1 spring security oauth2 简单配置说明(一)
配套源码:https://download.csdn.net/download/tiancxz/12902941
1.1 工程说明:
授权服务端口10101
资源服务端口10201
<modules>
<!-- 项目依赖-->
<module>spring-security-oauth2-dependencies</module>
<!-- 认证服务器-->
<module>spring-security-oauth2-server</module>
<!--资源服务器-->
<module>spring-security-oauth2-resource</module>
</modules>
2 spring-security-oauth2-server认证服务器配置
2.1 项目结构
OAuth2简单集成使用只需要继承配置两个适配器就行。
AuthorizationServerConfigurerAdapter授权服务配置适配器
WebSecurityConfigurerAdapter网站安全配置适配器
2.2 pom.xml引入
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
2.3 AuthorizationServerConfiguration授权服务配置适配器
@Configuration
//标注为授权服务
@EnableAuthorizationServer
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
//使用内存存储令牌(普通令牌)
@Bean
public TokenStore tokenStore() {
return new InMemoryTokenStore();
}
//设置授权码模式的授权码如何存取,暂时采用内存方式
@Bean
public AuthorizationCodeServices authorizationCodeServices() {
return new InMemoryAuthorizationCodeServices();
}
//配置服务端点信息
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authorizationCodeServices(authorizationCodeServices())//授权码服务
.tokenStore(tokenStore())//令牌管理服务
.allowedTokenEndpointRequestMethods(HttpMethod.POST);
}
//客户端详情服务
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.inMemory()// 使用in-memory存储
.withClient("client")// client_id
.secret(new BCryptPasswordEncoder().encode("secret"))//客户端密钥
.authorizedGrantTypes("authorization_code", "password","client_credentials","implicit","refresh_token")// 该client允许的授权类型authorization_code,password,refresh_token,implicit,client_credentials
.scopes("all")// 允许的授权范围
.autoApprove(true)//false跳转到授权页面
//加上验证回调地址
.redirectUris("http://www.baidu.com")
;
}
//设置认证令牌放行
@Override
public void configure(AuthorizationServerSecurityConfigurer security){
security
.tokenKeyAccess("permitAll()") //oauth/token_key是公开
.checkTokenAccess("permitAll()") //oauth/check_token公开
.allowFormAuthenticationForClients() //表单认证(申请令牌)
;
}
}
2.4 WebSecurityConfiguration Security网站安配置全适配器
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
//密码编码器
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
//认证服务器 配置用户认证
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
//注意roles authorities 在后面的才会生效。
//.roles("r1","r2").authorities("r3","r4") roles无效 authorities有效
//两种选一种
//一般我们简单系统只需根据authorities权限配置就行
.withUser("admin").password(passwordEncoder().encode("123456")).roles("r1","r2").authorities("r3","r4")
.and()
.withUser("user").password(passwordEncoder().encode("123456")).authorities("r3","r4").roles("r1","r2")
;
}
//安全拦截机制(最重要)
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/login*").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.csrf().disable() //打开的csrf保护
// .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)//禁用session 默认授权页面将失效
;
;
}
}
3 spring-security-oauth2-resource 资源服务器配置
3.1 pom.xml引入
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-oauth2</artifactId>
</dependency>
3.2 ResourceServerConfiguration 资源服务适配器配置
@Configuration
@EnableResourceServer
//方法拦截器
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
// 此处r1 r2 使用角色 r3 r4 使用权限
// 验证WebSecurityConfiguration roles authorities 在后面的才会生效。
// roles("r1","r2").authorities("r3","r4") roles无效 authorities有效
.antMatchers("/r1").hasAnyRole("r1")
.antMatchers("/r2").hasAnyRole("r2")
.antMatchers("/r3").hasAnyAuthority("r3")
.antMatchers("/r4").hasAnyAuthority("r4")
.antMatchers("/**").permitAll()
;
}
//资源服务令牌解析服务 配置远程ResourceServerTokenServices后,可不用设置yml远程security.oauth2配置
@Bean
public ResourceServerTokenServices tokenService() {
//使用远程服务请求授权服务器校验token,必须指定校验token 的url、client_id,client_secret
RemoteTokenServices service=new RemoteTokenServices();
service.setCheckTokenEndpointUrl("http://localhost:10101/oauth/check_token");
service.setClientId("client");
service.setClientSecret("secret");
return service;
}
}
3.3 application.yml配置认证服务器地址、id、密钥
security:
oauth2:
client:
client-id: client
client-secret: secret
access-token-uri: http://localhost:10101/oauth/token
user-authorization-uri: http://localhost:10101/oauth/authorize
resource:
token-info-uri: http://localhost:10101/oauth/check_token
4 authorization_code授权码模式
4.1 启动测试
4.2 访问获取授权码
打开浏览器,输入地址:
http://localhost:10101/oauth/authorize?client_id=client&response_type=code
第一次访问会跳转到登录页面,输入用户名密码admin 123456,获取授权码
4.3 通过授权码向服务器申请令牌
http://client:secret@localhost:10101/oauth/token
也可以将client:secret@放置在请求参数里面
4.4 测试令牌
通过POSTMAN测试发现admin可以访问r3,r4。不能访问r1,r2
4.5 校验令牌
http://localhost:10101/oauth/check_token
5 password密码授权模式
对于我们内部网站或客户端,授权码模式过于复杂。可用密码模式做为自由传统网站。
在未对现有代码改动时,我们直接用PostMan调用会报错。
我们需要对现有代码进行改造。
5.1 WebSecurityConfiguration改造
//将认证管理器实例 注入到Spring
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
5.2 AuthorizationServerConfiguration改造
//从spring获取认证管理器实例 支持密码授权模式
@Autowired
public AuthenticationManager authenticationManager;
//配置服务端点信息 通过authenticationManager绑定指定认证管理器实例
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authenticationManager(authenticationManager)//认证管理器 支持密码授权模式
.authorizationCodeServices(authorizationCodeServices())//授权码服务
.tokenStore(tokenStore())//令牌管理服务
.allowedTokenEndpointRequestMethods(HttpMethod.POST);
}
5.3 测试密码授权模式
6 client_credentials客户端授权模式
不需要改动代码,直接上PostMan测试。合适微服务服务后台相互调用。
项目中单独使用安全度不高。需要配合网关gateway进行authorization_code、password授权模式对外部请求资源拦截。
7 implicit授权模式
已过时。只合适某些静态资源。无需额外配置。
http://localhost:10101/oauth/authorize?client_id=client&response_type=token
登陆后返回的地址直接加上了token
https://www.baidu.com/#access_token=29cb038d-2b05-4288-9d5d-ab4486a4ed2b&token_type=bearer&expires_in=3599&scope=all
8 刷新令牌
8.1 AuthorizationServerConfiguration修改支持令牌刷新
//令牌管理服务
public AuthorizationServerTokenServices tokenService() {
//刷新refresh_token模式支持
DefaultTokenServices tokenServices = new DefaultTokenServices();
//配置令牌
tokenServices.setTokenStore(tokenStore());
// access token有效期2个小时
tokenServices.setAccessTokenValiditySeconds(60*60*1);
// refresh token有效期30天
tokenServices.setRefreshTokenValiditySeconds(60*60*24*30);
// 支持使用refresh token刷新access token
tokenServices.setSupportRefreshToken(true);
// 允许重复使用refresh token
tokenServices.setReuseRefreshToken(false);
return tokenServices;
}
//配置服务端点信息
@Override
public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
endpoints
.authorizationCodeServices(authorizationCodeServices())//授权码服务
.authenticationManager(authenticationManager)//认证管理器 支持密码授权模式
// .tokenStore(tokenStore())//令牌 配置令牌管理服务后可以注释
.tokenServices(tokenService())//令牌管理服务
.allowedTokenEndpointRequestMethods(HttpMethod.POST)
;
}
8.2 测试刷新令牌
9 自定义获取数据库用户权限实现
9.1 UserDetailsService实现
根据用户名获取用户的权限
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private TbUserService tbUserService;
@Autowired
private TbPermissionService tbPermissionService;
@Override
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
TbUser tbUser = tbUserService.getByUserName(userName);
//框架存放权限的地方
List<GrantedAuthority> grantedAuthorities = Lists.newArrayList();
if (tbUser != null){
List<TbPermission> tbPermissions = tbPermissionService.selectByUserId(tbUser.getId());
tbPermissions.forEach(tbPermission -> {
GrantedAuthority grantedAuthority = new SimpleGrantedAuthority(tbPermission.getEnname());
grantedAuthorities.add(grantedAuthority);
});
}
//认证是交给框架完成的 这边直接返回框架User
return new User(tbUser.getUsername(),tbUser.getPassword(),grantedAuthorities);
}
}
相关数据库表数据
9.2 WebSecurityConfiguration修改
WebSecurityConfiguration加载自定义UserDetailsService
//返回一个自定义数据库获取用户权限的实现
@Autowired
public UserDetailsServiceImpl userDetailsService;
//认证服务器 配置用户认证
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService);
// auth.inMemoryAuthentication()
// //注意roles authorities 在后面的才会生效。
// //.roles("r1","r2").authorities("r3","r4") roles无效 authorities有效
// //两种选一种
// //一般我们简单系统只需根据authorities权限配置就行
// .withUser("admin").password(passwordEncoder().encode("123456")).roles("r1","r2").authorities("r3","r4")
// .and()
// .withUser("user").password(passwordEncoder().encode("123456")).authorities("r3","r4").roles("r1","r2")
// ;
}
每次获取token时,都会进入自定义实现从数据库获取权限
http://client:secret@localhost:10101/oauth/token
10 @PreAuthorize开启注解
10.1 引入spring-boot-starter-aop或者aspectjweaver
项目中已经引入spring-boot-starter-web,不用再引入spring-boot-starter-aop或者aspectjweaver。只需修改yml。
10.2 修改yml
如果已经引入spring-boot-starter-web或spring-boot-starter-aop,需要配置aop.auto = true。aspectjweaver不需要修改。
spring:
aop:
auto: true
10.3 ResourceServerConfiguration修改
添加@EnableGlobalMethodSecurity(prePostEnabled = true),注释http安全里面权限验证。
@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true, jsr250Enabled = true)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
@Override
public void configure(HttpSecurity http) throws Exception {
http
.exceptionHandling()
.and()
.csrf().disable() //打开的csrf保护
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)//禁用session
.and()
.authorizeRequests()
// 以下为配置所需保护的资源路径及权限,需要与认证服务器配置的授权部分对应
// 此处r1 r2 使用角色 r3 r4 使用权限
// 验证WebSecurityConfiguration roles authorities 在后面的才会生效。
// roles("r1","r2").authorities("r3","r4") roles无效 authorities有效
// .antMatchers("/r1").hasAnyRole("r1")
// .antMatchers("/r2").hasAnyRole("r2")
// .antMatchers("/r3").hasAnyAuthority("r3")
// .antMatchers("/r4").hasAnyAuthority("r4")
.antMatchers("/**").permitAll()
;
}
10.4 TbContentController修改
在具体方法添加@PreAuthorize("hasAnyAuthority('r5')")注解
10.5 测试
r4可以访问,r5不能访问
11 JWT令牌配置
11.1 pom.xml修改
资源服务器必须引入
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-aop</artifactId>
</dependency>
11.2 添加tokenConfig
认证服务器和资源服务器都需要
@Configuration
public class TokenConfig {
//密钥
private String SIGNING_KEY = "hlcloud";
@Bean
public TokenStore tokenStore() {
//JWT令牌存储方案
return new JwtTokenStore(accessTokenConverter());
}
@Bean
public JwtAccessTokenConverter accessTokenConverter() {
JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
converter.setSigningKey(SIGNING_KEY); //对称秘钥,资源服务器使用该秘钥来验证
return converter;
}
/* @Bean
public TokenStore tokenStore() {
//使用内存存储令牌(普通令牌)
return new InMemoryTokenStore();
}*/
}
11.3 认证服务器修改
AuthorizationServerConfiguration
// //使用内存存储令牌(普通令牌)
// @Bean
// public TokenStore tokenStore() {
// return new InMemoryTokenStore();
// }
//使用JWT令牌存储方案
@Autowired
public TokenStore tokenStore;
//使用jwt令牌转换加密
@Autowired
private JwtAccessTokenConverter accessTokenConverter;
//令牌管理服务
public AuthorizationServerTokenServices tokenService() {
//刷新refresh_token模式支持
DefaultTokenServices tokenServices = new DefaultTokenServices();
//配置令牌
tokenServices.setTokenStore(tokenStore);
// access token有效期24个小时
tokenServices.setAccessTokenValiditySeconds(60*60*24);
// refresh token有效期3天
tokenServices.setRefreshTokenValiditySeconds(60*60*24*3);
// 支持使用refresh token刷新access token
tokenServices.setSupportRefreshToken(true);
// 允许重复使用refresh token
tokenServices.setReuseRefreshToken(false);
//令牌增强 jwt转换
TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
tokenEnhancerChain.setTokenEnhancers(Arrays.asList(accessTokenConverter));
tokenServices.setTokenEnhancer(tokenEnhancerChain);
return tokenServices;
}
11.4 资源服务器修改
ResourceServerConfiguration注释远程调用验证token,jwt本地解密验证。
// //资源服务令牌解析服务 配置远程ResourceServerTokenServices后,可不用设置yml远程auth配置
// @Bean
// public ResourceServerTokenServices tokenService() {
// //使用远程服务请求授权服务器校验token,必须指定校验token 的url、client_id,client_secret
// RemoteTokenServices service=new RemoteTokenServices();
// service.setCheckTokenEndpointUrl("http://localhost:10101/oauth/check_token");
// service.setClientId("client");
// service.setClientSecret("secret");
// return service;
// }
11.5 测试
此时看到返回的令牌已经变长
测试资源服务器
12 认证服务JDBC改造
12.1 授权码JDBC改造
// //设置授权码模式的授权码如何存取,暂时采用内存方式
// @Bean
// public AuthorizationCodeServices authorizationCodeServices() {
// return new InMemoryAuthorizationCodeServices();
// }
//设置授权码模式的授权码如何存取,暂时采用内存方式
@Bean
public AuthorizationCodeServices authorizationCodeServices(DataSource dataSource) {
return new JdbcAuthorizationCodeServices(dataSource);
}
@Autowired
public AuthorizationCodeServices authorizationCodeServices;
12.2 客户端详情JDBC改造
//将客户端信息存储到数据库
@Bean
public JdbcClientDetailsService jdbcClientDetailsService(DataSource dataSource) {
return new JdbcClientDetailsService(dataSource);
}
@Autowired
private JdbcClientDetailsService jdbcClientDetailsService;
//客户端详情服务
@Override
public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
clients.withClientDetails(jdbcClientDetailsService);
// clients.inMemory()// 使用in-memory存储
// .withClient("client")// client_id
// .secret(new BCryptPasswordEncoder().encode("secret"))//客户端密钥
// .authorizedGrantTypes("authorization_code", "password","client_credentials","implicit","refresh_token")// 该client允许的授权类型authorization_code,password,refresh_token,implicit,client_credentials
// .scopes("all")// 允许的授权范围
// .autoApprove(true)//false跳转到授权页面
// //加上验证回调地址
// .redirectUris("http://www.baidu.com")
// ;
}
12.3 资源服务器ResourceServerConfiguration修改
如果不想使用使用resource_ids,可不用做这一步。添加了resid则需要在数据库里面修改响应字段。
@Override
public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
resources.resourceId("res_id")
.stateless(true);
;
super.configure(resources);
}
12.4 相关表结构
oauth_client_details:存储客户端详情
oauth_code:存储授权码
/*
Navicat Premium Data Transfer
Source Server : 127.0.0.1-test
Source Server Type : MySQL
Source Server Version : 50731
Source Host : 127.0.0.1:3306
Source Schema : oauth2
Target Server Type : MySQL
Target Server Version : 50731
File Encoding : 65001
Date: 30/09/2020 13:46:39
*/
SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;
-- ----------------------------
-- Table structure for oauth_access_token
-- ----------------------------
DROP TABLE IF EXISTS `oauth_access_token`;
CREATE TABLE `oauth_access_token` (
`token_id` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`token` blob NULL,
`authentication_id` varchar(128) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
`user_name` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`client_id` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`authentication` blob NULL,
`refresh_token` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
PRIMARY KEY (`authentication_id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of oauth_access_token
-- ----------------------------
-- ----------------------------
-- Table structure for oauth_approvals
-- ----------------------------
DROP TABLE IF EXISTS `oauth_approvals`;
CREATE TABLE `oauth_approvals` (
`userId` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`clientId` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`scope` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`status` varchar(10) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`expiresAt` timestamp(0) NULL DEFAULT NULL,
`lastModifiedAt` timestamp(0) NULL DEFAULT NULL
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of oauth_approvals
-- ----------------------------
-- ----------------------------
-- Table structure for oauth_client_details
-- ----------------------------
DROP TABLE IF EXISTS `oauth_client_details`;
CREATE TABLE `oauth_client_details` (
`client_id` varchar(128) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
`resource_ids` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`client_secret` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`scope` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`authorized_grant_types` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`web_server_redirect_uri` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`authorities` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`access_token_validity` int(11) NULL DEFAULT NULL,
`refresh_token_validity` int(11) NULL DEFAULT NULL,
`additional_information` varchar(4096) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`autoapprove` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
PRIMARY KEY (`client_id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of oauth_client_details
-- ----------------------------
INSERT INTO `oauth_client_details` VALUES ('client', 'res_id', '$2a$10$/Sm77HZ5AFy.ZhwnjoIxn.VC7TNrr9/RaXZeYVf7V8mqG9VLrF8jK', 'all', 'authorization_code,password,client_credentials,implicit,refresh_token', 'http://www.baidu.com', NULL, NULL, NULL, NULL, 'true');
-- ----------------------------
-- Table structure for oauth_client_token
-- ----------------------------
DROP TABLE IF EXISTS `oauth_client_token`;
CREATE TABLE `oauth_client_token` (
`token_id` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`token` blob NULL,
`authentication_id` varchar(128) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL,
`user_name` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`client_id` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
PRIMARY KEY (`authentication_id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of oauth_client_token
-- ----------------------------
-- ----------------------------
-- Table structure for oauth_code
-- ----------------------------
DROP TABLE IF EXISTS `oauth_code`;
CREATE TABLE `oauth_code` (
`code` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`authentication` blob NULL
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Table structure for oauth_refresh_token
-- ----------------------------
DROP TABLE IF EXISTS `oauth_refresh_token`;
CREATE TABLE `oauth_refresh_token` (
`token_id` varchar(256) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL,
`token` blob NULL,
`authentication` blob NULL
) ENGINE = InnoDB CHARACTER SET = utf8 COLLATE = utf8_general_ci ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of oauth_refresh_token
-- ----------------------------
-- ----------------------------
-- Table structure for tb_permission
-- ----------------------------
DROP TABLE IF EXISTS `tb_permission`;
CREATE TABLE `tb_permission` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`parent_id` bigint(20) NULL DEFAULT NULL COMMENT '父权限',
`name` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '权限名称',
`enname` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '权限英文名称',
`url` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '授权路径',
`description` varchar(200) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '备注',
`created` datetime(0) NOT NULL,
`updated` datetime(0) NOT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 49 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '权限表' ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of tb_permission
-- ----------------------------
INSERT INTO `tb_permission` VALUES (37, 0, '系统管理', 'System', '/', NULL, '2019-04-04 23:22:54', '2019-04-04 23:22:56');
INSERT INTO `tb_permission` VALUES (38, 37, '用户管理', 'SystemUser', '/users/', NULL, '2019-04-04 23:25:31', '2019-04-04 23:25:33');
INSERT INTO `tb_permission` VALUES (39, 38, '查看用户', 'SystemUserView', '/users/view/**', NULL, '2019-04-04 15:30:30', '2019-04-04 15:30:43');
INSERT INTO `tb_permission` VALUES (40, 38, '新增用户', 'SystemUserInsert', '/users/insert/**', NULL, '2019-04-04 15:30:31', '2019-04-04 15:30:44');
INSERT INTO `tb_permission` VALUES (41, 38, '编辑用户', 'SystemUserUpdate', '/users/update/**', NULL, '2019-04-04 15:30:32', '2019-04-04 15:30:45');
INSERT INTO `tb_permission` VALUES (42, 38, '删除用户', 'SystemUserDelete', '/users/delete/**', NULL, '2019-04-04 15:30:48', '2019-04-04 15:30:45');
INSERT INTO `tb_permission` VALUES (44, 37, '内容管理', 'resource', '/', NULL, '2019-04-06 18:23:58', '2019-04-06 18:24:00');
INSERT INTO `tb_permission` VALUES (45, 44, '查看内容', 'r1', '/r1', NULL, '2019-04-06 23:49:39', '2019-04-06 23:49:41');
INSERT INTO `tb_permission` VALUES (46, 44, '新增内容', 'r2', '/r2', NULL, '2019-04-06 23:51:00', '2019-04-06 23:51:02');
INSERT INTO `tb_permission` VALUES (47, 44, '编辑内容', 'r3', '/r3', NULL, '2019-04-06 23:51:04', '2019-04-06 23:51:06');
INSERT INTO `tb_permission` VALUES (48, 44, '删除内容', 'r4', '/r4', NULL, '2019-04-06 23:51:08', '2019-04-06 23:51:10');
-- ----------------------------
-- Table structure for tb_role
-- ----------------------------
DROP TABLE IF EXISTS `tb_role`;
CREATE TABLE `tb_role` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`parent_id` bigint(20) NULL DEFAULT NULL COMMENT '父角色',
`name` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '角色名称',
`enname` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '角色英文名称',
`description` varchar(200) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '备注',
`created` datetime(0) NOT NULL,
`updated` datetime(0) NOT NULL,
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 38 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '角色表' ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of tb_role
-- ----------------------------
INSERT INTO `tb_role` VALUES (37, 0, '超级管理员', 'admin', NULL, '2019-04-04 23:22:03', '2019-04-04 23:22:05');
-- ----------------------------
-- Table structure for tb_role_permission
-- ----------------------------
DROP TABLE IF EXISTS `tb_role_permission`;
CREATE TABLE `tb_role_permission` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`role_id` bigint(20) NOT NULL COMMENT '角色 ID',
`permission_id` bigint(20) NOT NULL COMMENT '权限 ID',
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 48 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '角色权限表' ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of tb_role_permission
-- ----------------------------
INSERT INTO `tb_role_permission` VALUES (37, 37, 37);
INSERT INTO `tb_role_permission` VALUES (38, 37, 38);
INSERT INTO `tb_role_permission` VALUES (39, 37, 39);
INSERT INTO `tb_role_permission` VALUES (40, 37, 40);
INSERT INTO `tb_role_permission` VALUES (41, 37, 41);
INSERT INTO `tb_role_permission` VALUES (42, 37, 42);
INSERT INTO `tb_role_permission` VALUES (43, 37, 44);
INSERT INTO `tb_role_permission` VALUES (44, 37, 45);
INSERT INTO `tb_role_permission` VALUES (45, 37, 46);
INSERT INTO `tb_role_permission` VALUES (46, 37, 47);
INSERT INTO `tb_role_permission` VALUES (47, 37, 48);
-- ----------------------------
-- Table structure for tb_user
-- ----------------------------
DROP TABLE IF EXISTS `tb_user`;
CREATE TABLE `tb_user` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`username` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '用户名',
`password` varchar(64) CHARACTER SET utf8 COLLATE utf8_general_ci NOT NULL COMMENT '密码,加密存储',
`phone` varchar(20) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '注册手机号',
`email` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT NULL COMMENT '注册邮箱',
`created` datetime(0) NOT NULL,
`updated` datetime(0) NOT NULL,
PRIMARY KEY (`id`) USING BTREE,
UNIQUE INDEX `username`(`username`) USING BTREE,
UNIQUE INDEX `phone`(`phone`) USING BTREE,
UNIQUE INDEX `email`(`email`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 38 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '用户表' ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of tb_user
-- ----------------------------
INSERT INTO `tb_user` VALUES (37, 'admin', '$2a$10$9ZhDOBp.sRKat4l14ygu/.LscxrMUcDAfeVOEPiYwbcRkoB09gCmi', '15888888888', 'lee.lusifer@gmail.com', '2019-04-04 23:21:27', '2019-04-04 23:21:29');
-- ----------------------------
-- Table structure for tb_user_role
-- ----------------------------
DROP TABLE IF EXISTS `tb_user_role`;
CREATE TABLE `tb_user_role` (
`id` bigint(20) NOT NULL AUTO_INCREMENT,
`user_id` bigint(20) NOT NULL COMMENT '用户 ID',
`role_id` bigint(20) NOT NULL COMMENT '角色 ID',
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 38 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '用户角色表' ROW_FORMAT = Dynamic;
-- ----------------------------
-- Records of tb_user_role
-- ----------------------------
INSERT INTO `tb_user_role` VALUES (37, 37, 37);
SET FOREIGN_KEY_CHECKS = 1;