目录
一、RABC表的设计
二、查询权限并添加Security中
三、通过注解进行授权
四、授权进行前端访问
一、RABC表的设计
基本概念就是五个表:
用户表:users
角色表:role
权限表:permission
还需要两种关系表,才能通过users知道他的权限
用户_角色表
角色_权限表
用户对应角色,角色对应着权限
二、查询权限并添加Security中
基本的创建mapper,自定义方法(通过用户名来查询权限)
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE mapperPUBLIC "-//mybatis.org//DTD Mapper 3.0//EN""http://mybatis.org/dtd/mybatis-3-mapper.dtd"><mapper namespace="com.gq.springsecuritydemo1.mapper.UsersMapper"><select id="findByUsername" resultType="com.gq.springsecuritydemo1.pojo.users" parameterType="string">select * from users where username=#{username}</select><select id="FindPermissionByUsername" parameterType="string" resultType="com.gq.springsecuritydemo1.pojo.permission">select distinct permission.pid,permission.permission,permission.url from users left joinusers_role on users.uid=users_role.uid left joinrole on users_role.rid=role.rid left joinrole_permission on role.rid=role_permission.rid left joinpermission on permission.pid=role_permission.pidwhere username=#{username}</select> </mapper>
查询到权限后,接着在UserDetails中将自定义的权限集合转换为Security中的权限集合
//自定义认证服务
@Service
public class MyUserDetailsService implements UserDetailsService {@Autowiredprivate UsersMapper usersMapper;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {users s=usersMapper.findByUsername(username);//查询用户的权限if(s==null){return null;}List<permission> permissionList=usersMapper.FindPermissionByUsername(username);//将自定义的权限集合转换为Security的权限类型集合List<GrantedAuthority> grantedAuthorities=new ArrayList<>();//开始遍历添加权限for(permission permission:permissionList){grantedAuthorities.add(new SimpleGrantedAuthority(permission.getUrl()));}//封装为UserDetailsService对象UserDetails userDetailsService= User.withUsername(s.getUsername()).password(s.getPassword()).authorities(grantedAuthorities).build();return userDetailsService;}
}
这里的权限你可以写url路径来进行认证,也可以自己随便写点别的,反正作为标识即可。
三、通过注解进行授权
在控制器中使用注解来进行鉴权前,我们需要再启动类中添加注解
@EnableMethodSecurity
接着通过@PreAuthorize注解进行鉴权
//测试权限的方法@PreAuthorize("hasAnyAuthority('/search')")@RequestMapping("/search")public String s1(){return "查询权限";}@PreAuthorize("hasAnyAuthority('/update')")@RequestMapping("/update")public String u1(){return "修改权限";}四、授权进行前端访问
在进行前端访问前,我们还需要引入thymeleaf和security的整合包,这里我直接把大致需要的所有依赖都写了(毕竟有时候版本出现问题是真烦)
<dependencies> <!-- thymeleaf和security的整合包--><dependency><groupId>org.thymeleaf.extras</groupId><artifactId>thymeleaf-extras-springsecurity5</artifactId></dependency> <!-- springboot起步--><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency> <!--mysql驱动--><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId><version>8.0.29</version><scope>runtime</scope></dependency> <!-- lombok--><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId><optional>true</optional></dependency> <!-- junit单元测试--><dependency><groupId>junit</groupId><artifactId>junit</artifactId><scope>test</scope></dependency> <!-- mybatis-plus--><dependency><groupId>com.baomidou</groupId><artifactId>mybatis-plus-boot-starter</artifactId><version>3.5.0</version></dependency> <!-- thymeleaf--><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-thymeleaf</artifactId></dependency> <!-- springsecurity--><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope></dependency></dependencies>
在thymeleaf中前端鉴权时,别忘了写约束
<!DOCTYPE html>
<!-- 约束-->
<html lang="en" xmlns:th="http://www.thymeleaf.org"xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity5">
<head><meta charset="UTF-8"><title>Title</title>
</head>
<body>
<h3 sec:authorize="hasAnyAuthority('/search')">查询</h3>
<h3 sec:authorize="hasAnyAuthority('/update')">修改</h3>
<h3 sec:authorize="hasAnyAuthority('/delete')">删除</h3>
<h3 sec:authorize="hasAnyAuthority('/insert')">添加</h3>
</body>
</html>
