SpringSecurity(三)-权限

取个有意思的昵称
103 阅读1分钟
  • 配置Security
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig {}
  • 登录时查询权限
@Service
public class UserDetailsServiceImpl implements UserDetailsService {

    @Autowired
    private UserMapper userMapper;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        // 查询用户信息
        LambdaQueryWrapper<User> lambdaQueryWrapper = new LambdaQueryWrapper<>();
        lambdaQueryWrapper.eq(Strings.isNotEmpty(username),User::getUserName,username);
        User user = userMapper.selectOne(lambdaQueryWrapper);
        if (Objects.isNull(user)) {
            throw new RuntimeException("用户名未找到!");
        }

        // 查询用户权限
        ArrayList<String> permissions = new ArrayList<>();
        permissions.add("play");
        ArrayList<GrantedAuthority> authorities = new ArrayList<>();
        for (String permission: permissions) {
            SimpleGrantedAuthority authority = new SimpleGrantedAuthority(permission);
            authorities.add(authority);
        }

        // 返回 UserDetails
        LoginUser loginUser = new LoginUser();
        loginUser.setUser(user);
        loginUser.setAuthorities(authorities);
        return loginUser;
    }
}
  • token过滤器
@Component
public class AuthenticationTokenFilter extends OncePerRequestFilter {

    @Autowired
    private UserMapper userMapper;

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
        // 获取token
        String token = request.getHeader("token");
        if (Strings.isEmpty(token)) {
            filterChain.doFilter(request,response); // 放行
            return;
        }
        // 验证token
        String userId = TokenUtil.getUserIDByToken(token);
        if (Strings.isEmpty(userId)) {
            filterChain.doFilter(request,response); // 放行
            return;
        }
        // 存入 SecurityContextHolder
        User user = userMapper.selectById(Long.valueOf(userId));
        LoginUser loginUser = new LoginUser();
        loginUser.setUser(user);
        loginUser.setToken(token);
        // 权限(一般用redis)
        ArrayList<String> permissions = new ArrayList<>();
        permissions.add("play");
        ArrayList<GrantedAuthority> authorities = new ArrayList<>();
        for (String permission: permissions) {
            SimpleGrantedAuthority authority = new SimpleGrantedAuthority(permission);
            authorities.add(authority);
        }
        loginUser.setAuthorities(authorities);

        UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser,null,loginUser.getAuthorities());
        SecurityContextHolder.getContext().setAuthentication(authenticationToken);
        filterChain.doFilter(request,response);
    }
}
  • 测试
@RestController
@RequestMapping("/api/test")
public class TestController {

    @GetMapping("/hello")
    public String index() {
        return "学习Security";
    }

    @GetMapping("/play")
    @PreAuthorize("hasAuthority('play')")
    public String palyGenshin() {
        return "玩原神";
    }

    @GetMapping("/chat")
    @PreAuthorize("hasAuthority('chat')")
    public String chat() {
        return "聊天";
    }

}
avatar
文章
阅读
粉丝