文章目录
哈喽!大家好
✨ 如果有对【毕设】感兴趣的【小可爱】 可以进我主页逛逛
❤️❤️❤️感谢各位大可爱小可爱!❤️❤️❤️
- 介绍
- 软件架构
- 开发环境
- 界面效果图
- 代码实现:
基于Java的物流管理系统。
软件架构系统使用前后端分离,后端编写接口,提供数据。前端调用接口获取数据,根据要求在页面上进行渲染。
由于使用前后端分离,就要解决跨域访问的问题,所以用JWT进行数据的传送。
用security框架进行权限的控制,根据用户拥有的角色,分配角色对应的权限。
在用户登录时有两种登录方式 ①账号密码 ②网易邮箱验证码验证登录
系统整合了spring 的邮箱发送服务 用于用户注册激活(可视为一个技术点写在论文里-难度不大但很高级)
1.系统用Java语言开发,前端用Vue,后端用Spring Boot框架;
2.开发工具:IDEA、Navicat Premium 15、Postman等;
3.技术:MySQL、Spring Boot、JWT(security)、Vue、axios等
界面效果图 登录:
首页:
管理员:
操作员(菜单有所变化-无系统管理)
操作员
其他用户
个人信息:
仓库管理:
销售开票(新增成功会在来往单位的菜单页面中显示):
配送申请
物流车辆管理:
饼状图 统计分析(测试数据多几条会好看很多):
系统用户权限管理
# 项目结构 代码实现:
后端代码 结合使用@PreAuthorize(“hasAnyRole(xxx’)”)控制权限
登录:
package com.example.api.controller;
import com.example.api.model.dto.LoginDto;
import com.example.api.model.entity.Admin;
import com.example.api.model.enums.Role;
import com.example.api.repository.AdminRepository;
import com.example.api.service.AdminService;
import com.example.api.utils.JwtTokenUtil;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.*;
import javax.annotation.Resource;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@RestController
@RequestMapping("/api/admin")
public class AdminController {
@Resource
private AdminService adminService;
@Resource
private AdminRepository adminRepository;
...
@PostMapping("/login")
public Map loginByEmail(String type, @RequestBody LoginDto dto) throws Exception {
Map map = new HashMap<>();
Admin admin = type.equals("email") ? adminService.loginByEmail(dto) : adminService.loginByPassword(dto);
String token = adminService.createToken(admin,
dto.isRemember() ? JwtTokenUtil.REMEMBER_EXPIRATION_TIME : JwtTokenUtil.EXPIRATION_TIME);
map.put("admin", admin);
map.put("token", token);
return map;
}
@GetMapping("/sendEmail")
public void sendEmail(String email) throws Exception {
adminService.sendEmail(email);
}
}
权限认证及授权
jwt:
package com.example.api.security;
import com.example.api.model.support.ResponseResult;
import com.example.api.utils.JwtTokenUtil;
import com.example.api.utils.ResponseUtil;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
public class JwtAuthorizationFilter extends BasicAuthenticationFilter {
public JwtAuthorizationFilter(AuthenticationManager authenticationManager) {
super(authenticationManager);
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
throws IOException, ServletException {
//从Request Header 取出Token
String token = request.getHeader(JwtTokenUtil.TOKEN_HEADER);
//Token为空放行
//如果接下来进入的URL不是公共的地址SpringSecurity会返回403的错误
if (!JwtTokenUtil.checkToken(token)){
chain.doFilter(request, response);
return;
}
//判断JWT Token是否过期
if (JwtTokenUtil.isExpiration(token)) {
ResponseUtil.writeJson(response, new ResponseResult<>(403, "令牌已过期, 请重新登录"));
return;
}
//解析token
String username = JwtTokenUtil.getUsername(token);
List tokenRoles = JwtTokenUtil.getTokenRoles(token);
ArrayList roles = new ArrayList<>();
for (String role : tokenRoles) {
roles.add(new SimpleGrantedAuthority(role));
}
//向SpringSecurity的Context中加入认证信息
SecurityContextHolder.getContext().setAuthentication(
new UsernamePasswordAuthenticationToken(username,null, roles));
super.doFilterInternal(request, response, chain);
}
}
Security Config配置
package com.example.api.security;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//开启跨域
http.csrf().disable().cors();
//禁用session
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
//添加自定义的jwt过滤器
http.addFilter(new JwtAuthorizationFilter(authenticationManagerBean()));
}
@Bean
CorsConfigurationSource corsConfigurationSource() {
final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
final CorsConfiguration corsConfiguration = new CorsConfiguration();
corsConfiguration.addAllowedHeader("*");
corsConfiguration.addAllowedHeader("DELETE");
corsConfiguration.addAllowedMethod("*");
corsConfiguration.addAllowedOrigin("*");
source.registerCorsConfiguration("/**", corsConfiguration);
return source;
}
}
后面的代码就不再列举了,,
✨✨下面评论有源码及指导✨✨
