam;
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
+import io.swagger.annotations.ApiParam;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.HashMap;
+import java.util.Map;
+
+
+@Api(tags = "企业登入/登出")
+@RestController
+@RequestMapping("/admin/org")
+public class OrgLoginController extends BaseController {
+
+    @Autowired
+    ITaUserService iTaUserService;
+
+    @Autowired
+    ISysSettingService iSysSettingService;
+
+    @PostMapping("/login")
+    @ApiOperation(value="登录", notes = "登录", httpMethod = "POST", response = ResponseBean.class)
+    public ResponseBean login(@ApiParam("登录参数") @RequestBody LoginParam loginParam) throws Exception {
+        if (null == loginParam) {
+            return ResponseBean.error("账户或密码不能为空", ResponseBean.ERROR_ILLEGAL_PARAMS);
+        }
+
+        String userName = loginParam.getUserName();
+        String password = loginParam.getPassword();
+
+        if (StringUtils.isEmpty(userName) || StringUtils.isEmpty(password)) {
+            return ResponseBean.error("账户或密码不能为空", ResponseBean.ERROR_ILLEGAL_PARAMS);
+        }
+
+        TaUser taUser = iTaUserService.getExistBy("login_name", userName, false, true);
+        if (null == taUser) {
+            return ResponseBean.error("账户或密码不正确", ResponseBean.ERROR_ILLEGAL_PARAMS);
+        }
+
+        if (taUser.getStatus() != Constants.STATUS_NORMAL) {
+            return ResponseBean.error("账户异常", ResponseBean.ERROR_ILLEGAL_PARAMS);
+        }
+
+        if (!checkPassword(password, taUser.getPassword(), taUser.getUserId())) {
+            return ResponseBean.error("账户或密码不正确", ResponseBean.ERROR_ILLEGAL_PARAMS);
+        }
+
+        taUser.setPassword(null);
+
+        Map<String, Object> res = new HashMap<>();
+        res.put("user", taUser);
+        res.put("roleAlias", "org");
+
+        // 生成 token
+        StpUtil.login(taUser.getUserId(), "org");
+        res.put("token", StpUtil.getTokenValue());
+
+        // 获取填报客户端地址
+        SysSetting sysSetting = iSysSettingService.getById(Constants.SETTING_REPORT_URL);
+        res.put(Constants.SETTING_REPORT_URL, sysSetting.getContent());
+
+        return ResponseBean.success(res);
+    }
+
+    @GetMapping("/currentUser")
+    @ApiOperation(value="当前用户", notes = "当前用户", httpMethod = "GET", response = ResponseBean.class)
+    public ResponseBean getCurrentUser() throws Exception {
+        TaUser taUser = currentUser();
+
+        if (taUser.getStatus() != Constants.STATUS_NORMAL) {
+            return ResponseBean.error("账户异常", ResponseBean.ERROR_ILLEGAL_PARAMS);
+        }
+        // 获取填报客户端地址
+        SysSetting sysSetting = iSysSettingService.getById(Constants.SETTING_REPORT_URL);
+
+        taUser.setPassword(null);
+        Map<String, Object> res = new HashMap<>();
+        res.put("user", taUser);
+        res.put("roleAlias", "org");
+        res.put(Constants.SETTING_REPORT_URL, sysSetting.getContent());
+
+        return ResponseBean.success(res);
+    }
+
+    @PostMapping("/logout")
+    @ApiOperation(value="登出", notes = "登出", httpMethod = "POST", response = ResponseBean.class)
+    public ResponseBean logout() throws Exception {
+        StpUtil.logout();
+        return ResponseBean.success("success");
+    }
+
+    @GetMapping("/401")
+    @ApiOperation(value="401无权限", notes = "401无权限", httpMethod = "GET", response = ResponseBean.class)
+    public ResponseBean unAuth(@RequestParam(value = "msg", defaultValue = "未登录或暂无权限") String msg) throws Exception {
+        return ResponseBean.error(msg, ResponseBean.ERROR_AUTH_FAIL);
+    }
+
+    @PutMapping("/change-password")
+    @ApiOperation(value="修改密码", notes = "修改密码", httpMethod = "PUT", response = ResponseBean.class)
+    public ResponseBean changePassword(@ApiParam("修改密码参数") @RequestBody ChangePassword param) throws Exception {
+        if (StringUtils.isEmpty(param.getOriginPassword()) || StringUtils.isEmpty(param.getNewPassword())) {
+            return ResponseBean.error("原始密码或新密码不能为空", ResponseBean.ERROR_ILLEGAL_PARAMS);
+        }
+
+        TaUser taUser = currentUser();
+
+        if (!checkPassword(param.getOriginPassword(), taUser.getPassword(), taUser.getUserId())) {
+            return ResponseBean.error("原始密码不正确", ResponseBean.ERROR_ILLEGAL_PARAMS);
+        }
+
+        taUser.setPassword(EncryptUtils.md5(param.getNewPassword(), taUser.getUserId()));
+        iTaUserService.updateById(taUser);
+
+        return ResponseBean.success("密码修改成功");
+    }
+
+    private boolean checkPassword(String src, String targ, String salt) {
+        return EncryptUtils.md5(src, salt).equals(targ);
+    }
+}

src/main/java/com/njyunzhi/ubpa/controller/TaResumeWorkFormController.java

@@ -87,11 +87,14 @@ public class TaResumeWorkFormController extends BaseController {
      */
     @RequestMapping(value="/admin/resume-work-form/export",method= RequestMethod.GET)
     @ApiOperation(value="申请导出", notes = "申请导出", httpMethod = "GET", response = ResponseBean.class)
-    public void formExport(@ApiParam("企业ID") @RequestParam(value ="orgId") String orgId,
+    public ResponseBean formExport(@ApiParam("企业ID") @RequestParam(value ="orgId", required = false) String orgId,
                            @ApiParam("申请人") @RequestParam(value ="userName", required = false) String userName,
                            @ApiParam(value = "起始时间", example = "2022-03-01") @RequestParam(value ="start", required = false) String start,
                            @ApiParam(value = "结束时间", example = "2022-03-31") @RequestParam(value ="end", required = false) String end,
                            HttpServletResponse response) throws Exception{
+        if (StringUtils.isEmpty(orgId)) {
+            return ResponseBean.error("请选择企业");
+        }
 
         LocalDateTime startDate = DateUtils.getDayStart(start);
         LocalDateTime endDate = DateUtils.getDayEnd(end);
@@ -133,6 +136,8 @@ public class TaResumeWorkFormController extends BaseController {
         }
 
         ExcelUtils.flush(response, FormExport.class, list, String.join("_", fileNameParts), null);
+
+        return null;
     }
 
     /**

src/main/java/com/njyunzhi/ubpa/controller/TaUserController.java

@@ -4,7 +4,9 @@ import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.njyunzhi.ubpa.common.BaseController;
+import com.njyunzhi.ubpa.common.EncryptUtils;
 import com.njyunzhi.ubpa.common.ResponseBean;
+import com.njyunzhi.ubpa.common.StringUtils;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
@@ -40,80 +42,138 @@ public class TaUserController extends BaseController {
     public ITaUserService iTaUserService;
 
 
-    /**
-     * 分页查询列表
-     * @param pageNum
-     * @param pageSize
-     * @return
-     */
-    @RequestMapping(value="/taUser",method= RequestMethod.GET)
-    @ApiOperation(value="列表", notes = "列表", httpMethod = "GET", response = ResponseBean.class)
-    public ResponseBean taUserList(@ApiParam("页码") @RequestParam(value ="pageNum",defaultValue = "1") Integer pageNum,
-									 @ApiParam("单页数据量") @RequestParam(value ="pageSize",defaultValue = "10") Integer pageSize) throws Exception{
-
-		    IPage<TaUser> pg = new Page<>(pageNum, pageSize);
-            QueryWrapper<TaUser> queryWrapper = new QueryWrapper<>();
-            queryWrapper.orderByDesc("create_date");
+//    /**
+//     * 分页查询列表
+//     * @param pageNum
+//     * @param pageSize
+//     * @return
+//     */
+//    @RequestMapping(value="/taUser",method= RequestMethod.GET)
+//    @ApiOperation(value="列表", notes = "列表", httpMethod = "GET", response = ResponseBean.class)
+//    public ResponseBean taUserList(@ApiParam("页码") @RequestParam(value ="pageNum",defaultValue = "1") Integer pageNum,
+//									 @ApiParam("单页数据量") @RequestParam(value ="pageSize",defaultValue = "10") Integer pageSize) throws Exception{
+//
+//		    IPage<TaUser> pg = new Page<>(pageNum, pageSize);
+//            QueryWrapper<TaUser> queryWrapper = new QueryWrapper<>();
+//            queryWrapper.orderByDesc("create_date");
+//
+//            IPage<TaUser> result = iTaUserService.page(pg, queryWrapper);
+//            return ResponseBean.success(result);
+//    }
+//
+//    /**
+//     * 保存对象
+//     * @param taUser 实体对象
+//     * @return
+//     */
+//    @RequestMapping(value="/taUser",method= RequestMethod.POST)
+//    @ApiOperation(value="保存", notes = "保存", httpMethod = "POST", response = ResponseBean.class)
+//    public ResponseBean taUserAdd(@ApiParam("保存内容") @RequestBody TaUser taUser) throws Exception{
+//
+//        if (iTaUserService.save(taUser)){
+//            return ResponseBean.success(taUser);
+//        }else {
+//            return ResponseBean.error("保存失败, 请重试", ResponseBean.ERROR_UNAVAILABLE);
+//        }
+//    }
 
-            IPage<TaUser> result = iTaUserService.page(pg, queryWrapper);
-            return ResponseBean.success(result);
-    }
 
     /**
      * 保存对象
      * @param taUser 实体对象
      * @return
      */
-    @RequestMapping(value="/taUser",method= RequestMethod.POST)
-    @ApiOperation(value="保存", notes = "保存", httpMethod = "POST", response = ResponseBean.class)
-    public ResponseBean taUserAdd(@ApiParam("保存内容") @RequestBody TaUser taUser) throws Exception{
+    @RequestMapping(value="/admin/org/{orgId}/user",method= RequestMethod.POST)
+    @ApiOperation(value="保存或修改对象", notes = "保存或修改对象", httpMethod = "POST", response = ResponseBean.class)
+    public ResponseBean taUserAdd(@ApiParam("企业ID") @PathVariable String orgId,
+                                  @ApiParam("保存内容") @RequestBody TaUser taUser) throws Exception{
+        boolean isAdd = StringUtils.isEmpty(taUser.getUserId());
+        taUser.setOrgId(orgId);
 
-        if (iTaUserService.save(taUser)){
-            return ResponseBean.success(taUser);
-        }else {
-            return ResponseBean.error("保存失败, 请重试", ResponseBean.ERROR_UNAVAILABLE);
+        if (isAdd) {
+            TaUser orgin = iTaUserService.getOrgAdmin(orgId);
+            if (null != orgin) {
+                return ResponseBean.error("参数错误, 企业已存在管理员");
+            }
         }
-    }
 
-    /**
-     * 根据id删除对象
-     * @param id  实体ID
-     */
-    @RequestMapping(value="/taUser/{id}", method= RequestMethod.DELETE)
-    @ApiOperation(value="删除", notes = "删除", httpMethod = "DELETE", response = ResponseBean.class)
-    public ResponseBean taUserDelete(@ApiParam("对象ID") @PathVariable Integer id) throws Exception{
-        if(iTaUserService.removeById(id)){
-            return ResponseBean.success("success");
-        }else {
-            return ResponseBean.error("删除失败, 请重试", ResponseBean.ERROR_UNAVAILABLE);
+        if (StringUtils.isEmpty(taUser.getUserName())) {
+            return ResponseBean.error("用户姓名不能为空");
         }
-    }
 
-    /**
-     * 修改对象
-     * @param id  实体ID
-     * @param taUser 实体对象
-     * @return
-     */
-    @RequestMapping(value="/taUser/{id}",method= RequestMethod.PUT)
-    @ApiOperation(value="更新", notes = "更新", httpMethod = "PUT", response = ResponseBean.class)
-    public ResponseBean taUserUpdate(@ApiParam("对象ID") @PathVariable Integer id,
-                                        @ApiParam("更新内容") @RequestBody TaUser taUser) throws Exception{
-
-        if (iTaUserService.updateById(taUser)){
-            return ResponseBean.success(iTaUserService.getById(id));
-        }else {
-            return ResponseBean.error("修改失败, 请重试", ResponseBean.ERROR_UNAVAILABLE);
+        if (StringUtils.isEmpty(taUser.getPhone())) {
+            return ResponseBean.error("用户手机不能为空");
         }
-    }
 
-    /**
-     * 根据id查询对象
-     * @param id  实体ID
-     */
-    @RequestMapping(value="/taUser/{id}",method= RequestMethod.GET)
-    @ApiOperation(value="详情", notes = "详情", httpMethod = "GET", response = ResponseBean.class)
-    public ResponseBean taUserGet(@ApiParam("对象ID") @PathVariable Integer id) throws Exception{
-        return ResponseBean.success(iTaUserService.getById(id));
+        TaUser origin = iTaUserService.getExistBy("phone", taUser.getPhone(), false, true);
+        if (null != origin && (isAdd || !taUser.getUserId().equals(origin.getUserId()))) {
+            return ResponseBean.error("用户手机已存在");
+        }
+
+        if (!StringUtils.isEmpty(taUser.getLoginName())) {
+            origin = iTaUserService.getExistBy("login_name", taUser.getLoginName(), false, true);
+            if (null != origin && (isAdd || !taUser.getUserId().equals(origin.getUserId()))) {
+                return ResponseBean.error("用户登录账号已存在");
+            }
+        }
+
+        if (isAdd) {
+            taUser.setUserId(StringUtils.uuid());
+        }
+
+        if (!StringUtils.isEmpty(taUser.getPassword())) {
+            String newPass = EncryptUtils.md5(taUser.getPassword(), taUser.getUserId());
+            taUser.setPassword(newPass);
+        }
+
+        boolean isOk = isAdd ? iTaUserService.save(taUser) : iTaUserService.updateById(taUser);
+
+        if (isOk){
+            return ResponseBean.success(taUser);
+        } else {
+            return ResponseBean.error("保存失败, 请重试", ResponseBean.ERROR_UNAVAILABLE);
+        }
     }
+//
+//    /**
+//     * 根据id删除对象
+//     * @param id  实体ID
+//     */
+//    @RequestMapping(value="/taUser/{id}", method= RequestMethod.DELETE)
+//    @ApiOperation(value="删除", notes = "删除", httpMethod = "DELETE", response = ResponseBean.class)
+//    public ResponseBean taUserDelete(@ApiParam("对象ID") @PathVariable Integer id) throws Exception{
+//        if(iTaUserService.removeById(id)){
+//            return ResponseBean.success("success");
+//        }else {
+//            return ResponseBean.error("删除失败, 请重试", ResponseBean.ERROR_UNAVAILABLE);
+//        }
+//    }
+//
+//    /**
+//     * 修改对象
+//     * @param id  实体ID
+//     * @param taUser 实体对象
+//     * @return
+//     */
+//    @RequestMapping(value="/taUser/{id}",method= RequestMethod.PUT)
+//    @ApiOperation(value="更新", notes = "更新", httpMethod = "PUT", response = ResponseBean.class)
+//    public ResponseBean taUserUpdate(@ApiParam("对象ID") @PathVariable Integer id,
+//                                        @ApiParam("更新内容") @RequestBody TaUser taUser) throws Exception{
+//
+//        if (iTaUserService.updateById(taUser)){
+//            return ResponseBean.success(iTaUserService.getById(id));
+//        }else {
+//            return ResponseBean.error("修改失败, 请重试", ResponseBean.ERROR_UNAVAILABLE);
+//        }
+//    }
+//
+//    /**
+//     * 根据id查询对象
+//     * @param id  实体ID
+//     */
+//    @RequestMapping(value="/taUser/{id}",method= RequestMethod.GET)
+//    @ApiOperation(value="详情", notes = "详情", httpMethod = "GET", response = ResponseBean.class)
+//    public ResponseBean taUserGet(@ApiParam("对象ID") @PathVariable Integer id) throws Exception{
+//        return ResponseBean.success(iTaUserService.getById(id));
+//    }
 }

src/main/java/com/njyunzhi/ubpa/entity/TaUser.java

@@ -55,4 +55,6 @@ public class TaUser implements Serializable {
     private LocalDateTime createDate;
 
 
+    @ApiModelProperty(value = "是否管理员")
+    private Boolean isAdmin;
 }

src/main/java/com/njyunzhi/ubpa/service/ITaUserService.java

@@ -12,4 +12,5 @@ import com.njyunzhi.ubpa.entity.TaUser;
  */
 public interface ITaUserService extends IBaseService<TaUser> {
 
+    TaUser getOrgAdmin(String orgId);
 }

src/main/java/com/njyunzhi/ubpa/service/impl/ManagerServiceImpl.java

@@ -1,41 +1,28 @@
 package com.njyunzhi.ubpa.service.impl;
 
-import com.njyunzhi.ubpa.common.Constants;
-import com.njyunzhi.ubpa.entity.SysUser;
+import cn.dev33.satoken.stp.StpInterface;
 import com.njyunzhi.ubpa.mapper.SysUserMapper;
-import com.njyunzhi.ubpa.shiro.realms.manager.IManagerService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
-import java.util.HashSet;
-import java.util.Set;
+import java.util.ArrayList;
+import java.util.List;
 
 @Service
-public class ManagerServiceImpl implements IManagerService {
+public class ManagerServiceImpl implements StpInterface {
 
     @Autowired
     SysUserMapper sysUserMapper;
 
-    @Override
-    public Boolean verify(String id) {
-        SysUser sysUser = sysUserMapper.selectById(id);
-        if (null == sysUser || sysUser.getStatus() != Constants.STATUS_NORMAL) {
-            return false;
-        }
-
-        return true;
-    }
 
     @Override
-    public Set<String> getRolesByLoginId(String id) {
-//        SysUser sysUser = sysUserMapper.selectById(id);
-        return new HashSet();
+    public List<String> getRoleList(Object loginId, String loginType) {
+        return new ArrayList<>();
     }
 
     @Override
-    public Set<String> getPermissionsLoginId(String id) {
-//        SysUser sysUser = sysUserMapper.selectById(id);
-        return new HashSet();
+    public List<String> getPermissionList(Object loginId, String loginType) {
+        return new ArrayList<>();
     }
 
 }

src/main/java/com/njyunzhi/ubpa/service/impl/TaUserServiceImpl.java

@@ -1,5 +1,6 @@
 package com.njyunzhi.ubpa.service.impl;
 
+import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
 import com.njyunzhi.ubpa.entity.TaUser;
 import com.njyunzhi.ubpa.mapper.TaUserMapper;
 import com.njyunzhi.ubpa.service.ITaUserService;
@@ -16,4 +17,12 @@ import org.springframework.stereotype.Service;
 @Service
 public class TaUserServiceImpl extends BaseServiceImpl<TaUserMapper, TaUser> implements ITaUserService {
 
+    @Override
+    public TaUser getOrgAdmin(String orgId) {
+        QueryWrapper<TaUser> queryWrapper = new QueryWrapper<>();
+        queryWrapper.eq("org_id", orgId);
+        queryWrapper.eq("is_admin", 1);
+
+        return getOne(queryWrapper);
+    }
 }

src/main/java/com/njyunzhi/ubpa/shiro/FirstExceptionStrategy.java

@@ -1,17 +0,0 @@
-package com.njyunzhi.ubpa.shiro;
-
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.AuthenticationInfo;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
-import org.apache.shiro.realm.Realm;
-
-public class FirstExceptionStrategy extends AtLeastOneSuccessfulStrategy {
-
-    @Override
-    public AuthenticationInfo afterAttempt(Realm realm, AuthenticationToken token, AuthenticationInfo singleRealmInfo, AuthenticationInfo aggregateInfo, Throwable t) throws AuthenticationException {
-        if ((t instanceof AuthenticationException)) throw (AuthenticationException) t;
-        return super.afterAttempt(realm, token, singleRealmInfo, aggregateInfo, t);
-    }
-
-}

src/main/java/com/njyunzhi/ubpa/shiro/ShiroConfig.java

@@ -1,103 +0,0 @@
-package com.njyunzhi.ubpa.shiro;
-
-import com.njyunzhi.ubpa.shiro.filters.ManagerFilter;
-import com.njyunzhi.ubpa.shiro.filters.MiniappFilter;
-import com.njyunzhi.ubpa.shiro.matcher.JWTCredentialsMatcher;
-import com.njyunzhi.ubpa.shiro.realms.manager.IManagerService;
-import com.njyunzhi.ubpa.shiro.realms.manager.ManagerRealm;
-import com.njyunzhi.ubpa.shiro.realms.miniapp.MiniappRealm;
-import org.apache.shiro.authc.pam.AtLeastOneSuccessfulStrategy;
-import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
-import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
-import org.apache.shiro.mgt.DefaultSubjectDAO;
-import org.apache.shiro.realm.Realm;
-import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
-import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-import javax.servlet.Filter;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-@Configuration
-public class ShiroConfig {
-
-    @Autowired
-    IManagerService iManagerService;
-
-    @Value("${shiro.unauthorizedUrl}")
-    private String unauthorizedUrl;
-
-    @Value("#{${shiro.filterRuleMap}}")
-    private Map<String, String> filterRuleMap;
-
-    @Bean
-    public ManagerRealm managerRealm() {
-        ManagerRealm realm = new ManagerRealm();
-        realm.setManagerService(iManagerService);
-        realm.setCredentialsMatcher(new JWTCredentialsMatcher());
-        return realm;
-    }
-
-    @Bean
-    public MiniappRealm miniappRealm() {
-        MiniappRealm realm = new MiniappRealm();
-        realm.setCredentialsMatcher(new JWTCredentialsMatcher());
-        return realm;
-    }
-
-    @Bean("shiroFilterFactoryBean")
-    public ShiroFilterFactoryBean factory(DefaultWebSecurityManager securityManager) {
-        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
-
-        // 手动加入 Filter
-        ManagerFilter managerFilter = new ManagerFilter();
-        managerFilter.setUnauthorizedUrl(unauthorizedUrl);
-        MiniappFilter miniappFilter = new MiniappFilter();
-        miniappFilter.setUnauthorizedUrl(unauthorizedUrl);
-
-        Map<String, Filter> filterMap = new HashMap<>();
-        filterMap.put("manager", managerFilter);
-        filterMap.put("miniapp", miniappFilter);
-        factoryBean.setFilters(filterMap);
-
-        factoryBean.setSecurityManager(securityManager);
-        factoryBean.setUnauthorizedUrl(unauthorizedUrl);
-
-        factoryBean.setFilterChainDefinitionMap(filterRuleMap);
-        return factoryBean;
-    }
-
-    @Bean("securityManager")
-    public DefaultWebSecurityManager securityManager() {
-        DefaultWebSecurityManager manager = new DefaultWebSecurityManager();
-        // 修改多 Realm 的处理逻辑
-        ModularRealmAuthenticator realmAuthenticator = (ModularRealmAuthenticator) manager.getAuthenticator();
-        // 主要有一个 Realm 成功, 就立即返回
-        realmAuthenticator.setAuthenticationStrategy(new AtLeastOneSuccessfulStrategy());
-//        realmAuthenticator.setAuthenticationStrategy(new FirstExceptionStrategy());
-
-        //  Use your own realm
-        List<Realm> realmList = new ArrayList<Realm>() {{
-            add(managerRealm());
-            add(miniappRealm());
-        }};
-        manager.setRealms(realmList);
-
-        /*
-         * 禁用 session
-         */
-        DefaultSubjectDAO subjectDAO = new DefaultSubjectDAO();
-        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
-        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
-        subjectDAO.setSessionStorageEvaluator(defaultSessionStorageEvaluator);
-        manager.setSubjectDAO(subjectDAO);
-
-        return manager;
-    }
-}

src/main/java/com/njyunzhi/ubpa/shiro/filters/JWTFilter.java

@@ -1,94 +0,0 @@
-package com.njyunzhi.ubpa.shiro.filters;
-
-import com.njyunzhi.ubpa.shiro.utils.JWTUtil;
-import org.apache.shiro.authc.AuthenticationException;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.subject.Subject;
-import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
-import org.apache.shiro.web.util.WebUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.net.URLEncoder;
-
-public abstract class JWTFilter extends AuthenticatingFilter {
-
-    private Logger LOGGER = LoggerFactory.getLogger(this.getClass());
-
-    public final static String JWT_HEADER = "Authorization";
-
-    // token 刷新频率
-    private final static long REFRESH_MILLS = 99 * 24 * 60 * 1000;
-
-    private String unauthorizedUrl;
-    public void setUnauthorizedUrl(String unauthorizedUrl) {
-        this.unauthorizedUrl = unauthorizedUrl;
-    }
-
-    @Override
-    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
-        try {
-            return executeLogin(request, response);
-        } catch (Exception e) {
-            response401(request, response, e);
-        }
-
-        return false;
-    }
-
-    @Override
-    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
-        return false;
-    }
-
-    @Override
-    protected abstract AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception;
-
-    // 主要用来刷新 token
-    @Override
-    protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {
-        String originToken = token.getPrincipal().toString();
-
-        long diff = System.currentTimeMillis() - JWTUtil.getExpDate(originToken).getTime();
-        if (diff >= REFRESH_MILLS) {
-            HttpServletResponse httpServletResponse = WebUtils.toHttp(response);
-            httpServletResponse.setHeader(JWT_HEADER, JWTUtil.refresh(originToken));
-        }
-
-        return true;
-    }
-
-    @Override
-    protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response) {
-        if (e != null) {
-            response401(request, response, e);
-        }
-
-        return false;
-    }
-
-    /**
-     *Jump illegal request to / 401
-     */
-    protected void response401(ServletRequest request, ServletResponse response, Exception e) {
-        String message = "";
-        if (e != null) {
-            try {
-                message = URLEncoder.encode(e.getMessage(), "UTF-8");
-            } catch (UnsupportedEncodingException ex) {
-                //
-            }
-        }
-
-        try {
-            WebUtils.toHttp(response).sendRedirect(unauthorizedUrl + "?msg=" + message);
-        } catch (IOException e1) {
-            LOGGER.error(e1.getMessage());
-        }
-    }
-}

src/main/java/com/njyunzhi/ubpa/shiro/filters/ManagerFilter.java

@@ -1,28 +0,0 @@
-package com.njyunzhi.ubpa.shiro.filters;
-
-import com.njyunzhi.ubpa.shiro.utils.JWTToken;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.web.util.WebUtils;
-
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-
-/**
- * ManagerFilter 与 MiniappFilter 实际上是一样的，只是返回的 token 类型不一致
- */
-public class ManagerFilter extends JWTFilter {
-
-    @Override
-    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
-        HttpServletRequest request = WebUtils.toHttp(servletRequest);
-        String authorization = request.getHeader(JWT_HEADER);
-        if (authorization == null || "".equals(authorization)) {
-            throw new Exception("请先登录系统");
-        }
-
-        return new JWTToken(authorization);
-    }
-
-
-}

src/main/java/com/njyunzhi/ubpa/shiro/filters/MiniappFilter.java

@@ -1,24 +0,0 @@
-package com.njyunzhi.ubpa.shiro.filters;
-
-import com.njyunzhi.ubpa.shiro.utils.MiniappToken;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.web.util.WebUtils;
-
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-
-public class MiniappFilter  extends JWTFilter {
-
-    @Override
-    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
-        HttpServletRequest request = WebUtils.toHttp(servletRequest);
-        String authorization = request.getHeader(JWT_HEADER);
-        if (authorization == null || "".equals(authorization)) {
-            throw new Exception("请先登录系统");
-        }
-
-        return new MiniappToken(authorization);
-    }
-
-}

src/main/java/com/njyunzhi/ubpa/shiro/matcher/JWTCredentialsMatcher.java

@@ -1,16 +0,0 @@
-package com.njyunzhi.ubpa.shiro.matcher;
-
-import org.apache.shiro.authc.AuthenticationInfo;
-import org.apache.shiro.authc.AuthenticationToken;
-import org.apache.shiro.authc.credential.CredentialsMatcher;
-
-public class JWTCredentialsMatcher implements CredentialsMatcher {
-    @Override
-    public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {
-//        String token = authenticationToken.getCredentials().toString();
-//        return JWTUtil.verify(token);
-
-        // 校验在 realm 做过了
-        return true;
-    }
-}

src/main/java/com/njyunzhi/ubpa/shiro/realms/manager/IManagerService.java

@@ -1,31 +0,0 @@
-package com.njyunzhi.ubpa.shiro.realms.manager;
-
-import java.util.Set;
-
-/**
- *
- */
-public interface IManagerService {
-
-    /**
-     * 校验用户状态
-     * @param id
-     * @return
-     */
-    Boolean verify(String id);
-
-    /**
-     * 获取用户角色
-     * @param id
-     * @return
-     */
-    Set<String> getRolesByLoginId(String id);
-
-    /**
-     * 获取用户权限
-     * @param id
-     * @return
-     */
-    Set<String> getPermissionsLoginId(String id);
-
-}

src/main/java/com/njyunzhi/ubpa/shiro/realms/manager/ManagerRealm.java

@@ -1,77 +0,0 @@
-package com.njyunzhi.ubpa.shiro.realms.manager;
-
-import com.auth0.jwt.exceptions.JWTDecodeException;
-import com.auth0.jwt.exceptions.TokenExpiredException;
-import com.njyunzhi.ubpa.shiro.utils.JWTToken;
-import com.njyunzhi.ubpa.shiro.utils.JWTUtil;
-import lombok.extern.slf4j.Slf4j;
-import org.apache.shiro.authc.*;
-import org.apache.shiro.authz.AuthorizationInfo;
-import org.apache.shiro.authz.SimpleAuthorizationInfo;
-import org.apache.shiro.realm.AuthorizingRealm;
-import org.apache.shiro.subject.PrincipalCollection;
-
-import java.util.Set;
-
-@Slf4j
-public class ManagerRealm extends AuthorizingRealm {
-
-    IManagerService iManagerService;
-
-    @Override
-    public String getName() {
-        return "managerRealm";
-    }
-
-    public void setManagerService(IManagerService iManagerService) {
-        this.iManagerService = iManagerService;
-    }
-
-    @Override
-    public boolean supports(AuthenticationToken token) {
-        return token instanceof JWTToken;
-    }
-
-    @Override
-    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
-        // 获取用户角色，权限
-        String token = (String) principalCollection.getPrimaryPrincipal();
-        String loginId = JWTUtil.getLoginId(token);
-        Set<String> roles = iManagerService.getRolesByLoginId(loginId);
-        Set<String> permissions = iManagerService.getPermissionsLoginId(loginId);
-
-        SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
-        simpleAuthorizationInfo.setStringPermissions(permissions);
-        simpleAuthorizationInfo.setRoles(roles);
-        return simpleAuthorizationInfo;
-    }
-
-    @Override
-    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
-        log.info("===========ManagerRealm===========");
-
-        String token = (String) authenticationToken.getPrincipal();
-
-        // 这里进行 token 验证, CredentialsMatcher 就不做了
-        try {
-            JWTUtil.verify(token);
-        } catch (JWTDecodeException e1) {
-            throw new AuthenticationException("非法的权限凭证");
-        } catch (TokenExpiredException e2) {
-            throw new ExpiredCredentialsException("授权过期, 请重新登录");
-        } catch (Exception e) {
-            e.printStackTrace();
-            throw new AuthenticationException("凭证校验失败, 请重新登录");
-        }
-
-
-        String loginId = JWTUtil.getLoginId(token);
-
-        if (!iManagerService.verify(loginId)) {
-            throw new LockedAccountException("用户不存在或者状态异常");
-        }
-
-        // 交给 AuthenticatingRealm 使用 CredentialsMatcher 行校验
-        return new SimpleAuthenticationInfo(token, token, getName());
-    }
-}

src/main/java/com/njyunzhi/ubpa/shiro/realms/miniapp/MiniappRealm.java

@@ -1,44 +0,0 @@
-package com.njyunzhi.ubpa.shiro.realms.miniapp;
-
-import com.auth0.jwt.exceptions.JWTDecodeException;
-import com.auth0.jwt.exceptions.TokenExpiredException;
-import com.njyunzhi.ubpa.shiro.utils.JWTUtil;
-import com.njyunzhi.ubpa.shiro.utils.MiniappToken;
-import lombok.extern.slf4j.Slf4j;
-import org.apache.shiro.authc.*;
-import org.apache.shiro.realm.AuthenticatingRealm;
-
-@Slf4j
-public class MiniappRealm extends AuthenticatingRealm {
-
-    @Override
-    public String getName() {
-        return "miniappRealm";
-    }
-
-    @Override
-    public boolean supports(AuthenticationToken token) {
-        return token instanceof MiniappToken;
-    }
-
-    @Override
-    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
-        log.info("===========MiniappRealm===========");
-
-        String token = (String) authenticationToken.getPrincipal();
-
-        // 这里进行 token 验证, CredentialsMatcher 就不做了
-        try {
-            JWTUtil.verify(token);
-        } catch (JWTDecodeException e1) {
-            throw new AuthenticationException("非法的权限凭证");
-        } catch (TokenExpiredException e2) {
-            throw new ExpiredCredentialsException("授权过期, 请重新登录");
-        } catch (Exception e) {
-            e.printStackTrace();
-            throw new AuthenticationException("凭证校验失败, 请重新登录");
-        }
-        // 交给 AuthenticatingRealm 使用 CredentialsMatcher 行校验
-        return new SimpleAuthenticationInfo(token, token, getName());
-    }
-}

src/main/java/com/njyunzhi/ubpa/shiro/utils/JWTToken.java

@@ -1,23 +0,0 @@
-package com.njyunzhi.ubpa.shiro.utils;
-
-import org.apache.shiro.authc.AuthenticationToken;
-
-public class JWTToken implements AuthenticationToken {
-
-    //Key
-    private String token;
-
-    public JWTToken(String token) {
-        this.token = token;
-    }
-
-    @Override
-    public Object getPrincipal() {
-        return token;
-    }
-
-    @Override
-    public Object getCredentials() {
-        return token;
-    }
-}

src/main/java/com/njyunzhi/ubpa/shiro/utils/JWTUtil.java

@@ -1,66 +0,0 @@
-package com.njyunzhi.ubpa.shiro.utils;
-
-import com.auth0.jwt.JWT;
-import com.auth0.jwt.algorithms.Algorithm;
-import com.auth0.jwt.exceptions.JWTDecodeException;
-import com.auth0.jwt.exceptions.JWTVerificationException;
-import com.auth0.jwt.interfaces.DecodedJWT;
-import com.auth0.jwt.interfaces.JWTVerifier;
-
-import java.util.Date;
-
-/**
- * 一个通用版本的 JWT
- */
-public class JWTUtil {
-
-    // token 生存周期
-    private static final long EXPIRE_TIME = 7 * 24 * 60 * 60 * 1000;
-
-    public static String getLoginId(String token) {
-        try {
-            DecodedJWT jwt = JWT.decode(token);
-            return jwt.getSubject();
-        } catch (JWTDecodeException e) {
-            return null;
-        }
-    }
-
-    public static Date getExpDate(String token) {
-        try {
-            DecodedJWT jwt = JWT.decode(token);
-            return jwt.getExpiresAt();
-        } catch (JWTDecodeException e) {
-            return null;
-        }
-    }
-
-    public static String sign(String loginId, String secret) {
-        Date date = new Date(System.currentTimeMillis()+EXPIRE_TIME);
-        Algorithm algorithm = Algorithm.HMAC256(secret);
-
-        return JWT.create()
-                .withSubject(loginId)
-                .withExpiresAt(date)
-                .withClaim("secret", secret)
-                .sign(algorithm);
-    }
-
-    public static String refresh(String token) throws Exception {
-        DecodedJWT jwt = JWT.decode(token);
-        String loginId = jwt.getSubject();
-        String secret = jwt.getClaim("secret").asString();
-
-        return sign(loginId, secret);
-    }
-
-    public static void verify(String token) throws JWTVerificationException {
-        DecodedJWT jwt = JWT.decode(token);
-        String loginId = jwt.getSubject();
-        String secret = jwt.getClaim("secret").asString();
-        Algorithm algorithm = Algorithm.HMAC256(secret);
-        JWTVerifier verifier = JWT.require(algorithm).withSubject(loginId).build();
-        verifier.verify(jwt);
-    }
-
-}

src/main/java/com/njyunzhi/ubpa/shiro/utils/MiniappToken.java

@@ -1,23 +0,0 @@
-package com.njyunzhi.ubpa.shiro.utils;
-
-import org.apache.shiro.authc.AuthenticationToken;
-
-public class MiniappToken implements AuthenticationToken {
-
-    //Key
-    private String token;
-
-    public MiniappToken(String token) {
-        this.token = token;
-    }
-
-    @Override
-    public Object getPrincipal() {
-        return token;
-    }
-
-    @Override
-    public Object getCredentials() {
-        return token;
-    }
-}

src/main/resources/application-prod.yml

@@ -1,3 +1,6 @@
+server:
+  port: 9000
+
 ###
 spring:
   servlet:

src/main/resources/application.yml

@@ -4,21 +4,24 @@ server:
   servlet:
     context-path: /api
 
-###
-shiro:
-  enabled: true
-  unauthorizedUrl: /api/401
-  filterRuleMap: '{
-    "/wxpay/notify/**": "anon",
-    "/**/sms-captcha": "anon",
-    "/**/oss-sts": "anon",
-    "/**/preload": "anon",
-    "/**/login": "anon",
-    "/**/**/login": "anon",
-    "/admin/**": "manager",
-    "/wx/**": "miniapp",
-    "/**": "anon"
-  }'
+# Sa-Token配置
+sa-token:
+  # jwt秘钥
+  jwt-secret-key: Q920tdPkkDxnSv4dd6cqE6jNDT2OKT7L
+  # token名称 (同时也是cookie名称)
+  token-name: Authorization
+  # token有效期，单位s 默认30天, -1代表永不过期
+  timeout: 2592000
+  # token临时有效期 (指定时间内无操作就视为token过期) 单位: 秒
+  activity-timeout: -1
+  # 是否允许同一账号并发登录 (为true时允许一起登录, 为false时新登录挤掉旧登录)
+  is-concurrent: true
+  # 在多人登录同一账号时，是否共用一个token (为true时所有登录共用一个token, 为false时每次登录新建一个token)
+  is-share: false
+  # token风格
+  token-style: uuid
+  # 是否输出操作日志
+  is-log: false
 
 ###
 mybatis-plus: