朱兆平 / spring cloud基础开发框架 · 提交

转到一个项目

作者 朱兆平
提交 44351606972c3a371f0454ee82aa781b43841719 1 个父辈 5dfdb41b

解决路径 对 用户 角色 判定访问权限

内嵌 并排对比
正在显示 10 个修改的文件 包含 68 行增加25 行删除
@@ -21,4 +21,6 @@ public interface PERMISSIONMapper { @@ -21,4 +21,6 @@ public interface PERMISSIONMapper {
21 List<PERMISSION> findAll(); 21 List<PERMISSION> findAll();
22 22
23 List<PERMISSION> findByUserId(Integer userId); 23 List<PERMISSION> findByUserId(Integer userId);
  24 +
  25 + List<String> findRoleListByUrl(String permissionUrl);
24 } 26 }
@@ -19,4 +19,6 @@ public interface ROLEMapper { @@ -19,4 +19,6 @@ public interface ROLEMapper {
19 int updateByPrimaryKey(ROLE record); 19 int updateByPrimaryKey(ROLE record);
20 20
21 List<ROLE> findRolesByUserId(Integer userId); 21 List<ROLE> findRolesByUserId(Integer userId);
  22 +
  23 + List<ROLE> findAll();
22 } 24 }
1 package com.tianbo.warehouse.model; 1 package com.tianbo.warehouse.model;
2 2
3 -import org.springframework.security.core.GrantedAuthority;  
4 -  
5 -public class PERMISSION implements GrantedAuthority {  
6 - private static final long serialVersionUID = -3957539165716897100L;  
7 - 3 +public class PERMISSION {
8 private Integer permissionId; 4 private Integer permissionId;
9 5
10 private String permissionName; 6 private String permissionName;
@@ -115,8 +111,4 @@ public class PERMISSION implements GrantedAuthority { @@ -115,8 +111,4 @@ public class PERMISSION implements GrantedAuthority {
115 this.ext3 = ext3 == null ? null : ext3.trim(); 111 this.ext3 = ext3 == null ? null : ext3.trim();
116 } 112 }
117 113
118 - @Override  
119 - public String getAuthority(){  
120 - return this.getPermissionName();  
121 - }  
122 } 114 }
1 package com.tianbo.warehouse.model; 1 package com.tianbo.warehouse.model;
2 2
3 -public class ROLE { 3 +import org.springframework.security.core.GrantedAuthority;
  4 +
  5 +public class ROLE implements GrantedAuthority {
  6 + private static final long serialVersionUID = 1L;
  7 +
4 private Integer roleId; 8 private Integer roleId;
5 9
6 private String roleName; 10 private String roleName;
@@ -40,4 +44,9 @@ public class ROLE { @@ -40,4 +44,9 @@ public class ROLE {
40 public void setDescription(String description) { 44 public void setDescription(String description) {
41 this.description = description == null ? null : description.trim(); 45 this.description = description == null ? null : description.trim();
42 } 46 }
  47 +
  48 + @Override
  49 + public String getAuthority(){
  50 + return this.getRoleName();
  51 + }
43 } 52 }
@@ -10,6 +10,9 @@ import java.util.Date; @@ -10,6 +10,9 @@ import java.util.Date;
10 import java.util.List; 10 import java.util.List;
11 11
12 public class USERS implements UserDetails { 12 public class USERS implements UserDetails {
  13 +
  14 + private static final long serialVersionUID = 1L;
  15 +
13 private Integer userId; 16 private Integer userId;
14 17
15 private String username; 18 private String username;
@@ -215,9 +218,10 @@ public class USERS implements UserDetails { @@ -215,9 +218,10 @@ public class USERS implements UserDetails {
215 @Override 218 @Override
216 public Collection<? extends GrantedAuthority> getAuthorities(){ 219 public Collection<? extends GrantedAuthority> getAuthorities(){
217 List<GrantedAuthority> auths = new ArrayList<>(); 220 List<GrantedAuthority> auths = new ArrayList<>();
218 - List<PERMISSION> permissions = this.getPermissions();  
219 - for (PERMISSION permission : permissions) {  
220 - auths.add(new SimpleGrantedAuthority(permission.getAuthority())); 221 + for (ROLE role : roles) {
  222 + if (null != role){
  223 + auths.add(new SimpleGrantedAuthority(role.getAuthority()));
  224 + }
221 } 225 }
222 return auths; 226 return auths;
223 } 227 }
@@ -38,9 +38,10 @@ public class MyFilterSecurityInterceptor extends AbstractSecurityInterceptor imp @@ -38,9 +38,10 @@ public class MyFilterSecurityInterceptor extends AbstractSecurityInterceptor imp
38 38
39 39
40 public void invoke(FilterInvocation fi) throws IOException, ServletException { 40 public void invoke(FilterInvocation fi) throws IOException, ServletException {
41 -//fi里面有一个被拦截的url  
42 -//里面调用MyInvocationSecurityMetadataSource的getAttributes(Object object)这个方法获取fi对应的所有权限  
43 -//再调用MyAccessDecisionManager的decide方法来校验用户的权限是否足够 41 + /**
  42 + *fi里面有一个被拦截的url里面调用MyInvocationSecurityMetadataSource的getAttributes(Object object)这个方法获取fi对应的所有权限
  43 + 再调用MyAccessDecisionManager的decide方法来校验用户的权限是否足够
  44 + */
44 InterceptorStatusToken token = super.beforeInvocation(fi); 45 InterceptorStatusToken token = super.beforeInvocation(fi);
45 try { 46 try {
46 //执行下一个拦截器 47 //执行下一个拦截器
@@ -28,26 +28,41 @@ public class MyInvocationSecurityMetadataSourceService implements FilterInvocati @@ -28,26 +28,41 @@ public class MyInvocationSecurityMetadataSourceService implements FilterInvocati
28 /** 28 /**
29 * 加载权限表中所有权限 29 * 加载权限表中所有权限
30 */ 30 */
31 - public void loadResourceDefine(){ 31 + public void loadResourceDefine(String requestUrl){
32 map = new HashMap<>(); 32 map = new HashMap<>();
33 Collection<ConfigAttribute> array; 33 Collection<ConfigAttribute> array;
34 ConfigAttribute cfg; 34 ConfigAttribute cfg;
35 List<PERMISSION> permissions = permissionMapper.findAll(); 35 List<PERMISSION> permissions = permissionMapper.findAll();
36 for(PERMISSION permission : permissions) { 36 for(PERMISSION permission : permissions) {
37 array = new ArrayList<>(); 37 array = new ArrayList<>();
38 - cfg = new SecurityConfig(permission.getPermissionName());  
39 - //此处只添加了用户的名字,其实还可以添加更多权限的信息,例如请求方法到ConfigAttribute的集合中去。此处添加的信息将会作为MyAccessDecisionManager类的decide的第三个参数。  
40 - array.add(cfg); 38 +
  39 + //此处只添加了用户的名字,其实还可以添加更多权限的信息,
  40 + // 例如请求方法到ConfigAttribute的集合中去。
  41 + // 此处添加的信息将会作为MyAccessDecisionManager类的decide的第三个参数。
  42 +
  43 + //CFG存储访问的URL需要的权限"ROLE_??"LIST
  44 + List<String> urlOfRoles = permissionMapper.findRoleListByUrl(requestUrl);
  45 +
  46 + for (String roleName:urlOfRoles) {
  47 + cfg = new SecurityConfig(roleName);
  48 + array.add(cfg);
  49 + }
41 //用权限的getUrl() 作为map的key,用ConfigAttribute的集合作为 value, 50 //用权限的getUrl() 作为map的key,用ConfigAttribute的集合作为 value,
42 - map.put(permission.getPermissionSign(), array); 51 + map.put(permission.getUrl(), array);
43 } 52 }
44 53
45 } 54 }
46 55
47 - //此方法是为了判定用户请求的url 是否在权限表中,如果在权限表中,则返回给 decide 方法,用来判定用户是否有此权限。如果不在权限表中则放行。 56 + /**
  57 + * 此方法是为了判定用户请求的url 是否在权限表中,
  58 + * 如果在权限表中,则返回给 decide 方法,
  59 + * 用来判定用户是否有此权限。如果不在权限表中则放行。
  60 + */
48 @Override 61 @Override
49 public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException { 62 public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
50 - if(map ==null) {loadResourceDefine();} 63 + //清楚地址
  64 + String requestUrl = ((FilterInvocation)object).getRequestUrl();
  65 + if(map ==null) {loadResourceDefine(requestUrl);}
51 //object 中包含用户请求的request 信息 66 //object 中包含用户请求的request 信息
52 HttpServletRequest request = ((FilterInvocation) object).getHttpRequest(); 67 HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
53 AntPathRequestMatcher matcher; 68 AntPathRequestMatcher matcher;
@@ -7,6 +7,8 @@ server.servlet.context-path=${SERVER_CONTEXTPATH:} @@ -7,6 +7,8 @@ server.servlet.context-path=${SERVER_CONTEXTPATH:}
7 #服务名 7 #服务名
8 spring.application.name=tianbo.base.dev.devkit 8 spring.application.name=tianbo.base.dev.devkit
9 9
  10 +spring.jackson.serialization.fail-on-empty-beans=false
  11 +
10 12
11 #springcloud 基本配置 13 #springcloud 基本配置
12 14
@@ -76,7 +78,9 @@ pagehelper.support-methods-arguments=true @@ -76,7 +78,9 @@ pagehelper.support-methods-arguments=true
76 pagehelper.params=count=countSql 78 pagehelper.params=count=countSql
77 79
78 #debug配置 80 #debug配置
79 -trace=false 81 +trace=true
  82 +debug=true
  83 +logging.level.org.apache.tomcat=info
80 logging.level.com.tianbo.warehouse.dao=DEBUG 84 logging.level.com.tianbo.warehouse.dao=DEBUG
81 logging.level.org.springframework.security =trace 85 logging.level.org.springframework.security =trace
82 -debug=false  
  86 +
@@ -29,6 +29,15 @@ @@ -29,6 +29,15 @@
29 <include refid="Base_Column_List" /> 29 <include refid="Base_Column_List" />
30 from permission 30 from permission
31 </select> 31 </select>
  32 + <select id="findRoleListByUrl" resultType="java.lang.String" parameterType="java.lang.String">
  33 + SELECT
  34 + R.role_name
  35 +FROM
  36 + permission P
  37 + LEFT JOIN role_permission RP ON P.permission_id = RP.permission_id
  38 + LEFT JOIN ROLE R ON R.ROLE_ID= RP.ROLE_ID
  39 +where P.url = #{permissionUrl,jdbcType=VARCHAR}
  40 + </select>
32 <select id="findByUserId" parameterType="java.lang.Integer" resultMap="BaseResultMap"> 41 <select id="findByUserId" parameterType="java.lang.Integer" resultMap="BaseResultMap">
33 SELECT 42 SELECT
34 P .* 43 P .*
@@ -16,6 +16,11 @@ @@ -16,6 +16,11 @@
16 from role 16 from role
17 where role_id = #{roleId,jdbcType=INTEGER} 17 where role_id = #{roleId,jdbcType=INTEGER}
18 </select> 18 </select>
  19 + <select id="findAll" resultMap="BaseResultMap" >
  20 + select
  21 + <include refid="Base_Column_List" />
  22 + from role
  23 + </select>
19 <select id="findRolesByUserId" parameterType="java.lang.Integer" resultMap="BaseResultMap"> 24 <select id="findRolesByUserId" parameterType="java.lang.Integer" resultMap="BaseResultMap">
20 SELECT 25 SELECT
21 R.* 26 R.*