目录
一、RABC表的设计
基本概念就是五个表:
用户表:users
角色表:role
权限表:permission
还需要两种关系表,才能通过users知道他的权限
用户_角色表
角色_权限表
用户对应角色,角色对应着权限
二、查询权限并添加Security中
基本的创建mapper,自定义方法(通过用户名来查询权限)
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <mapper namespace="com.gq.springsecuritydemo1.mapper.UsersMapper"> <select id="findByUsername" resultType="com.gq.springsecuritydemo1.pojo.users" parameterType="string"> select * from users where username=#{username} </select> <select id="FindPermissionByUsername" parameterType="string" resultType="com.gq.springsecuritydemo1.pojo.permission"> select distinct permission.pid,permission.permission,permission.url from users left join users_role on users.uid=users_role.uid left join role on users_role.rid=role.rid left join role_permission on role.rid=role_permission.rid left join permission on permission.pid=role_permission.pid where username=#{username} </select> </mapper>
查询到权限后,接着在UserDetails中将自定义的权限集合转换为Security中的权限集合
//自定义认证服务
@Service
public class MyUserDetailsService implements UserDetailsService {
@Autowired
private UsersMapper usersMapper;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
users s=usersMapper.findByUsername(username);
//查询用户的权限
if(s==null){
return null;
}
List<permission> permissionList=usersMapper.FindPermissionByUsername(username);
//将自定义的权限集合转换为Security的权限类型集合
List<GrantedAuthority> grantedAuthorities=new ArrayList<>();
//开始遍历添加权限
for(permission permission:permissionList){
grantedAuthorities.add(new SimpleGrantedAuthority(permission.getUrl()));
}
//封装为UserDetailsService对象
UserDetails userDetailsService= User.withUsername(s.getUsername())
.password(s.getPassword())
.authorities(grantedAuthorities)
.build();
return userDetailsService;
}
}
这里的权限你可以写url路径来进行认证,也可以自己随便写点别的,反正作为标识即可。
三、通过注解进行授权
在控制器中使用注解来进行鉴权前,我们需要再启动类中添加注解
@EnableMethodSecurity
接着通过@PreAuthorize注解进行鉴权
//测试权限的方法
@PreAuthorize("hasAnyAuthority('/search')")
@RequestMapping("/search")
public String s1(){
return "查询权限";
}
@PreAuthorize("hasAnyAuthority('/update')")
@RequestMapping("/update")
public String u1(){
return "修改权限";
}四、授权进行前端访问
在进行前端访问前,我们还需要引入thymeleaf和security的整合包,这里我直接把大致需要的所有依赖都写了(毕竟有时候版本出现问题是真烦)
<dependencies> <!-- thymeleaf和security的整合包--> <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity5</artifactId> </dependency> <!-- springboot起步--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <!--mysql驱动--> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>8.0.29</version> <scope>runtime</scope> </dependency> <!-- lombok--> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <optional>true</optional> </dependency> <!-- junit单元测试--> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <scope>test</scope> </dependency> <!-- mybatis-plus--> <dependency> <groupId>com.baomidou</groupId> <artifactId>mybatis-plus-boot-starter</artifactId> <version>3.5.0</version> </dependency> <!-- thymeleaf--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <!-- springsecurity--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> </dependencies>
在thymeleaf中前端鉴权时,别忘了写约束
<!DOCTYPE html>
<!-- 约束-->
<html lang="en" xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity5">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h3 sec:authorize="hasAnyAuthority('/search')">查询</h3>
<h3 sec:authorize="hasAnyAuthority('/update')">修改</h3>
<h3 sec:authorize="hasAnyAuthority('/delete')">删除</h3>
<h3 sec:authorize="hasAnyAuthority('/insert')">添加</h3>
</body>
</html>
