Spring Security權限註解
啓用註解
@EnableGlobalMethodSecurity(prePostEnabled = true)
正常啓用開啓那個註解就行,下面放下個人配置java
package com.fedtech.sys.provider.config.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
import javax.annotation.Resource;
/**
* 資源配置
*
* @author <a href = "mailto:njpkhuan@gmail.com" > huan </a >
* @date 2021/1/13
* @since 1.0.0
*/
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
@Resource
RedisConnectionFactory redisConnectionFactory;
@Resource
private TokenStore tokenStore;
@Bean
public TokenStore redisTokenStore() {
return new RedisTokenStore(redisConnectionFactory);
}
@Override
public void configure(ResourceServerSecurityConfigurer resources) {
resources.tokenStore(tokenStore);
}
}
角色
/**
* 查詢單個用戶
*
* @param query {@link UserQuery}
*
* @return com.fedtech.common.util.result.R<com.fedtech.sys.provider.view.UserView>
*
* @author <a href = "mailto:njpkhuan@gmail.com" > huan </a >
* @date 2021/2/20
* @since 1.0.0
*/
@GetMapping("select")
@PreAuthorize("hasAuthority('admin')")
public R<UserView> selectUser(UserQuery query) {
UserDto dto = userService.selectUser(query);
return R.successWithData(userMapper.dto2View(dto));
}
權限
默認的是DenyAllPermissionEvaluator,全部權限都拒絕,因此要自定義web
自定義處理邏輯
我是把權限放到了自定義的userDetails裏面redis
package com.fedtech.common.model;
import cn.hutool.core.collection.CollUtil;
import lombok.Data;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.StringTokenizer;
/**
* 該類返回的是安全的,可以提供給用戶看到的信息,即脫敏後的信息
*
* @author <a href = "mailto:njpkhuan@gmail.com" > huan </a >
* @date 2021/1/9
* @since 1.0.0
*/
@Data
@Slf4j
public class SecurityUser implements UserDetails {
private static final long serialVersionUID = 8689435103879098852L;
/**
* 鹽
*/
private String salt;
/**
* 用戶token
*/
private String token;
/**
* 用戶狀態
*/
private String status;
/**
* 用戶密碼
*/
private String password;
/**
* 用戶登陸帳號
*/
private String loginName;
private Long userId;
/**
* 用戶角色
*
* @date 2021/1/10
* @since 1.0.0
*/
private List<UserRole> roleList;
/**
* 權限列表
*
* @date 2021/1/11
* @since 1.0.0
*/
private List<UserPermission> permissionList;
/**
* 客戶端用戶
*
* @param client 客戶端
*
* @author <a href = "mailto:njpkhuan@gmail.com" > huan </a >
* @date 2021/1/13
* @since 1.0.0
*/
public SecurityUser(OauthClientDetails client) {
if (client != null) {
password = client.getClientSecret();
loginName = client.getClientId();
String authorities = client.getAuthorities();
StringTokenizer stringTokenizer = new StringTokenizer(authorities, ", ");
roleList = new ArrayList<>();
if (stringTokenizer.hasMoreTokens()) {
UserRole userRole = new UserRole();
userRole.setCode(stringTokenizer.nextToken());
roleList.add(userRole);
}
}
}
/**
* 普通用戶
*
* @param user 用戶
* @param roleList 角色
* @param permissionList 權限
*
* @author <a href = "mailto:njpkhuan@gmail.com" > huan </a >
* @date 2021/1/13
* @since 1.0.0
*/
public SecurityUser(User user, List<UserRole> roleList, List<UserPermission> permissionList) {
if (user != null) {
salt = user.getSalt();
token = user.getToken();
status = user.getStatus();
password = user.getPassword();
loginName = user.getLoginName();
userId = user.getId();
this.roleList = roleList;
this.permissionList = permissionList;
}
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
Collection<GrantedAuthority> authorities = new ArrayList<>();
if (!CollUtil.isEmpty(roleList)) {
for (UserRole role : roleList) {
SimpleGrantedAuthority authority = new SimpleGrantedAuthority(role.getCode());
authorities.add(authority);
}
}
log.debug("獲取到的用戶權限:{}", authorities);
return authorities;
}
@Override
public String getPassword() {
return password;
}
@Override
public String getUsername() {
return loginName;
}
@Override
public boolean isAccountNonExpired() {
return true;
}
@Override
public boolean isAccountNonLocked() {
return true;
}
@Override
public boolean isCredentialsNonExpired() {
return true;
}
@Override
public boolean isEnabled() {
return true;
}
}
package com.fedtech.common.config;
import cn.hutool.core.collection.CollUtil;
import com.fedtech.common.model.SecurityUser;
import com.fedtech.common.model.UserPermission;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.StringUtils;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;
import java.io.Serializable;
import java.util.List;
/**
* 自定義權限處理
*
* @author <a href="mailto:njpkhuan@gmail.com">huan</a>
* @version 1.0.0
* @date 2021/2/26
*/
@Slf4j
@Configuration
public class MyPermissionEvaluator implements PermissionEvaluator {
@Override
public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {
SecurityUser principal = (SecurityUser) authentication.getPrincipal();
List<UserPermission> permissionList = principal.getPermissionList();
if (CollUtil.isNotEmpty(permissionList)) {
return permissionList.stream().anyMatch(x -> StringUtils.equals(x.getUrl(), (CharSequence) targetDomainObject) &&
StringUtils.equals(x.getCode(), (CharSequence) permission));
}
return false;
}
@Override
public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) {
return false;
}
}
使用
/**
* 查詢單個用戶
*
* @param query {@link UserQuery}
*
* @return com.fedtech.common.util.result.R<com.fedtech.sys.provider.view.UserView>
*
* @author <a href = "mailto:njpkhuan@gmail.com" > huan </a >
* @date 2021/2/20
* @since 1.0.0
*/
@GetMapping("select")
@PreAuthorize("hasPermission('/sys/user/insert','userInsert')")
public R<UserView> selectUser(UserQuery query) {
UserDto dto = userService.selectUser(query);
return R.successWithData(userMapper.dto2View(dto));
}
相關文章
- 1. 權限管理之Spring Security
- 2. spring - security 權限控制
- 3. Spring Security 的權限驗證
- 4. spring security 權限控制
- 5. Spring Security權限控制
- 6. spring 的權限控制:security
- 7. Spring Security(4):權限緩存
- 8. Spring Security權限框架
- 9. Spring-Security源碼解析(權限)
- 10. springMvc+spring security 註解方式實現權限控制
- 更多相關文章...
- • MySQL刪除用戶權限(REVOKE) - MySQL教程
- • Spring體系結構詳解 - Spring教程
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
- • Docker容器實戰(六) - 容器的隔離與限制
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. Window下Ribbit MQ安裝
- 2. Linux下Redis安裝及集羣搭建
- 3. shiny搭建網站填坑戰略
- 4. Mysql8.0.22安裝與配置詳細教程
- 5. Hadoop安裝及配置
- 6. Python爬蟲初學筆記
- 7. 部署LVS-Keepalived高可用集羣
- 8. keepalived+mysql高可用集羣
- 9. jenkins 公鑰配置
- 10. HA實用詳解
歡迎關注本站公眾號,獲取更多信息
