一授权
1课程服务是一个资源服务
在其某个controller中加preauthorize注解,
2同时配置文件中开启
3.jwt令牌中包含对应权限信息才可以操作
XcUserExt userext = userClient.findUserInfo(username);
/*
//获取当前用户的权限信息
List<XcMenu> menuList = xcMenuMapper.findMenuList(xcUser.getId());
xcUserExt.setPermissions(menuList);*/
select * from xc_menu where id in (select menu_id from xc_permission where role_id in(select role_id from xc_user_role where user_id ='49') )
存到jwt令牌中
权限五张表阿帕奇的shrio和springsecurity都是基于
权限,权限角色roleid,resourceID,角色,用户角色userid roleid,用户,
查询主表为权限,根据用户id查roleid 查中间表
4.权限不足友好提示
1 import com.google.common.collect.ImmutableMap;
2 import com.xuecheng.filesystem.framework.model.response.CommonCode;
3 import com.xuecheng.filesystem.framework.model.response.ResponseResult;
4 import com.xuecheng.filesystem.framework.model.response.ResultCode;
5 import lombok.extern.slf4j.Slf4j;
6 import org.springframework.http.converter.HttpMessageNotReadableException;
7 import org.springframework.web.bind.annotation.ControllerAdvice;
8 import org.springframework.web.bind.annotation.ExceptionHandler;
9 import org.springframework.web.bind.annotation.ResponseBody;
10
11 //全局异常抓取类
12 @ControllerAdvice //增强controller
13 @Slf4j
14 public class ExceptionCatch {
15
16 //ImmutableMap 线程安全,声明之后内容不可变
17 private static ImmutableMap<Class<? extends Throwable>,ResultCode> EXCEPTIONS;
18
19 protected static ImmutableMap.Builder<Class<? extends Throwable>,ResultCode> builder = ImmutableMap.builder();
20
21 //抓取自定义异常(可预知异常)
22 @ExceptionHandler(CustomerException.class)
23 @ResponseBody
24 public ResponseResult customerException(CustomerException customerException){
25 //给用户返回友好信息
26 ResultCode resultCode = customerException.getResultCode();
27
28 ResponseResult responseResult = new ResponseResult(resultCode);
29 return responseResult;
30 }
31
32 //抓取不可预知异常
33 @ExceptionHandler(Exception.class)
34 @ResponseBody
35 public ResponseResult exception(Exception exception){
36
37 log.error(exception.getMessage());
38
39 if (EXCEPTIONS == null){
40 EXCEPTIONS = builder.build();
41 }
42 ResultCode resultCode = EXCEPTIONS.get(exception.getClass());
43 if (resultCode == null){
44 return new ResponseResult(CommonCode.SERVER_ERROR);
45 }else{
46 return new ResponseResult(resultCode);
47 }
48
49 }
50
51 static {
52 builder.put(HttpMessageNotReadableException.class, CommonCode.INVALIDATE_PARAMS);
53 }
54 }
权限不足,无权操作。
点击“”管理课程“”没信息回显,发出查询课程基础信息请求,被拦截,