Merge branch 'leng_dev' of https://gitee.ltd/pigx/pigx into leng_dev_copy

pigx-common/pigx-common-security/src/main/java/com/pig4cloud/pigx/common/security/component/PigxPreAuthenticationChecks.java

@@ -0,0 +1,63 @@
+/*
+ *    Copyright (c) 2018-2025, lengleng All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * Neither the name of the pig4cloud.com developer nor the names of its
+ * contributors may be used to endorse or promote products derived from
+ * this software without specific prior written permission.
+ * Author: lengleng (wangiegie@gmail.com)
+ */
+
+package com.pig4cloud.pigx.common.security.component;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.support.MessageSourceAccessor;
+import org.springframework.security.authentication.AccountExpiredException;
+import org.springframework.security.authentication.DisabledException;
+import org.springframework.security.authentication.LockedException;
+import org.springframework.security.core.SpringSecurityMessageSource;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsChecker;
+
+/**
+ * @author lengleng
+ * @date 2019-01-02
+ */
+@Slf4j
+public class PigxPreAuthenticationChecks implements UserDetailsChecker {
+	private MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
+
+	@Override
+	public void check(UserDetails user) {
+		if (!user.isAccountNonLocked()) {
+			log.debug("User account is locked");
+
+			throw new LockedException(messages.getMessage(
+					"AbstractUserDetailsAuthenticationProvider.locked",
+					"User account is locked"));
+		}
+
+		if (!user.isEnabled()) {
+			log.debug("User account is disabled");
+
+			throw new DisabledException(messages.getMessage(
+					"AbstractUserDetailsAuthenticationProvider.disabled",
+					"User is disabled"));
+		}
+
+		if (!user.isAccountNonExpired()) {
+			log.debug("User account is expired");
+
+			throw new AccountExpiredException(messages.getMessage(
+					"AbstractUserDetailsAuthenticationProvider.expired",
+					"User account has expired"));
+		}
+	}
+}

pigx-common/pigx-common-security/src/main/java/com/pig4cloud/pigx/common/security/component/ResourceAuthExceptionEntryPoint.java

@@ -51,9 +51,9 @@ public class ResourceAuthExceptionEntryPoint implements AuthenticationEntryPoint
 		response.setCharacterEncoding(CommonConstants.UTF8);
 		response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
 		R<String> result = new R<>();
-		result.setCode(HttpStatus.HTTP_UNAUTHORIZED);
+		result.setCode(CommonConstants.FAIL);
 		if (authException != null) {
-			result.setMsg("error");
+			result.setMsg(authException.getMessage());
 			result.setData(authException.getMessage());
 		}
 		response.setStatus(HttpStatus.HTTP_UNAUTHORIZED);

pigx-common/pigx-common-security/src/main/java/com/pig4cloud/pigx/common/security/mobile/MobileAuthenticationFilter.java

@@ -86,7 +86,6 @@ public class MobileAuthenticationFilter extends AbstractAuthenticationProcessing
 			authResult = this.getAuthenticationManager().authenticate(mobileAuthenticationToken);
 
 			logger.debug("Authentication success: " + authResult);
-			eventPublisher.publishAuthenticationSuccess(authResult);
 			SecurityContextHolder.getContext().setAuthentication(authResult);
 
 		} catch (Exception failed) {

pigx-common/pigx-common-security/src/main/java/com/pig4cloud/pigx/common/security/mobile/MobileAuthenticationProvider.java

@@ -17,6 +17,7 @@
 
 package com.pig4cloud.pigx.common.security.mobile;
 
+import com.pig4cloud.pigx.common.security.component.PigxPreAuthenticationChecks;
 import com.pig4cloud.pigx.common.security.service.PigxUserDetailsService;
 import lombok.Getter;
 import lombok.Setter;
@@ -28,6 +29,7 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.SpringSecurityMessageSource;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsChecker;
 
 /**
  * @author lengleng
@@ -38,6 +40,8 @@ import org.springframework.security.core.userdetails.UserDetails;
 @Slf4j
 public class MobileAuthenticationProvider implements AuthenticationProvider {
 	private MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
+	private UserDetailsChecker detailsChecker = new PigxPreAuthenticationChecks();
+
 	@Getter
 	@Setter
 	private PigxUserDetailsService userDetailsService;
@@ -52,11 +56,13 @@ public class MobileAuthenticationProvider implements AuthenticationProvider {
 			log.debug("Authentication failed: no credentials provided");
 
 			throw new BadCredentialsException(messages.getMessage(
-				"AbstractUserDetailsAuthenticationProvider.noopBindAccount",
-				"Noop Bind Account"));
-
+					"AbstractUserDetailsAuthenticationProvider.noopBindAccount",
+					"Noop Bind Account"));
 		}
 
+		// 检查账号状态
+		detailsChecker.check(userDetails);
+
 		MobileAuthenticationToken authenticationToken = new MobileAuthenticationToken(userDetails, userDetails.getAuthorities());
 		authenticationToken.setDetails(mobileAuthenticationToken.getDetails());
 		return authenticationToken;

pigx-common/pigx-common-security/src/main/java/com/pig4cloud/pigx/common/security/service/PigxUserDetailsServiceImpl.java

@@ -108,7 +108,7 @@ public class PigxUserDetailsServiceImpl implements PigxUserDetailsService {
 		Collection<? extends GrantedAuthority> authorities
 				= AuthorityUtils.createAuthorityList(dbAuthsSet.toArray(new String[0]));
 		SysUser user = info.getSysUser();
-		boolean enabled = StrUtil.equals(user.getDelFlag(), CommonConstants.STATUS_NORMAL);
+		boolean enabled = StrUtil.equals(user.getLockFlag(), CommonConstants.STATUS_NORMAL);
 		// 构造security用户
 
 		return new PigxUser(user.getUserId(), user.getDeptId(), user.getTenantId(), user.getUsername(), SecurityConstants.BCRYPT + user.getPassword(), enabled,