<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>2.3.5.RELEASE</version>
</dependency>
<!-- Spring Boot 的 Spring Web MVC 集成 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
认证
public interface AuthService {
/**
* @description 认证方法
* @param authParamsDto 认证参数
* @return com.xuecheng.ucenter.model.po.XcUser 用户信息
* @author Mr.M
* @date 2022/9/29 12:11
*/
XcUserExt execute(AuthParamsDto authParamsDto);
}
@Autowired
ApplicationContext applicationContext;
@Service("password_authservice")
public class PasswordAuthServiceImpl implements AuthService {
XcUserExt execute(AuthParamsDto authParamsDto){}
}
@Service("Wx_authservice")
public class WxAuthServiceImpl implements AuthService {
XcUserExt execute(AuthParamsDto authParamsDto){}
}
// 从容器中获取bean,相当于策略模式
AuthService authService = applicationContext.getBean (authType + "_authservice", AuthService.class);
XcUserExt user = authService.execute(authParamsDto);
passwordEncoder
@Bean
public PasswordEncoder passwordEncoder() {
// //密码为明文方式
// return NoOpPasswordEncoder.getInstance();
return new BCryptPasswordEncoder ();
}
import com.xuecheng.ucenter.mapper.XcUserMapper;
import com.xuecheng.ucenter.model.po.XcUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
@Service
public class UserServiceImpl implements UserDetailsService {
@Autowired
XcUserMapper xcUserMapper;
/**
* @param username 账号
* @return org.springframework.security.core.userdetails.UserDetails
* @description 根据账号查询用户信息
* @author Mr.D
* @date 2022/9/28 18:30
*/
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
XcUser user = xcUserMapper.selectOne (new LambdaQueryWrapper<XcUser> ().eq (XcUser::getUsername, s));
if (user == null) {
//返回空表示用户不存在
return null;
}
//取出数据库存储的正确密码
String password = user.getPassword ();
//用户权限,如果不加报Cannot pass a null GrantedAuthority collection
String[] authorities = {"p1"};
//为了安全在令牌中不放密码
user.setPassword (null);
//将user对象转json
String userString = JSON.toJSONString (user);
//创建UserDetails对象
UserDetails userDetails = User.withUsername (userString).password (password).authorities (authorities).build ();
return userDetails;
}
}
授权
数据模型:
说明如下:
xc_user:用户表,存储了系统用户信息,用户类型包括:学生、老师、管理员等
xc_role:角色表,存储了系统的角色信息,学生、老师、教学管理员、系统管理员等。
xc_user_role:用户角色表,一个用户可拥有多个角色,一个角色可被多个用户所拥有
xc_menu:模块表,记录了菜单及菜单下的权限
xc_permission:角色权限表,一个角色可拥有多个权限,一个权限可被多个角色所拥有
@Select("SELECT * FROM xc_menu WHERE id IN (SELECT menu_id FROM xc_permission WHERE role_id IN ( SELECT role_id FROM xc_user_role WHERE user_id = #{userId} ))")
List<XcMenu> selectPermissionByUserId(@Param("userId") String userId);
@Data
public class XcUserExt extends XcUser {
//用户权限
List<String> permissions = new ArrayList<>();
}
//查询用户身份
public UserDetails getUserPrincipal(XcUserExt user){
String password = user.getPassword();
//查询用户权限
List<XcMenu> xcMenus = menuMapper.selectPermissionByUserId(user.getId());
List<String> permissions = new ArrayList<>();
if(xcMenus.size()<=0){
//用户权限,如果不加则报Cannot pass a null GrantedAuthority collection
permissions.add("p1");
}else{
xcMenus.forEach(menu->{
permissions.add(menu.getCode());
});
}
//将用户权限放在XcUserExt中
user.setPermissions(permissions);
//为了安全在令牌中不放密码
user.setPassword(null);
//将user对象转json
String userString = JSON.toJSONString(user);
String[] authorities = permissions.toArray(new String[0]);
UserDetails userDetails = User.withUsername(userString).password(password).authorities(authorities).build();
return userDetails;
}
@PreAuthorize("hasAuthority('xc_teachmanager_course_list')") //拥有课程列表查询的权限方可访问
@PostMapping("/course/list")
public PageResult<CourseBase> list(PageParams pageParams, @RequestBody QueryCourseParamsDto queryCourseParams)