文章目錄

• • 前言
  • 數(shù)據(jù)庫(kù)表結(jié)構(gòu)
  • 項(xiàng)目結(jié)構(gòu)圖
  • 核心配置類SecurityConfig
  • 實(shí)體類
  • 工具類
  • 用戶登錄認(rèn)證
  • Token令牌驗(yàn)證
  • 獲取用戶權(quán)限
  • 用戶權(quán)限驗(yàn)證
  • Service層實(shí)現(xiàn)類
  • 統(tǒng)一響應(yīng)類
  • Controller
  • 流程解析
  • 測(cè)試
  • • 登錄測(cè)試
    • 公共接口測(cè)試
    • 訪問(wèn)具有訪問(wèn)權(quán)限的接口
    • 訪問(wèn)無(wú)訪問(wèn)權(quán)限的接口

前言

本項(xiàng)目采用SpringBoot+SpringSecurity+Jwt+Mybatis，實(shí)現(xiàn)了基于數(shù)據(jù)庫(kù)的用戶認(rèn)證以及權(quán)限分配。

pom.xml導(dǎo)入依賴

<dependencies><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-web</artifactId></dependency><dependency><groupId>org.mybatis.spring.boot</groupId><artifactId>mybatis-spring-boot-starter</artifactId><version>2.2.0</version></dependency><dependency><groupId>org.projectlombok</groupId><artifactId>lombok</artifactId><optional>true</optional></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-test</artifactId><scope>test</scope></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-test</artifactId><scope>test</scope></dependency><!--自定義的處理類中需要用到--><dependency><groupId>com.alibaba</groupId><artifactId>fastjson</artifactId><version>1.2.73</version></dependency><dependency><groupId>io.jsonwebtoken</groupId><artifactId>jjwt</artifactId><version>0.9.1</version></dependency><!--注解配置處理器--><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-configuration-processor</artifactId><optional>true</optional></dependency><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId><scope>runtime</scope></dependency><dependency><groupId>com.alibaba</groupId><artifactId>druid</artifactId><version>1.2.6</version></dependency><!--Swagger相關(guān)依賴--><dependency><groupId>io.springfox</groupId><artifactId>springfox-swagger2</artifactId><version>2.9.2</version></dependency><dependency><groupId>io.springfox</groupId><artifactId>springfox-swagger-ui</artifactId><version>2.9.2</version></dependency></dependencies>

---

數(shù)據(jù)庫(kù)表結(jié)構(gòu)

/*Navicat Premium Data TransferSource Server : Taylor SwiftSource Server Type : MySQLSource Server Version : 80023Source Host : localhost:3306Source Schema : securityTarget Server Type : MySQLTarget Server Version : 80023File Encoding : 65001Date: 18/10/2021 18:20:16 */SET NAMES utf8mb4; SET FOREIGN_KEY_CHECKS = 0;-- ---------------------------- -- Table structure for menu -- ---------------------------- DROP TABLE IF EXISTS `menu`; CREATE TABLE `menu` (`id` int NOT NULL AUTO_INCREMENT,`pattern` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NOT NULL COMMENT '請(qǐng)求路徑匹配規(guī)則',PRIMARY KEY (`id`) USING BTREE ) ENGINE = InnoDB AUTO_INCREMENT = 4 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_0900_ai_ci ROW_FORMAT = DYNAMIC;-- ---------------------------- -- Records of menu -- ---------------------------- INSERT INTO `menu` VALUES (1, '/db/**'); INSERT INTO `menu` VALUES (2, '/admin/**'); INSERT INTO `menu` VALUES (3, '/user/**');-- ---------------------------- -- Table structure for menu_role -- ---------------------------- DROP TABLE IF EXISTS `menu_role`; CREATE TABLE `menu_role` (`id` int NOT NULL AUTO_INCREMENT,`mid` int NOT NULL COMMENT 'menu表外鍵',`rid` int NOT NULL COMMENT 'role表外鍵',PRIMARY KEY (`id`) USING BTREE ) ENGINE = InnoDB AUTO_INCREMENT = 4 CHARACTER SET = utf8mb4 COLLATE = utf8mb4_0900_ai_ci ROW_FORMAT = DYNAMIC;-- ---------------------------- -- Records of menu_role -- ---------------------------- INSERT INTO `menu_role` VALUES (1, 1, 1); INSERT INTO `menu_role` VALUES (2, 2, 2); INSERT INTO `menu_role` VALUES (3, 3, 3);-- ---------------------------- -- Table structure for role -- ---------------------------- DROP TABLE IF EXISTS `role`; CREATE TABLE `role` (`id` int NOT NULL AUTO_INCREMENT,`name` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,`nameZh` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,PRIMARY KEY (`id`) USING BTREE ) ENGINE = InnoDB AUTO_INCREMENT = 4 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = DYNAMIC;-- ---------------------------- -- Records of role -- ---------------------------- INSERT INTO `role` VALUES (1, 'dba', '數(shù)據(jù)庫(kù)管理員'); INSERT INTO `role` VALUES (2, 'admin', '系統(tǒng)管理員'); INSERT INTO `role` VALUES (3, 'user', '用戶');-- ---------------------------- -- Table structure for user -- ---------------------------- DROP TABLE IF EXISTS `user`; CREATE TABLE `user` (`id` int NOT NULL AUTO_INCREMENT,`username` varchar(32) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,`password` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,`enabled` tinyint(1) NULL DEFAULT NULL,`locked` tinyint(1) NULL DEFAULT NULL,PRIMARY KEY (`id`) USING BTREE ) ENGINE = InnoDB AUTO_INCREMENT = 4 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = DYNAMIC;-- ---------------------------- -- Records of user -- ---------------------------- INSERT INTO `user` VALUES (1, 'root', '$2a$10$RMuFXGQ5AtH4wOvkUqyvuecpqUSeoxZYqilXzbz50dceRsga.WYiq', 1, 0); INSERT INTO `user` VALUES (2, 'admin', '$2a$10$RMuFXGQ5AtH4wOvkUqyvuecpqUSeoxZYqilXzbz50dceRsga.WYiq', 1, 0); INSERT INTO `user` VALUES (3, 'user', '$2a$10$RMuFXGQ5AtH4wOvkUqyvuecpqUSeoxZYqilXzbz50dceRsga.WYiq', 1, 0); INSERT INTO `user` VALUES (4, 'Sabrina', '$2a$10$RMuFXGQ5AtH4wOvkUqyvuecpqUSeoxZYqilXzbz50dceRsga.WYiq', 1, 1);-- ---------------------------- -- Table structure for user_role -- ---------------------------- DROP TABLE IF EXISTS `user_role`; CREATE TABLE `user_role` (`id` int NOT NULL AUTO_INCREMENT,`uid` int NULL DEFAULT NULL,`rid` int NULL DEFAULT NULL,PRIMARY KEY (`id`) USING BTREE ) ENGINE = InnoDB AUTO_INCREMENT = 5 CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = DYNAMIC;-- ---------------------------- -- Records of user_role -- ---------------------------- INSERT INTO `user_role` VALUES (1, 1, 1); INSERT INTO `user_role` VALUES (2, 1, 2); INSERT INTO `user_role` VALUES (3, 2, 2); INSERT INTO `user_role` VALUES (4, 3, 3);SET FOREIGN_KEY_CHECKS = 1;

---

項(xiàng)目結(jié)構(gòu)圖

---

核心配置類SecurityConfig

@Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter {@AutowiredJwtUserDetailService userService;@AutowiredPermissionFilter permissionFilter;@AutowiredUserAccessDecisionManager userAccessDecisionManager;@BeanPermissionFilter permissionFilter(){return new PermissionFilter();}@BeanPasswordEncoder passwordEncoder(){return new BCryptPasswordEncoder();}@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception{auth.userDetailsService(userService).passwordEncoder(passwordEncoder());}@Overrideprotected void configure(HttpSecurity http) throws Exception{http.authorizeRequests()//注冊(cè)PermissionFilter和UserAccessDecisionManager進(jìn)行權(quán)限管理.withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>(){@Overridepublic <O extends FilterSecurityInterceptor> O postProcess(O o){o.setAccessDecisionManager(userAccessDecisionManager);o.setSecurityMetadataSource(permissionFilter);return o;}})// 放行靜態(tài)資源.antMatchers(HttpMethod.GET,"/*.html","/**/*.html","/**/*.css","/**/*.js","/webSocket/**").permitAll()// 放行文件訪問(wèn).antMatchers("/file/**").permitAll()// 放行druid.antMatchers("/druid/**").permitAll()// 放行OPTIONS請(qǐng)求.antMatchers(HttpMethod.OPTIONS, "/**").permitAll()//配置登錄路徑.antMatchers(HttpMethod.POST,"/login").permitAll()//其他請(qǐng)求都需要進(jìn)行認(rèn)證.anyRequest().authenticated().and()//添加登錄過(guò)濾器,當(dāng)請(qǐng)求為"login"時(shí)該過(guò)濾器截取請(qǐng)求.addFilterBefore(new JwtLoginFilter("/login",authenticationManager()), UsernamePasswordAuthenticationFilter.class)//添加token校驗(yàn)過(guò)濾器,每次發(fā)起請(qǐng)求都需要通過(guò)該過(guò)濾器進(jìn)行判斷是否處于登錄狀態(tài).addFilterBefore(new JwtTokenFilter(),UsernamePasswordAuthenticationFilter.class)//解決跨域問(wèn)題.cors().and().csrf().disable();}@Overridepublic void configure(WebSecurity web) throws Exception{web.ignoring().antMatchers("/swagger-ui.html","v2/api-docs").antMatchers("/v2/**").antMatchers("/swagger-resources/**").antMatchers("/webjars/**").antMatchers("/*/api-docs").antMatchers("/doc.html");} }

---

實(shí)體類

public class JwtUserDetails implements UserDetails {private Integer id;private String username;private String password;private Boolean enabled;private Boolean locked;private List<Role> roles;private String token;@Overridepublic Collection<? extends GrantedAuthority> getAuthorities(){return roles == null ? new ArrayList<SimpleGrantedAuthority>(): roles.stream().map(role -> new SimpleGrantedAuthority(String.valueOf(role.getRoleId()))).collect(Collectors.toList());}@Overridepublic String getPassword(){return this.password;}@Overridepublic String getUsername(){return this.password;}@Overridepublic boolean isAccountNonExpired(){return true;}@Overridepublic boolean isAccountNonLocked(){return !locked;}@Overridepublic boolean isCredentialsNonExpired(){return true;}@Overridepublic boolean isEnabled(){return enabled;}public Integer getId(){return id;}public void setId(Integer id){this.id = id;}public Boolean getEnabled(){return enabled;}public void setEnabled(Boolean enabled){this.enabled = enabled;}public Boolean getLocked(){return locked;}public void setLocked(Boolean locked){this.locked = locked;}public String getToken(){return token;}public void setToken(String token){this.token = token;}public List<Role> getRoles(){return roles;}public void setRoles(List<Role> roles){this.roles = roles;}} @NoArgsConstructor @AllArgsConstructor @Data public class Menu {private Integer id;/*** 訪問(wèn)路徑*/private String pattern;/*** 訪問(wèn)當(dāng)前路徑所需要的角色*/private List<Role> roles; } @Data @AllArgsConstructor @NoArgsConstructor public class Role {private Integer roleId;private String name;/*** 角色中文名*/private String nameZh; }

---

工具類

@Component @Slf4j public class JwtTokenUtil {public final static String CLAIMS_KEY_AUTHORITIES = "authorities";public final static String SECRET = "Turing-Team";public final static Long TOKEN_VALIDITY_IN_SECONDS = 600000000L;public void printLogger(Exception e){log.error("Error:{}",e.getMessage());}public Claims getClaimsFromToken(String token){Claims claims;try{claims = Jwts.parser().setSigningKey(SECRET).parseClaimsJws(token).getBody();}catch (ExpiredJwtException e){printLogger(e);claims = null;}catch (IncorrectClaimException e){printLogger(e);claims = null;}catch (Exception e){printLogger(e);claims = null;}return claims;}public String getUsernameFromToken(String token){String username;try{Claims claims = getClaimsFromToken(token);username = claims.getSubject();}catch (Exception e){printLogger(e);username = null;}return username;}public Date getCreateDateFromToken(String token){Date date;try{Claims claims = getClaimsFromToken(token);date = claims.getIssuedAt();}catch (Exception e){date = null;printLogger(e);}return date;}public Date getExpirationDateFromToken(String token){Date date;try{Claims claims = getClaimsFromToken(token);date = claims.getExpiration();}catch (Exception e){printLogger(e);date = null;}return date;}private Date generateExpirationDate(){return new Date(System.currentTimeMillis() + TOKEN_VALIDITY_IN_SECONDS);}public boolean isTokenExpired(String token){Date date = getExpirationDateFromToken(token);return getClaimsFromToken(token) == null || date.before(new Date());}public String generateToken(String username,StringBuffer roles){Claims claims = new DefaultClaims();claims.setSubject(username).setIssuedAt(new Date()).setExpiration(generateExpirationDate());return Jwts.builder().setClaims(claims).claim(CLAIMS_KEY_AUTHORITIES,roles).signWith(SignatureAlgorithm.HS512, SECRET).compact();}public String refreshToken(String token){String refreshedToken;try{Claims claims = getClaimsFromToken(token);StringBuffer roles = (StringBuffer) claims.get(CLAIMS_KEY_AUTHORITIES);refreshedToken = generateToken(claims.getSubject(),roles);}catch (Exception e){printLogger(e);refreshedToken = null;}return refreshedToken;}public boolean validateToken(String token, UserDetails userDetails){JwtUserDetails user = (JwtUserDetails) userDetails;String username = getUsernameFromToken(token);return username.equals(user.getUsername()) && !isTokenExpired(token);}public Jws<Claims> parserToken(String token)throws JwtException{return Jwts.parser().setSigningKey(SECRET).parseClaimsJws(token);}} @Component public class SpringInjectUtil implements ApplicationContextAware {private static ApplicationContext applicationContext;@Overridepublic void setApplicationContext(ApplicationContext applicationContext) throws BeansException {if(SpringInjectUtil.applicationContext == null){SpringInjectUtil.applicationContext = applicationContext;}}public static ApplicationContext getApplicationContext(){return applicationContext;}//根據(jù)namepublic static Object getBean(String name){return getApplicationContext().getBean(name);}//根據(jù)類型public static <T> T getBean(Class<T> clazz){return getApplicationContext().getBean(clazz);}public static <T> T getBean(String name,Class<T> clazz){return getApplicationContext().getBean(name,clazz);}} @Data @Configuration() @ConfigurationProperties(prefix = "jwt") //從application.yaml配置中獲取 public class JwtSecurityProperties {private String header;private String secret;private Long tokenValidityInSeconds; } #Jwt Configuration jwt:header: Authorizationsecret: Turing-Teamtoken_validity-in-seconds: 600000000

---

用戶登錄認(rèn)證

public class JwtLoginFilter extends AbstractAuthenticationProcessingFilter {@ResourceJwtTokenUtil jwtTokenUtil;private void init(){if (jwtTokenUtil == null){jwtTokenUtil = (JwtTokenUtil) SpringInjectUtil.getBean("jwtTokenUtil");}}public JwtLoginFilter(String defaultFilterProcessesUrl, AuthenticationManager authenticationManager){super(new AntPathRequestMatcher(defaultFilterProcessesUrl));init();setAuthenticationManager(authenticationManager);}@Overridepublic Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException{//從請(qǐng)求中獲取用戶信息String username = httpServletRequest.getParameter("username");String password = httpServletRequest.getParameter("password");UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(username, password);//認(rèn)證->會(huì)調(diào)用JwtUserDetailService.loadUserByUsernamereturn getAuthenticationManager().authenticate(token);}@Overrideprotected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult) throws IOException, ServletException{response.setContentType("application/json;charset=utf-8");Result<JwtUserDetails> result = new Result<>();PrintWriter out = response.getWriter();String responseResult;Collection<? extends GrantedAuthority> authorities = authResult.getAuthorities();StringBuffer roles = new StringBuffer();String username = request.getParameter("username");JwtUserDetails user = (JwtUserDetails) authResult.getPrincipal();//遍歷用戶角色，將其寫入token，角色之間用逗號(hào)隔開(kāi)List<Role> rolesList = user.getRoles();for (Role role : rolesList){if (role != null){System.out.println(role);roles.append(role.getRoleId()+",");}}//生成tokenString token = jwtTokenUtil.generateToken(username, roles);user.setToken(token);result.code(ResultCode.SUCCESS).message("Login Success").data(user);//將封裝好的帶有token的用戶信息返回前端out.write(new ObjectMapper().writeValueAsString(result));out.flush();out.close();}@Overrideprotected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException{response.setContentType("application/json;charset=utf-8");PrintWriter out =response.getWriter();Result<String> result = new Result<>();//賬戶是否過(guò)期/被鎖定/不可用由SpringSecurity進(jìn)行檢查之后報(bào)出異常//AbstractUserDetailsAuthenticationProvider.check()中進(jìn)行檢查if (failed instanceof LockedException){result.code(ResultCode.ERROR).message("賬號(hào)已被鎖定,無(wú)法進(jìn)行登錄操作！").data("Account had been locked");}else if (failed instanceof DisabledException){result.code(ResultCode.ERROR).message("賬號(hào)不可用,無(wú)法進(jìn)行登錄操作！").data("Account is disabled");}else{result.message("用戶名或者密碼錯(cuò)誤,請(qǐng)重新登錄!").code(ResultCode.ERROR).data("Login Failure");}out.write(new ObjectMapper().writeValueAsString(result));out.flush();out.close();} }

---

Token令牌驗(yàn)證

public class JwtTokenFilter extends GenericFilterBean {private static JwtTokenFilter jwtTokenFilter;@ResourceJwtSecurityProperties jwtSecurityProperties;@ResourceJwtTokenUtil jwtTokenUtil;private void init(){if (jwtSecurityProperties == null){jwtSecurityProperties = (JwtSecurityProperties) SpringInjectUtil.getBean("jwtSecurityProperties");}if (jwtTokenUtil == null){jwtTokenUtil = (JwtTokenUtil) SpringInjectUtil.getBean("jwtTokenUtil");}}@Overridepublic void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException{init();HttpServletRequest request = (HttpServletRequest) servletRequest;HttpServletResponse response = (HttpServletResponse) servletResponse;//從請(qǐng)求頭中獲取tokenString token = request.getHeader(jwtSecurityProperties.getHeader());PrintWriter out;Result result;response.setContentType("application/json;charset=utf-8");if ("".equals(token) || token == null){out = response.getWriter();result = new Result<String>();result.code(ResultCode.UNAUTHORIZED).message("必須攜帶用戶的認(rèn)證信息進(jìn)行訪問(wèn)").data("User Unauthorized");out.write(new ObjectMapper().writeValueAsString(result));out.flush();out.close();return;}if (jwtTokenUtil.isTokenExpired(token)){out = response.getWriter();result = new Result<String>();result.code(ResultCode.UNAUTHORIZED).message("登錄認(rèn)證已過(guò)期,請(qǐng)重新登錄!").data("User Authorization Is Expired");out.write(new ObjectMapper().writeValueAsString(result));out.flush();out.close();return;}Jws<Claims> jws;try{jws = jwtTokenUtil.parserToken(token);}catch (JwtException e){out = response.getWriter();result = new Result<String>();result.code(ResultCode.UNAUTHORIZED).message("登錄認(rèn)證無(wú)效!").data("Invalid Authorization ");out.write(new ObjectMapper().writeValueAsString(result));out.flush();out.close();return;}Claims user = jws.getBody();//獲取用戶名String username = user.getSubject();//獲取用戶角色,以逗號(hào)作分割的字符串String authoritiesString = (String) user.get(JwtTokenUtil.CLAIMS_KEY_AUTHORITIES);//自動(dòng)轉(zhuǎn)化為GrantedAuthority對(duì)象List<GrantedAuthority> authorities =AuthorityUtils.commaSeparatedStringToAuthorityList(authoritiesString);//對(duì)用戶信息進(jìn)行校驗(yàn)UsernamePasswordAuthenticationToken authenticationToken =new UsernamePasswordAuthenticationToken(username, null, authorities);SecurityContextHolder.getContext().setAuthentication(authenticationToken);//放行filterChain.doFilter(servletRequest, servletResponse);} }

---

獲取用戶權(quán)限

public class PermissionFilter implements FilterInvocationSecurityMetadataSource {/*** 路徑匹配類,用于檢查用戶的請(qǐng)求路徑是否與數(shù)據(jù)庫(kù)中的對(duì)應(yīng)*/AntPathMatcher antPathMatcher = new AntPathMatcher();@AutowiredMenuService menuService;private void init(){if (menuService == null){menuService = (MenuService) SpringInjectUtil.getBean("menuService");}}/*** 每次用戶發(fā)送請(qǐng)求都會(huì)先進(jìn)入此方法,分析出該請(qǐng)求地址需要哪些角色權(quán)限* @param o* @return* @throws IllegalArgumentException*/@Overridepublic Collection<ConfigAttribute> getAttributes(Object o) throws IllegalArgumentException{init();FilterInvocation filterInvocation = (FilterInvocation) o;//獲取請(qǐng)求地址String requestUrl = filterInvocation.getRequestUrl();List<Menu> menus = menuService.findAllMenusWithRoles();//遍歷所有訪問(wèn)路徑規(guī)則for (Menu menu : menus){if (antPathMatcher.match(menu.getPattern(),requestUrl)){List<Role> roles = menu.getRoles();String[] rolesArray = new String[roles.size()];for (int i = 0; i < roles.size(); i++){rolesArray[i] = String.valueOf(roles.get(i).getRoleId());}return SecurityConfig.createList(rolesArray);}}//所有的路徑都匹配不上,返回默認(rèn)的標(biāo)識(shí)符,表示該路徑是登錄即可訪問(wèn)的return SecurityConfig.createList("Login-Common");}@Overridepublic Collection<ConfigAttribute> getAllConfigAttributes(){return null;}/*** 是否支持該方式,返回true* @param aClass* @return*/@Overridepublic boolean supports(Class<?> aClass){return true;} }

---

用戶權(quán)限驗(yàn)證

@Component public class UserAccessDecisionManager implements AccessDecisionManager {/*** 判斷用戶是否有訪問(wèn)該路徑的權(quán)限* @param authentication 可以獲取用戶信息* @param o 實(shí)際上是FilterInvocation對(duì)象,可以獲取請(qǐng)求路徑* @param collection 訪問(wèn)該路徑所需要的角色列表* @throws AccessDeniedException 非法訪問(wèn)異常* @throws InsufficientAuthenticationException*/@Overridepublic void decide(Authentication authentication, Object o, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException{//遍歷訪問(wèn)該路徑所需要的所有角色名for (ConfigAttribute configAttribute : collection){//如果是登錄后即可訪問(wèn)if ("Login-Common".equals(configAttribute.getAttribute())){if (authentication instanceof AnonymousAuthenticationToken){throw new AccessDeniedException("尚未登陸,請(qǐng)前往登錄!");}return;}//獲取當(dāng)前用戶的具有的角色Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();//遍歷該用戶的角色并判斷該角色是否有權(quán)限訪問(wèn)當(dāng)前請(qǐng)求路徑for (GrantedAuthority authority : authorities){//將用戶的角色信息與訪問(wèn)該路徑所需要角色進(jìn)行匹配if (authority.getAuthority().equals(configAttribute.getAttribute())){return;}}}throw new AccessDeniedException("權(quán)限不足,請(qǐng)聯(lián)系管理員!");}@Overridepublic boolean supports(ConfigAttribute configAttribute){return true;}@Overridepublic boolean supports(Class<?> aClass){return true;} }

---

Service層實(shí)現(xiàn)類

@Service public class JwtUserDetailService implements UserDetailsService {@Autowiredprivate UserMapper userMapper;@Autowiredprivate RoleMapper roleMapper;@Overridepublic UserDetails loadUserByUsername(String username) throws UsernameNotFoundException{JwtUserDetails jwtUserDetails = userMapper.loadUserByUsername(username);if (jwtUserDetails == null){throw new UsernameNotFoundException("用戶不存在");}jwtUserDetails.setRoles(roleMapper.findRolesByUserId(jwtUserDetails.getId()));return jwtUserDetails;}} @Service public class MenuServiceImpl implements MenuService {@AutowiredMenuMapper menuMapper;@Overridepublic List<Menu> findAllMenusWithRoles(){return menuMapper.findAllMenuWithRoles();}} @Service public class RoleServiceImpl implements RoleService {@AutowiredJwtUserDetailService userDetailService;@AutowiredRoleMapper roleMapper;@Overridepublic Role findRolesByUsername(String username){JwtUserDetails user = (JwtUserDetails) userDetailService.loadUserByUsername(username);return roleMapper.findRoleByUserId(user.getId());} }

---

統(tǒng)一響應(yīng)類

public class Result<T> {private Integer code;private String message;private T data;public Result() {}public Result message(String message){this.message = message;return this;}public Result code(Integer code){this.code = code;return this;}public Result data(T data){this.data = data;return this;}}

---

Controller

@RestController @RequestMapping public class UserController {@GetMapping("/hello")public Result hello(){return new Result().message("訪問(wèn)公共接口成功").code(ResultCode.SUCCESS).data("Success");}@GetMapping("/db/hello")public Result db(){return new Result().message("訪問(wèn)dba角色接口成功").code(ResultCode.SUCCESS).data("Success");}@GetMapping("/admin/hello")public Result admin(){return new Result().message("訪問(wèn)admin接口成功").code(ResultCode.SUCCESS).data("Success");}@GetMapping("/user/hello")public Result user(){return new Result().message("訪問(wèn)user接口成功").code(ResultCode.SUCCESS).data("Success");}}

---

流程解析

• 用戶發(fā)起登錄請(qǐng)求之后，會(huì)被JwtLoginFilter所攔截，進(jìn)行登錄信息驗(yàn)證；登錄成功之后會(huì)返回用戶信息，并且讓用戶的之后發(fā)送來(lái)的請(qǐng)求頭中攜帶生成的Token。
• 用戶發(fā)起非登錄請(qǐng)求之后，會(huì)被JwtTokenFilter所攔截，解析并驗(yàn)證請(qǐng)求中所帶的Token，判斷是否處于已登錄狀態(tài)。
• 已登陸的情況下，會(huì)繼續(xù)被PermissionFilter所攔截，判斷用戶此次訪問(wèn)請(qǐng)求需要具備哪些角色，然后將其封裝起來(lái)發(fā)送至請(qǐng)求訪問(wèn)管理類UserAccessDecisionManager。
• 請(qǐng)求訪問(wèn)管理類UserAccessDecisionManager得到信息后，判斷此次訪問(wèn)是否合法，如果合法則放行，否則將拋出異常。

---

測(cè)試

登錄測(cè)試

登錄成功：

賬戶被鎖定：

賬戶不可用：

賬戶不存在：

---

公共接口測(cè)試

訪問(wèn)具有訪問(wèn)權(quán)限的接口

數(shù)據(jù)庫(kù)管理員 ：

管理員：

訪問(wèn)無(wú)訪問(wèn)權(quán)限的接口

用戶：

以上，整個(gè)登錄認(rèn)證以及權(quán)限控制功能已經(jīng)搭建好，可以在此基礎(chǔ)上根據(jù)需求添加其他的業(yè)務(wù)。

該文僅作為本人學(xué)習(xí)使用，水平與能力有限，如有錯(cuò)誤或不足歡迎指正！

總結(jié)

以上是生活随笔為你收集整理的SpringtBoot+SpringSecurity+Jwt+MyBatis整合实现用户认证以及权限控制的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。