添加了角色权限验证

xiaoan-common/src/main/java/com/xiaoan/common/constant/MsgCode.java

@@ -14,6 +14,9 @@ public class MsgCode {
     public static final int FAILURE_CODE_3001 = 3001;
     public static final String FAILURE_MSG_3001 = "缺少必要参数";
 
+    public static final int FAILURE_CODE_3002 = 3002;
+    public static final String FAILURE_MSG_3002 = "id不存在";
+
     //400x是用户模块的
     public static final int FAILURE_CODE_4001 = 4001;
     public static final String FAILURE_MSG_4001 = "用户不存在";

xiaoan-common/src/main/java/com/xiaoan/common/interceptor/AuthHeaderSettingFilter.java

@@ -1,74 +1,74 @@
-package com.xiaoan.common.interceptor;
-
-import lombok.Data;
-import lombok.extern.log4j.Log4j2;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.*;
-import javax.servlet.http.HttpServletRequest;
-import java.io.IOException;
-import java.util.concurrent.TimeUnit;
-
-/**
- * Created by owen on 2020/3/6 0006 17:56
- *
- * 这个类是测试模拟token使用的，可以正式环境可以不用的
- *
- * 主要是为了设置请头使用的
- *
- *
- */
-@Log4j2
-@Component
-public class AuthHeaderSettingFilter implements Filter {
-
-    @Value("${spring.profiles.active}")
-    private String active;
-
-    @Autowired
-    private RedisTemplate<String, String> redisTemplate;
-
-
-    @Override
-    public void init(FilterConfig filterConfig) throws ServletException {
-
-    }
-
-    @Override
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
-
-        log.warn("active: {}", active);
-
-        HttpServletRequest req = (HttpServletRequest) request;
-        HeaderMapRequestWrapper requestWrapper = new HeaderMapRequestWrapper(req);
-        String token = req.getHeader("Authorization");
-
-
-        // 排除登录接口
-        if (token == null && !req.getRequestURI().contains("/admin/login")) {
-            if ("dev".equals(active) ){
-                    // admin 用户测试用
-                    token = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxNTk5OTk5OTk5OSIsInJvbGUiOlsiYWRtaW4iXSwiaWQiOjksInVzZXJOYW1lIjoiMTU5OTk5OTk5OTkiLCJpYXQiOjE1ODM4MjI4MTksImp0aSI6ImZjMWUyYjUwLWU4MDgtNDVhNy1iZTliLTEwOWIxODc4YmNjNyJ9.liO1iotkDSf5NeOyd624_ME3yx4HthdfT5GQRIBGtTg";
-                    //如果请求中带有这个参数，则进行过滤加一个header头
-                    requestWrapper.addHeader("Authorization", token);
-                    String userName = "15999999999";
-                    // 更新到 redis, 有效期24h, 旧token无效
-                    redisTemplate.opsForValue().set(userName, token, Long.parseLong("240000"), TimeUnit.HOURS);
-                    chain.doFilter(requestWrapper, response);
-
-                }
-
-        } else {
-            chain.doFilter(requestWrapper, response);
-        }
-
-    }
-
-    @Override
-    public void destroy() {
-
-    }
-}
+//package com.xiaoan.common.interceptor;
+//
+//import lombok.Data;
+//import lombok.extern.log4j.Log4j2;
+//import org.springframework.beans.factory.annotation.Autowired;
+//import org.springframework.beans.factory.annotation.Value;
+//import org.springframework.data.redis.core.RedisTemplate;
+//import org.springframework.stereotype.Component;
+//
+//import javax.servlet.*;
+//import javax.servlet.http.HttpServletRequest;
+//import java.io.IOException;
+//import java.util.concurrent.TimeUnit;
+//
+///**
+// * Created by owen on 2020/3/6 0006 17:56
+// *
+// * 这个类是测试模拟token使用的，可以正式环境可以不用的
+// *
+// * 主要是为了设置请头使用的
+// *
+// *
+// */
+//@Log4j2
+//@Component
+//public class AuthHeaderSettingFilter implements Filter {
+//
+//    @Value("${spring.profiles.active}")
+//    private String active;
+//
+//    @Autowired
+//    private RedisTemplate<String, String> redisTemplate;
+//
+//
+//    @Override
+//    public void init(FilterConfig filterConfig) throws ServletException {
+//
+//    }
+//
+//    @Override
+//    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+//
+//        log.warn("active: {}", active);
+//
+//        HttpServletRequest req = (HttpServletRequest) request;
+//        HeaderMapRequestWrapper requestWrapper = new HeaderMapRequestWrapper(req);
+//        String token = req.getHeader("Authorization");
+//
+//
+//        // 排除登录接口
+//        if (token == null && !req.getRequestURI().contains("/admin/login")) {
+//            if ("dev".equals(active) ){
+//                    // admin 用户测试用
+//                    token = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxNTk5OTk5OTk5OSIsInJvbGUiOlsiYWRtaW4iXSwiaWQiOjksInVzZXJOYW1lIjoiMTU5OTk5OTk5OTkiLCJpYXQiOjE1ODM4MjI4MTksImp0aSI6ImZjMWUyYjUwLWU4MDgtNDVhNy1iZTliLTEwOWIxODc4YmNjNyJ9.liO1iotkDSf5NeOyd624_ME3yx4HthdfT5GQRIBGtTg";
+//                    //如果请求中带有这个参数，则进行过滤加一个header头
+//                    requestWrapper.addHeader("Authorization", token);
+//                    String userName = "15999999999";
+//                    // 更新到 redis, 有效期24h, 旧token无效
+//                    redisTemplate.opsForValue().set(userName, token, Long.parseLong("240000"), TimeUnit.HOURS);
+//                    chain.doFilter(requestWrapper, response);
+//
+//                }
+//
+//        } else {
+//            chain.doFilter(requestWrapper, response);
+//        }
+//
+//    }
+//
+//    @Override
+//    public void destroy() {
+//
+//    }
+//}

xiaoan-web/src/main/java/com/xiaoan/web/backend/DepartmentController.java

@@ -12,6 +12,8 @@ import com.xiaoan.web.aop.WebControllerLog;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
@@ -36,6 +38,7 @@ public class DepartmentController extends BaseController {
     @Autowired
     private DepartmentService departmentService;
 
+    @RequiresRoles(value = {"admin"}, logical = Logical.OR)
     @ApiOperation("分页获取部门列表/搜索")
     @WebControllerLog(description = "部门信息-查询列表")
     @PostMapping("list")
@@ -46,6 +49,7 @@ public class DepartmentController extends BaseController {
         return new ResultJson(MsgCode.SUCCESS_CODE, pageInfo);
     }
 
+    @RequiresRoles(value = {"admin"}, logical = Logical.OR)
     @ApiOperation("新增部门")
     @WebControllerLog(description = "部门信息-新增/修改部门")
     @PostMapping("save")
@@ -54,15 +58,10 @@ public class DepartmentController extends BaseController {
             return new ResultJson(MsgCode.FAILURE_CODE_3001, MsgCode.FAILURE_MSG_3001);
         }
 
-        DepartmentEntity entity = departmentService.findById(param.getId());
-        if (entity != null) {
-            BeanUtils.copyProperties(param, entity);
-            entity.setUpdateTime(new Date());
-
-            departmentService.update(entity);
+        Long id = param.getId();
 
-
-        } else {
+        DepartmentEntity entity = null;
+        if (id == null) {
             entity = departmentService.findByName(param.getName());
             if(entity != null){
                 return new ResultJson(MsgCode.FAILURE_CODE_5001, MsgCode.FAILURE_MSG_5001);
@@ -71,16 +70,31 @@ public class DepartmentController extends BaseController {
             entity = new DepartmentEntity();
             BeanUtils.copyProperties(param, entity);
             departmentService.save(entity);
+        } else {
+            entity = departmentService.findById(id);
+            if (entity == null) {
+                return new ResultJson(MsgCode.FAILURE_CODE_3002, MsgCode.FAILURE_MSG_3002);
+            }
+            BeanUtils.copyProperties(param, entity);
+            entity.setUpdateTime(new Date());
 
+            departmentService.update(entity);
         }
 
 
+        return new ResultJson(MsgCode.SUCCESS_CODE, MsgCode.SUCCESS_MSG);
+    }
 
-
-
+    @WebControllerLog(description = "部门信息-多部门删除")
+    @RequiresRoles(value = {"admin"}, logical = Logical.OR)
+    @ApiOperation("删除多部门")
+    @GetMapping("delete/all/{id}")
+    public ResultJson deleteAll(@PathVariable String id){
+        departmentService.deleteByIds(id);
         return new ResultJson(MsgCode.SUCCESS_CODE, MsgCode.SUCCESS_MSG);
     }
 
+    @RequiresRoles(value = {"admin"}, logical = Logical.OR)
     @WebControllerLog(description = "部门信息-删除部门")
     @ApiOperation("部门信息-删除部门")
     @PostMapping("delete/{id}")

xiaoan-web/src/main/java/com/xiaoan/web/backend/DeviceController.java

@@ -1,78 +1,78 @@
-package com.xiaoan.web.backend;
-
-import com.github.pagehelper.PageInfo;
-import com.xiaoan.common.constant.MsgCode;
-import com.xiaoan.common.model.PageDto;
-import com.xiaoan.common.util.ResultJson;
-import com.xiaoan.domain.backend.CameraEntity;
-import com.xiaoan.domain.backend.DepartmentEntity;
-import com.xiaoan.domain.dto.request.DepartmentRequest;
-import com.xiaoan.service.backend.CameraService;
-import com.xiaoan.service.backend.DepartmentService;
-import com.xiaoan.web.aop.WebControllerLog;
-import io.swagger.annotations.Api;
-import io.swagger.annotations.ApiOperation;
-import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.BeanUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.transaction.annotation.Transactional;
-import org.springframework.web.bind.annotation.*;
-import tk.mybatis.mapper.entity.Condition;
-
-/**
- * Created by Hb_zzZ on 2020/2/27.
- *
- * 需要admin权限
- */
-@Api(tags = "DeviceController", description = "后台设备管理")
-@RestController
-@RequestMapping("api/manage/device")
-@Transactional
-public class DeviceController extends BaseController {
-
-    @Autowired
-    private DepartmentService departmentService;
-
-    @Autowired
-    private CameraService cameraService;
-
-    @ApiOperation("分页获取部门列表/搜索")
-    @WebControllerLog(description = "部门信息-查询列表")
-    @PostMapping("list")
-    public ResultJson list(@RequestBody PageDto param){
-        Condition condition = new Condition(DepartmentEntity.class);
-        condition.and().andLike("name", "%" + param.getSearchKey()+ "%");
-        PageInfo<DepartmentEntity> pageInfo = departmentService.findAll(condition, param.getPageNum(), param.getPageSize());
-        return new ResultJson(MsgCode.SUCCESS_CODE, pageInfo);
-    }
-
-    /**
-     * 需要一个mac地址
-     *
-     * WiFi名称，跟mac地址一致
-     * wifi密码：12345678
-     */
-    @ApiOperation("新增相机")
-    @WebControllerLog(description = "设备管理-新增相机")
-    @PostMapping("save/{code}")
-    public ResultJson save(@PathVariable String code){
-        if(StringUtils.isEmpty(code)){
-            return new ResultJson(MsgCode.FAILURE_CODE_3001, MsgCode.FAILURE_MSG_3001);
-        }
-
-
-        CameraEntity cameraEntity = cameraService.findByWifiName(code);
-        if(cameraEntity == null){
-            cameraEntity = new CameraEntity();
-            cameraEntity.setChildName(code);
-            cameraEntity.setWifiName(code);
-            cameraEntity.setWifiPassword("12345678");
-
-
-            cameraService.save(cameraEntity);
-        }
-
-        return new ResultJson(MsgCode.SUCCESS_CODE, MsgCode.SUCCESS_MSG);
-    }
-
-}
+//package com.xiaoan.web.backend;
+//
+//import com.github.pagehelper.PageInfo;
+//import com.xiaoan.common.constant.MsgCode;
+//import com.xiaoan.common.model.PageDto;
+//import com.xiaoan.common.util.ResultJson;
+//import com.xiaoan.domain.backend.CameraEntity;
+//import com.xiaoan.domain.backend.DepartmentEntity;
+//import com.xiaoan.domain.dto.request.DepartmentRequest;
+//import com.xiaoan.service.backend.CameraService;
+//import com.xiaoan.service.backend.DepartmentService;
+//import com.xiaoan.web.aop.WebControllerLog;
+//import io.swagger.annotations.Api;
+//import io.swagger.annotations.ApiOperation;
+//import org.apache.commons.lang3.StringUtils;
+//import org.springframework.beans.BeanUtils;
+//import org.springframework.beans.factory.annotation.Autowired;
+//import org.springframework.transaction.annotation.Transactional;
+//import org.springframework.web.bind.annotation.*;
+//import tk.mybatis.mapper.entity.Condition;
+//
+///**
+// * Created by Hb_zzZ on 2020/2/27.
+// *
+// * 需要admin权限
+// */
+//@Api(tags = "DeviceController", description = "后台设备管理")
+//@RestController
+//@RequestMapping("api/manage/device")
+//@Transactional
+//public class DeviceController extends BaseController {
+//
+//    @Autowired
+//    private DepartmentService departmentService;
+//
+//    @Autowired
+//    private CameraService cameraService;
+//
+//    @ApiOperation("分页获取部门列表/搜索")
+//    @WebControllerLog(description = "部门信息-查询列表")
+//    @PostMapping("list")
+//    public ResultJson list(@RequestBody PageDto param){
+//        Condition condition = new Condition(DepartmentEntity.class);
+//        condition.and().andLike("name", "%" + param.getSearchKey()+ "%");
+//        PageInfo<DepartmentEntity> pageInfo = departmentService.findAll(condition, param.getPageNum(), param.getPageSize());
+//        return new ResultJson(MsgCode.SUCCESS_CODE, pageInfo);
+//    }
+//
+//    /**
+//     * 需要一个mac地址
+//     *
+//     * WiFi名称，跟mac地址一致
+//     * wifi密码：12345678
+//     */
+//    @ApiOperation("新增相机")
+//    @WebControllerLog(description = "设备管理-新增相机")
+//    @PostMapping("save/{code}")
+//    public ResultJson save(@PathVariable String code){
+//        if(StringUtils.isEmpty(code)){
+//            return new ResultJson(MsgCode.FAILURE_CODE_3001, MsgCode.FAILURE_MSG_3001);
+//        }
+//
+//
+//        CameraEntity cameraEntity = cameraService.findByWifiName(code);
+//        if(cameraEntity == null){
+//            cameraEntity = new CameraEntity();
+//            cameraEntity.setChildName(code);
+//            cameraEntity.setWifiName(code);
+//            cameraEntity.setWifiPassword("12345678");
+//
+//
+//            cameraService.save(cameraEntity);
+//        }
+//
+//        return new ResultJson(MsgCode.SUCCESS_CODE, MsgCode.SUCCESS_MSG);
+//    }
+//
+//}

xiaoan-web/src/main/java/com/xiaoan/web/backend/IndexController.java

@@ -89,6 +89,7 @@ public class IndexController {
         result.put("token", token);
 //        result.put("permission", resourcesTreeByUserPermission);
         result.put("permission", resourcesByUserMenu);
+        result.put("role", roles);
 
 
         // 更新到 redis, 有效期24h, 旧token无效
@@ -112,7 +113,7 @@ public class IndexController {
         String token = request.getHeader("Authorization");
         String username = JwtUtil2.getUsername(token);
 
-        String redisToken = (String) redisTemplate.opsForValue().get(username);
+        String redisToken = redisTemplate.opsForValue().get(username);
         // token username 一致，代表没有被踢出
         if (username.equals(redisToken)) {
             redisTemplate.delete(username);

xiaoan-web/src/main/java/com/xiaoan/web/backend/IssueController.java

@@ -15,6 +15,7 @@ import com.xiaoan.web.aop.WebControllerLog;
 import com.xiaoan.web.shiro.JWTUtil;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
+import org.apache.shiro.authz.annotation.Logical;
 import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -77,7 +78,7 @@ public class IssueController extends BaseController {
     /**
      * 只有管理员才能回复问题
      */
-//    @RequiresRoles("admin")
+    @RequiresRoles("admin")
     @WebControllerLog(description = "问题反馈-回复问题")
     @ApiOperation("回复问题")
     @GetMapping("reply/{id}/{item}")
@@ -108,6 +109,15 @@ public class IssueController extends BaseController {
         return new ResultJson(MsgCode.SUCCESS_CODE, MsgCode.SUCCESS_MSG);
     }
 
+    @WebControllerLog(description = "问题反馈-删除问题")
+    @RequiresRoles(value = {"admin"}, logical = Logical.OR)
+    @ApiOperation("删除多问题")
+    @GetMapping("delete/all/{id}")
+    public ResultJson deleteAll(@PathVariable String id){
+        issueService.deleteByIds(id);
+        return new ResultJson(MsgCode.SUCCESS_CODE, MsgCode.SUCCESS_MSG);
+    }
+
 
 
 

xiaoan-web/src/main/java/com/xiaoan/web/backend/LogController.java

@@ -10,6 +10,7 @@ import com.xiaoan.web.aop.WebControllerLog;
 import com.xiaoan.web.shiro.JWTUtil;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.*;
@@ -37,6 +38,7 @@ public class LogController extends BaseController {
     /**
      * 疑问：搜索是否应该有个起始/结束时间
      */
+    @RequiresRoles("admin")
     @WebControllerLog(description = "操作日志-日志搜索/列表")
     @ApiOperation("搜索/列表共用")
     @PostMapping("list")

xiaoan-web/src/main/java/com/xiaoan/web/backend/StatisticsController.java

@@ -7,6 +7,9 @@ import com.xiaoan.service.backend.UserService;
 import com.xiaoan.web.aop.WebControllerLog;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
+import lombok.extern.log4j.Log4j2;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -21,6 +24,7 @@ import java.util.HashMap;
  * 数据统计
  * 需要admin权限
  */
+@Log4j2
 @Api(tags = "StatisticsController", description = "后台数据统计")
 @RestController
 @RequestMapping("api/manage/statistics")
@@ -33,14 +37,11 @@ public class StatisticsController {
     @Autowired
     private SceneService sceneService;
 
-    /**
-     * 加了日志注解，会出错，在filter里出错
-     */
-//    @WebControllerLog(description = "数据统计-获取数据")
-//    @WebControllerLog(description = "数据统计-获取数据")
+    @RequiresRoles(value = {"admin"}, logical = Logical.OR)
+    @WebControllerLog(description = "数据统计-获取数据")
     @ApiOperation("获取数据")
-    @GetMapping()
-    private ResultJson getData() {
+    @GetMapping
+    public ResultJson getData() {
 
         HashMap<Object, Object> map = new HashMap<>();
 

xiaoan-web/src/main/java/com/xiaoan/web/backend/TestController.java

@@ -74,6 +74,14 @@ public class TestController {
         return new ResultJson(2000, "");
     }
 
+    @ApiOperation("user/count")
+    @GetMapping("user/count")
+    public ResultJson userCount(){
+        Integer count = userService.findAllByViewCount();
+
+        return new ResultJson(2000, count);
+    }
+
 
     @ApiOperation("测试按logSearchProvider日期查询")
     @PostMapping("log/search/logSearchProvider")

xiaoan-web/src/main/java/com/xiaoan/web/backend/UserController.java

@@ -12,6 +12,9 @@ import com.xiaoan.service.backend.UserService;
 import com.xiaoan.web.aop.WebControllerLog;
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.shiro.authz.annotation.Logical;
+import org.apache.shiro.authz.annotation.RequiresRoles;
 import org.springframework.beans.BeanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
@@ -38,6 +41,7 @@ public class UserController extends BaseController {
     @Autowired
     private UserService userService;
 
+    @RequiresRoles(value = {"admin"}, logical = Logical.OR)
     @WebControllerLog(description = "用户管理-查看用户列表/搜索")
     @ApiOperation("分页获取用户列表")
     @PostMapping("list")
@@ -46,13 +50,14 @@ public class UserController extends BaseController {
         return new ResultJson(MsgCode.SUCCESS_CODE, page);
     }
 
+    @RequiresRoles(value = {"admin"}, logical = Logical.OR)
     @ApiOperation("新增或修改用户信息")
     @PostMapping("save")
     public ResultJson save(@RequestBody UserRequest param){
         int n = 0;
 
-        UserEntity entity = userService.findById(param.getId());
-        if (entity == null ){
+        UserEntity entity = null;
+        if (param.getId() == null){
             entity = userService.findByUserName(param.getUserName());
             if (entity != null) {
                 return new ResultJson(MsgCode.ERROR_CODE, "用户名已存在");
@@ -66,6 +71,11 @@ public class UserController extends BaseController {
 
             n = userService.save(entity);
         } else {
+
+            entity = userService.findById(param.getId());
+            if (entity == null) {
+                return new ResultJson(MsgCode.FAILURE_CODE_3002, MsgCode.FAILURE_MSG_3002);
+            }
             // 每次修改，删除用户角色表信息，重新添加
             userService.deleteUserRole(param.getId());
 
@@ -75,6 +85,31 @@ public class UserController extends BaseController {
         }
 
 
+
+//        UserEntity entity = userService.findById(param.getId());
+//        if (entity == null ){
+//            entity = userService.findByUserName(param.getUserName());
+//            if (entity != null) {
+//                return new ResultJson(MsgCode.ERROR_CODE, "用户名已存在");
+//            }
+//
+//            entity = new UserEntity();
+//            param.setId(null);
+//
+//            BeanUtils.copyProperties(param, entity);
+//            entity.setPassword(PasswordUtils.encrypt(param.getUserName(), "123456", PasswordUtils.getStaticSalt()));
+//
+//            n = userService.save(entity);
+//        } else {
+//            // 每次修改，删除用户角色表信息，重新添加
+//            userService.deleteUserRole(param.getId());
+//
+//            BeanUtils.copyProperties(param, entity);
+//            entity.setUpdateTime(new Date());
+//            n = userService.update(entity);
+//        }
+
+
         if (n >= 0) {
             if (param.getRoleId() != null) {
                 // 一个用户只有一个角色
@@ -85,14 +120,23 @@ public class UserController extends BaseController {
         return new ResultJson(MsgCode.ERROR_CODE, MsgCode.ERROR_MSG);
     }
 
+    @RequiresRoles(value = {"admin"}, logical = Logical.OR)
     @ApiOperation("删除用户")
     @GetMapping("delete/{id}")
     public ResultJson delete(@PathVariable Long id){
         userService.deleteById(id);
-//        userService.deleteUserRole(id);
         return new ResultJson(MsgCode.SUCCESS_CODE, MsgCode.SUCCESS_MSG);
     }
 
+    @RequiresRoles(value = {"admin"}, logical = Logical.OR)
+    @ApiOperation("删除多用户")
+    @GetMapping("delete/all/{id}")
+    public ResultJson deleteAll(@PathVariable String id){
+        userService.deleteByIds(id);
+        return new ResultJson(MsgCode.SUCCESS_CODE, MsgCode.SUCCESS_MSG);
+    }
+
+
     @ApiOperation("查询用户信息")
     @GetMapping("detail/{id}")
     public ResultJson detail(@PathVariable Long id){
@@ -116,6 +160,7 @@ public class UserController extends BaseController {
         return new ResultJson(MsgCode.SUCCESS_CODE, MsgCode.SUCCESS_MSG);
     }
 
+    @RequiresRoles(value = {"admin"}, logical = Logical.OR)
     @ApiOperation("重置密码")
     @GetMapping("resetPass/{id}")
     public ResultJson resetPass(@PathVariable Long id){

xiaoan-web/src/main/java/com/xiaoan/web/shiro/MyRealm.java

@@ -130,7 +130,7 @@ public class MyRealm extends AuthorizingRealm {
 
         // 校验请求token是否跟redis token一致
         String redisToken = (String) redisTemplate.opsForValue().get(userEntity.getUserName());
-        log.warn("redisToken: {}", redisToken);
+//        log.warn("redisToken: {}", redisToken);
         if (!token.equals(redisToken)) {
             log.info("error token redis");
             throw new AuthenticationException("token invalid");

xiaoan-web/src/main/java/com/xiaoan/web/shiro/ShiroConfig.java

@@ -76,10 +76,6 @@ public class ShiroConfig {
         filterRuleMap.put("/test/**", "anon");
         filterRuleMap.put("/manage/**", "anon");
 
-//        filterRuleMap.put("/api/dem/**", "anon");
-//        filterRuleMap.put("/test/convert/**", "anon");
-//        filterRuleMap.put("/api/convert/**", "anon");
-
 
         // swagger 不拦截
         filterRuleMap.put("/swagger-resources/**", "anon");
@@ -89,7 +85,7 @@ public class ShiroConfig {
 
 
         // 所有请求通过我们自己的JWT Filter
-//        filterRuleMap.put("/api/manage/**", "jwt");
+        filterRuleMap.put("/api/manage/**", "jwt");
 
 
         // 访问401和404页面不通过我们的Filter