refactor(biji-houdaun): 重构用户认证方法并添加安全工具类

- 将 MarkdownController 中的 isUserAuthenticated 方法移至 SecurityUtil 工具类- 在 SecurityUtil 中添加以下新方法： - getCurrentUsername - getCurrentUserDetails - hasRole - hasPermission - isAdmin - 更新 MarkdownController 中的相关调用，使用 SecurityUtil 的静态方法
2025-08-06 15:22:00 +08:00
parent 4d2f65c23f
commit 67f189995e
2 changed files with 121 additions and 19 deletions
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/MarkdownController.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/controller/MarkdownController.java
@@ -5,14 +5,12 @@ import com.test.bijihoudaun.common.response.R;
 import com.test.bijihoudaun.entity.MarkdownFile;
 import com.test.bijihoudaun.entity.MarkdownFileVO;
 import com.test.bijihoudaun.service.MarkdownFileService;
+import com.test.bijihoudaun.util.SecurityUtil;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.Parameters;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.web.bind.annotation.*;

 import java.util.Date;
@@ -40,7 +38,7 @@ public class MarkdownController {
    @GetMapping("/{id}")
    public R<String> getMarkdownContent(@PathVariable Long id) {
        // 获取当前认证状态
-        boolean isAuthenticated = isUserAuthenticated();
+        boolean isAuthenticated = SecurityUtil.isUserAuthenticated();
        
        MarkdownFile file = markdownFileService.getMarkdownById(id, isAuthenticated);
        if (ObjectUtil.isNotNull(file)) {
@@ -113,19 +111,4 @@ public class MarkdownController {
        return R.success(files);
    }

-    /**
-     * 检查用户是否已认证
-     * @return 是否已认证
-     */
-    private boolean isUserAuthenticated() {
-        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-        if (authentication == null || !authentication.isAuthenticated()) {
-            return false;
-        }
-        Object principal = authentication.getPrincipal();
-        if (principal instanceof UserDetails) {
-            return true;
-        }
-        return false;
-    }
 }
--- a/biji-houdaun/src/main/java/com/test/bijihoudaun/util/SecurityUtil.java
+++ b/biji-houdaun/src/main/java/com/test/bijihoudaun/util/SecurityUtil.java
@@ -0,0 +1,119 @@
+package com.test.bijihoudaun.util;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+/**
+ * 安全工具类，提供与安全相关的实用方法
+ */
+public class SecurityUtil {
+
+    /**
+     * 检查用户是否已认证
+     * 该方法用于判断当前用户是否已经通过身份验证，常用于控制对受保护资源的访问
+     * 
+     * @return 如果用户已认证返回true，否则返回false
+     */
+    public static boolean isUserAuthenticated() {
+        // 获取当前安全上下文中的认证信息
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
+        // 检查认证对象是否存在以及是否已认证
+        if (authentication == null || !authentication.isAuthenticated()) {
+            return false;
+        }
+
+        // 检查认证主体是否为UserDetails实例
+        Object principal = authentication.getPrincipal();
+        if (principal instanceof UserDetails) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * 获取当前已认证用户的用户名
+     * 
+     * @return 当前用户的用户名，如果用户未认证则返回null
+     */
+    public static String getCurrentUsername() {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        if (authentication == null || !authentication.isAuthenticated()) {
+            return null;
+        }
+
+        Object principal = authentication.getPrincipal();
+        if (principal instanceof UserDetails) {
+            return ((UserDetails) principal).getUsername();
+        }
+
+        // 如果不是UserDetails实例，尝试直接获取主体名称
+        return authentication.getName();
+    }
+
+    /**
+     * 获取当前已认证用户的UserDetails对象
+     * 
+     * @return 当前用户的UserDetails对象，如果用户未认证或主体不是UserDetails实例则返回null
+     */
+    public static UserDetails getCurrentUserDetails() {
+        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+        if (authentication == null || !authentication.isAuthenticated()) {
+            return null;
+        }
+
+        Object principal = authentication.getPrincipal();
+        if (principal instanceof UserDetails) {
+            return (UserDetails) principal;
+        }
+
+        return null;
+    }
+
+    /**
+     * 检查当前用户是否具有指定角色
+     * 
+     * @param role 要检查的角色名称（不需要前缀"ROLE_"）
+     * @return 如果用户具有该角色返回true，否则返回false
+     */
+    public static boolean hasRole(String role) {
+        UserDetails userDetails = getCurrentUserDetails();
+        if (userDetails == null) {
+            return false;
+        }
+
+        // Spring Security的角色默认以"ROLE_"为前缀
+        String roleName = role.startsWith("ROLE_") ? role : "ROLE_" + role;
+        return userDetails.getAuthorities().stream()
+                .anyMatch(auth -> auth.getAuthority().equals(roleName));
+    }
+
+    /**
+     * 检查当前用户是否具有指定权限
+     * 
+     * @param permission 要检查的权限名称
+     * @return 如果用户具有该权限返回true，否则返回false
+     */
+    public static boolean hasPermission(String permission) {
+        UserDetails userDetails = getCurrentUserDetails();
+        if (userDetails == null) {
+            return false;
+        }
+
+        return userDetails.getAuthorities().stream()
+                .anyMatch(auth -> auth.getAuthority().equals(permission));
+    }
+
+    /**
+     * 检查当前用户是否为管理员
+     * 在本项目中，管理员角色定义为"ADMIN"
+     * 
+     * @return 如果用户是管理员返回true，否则返回false
+     */
+    public static boolean isAdmin() {
+        return hasRole("ADMIN");
+    }
+}