SpringBoot基础-权限管理1

权限管理

权限管理无非就是把某一个接口的使用权限赋给某一个用户。

创建数据库

CREATE TABLE `user` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `name` varchar(255) DEFAULT NULL COMMENT '名字',
  `username` varchar(255) DEFAULT NULL,
  `password` varchar(255) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COMMENT='用户测试表';

创建项目

• 创建SpringBoot项目
• 编辑pow.xml引入依赖

    
        
        
            org.springframework.boot
            spring-boot-starter
        
        
            org.springframework.boot
            spring-boot-starter-test
            test
        
        
        
            org.springframework.boot
            spring-boot-starter-web
        
        
        
        
        
            com.baomidou
            mybatis-plus-boot-starter
            3.4.2
        
        
            mysql
            mysql-connector-java
            runtime
        
        
        
            org.projectlombok
            lombok
            1.16.14
        
    

• 编写application.yml文件

server:
  #tomcat端口
  port: 8080

spring:
  #MySQL数据库配置
  datasource:
    url: jdbc:mysql://localhost:3306/springboot_demo?useUnicode=true&characterEncoding=utf-8&serverTimezone=UTC
    username: root
    password: 20220101
    driver-class-name: com.mysql.cj.jdbc.Driver

mybatis-plus:
  configuration:
    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
  #实体类路径
  typeAliasesPackage: com.qcby.entity
  #mapper路径
  mapperLocations: classpath:mapper/*.xml
  # 全局配置id自增  =>
  global-config:
    db-config:
      id-type: auto

• 创建包，创建config.MybatisPlusConfig 类，配置mybatis-plus

@Configuration
public class MybatisPlusConfig {
    // 最新版
    @Bean  // 
    public MybatisPlusInterceptor mybatisPlusInterceptor() {
        MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
        interceptor.addInnerInterceptor(new PaginationInnerInterceptor(DbType.MYSQL));
        return interceptor;
    }
}

• 创建User实体类

package com.qcby.entity;
@Data
@TableName("user")
public class User {
    private Long id;
    private String name;
    private String username;
    private String password;
}

• 创建mapper.UserMapper接口，继承mybatis-plus的BaseMapper类

@Mapper
public interface UserMapper extends BaseMapper {
    public List findAll();
}

• mapper目录下创建UserMapper.xml

    
        select * from user
    

• 创建service.UserService接口，继承mybatis-plus的IService类

public interface UserService extends IService {
    public List findAll();
}

• 创建service.impl.UserServiceImpl类，继承ServiceImpl类，实现UserService接口

@Service
public class UserServiceImpl extends ServiceImpl implements UserService {
    @Resource
    private UserMapper userMapper;

    @Override
    public List findAll(){
        return this.userMapper.findAll();
    }
}

• 创建controller.UserController类

@RestController
@RequestMapping("login")
public class UserController {
    @Autowired
    private UserServiceImpl service;
    
    @RequestMapping("findAll")
    public List findAll(){
        return this.service.findAll();
    }
}

实现拦截器(token方式)

• 创建interceptor.LoginInterceptor 拦截器类

package com.qcby.interceptor;
public class LoginInterceptor implements HandlerInterceptor {
    private Logger log = LoggerFactory.getLogger(getClass());
    @Autowired
    private HttpSession httpSession;
    //Controller逻辑执行之前
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        System.out.println("preHandle....");
        String uri = request.getRequestURI();
        System.out.println("uri："+ uri);

        if (!(handler instanceof HandlerMethod)) {
            return true;
        }

        String token=request.getHeader("qcby-token");
        if (!TokenUtil.verify(token)) {
            // 未登录跳转到登录界面
            response.sendRedirect("/login/login");
            return false;
        }else {
            return true;
        }
    }

    //Controller逻辑执行完毕但是视图解析器还未进行解析之前
    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
        System.out.println("postHandle....");
    }

    //Controller逻辑和视图解析器执行完毕
    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
        System.out.println("afterCompletion....");
    }
}

• 创建WebMvcConfig类，设置拦截路径

package com.qcby.config;
@Configuration
public class WebMvcConfig implements WebMvcConfigurer {

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(loginInterceptor())
                //拦截的路径(*所有)
                .addPathPatterns("/**")
                // 那些路径不拦截
                .excludePathPatterns("/login/login","/error");
    }

    @Bean
    public LoginInterceptor loginInterceptor(){
        return new LoginInterceptor();
    }
}

• 创建token.TokenUtil类

package com.qcby.token;
public class TokenUtil {
    private static Map tokenMap=new HashMap<>();

    public static String generateToken(User user){
        String token= UUID.randomUUID().toString();
        tokenMap.put(token,user);
        return token;
    }

    public static boolean verify(String token){
        return tokenMap.containsKey(token);
    }

    public static User getUser(String token){
        return tokenMap.get(token);
    }
}

• 编写登录方法

package com.qcby.controller;

import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.qcby.entity.User;
import com.qcby.service.impl.UserServiceImpl;
import com.qcby.token.TokenUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpSession;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

@RestController
@RequestMapping("login")
public class UserController {
    @Autowired
    private UserServiceImpl service;
    @Autowired
    private HttpSession session;

    @RequestMapping(value = "login",method = RequestMethod.GET)
    public Map login(User user){
        Map map = new HashMap<>();
        map.put("code",0);
        if(StringUtils.isEmpty(user.getUsername()) || StringUtils.isEmpty(user.getPassword()) ){
            map.put("msg","用户或者密码为空！");
            return map;
        }
        QueryWrapper queryWrapper = new QueryWrapper<>();
        queryWrapper.eq("username",user.getUsername())
                .eq("password",user.getPassword());
        User userDb = service.getOne(queryWrapper);
        if(userDb != null){
            map.put("code",1);
            map.put("data",userDb);

            String token= TokenUtil.generateToken(userDb);
            map.put("qcby-token",token);
        }else{
            map.put("msg","用户名或密码错误！");
        }
        return map;
    }

    @GetMapping("findAll")
    public List findAll(){
        return this.service.findAll();
    }
}

【注意】 登录成功之后所有方法接口都可以被调用，无法实现权限限制。

权限分配(方法一)

• 数据库创建menu，ref_menu_user表:因为所有接口方法路径存放在数据库中

CREATE TABLE `menu` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(255) COLLATE utf8mb4_bin DEFAULT NULL,
  `url` varchar(255) COLLATE utf8mb4_bin DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=11 DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin;

CREATE TABLE `ref_menu_user` (
  `user_id` bigint(20) NOT NULL,
  `menu_id` bigint(20) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin;

• 创建Menu实体类

package com.qcby.entity;
@Data
public class Menu {
    private Integer id;
    private String name;
    private String url;
}

• 创建MenuMapper接口

package com.qcby.mapper;
public interface MenuMapper {
    //根据id获取用户能使用的 接口方法路径
    public Set getUrlListById(@Param("id") Long id);
}

• mapper目录下创建MenuMapper.xml

    
        select url from menu left join ref_menu_user
            on menu.id=ref_menu_user.menu_id
        where ref_menu_user.user_id=#{id}
    

• 创建MenuService接口

public interface MenuService {
    public Set getUrlListById(Long id);
}

• 创建MenuServiceImpl类

@Service
public class MenuServiceImpl implements MenuService {
    @Resource
    private MenuMapper menuMapper;

    public Set getUrlListById(Long id){
        return this.menuMapper.getUrlListById(id);
    }
}

• 编辑User实体类

@Data
@TableName("user")
public class User {
    private Long id;
    private String name;
    private String username;
    private String password;

    @TableField(exist = false)//数据库查询时忽略
    private Set url;//去重存储
}

• 编辑UserController,编写getUrlListById方法，获取授权的方法路径存入User实体类的url属性里面

@RestController
@RequestMapping("login")
public class UserController {
    @Autowired
    private UserServiceImpl service;
    @Autowired
    private HttpSession session;
    @Autowired
    private MenuServiceImpl menuService;

    @RequestMapping(value = "login",method = RequestMethod.GET)
    public Map login(User user){
        Map map = new HashMap<>();
        map.put("code",0);
        if(StringUtils.isEmpty(user.getUsername()) || StringUtils.isEmpty(user.getPassword()) ){
            map.put("msg","用户或者密码为空！");
            return map;
        }
        QueryWrapper queryWrapper = new QueryWrapper<>();
        queryWrapper.eq("username",user.getUsername())
                .eq("password",user.getPassword());
        User userDb = service.getOne(queryWrapper);
        if(userDb != null){
            map.put("code",1);
            map.put("data",userDb);
            String token= TokenUtil.generateToken(userDb);
            map.put("qcby-token",token);
            /*
            *重点在这里，把从数据库查询到的方法路径存到实体类的url中
            */
            Set url=menuService.getUrlListById(userDb.getId());
            userDb.setUrl(url);

        }else{
            map.put("msg","用户名或密码错误！");
        }
        return map;
    }
    @RequestMapping("getUrlListById")
    public Set getUrlListById(Long id){
        return this.menuService.getUrlListById(id);
    }

    @GetMapping("findAll")
    public IPage findAll(Page page){
        return this.service.findAll(page);
    }
}

• 编辑拦截器类(判断用户访问的路径是否被授权给此用户)

package com.qcby.interceptor;
public class LoginInterceptor implements HandlerInterceptor {
    private Logger log = LoggerFactory.getLogger(getClass());
    @Autowired
    private HttpSession httpSession;
    //Controller逻辑执行之前
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        System.out.println("preHandle....");
        String uri = request.getRequestURI();
        System.out.println("uri："+ uri);

        if (!(handler instanceof HandlerMethod)) {
            return true;
        }

        String token=request.getHeader("qcby-token");
        if (!TokenUtil.verify(token)) {
            // 未登录跳转到登录界面
            response.sendRedirect("/login/login");
            return false;
        }else {
            //登录成功
            //验证身份
            User user=TokenUtil.getUser(token);
            //获取实体类的url属性，被授权的方法路径
            Set url=user.getUrl();
            //查看用户调用的方法是否在url集合里面
            if(!url.contains(uri))
                throw new Exception("权限不足");
            return true;
        }
    }

    //Controller逻辑执行完毕但是视图解析器还未进行解析之前
    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
        System.out.println("postHandle....");
    }

    //Controller逻辑和视图解析器执行完毕
    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
        System.out.println("afterCompletion....");
    }
}

【注意】 最后需要配置xxxapplication类

package com.qcby;

import org.mybatis.spring.annotation.MapperScan;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@MapperScan("com.qcby.mapper")
@SpringBootApplication
public class Demo0325Application {

    public static void main(String[] args) {
        SpringApplication.run(Demo0325Application.class, args);
    }

}

源码 

源码是本仓库中的demo0326文件  包括数据表，源码；适当更改配置即可运行。