SpringBoot基础-权限管理1

权限管理无非就是把某一个接口的使用权限赋给某一个用户。

CREATE TABLE `user` (
  `id` bigint(20) NOT NULL AUTO_INCREMENT,
  `name` varchar(255) DEFAULT NULL COMMENT '名字',
  `username` varchar(255) DEFAULT NULL,
  `password` varchar(255) DEFAULT NULL,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8 COMMENT='用户测试表';

创建SpringBoot项目 编辑pow.xml引入依赖

    
        
        
            org.springframework.boot
            spring-boot-starter
        
        
            org.springframework.boot
            spring-boot-starter-test
            test
        
        
        
            org.springframework.boot
            spring-boot-starter-web
        
        
        
        
        
            com.baomidou
            mybatis-plus-boot-starter
            3.4.2
        
        
            mysql
            mysql-connector-java
            runtime
        
        
        
            org.projectlombok
            lombok
            1.16.14
        
    

编写application.yml文件

server:
  #tomcat端口
  port: 8080

spring:
  #MySQL数据库配置
  datasource:
    url: jdbc:mysql://localhost:3306/springboot_demo?useUnicode=true&characterEncoding=utf-8&serverTimezone=UTC
    username: root
    password: 20220101
    driver-class-name: com.mysql.cj.jdbc.Driver

mybatis-plus:
  configuration:
    log-impl: org.apache.ibatis.logging.stdout.StdOutImpl
  #实体类路径
  typeAliasesPackage: com.qcby.entity
  #mapper路径
  mapperLocations: classpath:mapper
            Set url=menuService.getUrlListById(userDb.getId());
            userDb.setUrl(url);

        }else{
            map.put("msg","用户名或密码错误！");
        }
        return map;
    }
    @RequestMapping("getUrlListById")
    public Set getUrlListById(Long id){
        return this.menuService.getUrlListById(id);
    }

    @GetMapping("findAll")
    public IPage findAll(Page page){
        return this.service.findAll(page);
    }
}

编辑拦截器类(判断用户访问的路径是否被授权给此用户)

package com.qcby.interceptor;
public class LoginInterceptor implements HandlerInterceptor {
    private Logger log = LoggerFactory.getLogger(getClass());
    @Autowired
    private HttpSession httpSession;
    //Controller逻辑执行之前
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        System.out.println("preHandle....");
        String uri = request.getRequestURI();
        System.out.println("uri："+ uri);

        if (!(handler instanceof HandlerMethod)) {
            return true;
        }

        String token=request.getHeader("qcby-token");
        if (!TokenUtil.verify(token)) {
            // 未登录跳转到登录界面
            response.sendRedirect("/login/login");
            return false;
        }else {
            //登录成功
            //验证身份
            User user=TokenUtil.getUser(token);
            //获取实体类的url属性，被授权的方法路径
            Set url=user.getUrl();
            //查看用户调用的方法是否在url集合里面
            if(!url.contains(uri))
                throw new Exception("权限不足");
            return true;
            }
        }
    }

    //Controller逻辑执行完毕但是视图解析器还未进行解析之前
    @Override
    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, ModelAndView modelAndView) throws Exception {
        System.out.println("postHandle....");
    }

    //Controller逻辑和视图解析器执行完毕
    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {
        System.out.println("afterCompletion....");
    }
}