通过在Ream实现类中配置doGetAuthorizationInfo、在controller中对应方法加上@RequiresPermissions()即可实现接口的权限验证。
doGetAuthorizationInfo:
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo();
List<SysRole> sysRoles = sysRoleService.selectRolesByUserId(TemporaryConstant.USERID);
HashSet<String> permissionStrings = new HashSet<>();
for (SysRole sysRole : sysRoles) {
List<SysPermission> sysPermissions = sysPermissionService.selectPermissionsByRoleId(sysRole.getId());
for (SysPermission sysPermission : sysPermissions) {
permissionStrings.add(sysPermission.getPerms());
}
}
for (String permissionString : permissionStrings) {
simpleAuthorizationInfo.addStringPermission(permissionString);
}
return simpleAuthorizationInfo;
}
controller接口:
@PostMapping("/testPermission")
@RequiresPermissions("sys:role:add")
public AjaxResult testPermission() {
AjaxResult ajaxResult = new AjaxResult();
ajaxResult.setMsg("接口权限测试成功");
return ajaxResult;
}
注意:
要实现以上功能,还需要aop的支持,你需要如下配置:
1.导入aop的依赖
如果其他的starter没有spring-aop的依赖,那么你就自己导入
<!-- 这个redis模块集成了spring-aop,所以我们不用再配了 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-redis</artifactId>
<exclusions>
<exclusion>
<artifactId>spring-aop</artifactId>
<groupId>org.springframework</groupId>
</exclusion>
</exclusions>
</dependency>
<!-- 如果没有配置,那就自己配 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
2.定义aop切面,用于代理如@RequiresPermissions注解的控制器,进行权限控制。
/**
* 定义aop切面,用于代理如@RequiresPermissions注解的控制器,进行权限控制。
*
* @param securityManager
* @return
*/
@Bean
public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
return authorizationAttributeSourceAdvisor;
}
在访问打了@RequiresPermissions的接口时,debug下程序会来到doGetAuthorizationInfo,我们在这里面添加权限就OK