一 建表
权限管理需实现5张表:用户表、角色表、用户角色对应表、权限表、权限角色对应表
用户表
CREATE TABLE platform_user
(
id
bigint(20) NOT NULL AUTO_INCREMENT,
username
varchar(50) NOT NULL,
password
varchar(100) NOT NULL,
PRIMARY KEY (id
)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8;
角色表
CREATE TABLE platform_role
(
id
int(11) NOT NULL AUTO_INCREMENT,
name
varchar(50) NOT NULL,
PRIMARY KEY (id
)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8 COMMENT=‘这只是角色表’;
用户角色对应表
CREATE TABLE platform_role_user
(
id
int(11) NOT NULL AUTO_INCREMENT,
user_id
bigint(20) NOT NULL,
role_id
int(11) NOT NULL,
PRIMARY KEY (id
),
KEY FKt6466kf26ep5v3rfcya2sxi53
(role_id
),
KEY FKfwy3bmkplk822fdp5o1btjyyv
(user_id
),
CONSTRAINT FKfwy3bmkplk822fdp5o1btjyyv
FOREIGN KEY (user_id
) REFERENCES platform_user
(id
),
CONSTRAINT FKt6466kf26ep5v3rfcya2sxi53
FOREIGN KEY (role_id
) REFERENCES platform_role
(id
)
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8;
权限表
CREATE TABLE platform_sys_permission
(
id
int(11) NOT NULL AUTO_INCREMENT,
name
varchar(50) NOT NULL,
description
varchar(50) NOT NULL,
url
varchar(100) NOT NULL,
pid
int(11) DEFAULT NULL,
PRIMARY KEY (id
)
) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8 COMMENT=‘权限表’;
注意:如果存在子权限,一定要把最大的权限放在最后,否则在下面权限判定时,会出问题。
5. 权限角色对应表
CREATE TABLE `platform_permission_role` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`role_id` int(11) NOT NULL,
`permission_id` int(11) NOT NULL,
PRIMARY KEY (`id`),
KEY `role_id` (`role_id`)
) ENGINE=InnoDB AUTO_INCREMENT=14 DEFAULT CHARSET=utf8 COMMENT='角色权限管理表';
二 实体类
User.java
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Column(name = “username”,nullable = false,length = 50)
private String userName;
@Column(name = “password”,nullable = false,length = 100)
private String password;
@ManyToMany(fetch = FetchType.EAGER)
@JoinTable(name = “platform_role_user”, joinColumns = @JoinColumn(name = “user_id”, referencedColumnName = “id”), inverseJoinColumns = @JoinColumn(name = “role_id”, referencedColumnName = “id”))
private List roles;
省略 get set
Role.java
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Integer id;
/**
- 权限名
*/
@Column(name = “name”, nullable = false,length = 50)
private String name;
RoleUser.java
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Integer id;
@Column(name = "user_id")
private Long userId;
@Column(name = "role_id")
private Integer roleId;
Permission.java
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Integer id;
/**
* 权限名
*/
@Column(name = "name",nullable = false)
private String name;
/**
* 权限描述
*/
@Column(name = "description", nullable = false)
private String description;
/**
* 权限的url
*/
@Column(name = "url", nullable = false)
private String url;
/**
* 父节点id
*/
@Column(name = "pid")
private Integer pid;
PermissionRole.java
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Integer id;
@Column(name = "role_id")
private Integer roleId;
@Column(name = "permission_id")
private Integer permissionId;
三 security 配置类
/**
-
@author: 易明星
-
@Modified By:
-
@Date: Create in 13:27 2019/6/24
-
@Description: 权限配置
*/
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {@Autowired
private MyFilterSecurityInterceptor myFilterSecurityInterceptor;@Autowired
private CustomUserDetailService userDetailService;/**
- 密码加密的方式
- @return
*/
@Bean
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
/**
- 加密密码
- @param auth
- @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailService).passwordEncoder(passwordEncoder());
}
/**
- security 具体的配置
- @param http
- @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable() //csrf不可用
.authorizeRequests()
.antMatchers("/static/", "/css/", “/js/", "/images/”, “/lib/**”).permitAll() //访问允许静态文件
.antMatchers("/", “/login”).permitAll()//允许访问登录页
.and()
.formLogin()
.loginPage("/login")//自定义登录页
.failureUrl("/login?error")//指定登录失败页
.defaultSuccessUrl("/driver/s