权限管理组件 - winSecurity

winSecurity

适用基于springboot或spring创建的项目，依赖spring-data-jpa、shiro，与springboot集成较方便
git地址: https://gitee.com/UnlimitedBladeWorks_123/spring-biz-module/tree/master/win-security

• 提供权限管理相关的接口
• 提供接口文档（使用apidoc生成）
• winSecurity提供的接口可动态配置，默认全部提供
• 用户、角色信息支持扩展
• 关键业务逻辑支持扩展
• 权限可控制菜单、后端请求、页面的按钮，只要配置就可以使用
• 使用shiro对请求进行拦截处理, 支持扩展
• 请求拦截规则：对配置的请求做拦截，未配置的请求默认都可以访问；特殊: winSecurity提供的接口未配置时, 只有用户登录后才能访问
• 不提供登录、登出接口

---

SPRINGBOOT项目集成方法

引入jar包

 compile("com.winbaoxian.module:win-security:1.0.0-SNAPSHOT")

创建表

   使用jar包中security.sql创建相关表，用户、角色、资源及关系表

Application加上注解@EnableWinSecurity

   @EnableWinSecurity(entityManagerFactoryRef = "entityManagerFactoryTob",
    transactionManagerRef = "transactionManagerTob")

说明

• entityManagerFactoryRef jpa相关配置的EntityManagerFactory
• transactionManagerRef 事务管理

系统接口改造

• 登录接口增加代码

   WinSecurityAccessService.login(String userName);

• 注销接口增加代码

   WinSecurityAccessService.logout();

相关接口文档

http://doc.suiyiwen.com/win-security/

---

扩展

表前缀设置

• @EnableWinSecurity设置tablePrefix
• 创建表加上前缀

Controller暴露接口控制

可分别控制用户管理、资源管理、角色管理、登录用户数据接口，默认全部生效

• @EnableWinSecurity设置controllerScopes
  • NONE: 全部失效
  • ALL: 全部生效
  • USER: 用户管理
  • ROLE: 角色管理
  • RESOURCE: 资源管理
  • ACCESS: 登录用户数据接口

用户扩展

• @EnableWinSecurity设置extensionUserDTO、extensionUserEntity

• extensionUserDTO 用户前端请求对象

    @Data
    public class BrokerageAdminUserDTO extends WinSecurityBaseUserDTO {
        @JsonIgnore
        private String password;
        private String token;
        private Long topDepartmentId;
        private Long subDepartmentId;
        private String position;
        private String logoImg;
        private Integer sex;
        private Date entryTime;
        private String idCard;
        private String cityName;
        private Long cityId;
        private String storeCode;
        private String ossUserName;
        private String remark;
        private Integer type;
        private Integer serviceCount;
        private Integer bindingCount;
        private Boolean isPerson;
        private Boolean isCar;
    }

• extensionUserEntity entity实体

    @Entity
    @DynamicInsert
    @DynamicUpdate
    @Data
    public class BrokerageAdminUserEntity extends WinSecurityBaseUserEntity {
    
        @Column(name = "password")
        private String password;
        @Column(name = "token")
        private String token;
        @Column(name = "top_department_id")
        private Long topDepartmentId;
        @Column(name = "sub_department_id")
        private Long subDepartmentId;
        @Column(name = "position")
        private String position;
        @Column(name = "logo_img")
        private String logoImg;
        @Column(name = "sex")
        private Integer sex;
        @Column(name = "entry_time")
        private Date entryTime;
        @Column(name = "id_card")
        private String idCard;
        @Column(name = "city_name")
        private String cityName;
        @Column(name = "city_id")
        private Long cityId;
        @Column(name = "store_code")
        private String storeCode;
        @Column(name = "oss_user_name")
        private String ossUserName;
        @Column(name = "remark")
        private String remark;
        @Column(name = "type")
        private Integer type;
        @Column(name = "service_count")
        private Integer serviceCount;
        @Column(name = "binding_count")
        private Integer bindingCount;
        @Column(name = "is_person")
        private Boolean isPerson;
        @Column(name = "is_car")
        private Boolean isCar;  
    }

角色扩展

• @EnableWinSecurity设置extensionRoleDTO、extensionRoleEntity

• extensionRoleDTO 角色前端请求对象

    @Data
    public class BrokerageAdminRoleDTO extends WinSecurityBaseRoleDTO {
        private Integer departmentLevel;
    }

• extensionRoleEntity entity实体

    @Entity
    @DynamicInsert
    @DynamicUpdate
    @Data
    public class BrokerageAdminRoleEntity extends WinSecurityBaseRoleEntity {  
        @Column(name = "DEPARTMENT_LEVEL")
        private Integer departmentLevel;  
    }

业务处理扩展

• @EnableWinSecurity设置extensionServiceProcessors

支持四种场景的业务扩展，需要实现特定的接口

• 增加用户（IUserAddProcessor）
• 更新用户（IUserUpdateProcessor）
• 增加角色（IRoleAddProcessor）
• 更新角色（IRoleUpdateProcessor）

例：

    @Slf4j
    public class UserAddProcessorImpl implements IUserAddProcessor<BrokerageAdminUserDTO, BrokerageAdminUserEntity> {
    
        @Resource
        private OrgDepartmentService orgDepartmentService;
        @Resource
        private BrokerageAdminService brokerageAdminService;
    
        @Override
        public void preProcess(BrokerageAdminUserDTO dto) throws WinSecurityException {
    
        }
    
        @Override
        public void customValidateAfterCommon(BrokerageAdminUserDTO dto) throws WinSecurityException {
            if (dto.getSubDepartmentId() == null) {
                throw new WinSecurityException("未选择机构");
            }
            BrokerageOrgDepartment selectDepartment = orgDepartmentService.findById(dto.getSubDepartmentId());
            if (!CollectionUtils.isEmpty(dto.getRoleIdList())) {
                for (Long roleId : dto.getRoleIdList()) {
                    BrokerageAdminRoleDTO selectRole = brokerageAdminService.getRoleById(roleId);
                    if (!selectDepartment.getLevel().equals(selectRole.getDepartmentLevel())) {
                        throw new WinSecurityException("机构等级与角色等级不符");
                    }
                }
            }
        }
    
        @Override
        public void customMappingAfterCommon(BrokerageAdminUserDTO dto, BrokerageAdminUserEntity entity) throws WinSecurityException {
            if (StringUtils.isNotBlank(dto.getPassword())) {
                entity.setPassword(DigestUtils.md5Hex(dto.getUserName() + dto.getPassword()));
            }
        }
    
        @Override
        public void postProcess(BrokerageAdminUserDTO dto) throws WinSecurityException {
    
        }
    }

---

Spring项目集成方法

引入jar包

 compile("com.winbaoxian.module:win-security:1.0.0-SNAPSHOT")

• jar包版本升级

    compile('org.hibernate:hibernate-core:5.0.12.Final')
    compile('org.aspectj:aspectjrt:1.8.13')
    compile('org.aspectj:aspectjweaver:1.8.13')

• spring版本升级到4.3.19.RELEASE，其他版本兼容也可以

创建表

   使用jar包中security.sql创建相关表，用户、角色、资源及关系表

增加配置文件

  @Configuration
  @EnableWinSecurity(transactionManagerRef = "transactionManagerWinSecurity", entityManagerFactoryRef = "entityManagerFactoryWinSecurity", tablePrefix = "security")
  public class WinSecurityConfiguration {
  
      @Resource
      private DataSource dataSource;
      @Resource
      private SessionFactoryImpl sessionFactory;
  
      @Bean
      public LocalContainerEntityManagerFactoryBean entityManagerFactoryWinSecurity() {
          LocalContainerEntityManagerFactoryBean factoryBean = new LocalContainerEntityManagerFactoryBean();
          factoryBean.setDataSource(dataSource);
          factoryBean.setPackagesToScan(new String[]{});
          factoryBean.setPersistenceUnitName("winSecurity");
          factoryBean.setJpaProperties(sessionFactory.getProperties());
          factoryBean.setPersistenceProviderClass(HibernatePersistenceProvider.class);
          return factoryBean;
      }
  
      @Bean
      PlatformTransactionManager transactionManagerWinSecurity() {
          return new JpaTransactionManager(entityManagerFactoryWinSecurity().getObject());
      }
  
  }

@EnableWinSecurity扩展方式 点击查看

修改spring配置文件 *.xml

• 将org.springframework.orm.hibernate4.* 改成 org.springframework.orm.hibernate5.*
• spring-mvc.xml增加

    <bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping">
        <property name="detectHandlerMethodsInAncestorContexts">
            <value>true</value>
        </property>
    </bean>

系统接口改造

• 登录接口增加代码

   WinSecurityAccessService.login(String userName);

• 注销接口增加代码

   WinSecurityAccessService.logout();

相关接口文档

http://doc.suiyiwen.com/win-security/