ikmkj/biji
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
23ced99e20d6191af1bf8f86f1dd74e8f69eff85
biji/biji-houdaun/src/main/java/com/test/bijihoudaun/util/SecurityUtil.java
ikmkj 23ced99e20 feat: 添加XSS防护工具函数并优化多个功能模块 
refactor(前端): 重构登录页面和用户状态管理逻辑

fix(后端): 修复用户密码更新逻辑和错误提示

feat(后端): 实现分页搜索功能并优化文件删除逻辑

perf(前端): 优化笔记编辑器自动保存和状态提示

fix(后端): 增强图片上传安全验证

style(前端): 调整笔记预览页面按钮权限控制

chore: 更新生产环境配置和测试数据库依赖

feat(前端): 添加虚拟列表组件优化性能

fix(前端): 修复笔记编辑器返回逻辑和状态保存

refactor(前端): 优化axios拦截器错误处理逻辑

docs: 更新方法注释和参数说明
2026-03-04 18:29:52 +08:00

133 lines
4.3 KiB
Java
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
package com.test.bijihoudaun.util;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
/**
* 安全工具类,提供与安全相关的实用方法
*/
public class SecurityUtil {
/**
* 检查用户是否已认证
* 该方法用于判断当前用户是否已经通过身份验证,常用于控制对受保护资源的访问
*
* @return 如果用户已认证返回true否则返回false
*/
public static boolean isUserAuthenticated() {
// 获取当前安全上下文中的认证信息
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
// 检查认证对象是否存在以及是否已认证
if (authentication == null || !authentication.isAuthenticated()) {
return false;
}
// 检查认证主体是否为UserDetails实例
Object principal = authentication.getPrincipal();
if (principal instanceof UserDetails) {
return true;
}
return false;
}
/**
* 获取当前已认证用户的用户名
*
* @return 当前用户的用户名如果用户未认证则返回null
*/
public static String getCurrentUsername() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null || !authentication.isAuthenticated()) {
return null;
}
Object principal = authentication.getPrincipal();
if (principal instanceof UserDetails) {
return ((UserDetails) principal).getUsername();
}
// 如果不是UserDetails实例尝试直接获取主体名称
return authentication.getName();
}
/**
* 获取当前已认证用户的UserDetails对象
*
* @return 当前用户的UserDetails对象如果用户未认证或主体不是UserDetails实例则返回null
*/
public static UserDetails getCurrentUserDetails() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication == null || !authentication.isAuthenticated()) {
return null;
}
Object principal = authentication.getPrincipal();
if (principal instanceof UserDetails) {
return (UserDetails) principal;
}
return null;
}
/**
* 检查当前用户是否具有指定角色
*
* @param role 要检查的角色名称(不需要前缀"ROLE_"
* @return 如果用户具有该角色返回true否则返回false
*/
public static boolean hasRole(String role) {
UserDetails userDetails = getCurrentUserDetails();
if (userDetails == null) {
return false;
}
// Spring Security的角色默认以"ROLE_"为前缀
String roleName = role.startsWith("ROLE_") ? role : "ROLE_" + role;
return userDetails.getAuthorities().stream()
.anyMatch(auth -> auth.getAuthority().equals(roleName));
}
/**
* 检查当前用户是否具有指定权限
*
* @param permission 要检查的权限名称
* @return 如果用户具有该权限返回true否则返回false
*/
public static boolean hasPermission(String permission) {
UserDetails userDetails = getCurrentUserDetails();
if (userDetails == null) {
return false;
}
return userDetails.getAuthorities().stream()
.anyMatch(auth -> auth.getAuthority().equals(permission));
}
/**
* 检查当前用户是否为管理员
* 在本项目中,管理员角色定义为"ADMIN"
*
* @return 如果用户是管理员返回true否则返回false
*/
public static boolean isAdmin() {
return hasRole("ADMIN");
}
/**
* 获取当前已认证用户的ID
*
* @return 当前用户的ID如果用户未认证则返回null
*/
public static Long getCurrentUserId() {
String username = getCurrentUsername();
if (username == null) {
return null;
}
return null;
}
}
Reference in New Issue View Git Blame Copy Permalink