我要评论前提
近期在使用 spring boot,用户角色被分为管理者和普通用户;角色不同,权限也就存在不同。
在 spring boot 里实现不同用户拥有不同访问权限,可借助 spring security 框架达成。
实现
1. 添加必要依赖
首先要在 pom.xml 里添加 spring security 和 jpa 的依赖。
<dependencies>
<dependency>
<groupid>org.springframework.boot</groupid>
<artifactid>spring-boot-starter-security</artifactid>
</dependency>
<dependency>
<groupid>org.springframework.boot</groupid>
<artifactid>spring-boot-starter-data-jpa</artifactid>
</dependency>
<dependency>
<groupid>mysql</groupid>
<artifactid>mysql-connector-java</artifactid>
<scope>runtime</scope>
</dependency>
</dependencies>
2. 数据库表设计
创建三张表,分别是用户表、角色表以及用户角色关联表:
create table users (
id int primary key auto_increment,
username varchar(50) not null unique,
password varchar(100) not null,
enabled boolean default true
);
create table roles (
id int primary key auto_increment,
name varchar(50) not null unique
);
create table user_roles (
user_id int not null,
role_id int not null,
primary key (user_id, role_id),
foreign key (user_id) references users(id),
foreign key (role_id) references roles(id)
);
3. 实体类设计
创建与数据库表对应的实体类:
// user.java
import javax.persistence.*;
import java.util.set;
@entity
@table(name = "users")
public class user {
@id
@generatedvalue(strategy = generationtype.identity)
private long id;
private string username;
private string password;
private boolean enabled;
@manytomany(fetch = fetchtype.eager)
@jointable(
name = "user_roles",
joincolumns = @joincolumn(name = "user_id"),
inversejoincolumns = @joincolumn(name = "role_id")
)
private set<role> roles;
// getters and setters
}
// role.java
import javax.persistence.*;
@entity
@table(name = "roles")
public class role {
@id
@generatedvalue(strategy = generationtype.identity)
private long id;
private string name;
// getters and setters
}
4. 创建 repository 接口
为 user 和 role 分别创建 repository 接口,用于数据访问:
// userrepository.java
import org.springframework.data.jpa.repository.jparepository;
public interface userrepository extends jparepository<user, long> {
user findbyusername(string username);
}
// rolerepository.java
import org.springframework.data.jpa.repository.jparepository;
public interface rolerepository extends jparepository<role, long> {
role findbyname(string name);
}
5. 实现 userdetailsservice
实现 spring security 的 userdetailsservice 接口,从数据库加载用户信息:
import org.springframework.security.core.grantedauthority;
import org.springframework.security.core.authority.simplegrantedauthority;
import org.springframework.security.core.userdetails.userdetails;
import org.springframework.security.core.userdetails.userdetailsservice;
import org.springframework.security.core.userdetails.usernamenotfoundexception;
import org.springframework.stereotype.service;
import java.util.arraylist;
import java.util.list;
import java.util.set;
@service
public class customuserdetailsservice implements userdetailsservice {
private final userrepository userrepository;
public customuserdetailsservice(userrepository userrepository) {
this.userrepository = userrepository;
}
@override
public userdetails loaduserbyusername(string username) throws usernamenotfoundexception {
user user = userrepository.findbyusername(username);
if (user == null) {
throw new usernamenotfoundexception("user not found with username: " + username);
}
return new org.springframework.security.core.userdetails.user(
user.getusername(),
user.getpassword(),
user.isenabled(),
true,
true,
true,
getauthorities(user.getroles())
);
}
private list<grantedauthority> getauthorities(set<role> roles) {
list<grantedauthority> authorities = new arraylist<>();
for (role role : roles) {
authorities.add(new simplegrantedauthority("role_" + role.getname()));
}
return authorities;
}
}
6. 配置 spring security
对 spring security 进行配置,设置不同 url 的访问权限:
import org.springframework.context.annotation.bean;
import org.springframework.context.annotation.configuration;
import org.springframework.security.config.annotation.web.builders.httpsecurity;
import org.springframework.security.config.annotation.web.configuration.enablewebsecurity;
import org.springframework.security.crypto.bcrypt.bcryptpasswordencoder;
import org.springframework.security.crypto.password.passwordencoder;
import org.springframework.security.web.securityfilterchain;
@configuration
@enablewebsecurity
public class securityconfig {
@bean
public passwordencoder passwordencoder() {
return new bcryptpasswordencoder();
}
@bean
public securityfilterchain securityfilterchain(httpsecurity http) throws exception {
http
.authorizerequests()
.antmatchers("/public/**").permitall()
.antmatchers("/admin/**").hasrole("admin")
.antmatchers("/user/**").hasanyrole("user", "admin")
.anyrequest().authenticated()
.and()
.formlogin()
.loginpage("/login")
.permitall()
.and()
.logout()
.permitall();
return http.build();
}
}
7. 创建控制器
创建不同权限的控制器示例:
import org.springframework.web.bind.annotation.getmapping;
import org.springframework.web.bind.annotation.restcontroller;
@restcontroller
public class hellocontroller {
@getmapping("/public/hello")
public string publichello() {
return "public hello!";
}
@getmapping("/user/hello")
public string userhello() {
return "user hello!";
}
@getmapping("/admin/hello")
public string adminhello() {
return "admin hello!";
}
}
8. 测试用户数据
创建测试用户数据,以便进行测试:
import org.springframework.beans.factory.annotation.autowired;
import org.springframework.boot.commandlinerunner;
import org.springframework.stereotype.component;
import java.util.collections;
import java.util.hashset;
@component
public class datainitializer implements commandlinerunner {
@autowired
private userrepository userrepository;
@autowired
private rolerepository rolerepository;
@autowired
private passwordencoder passwordencoder;
@override
public void run(string... args) throws exception {
// 创建角色
role adminrole = rolerepository.findbyname("admin");
if (adminrole == null) {
adminrole = new role();
adminrole.setname("admin");
rolerepository.save(adminrole);
}
role userrole = rolerepository.findbyname("user");
if (userrole == null) {
userrole = new role();
userrole.setname("user");
rolerepository.save(userrole);
}
// 创建管理员用户
user adminuser = userrepository.findbyusername("admin");
if (adminuser == null) {
adminuser = new user();
adminuser.setusername("admin");
adminuser.setpassword(passwordencoder.encode("admin123"));
adminuser.setenabled(true);
adminuser.setroles(new hashset<>(collections.singletonlist(adminrole)));
userrepository.save(adminuser);
}
// 创建普通用户
user normaluser = userrepository.findbyusername("user");
if (normaluser == null) {
normaluser = new user();
normaluser.setusername("user");
normaluser.setpassword(passwordencoder.encode("user123"));
normaluser.setenabled(true);
normaluser.setroles(new hashset<>(collections.singletonlist(userrole)));
userrepository.save(normaluser);
}
}
}
权限控制说明
@preauthorize 注解:能在方法级别进行权限控制。例如:
@preauthorize("hasrole('admin')")
@getmapping("/admin/hello")
public string adminhello() {
return "admin hello!";
}
角色继承:可以让 admin 角色继承 user 角色的权限,配置如下:
@bean
public securityfilterchain securityfilterchain(httpsecurity http) throws exception {
http
.authorizerequests()
.antmatchers("/public/**").permitall()
.antmatchers("/user/**").hasrole("user")
.antmatchers("/admin/**").hasrole("admin")
.anyrequest().authenticated()
.and()
.rolehierarchy(rolehierarchy());
return http.build();
}
@bean
public rolehierarchy rolehierarchy() {
rolehierarchyimpl rolehierarchy = new rolehierarchyimpl();
rolehierarchy.sethierarchy("role_admin > role_user");
return rolehierarchy;
}
到此这篇关于springboot实现不同用户不同访问权限的示例代码的文章就介绍到这了,更多相关springboot不同用户不同访问权限内容请搜索代码网以前的文章或继续浏览下面的相关文章希望大家以后多多支持代码网!
发表评论