朱兆平 / spring cloud基础开发框架 · 提交

转到一个项目

作者 朱兆平
提交 44351606972c3a371f0454ee82aa781b43841719 1 个父辈 5dfdb41b

解决路径 对 用户 角色 判定访问权限

内嵌 并排对比
正在显示 10 个修改的文件 包含 68 行增加25 行删除
... ... @@ -21,4 +21,6 @@ public interface PERMISSIONMapper {
List<PERMISSION> findAll();
List<PERMISSION> findByUserId(Integer userId);
List<String> findRoleListByUrl(String permissionUrl);
}
\ No newline at end of file
... ...
... ... @@ -19,4 +19,6 @@ public interface ROLEMapper {
int updateByPrimaryKey(ROLE record);
List<ROLE> findRolesByUserId(Integer userId);
List<ROLE> findAll();
}
\ No newline at end of file
... ...
package com.tianbo.warehouse.model;
import org.springframework.security.core.GrantedAuthority;
public class PERMISSION implements GrantedAuthority {
private static final long serialVersionUID = -3957539165716897100L;
public class PERMISSION {
private Integer permissionId;
private String permissionName;
... ... @@ -115,8 +111,4 @@ public class PERMISSION implements GrantedAuthority {
this.ext3 = ext3 == null ? null : ext3.trim();
}
@Override
public String getAuthority(){
return this.getPermissionName();
}
}
\ No newline at end of file
... ...
package com.tianbo.warehouse.model;
public class ROLE {
import org.springframework.security.core.GrantedAuthority;
public class ROLE implements GrantedAuthority {
private static final long serialVersionUID = 1L;
private Integer roleId;
private String roleName;
... ... @@ -40,4 +44,9 @@ public class ROLE {
public void setDescription(String description) {
this.description = description == null ? null : description.trim();
}
@Override
public String getAuthority(){
return this.getRoleName();
}
}
\ No newline at end of file
... ...
... ... @@ -10,6 +10,9 @@ import java.util.Date;
import java.util.List;
public class USERS implements UserDetails {
private static final long serialVersionUID = 1L;
private Integer userId;
private String username;
... ... @@ -215,9 +218,10 @@ public class USERS implements UserDetails {
@Override
public Collection<? extends GrantedAuthority> getAuthorities(){
List<GrantedAuthority> auths = new ArrayList<>();
List<PERMISSION> permissions = this.getPermissions();
for (PERMISSION permission : permissions) {
auths.add(new SimpleGrantedAuthority(permission.getAuthority()));
for (ROLE role : roles) {
if (null != role){
auths.add(new SimpleGrantedAuthority(role.getAuthority()));
}
}
return auths;
}
... ...
... ... @@ -38,9 +38,10 @@ public class MyFilterSecurityInterceptor extends AbstractSecurityInterceptor imp
public void invoke(FilterInvocation fi) throws IOException, ServletException {
//fi里面有一个被拦截的url
//里面调用MyInvocationSecurityMetadataSource的getAttributes(Object object)这个方法获取fi对应的所有权限
//再调用MyAccessDecisionManager的decide方法来校验用户的权限是否足够
/**
*fi里面有一个被拦截的url里面调用MyInvocationSecurityMetadataSource的getAttributes(Object object)这个方法获取fi对应的所有权限
再调用MyAccessDecisionManager的decide方法来校验用户的权限是否足够
*/
InterceptorStatusToken token = super.beforeInvocation(fi);
try {
//执行下一个拦截器
... ...
... ... @@ -28,26 +28,41 @@ public class MyInvocationSecurityMetadataSourceService implements FilterInvocati
/**
* 加载权限表中所有权限
*/
public void loadResourceDefine(){
public void loadResourceDefine(String requestUrl){
map = new HashMap<>();
Collection<ConfigAttribute> array;
ConfigAttribute cfg;
List<PERMISSION> permissions = permissionMapper.findAll();
for(PERMISSION permission : permissions) {
array = new ArrayList<>();
cfg = new SecurityConfig(permission.getPermissionName());
//此处只添加了用户的名字,其实还可以添加更多权限的信息,例如请求方法到ConfigAttribute的集合中去。此处添加的信息将会作为MyAccessDecisionManager类的decide的第三个参数。
array.add(cfg);
//此处只添加了用户的名字,其实还可以添加更多权限的信息,
// 例如请求方法到ConfigAttribute的集合中去。
// 此处添加的信息将会作为MyAccessDecisionManager类的decide的第三个参数。
//CFG存储访问的URL需要的权限"ROLE_??"LIST
List<String> urlOfRoles = permissionMapper.findRoleListByUrl(requestUrl);
for (String roleName:urlOfRoles) {
cfg = new SecurityConfig(roleName);
array.add(cfg);
}
//用权限的getUrl() 作为map的key,用ConfigAttribute的集合作为 value,
map.put(permission.getPermissionSign(), array);
map.put(permission.getUrl(), array);
}
}
//此方法是为了判定用户请求的url 是否在权限表中,如果在权限表中,则返回给 decide 方法,用来判定用户是否有此权限。如果不在权限表中则放行。
/**
* 此方法是为了判定用户请求的url 是否在权限表中,
* 如果在权限表中,则返回给 decide 方法,
* 用来判定用户是否有此权限。如果不在权限表中则放行。
*/
@Override
public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
if(map ==null) {loadResourceDefine();}
//清楚地址
String requestUrl = ((FilterInvocation)object).getRequestUrl();
if(map ==null) {loadResourceDefine(requestUrl);}
//object 中包含用户请求的request 信息
HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
AntPathRequestMatcher matcher;
... ...
... ... @@ -7,6 +7,8 @@ server.servlet.context-path=${SERVER_CONTEXTPATH:}
#服务名
spring.application.name=tianbo.base.dev.devkit
spring.jackson.serialization.fail-on-empty-beans=false
#springcloud 基本配置
... ... @@ -76,7 +78,9 @@ pagehelper.support-methods-arguments=true
pagehelper.params=count=countSql
#debug配置
trace=false
trace=true
debug=true
logging.level.org.apache.tomcat=info
logging.level.com.tianbo.warehouse.dao=DEBUG
logging.level.org.springframework.security =trace
debug=false
\ No newline at end of file
... ...
... ... @@ -29,6 +29,15 @@
<include refid="Base_Column_List" />
from permission
</select>
<select id="findRoleListByUrl" resultType="java.lang.String" parameterType="java.lang.String">
SELECT
R.role_name
FROM
permission P
LEFT JOIN role_permission RP ON P.permission_id = RP.permission_id
LEFT JOIN ROLE R ON R.ROLE_ID= RP.ROLE_ID
where P.url = #{permissionUrl,jdbcType=VARCHAR}
</select>
<select id="findByUserId" parameterType="java.lang.Integer" resultMap="BaseResultMap">
SELECT
P .*
... ...
... ... @@ -16,6 +16,11 @@
from role
where role_id = #{roleId,jdbcType=INTEGER}
</select>
<select id="findAll" resultMap="BaseResultMap" >
select
<include refid="Base_Column_List" />
from role
</select>
<select id="findRolesByUserId" parameterType="java.lang.Integer" resultMap="BaseResultMap">
SELECT
R.*
... ...