SSM集成SpringSecurity(七)基于RBAC实现菜单权限 ——上

释放双眼,带上耳机,听听看~!

准备环境

一:把mybatis配置进来

(1): 在resources目下新增jdbc.properties配置文件,用于配置数据库的相关信息

jdbc.url = jdbc:mysql://IP地址:3306/ssm_security

jdbc.driverClass = com.mysql.jdbc.Driver

jdbc.username = 数据库用户名

jdbc.password = 数据库密码

(2): 修改applicationContext.xml文件

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xmlns:context="http://www.springframework.org/schema/context"

xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.alibaba.com/schema/stat"

xsi:schemaLocation="http://www.springframework.org/schema/beans

http://www.springframework.org/schema/beans/spring-beans.xsd

http://www.springframework.org/schema/context

http://www.springframework.org/schema/context/spring-context.xsd

http://www.springframework.org/schema/aop

http://www.springframework.org/schema/aop/spring-aop.xsd http://www.alibaba.com/schema/stat http://www.alibaba.com/schema/stat.xsd">

 

<!—读取jdbc.properties –>

<context:property-placeholder location="classpath:jdbc.properties"/>

 

<!– 连接池 –>
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource">
<property name="url" value="${jdbc.url}"/>
<property name="driverClassName" value="${jdbc.driverClass}"/>
<property name="username" value="${jdbc.username}"/>
<property name="password" value="${jdbc.password}"/>
<property name="maxActive" value="10"/>
<property name="maxWait" value="3000"/>
</bean>

 

<!– mybatis整合Spring –>
<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="dataSource" ref="dataSource"/>
<!–别名扫描 –>
<property name="typeAliasesPackage" value="com.xhc.domain"/>
</bean>

 

<!–Mapper接口扫描 –>
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage" value="com.xhc.mapper"/>
</bean>

 

<!– 事务配置 –>
<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource"/>
</bean>

tx:annotation-driven/

 

<context:component-scan base-package="com.xhc.service"/>

 

</beans>

新建配置文件中扫描的包,目前为止的package如下图

SSM集成SpringSecurity(七)基于RBAC实现菜单权限 ——上

(3): resources下新增日志配置文件:log4j.properties

### direct log messages to stdout ###

log4j.appender.stdout=org.apache.log4j.ConsoleAppender

log4j.appender.stdout.Target=System.err

log4j.appender.stdout.layout=org.apache.log4j.PatternLayout

log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} %5p %c{1}:%L – %m%n

 

### direct messages to file mylog.log ###

log4j.appender.file=org.apache.log4j.FileAppender

log4j.appender.file.File=c:mylog.log

log4j.appender.file.layout=org.apache.log4j.PatternLayout

log4j.appender.file.layout.ConversionPattern=%d{ABSOLUTE} %5p %c{1}:%L – %m%n

 

### set log levels – for more verbose logging change 'info' to 'debug' ###

 

log4j.rootLogger=debug, stdout

二:什么是RBAC

百度是这样解释的

SSM集成SpringSecurity(七)基于RBAC实现菜单权限 ——上

RBAC(Role-based Access control),即基于角色的访问控制。首先RBAC不是一项技术,它是一个模型概念,一般用于系统权限的设计。

SSM集成SpringSecurity(七)基于RBAC实现菜单权限 ——上

用户拥有什么角色,而这些角色又包含什么权限,这些权限保护着哪些资源。

在系统中,用户最终的目的是访问资源,但是出于安全考虑,用户不能直接访问资源。

RBAC设计的优势在于新增用户时,直接赋予角色就可以了,不需要和底层的权限资源打交道。而且一个角色可以赋予多个用户。

三:设计表并初始化数据

由RBAC模型可知,我们至少需要5张表。

  •  用户表 sys_user
  •  角色表 sys_role
  •  权限表 sys_permission
  •  用户角色关系表 sys_user_role
  •  角色权限关系表 sys_role_permission

SSM集成SpringSecurity(七)基于RBAC实现菜单权限 ——上

用户通过用户角色表找到对应的角色(一个用户可以有多个角色),然后角色通过角色权限表找到对应的权限。

建表和初始化的sql语句如下,直接复制运行或保存为.sql文件执行

SET NAMES utf8mb4;

SET FOREIGN_KEY_CHECKS = 0;

 


— Table structure for sys_permission


DROP TABLE IF EXISTS

1
1`

sys_permission

1
1`

;

CREATE TABLE

1
1`

sys_permission

1
1`

(

1
1`

id

1
1`

int(11) NOT NULL AUTO_INCREMENT COMMENT 'id',

1
1`

permName

1
1`

varchar(255) DEFAULT '' COMMENT '权限名称',

1
1`

permTag

1
1`

varchar(255) DEFAULT '' COMMENT '权限标记',

PRIMARY KEY (

1
1`

id

1
1`

)

) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8;

 


— Records of sys_permission


BEGIN;

INSERT INTO

1
1`

sys_permission

1
1`

VALUES (1, '商品显示', 'ROLE_LIST_GOODS');

INSERT INTO

1
1`

sys_permission

1
1`

VALUES (2, '商品添加', 'ROLE_ADD_GOODS');

INSERT INTO

1
1`

sys_permission

1
1`

VALUES (3, '商品删除', 'ROLE_DELETE_GOODS');

INSERT INTO

1
1`

sys_permission

1
1`

VALUES (4, '删除修改', 'ROLE_UPDATE_GOODS');

COMMIT;

 


— Table structure for sys_role


DROP TABLE IF EXISTS

1
1`

sys_role

1
1`

;

CREATE TABLE

1
1`

sys_role

1
1`

(

1
1`

id

1
1`

int(11) NOT NULL AUTO_INCREMENT COMMENT 'id',

1
1`

roleName

1
1`

varchar(255) DEFAULT '' COMMENT '角色名称',

1
1`

roleDesc

1
1`

varchar(255) DEFAULT '' COMMENT '角色描述',

PRIMARY KEY (

1
1`

id

1
1`

)

) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;

 


— Records of sys_role


BEGIN;

INSERT INTO

1
1`

sys_role

1
1`

VALUES (1, '普通操作员', '普通操作员');

INSERT INTO

1
1`

sys_role

1
1`

VALUES (2, '高级操作员', '高级操作员');

COMMIT;

 


— Table structure for sys_role_permission


DROP TABLE IF EXISTS

1
1`

sys_role_permission

1
1`

;

CREATE TABLE

1
1`

sys_role_permission

1
1`

(

1
1`

id

1
1`

int(11) NOT NULL AUTO_INCREMENT COMMENT 'id',

1
1`

role_id

1
1`

int(11) DEFAULT NULL,

1
1`

perm_id

1
1`

int(11) DEFAULT NULL,

PRIMARY KEY (

1
1`

id

1
1`

)

) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8;

 


— Records of sys_role_permission


BEGIN;

INSERT INTO

1
1`

sys_role_permission

1
1`

VALUES (1, 1, 1);

INSERT INTO

1
1`

sys_role_permission

1
1`

VALUES (2, 1, 2);

INSERT INTO

1
1`

sys_role_permission

1
1`

VALUES (3, 2, 3);

INSERT INTO

1
1`

sys_role_permission

1
1`

VALUES (4, 2, 4);

COMMIT;

 


— Table structure for sys_user


DROP TABLE IF EXISTS

1
1`

sys_user

1
1`

;

CREATE TABLE

1
1`

sys_user

1
1`

(

1
1`

id

1
1`

int(11) NOT NULL AUTO_INCREMENT COMMENT 'id',

1
1`

username

1
1`

varchar(255) DEFAULT NULL COMMENT '用户名',

1
1`

realname

1
1`

varchar(255) DEFAULT NULL COMMENT '真实姓名',

1
1`

password

1
1`

varchar(255) DEFAULT NULL COMMENT '密码',

1
1`

createDate

1
1`

datetime DEFAULT NULL COMMENT '创建日期',

1
1`

lastLoginTime

1
1`

datetime DEFAULT NULL COMMENT '最后一次登录时间',

1
1`

enabled

1
1`

int(2) DEFAULT '1',

1
1`

accountNonExpired

1
1`

int(2) DEFAULT '1',

1
1`

accountNonLocked

1
1`

int(2) DEFAULT '1',

1
1`

credentialsNonExpired

1
1`

int(2) DEFAULT '1',

PRIMARY KEY (

1
1`

id

1
1`

)

) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;

 


— Records of sys_user


BEGIN;

INSERT INTO

1
1`

sys_user

1
1`

VALUES (1, 'xhc1', '许洪昌', '123456', '2020-02-10 19:28:25', NULL, 1, 1, 1, 1);

INSERT INTO

1
1`

sys_user

1
1`

VALUES (2, 'xhc2', '小许', '123456', '2020-02-04 19:28:49', NULL, 1, 1, 1, 1);

COMMIT;

 


— Table structure for sys_user_role


DROP TABLE IF EXISTS

1
1`

sys_user_role

1
1`

;

CREATE TABLE

1
1`

sys_user_role

1
1`

(

1
1`

id

1
1`

int(11) NOT NULL AUTO_INCREMENT COMMENT 'id',

1
1`

user_id

1
1`

int(11) DEFAULT NULL,

1
1`

role_id

1
1`

int(11) DEFAULT NULL,

PRIMARY KEY (

1
1`

id

1
1`

)

) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8;

 


— Records of sys_user_role


BEGIN;

INSERT INTO

1
1`

sys_user_role

1
1`

VALUES (1, 1, 1);

INSERT INTO

1
1`

sys_user_role

1
1`

VALUES (2, 2, 2);

COMMIT;

 

SET FOREIGN_KEY_CHECKS = 1;

四:domain包下建立实体

package com.xhc.domain;

 

/**

* 权限

*/

public class Permission {

private Integer id;

private String permName;

private String permTag;

 

public Integer getId() {

return id;

}

 

public void setId(Integer id) {

this.id = id;

}

 

public String getPermName() {

return permName;

}

 

public void setPermName(String permName) {

this.permName = permName;

}

 

public String getPermTag() {

return permTag;

}

 

public void setPermTag(String permTag) {

this.permTag = permTag;

}

}

package com.xhc.domain;

 

/**

* 角色

*/

public class Role {

private Integer id;

private String roleName;

private String roleDesc;

 

public Integer getId() {

return id;

}

 

public void setId(Integer id) {

this.id = id;

}

 

public String getRoleName() {

return roleName;

}

 

public void setRoleName(String roleName) {

this.roleName = roleName;

}

 

public String getRoleDesc() {

return roleDesc;

}

 

public void setRoleDesc(String roleDesc) {

this.roleDesc = roleDesc;

}

}

package com.xhc.domain;

 

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.userdetails.UserDetails;

 

import java.util.ArrayList;

import java.util.Date;

import java.util.List;

 

/**

* 用户

*/

public class User implements UserDetails{

 

private Integer id;

private String username;

private String realname;

private String password;

private Date createDate;

private Date lastLoginTime;

private boolean enabled;

private boolean accountNonExpired;

private boolean accountNonLocked;

private boolean credentialsNonExpired;

 

//用户拥有的所有权限

private List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();

 

public List<GrantedAuthority> getAuthorities() {

return authorities;

}

 

public void setAuthorities(List<GrantedAuthority> authorities) {

this.authorities = authorities;

}

 

public Integer getId() {

return id;

}

 

public void setId(Integer id) {

this.id = id;

}

 

@Override

public String getUsername() {

return username;

}

 

public void setUsername(String username) {

this.username = username;

}

 

public String getRealname() {

return realname;

}

 

public void setRealname(String realname) {

this.realname = realname;

}

 

@Override

public String getPassword() {

return password;

}

 

public void setPassword(String password) {

this.password = password;

}

 

public Date getCreateDate() {

return createDate;

}

 

public void setCreateDate(Date createDate) {

this.createDate = createDate;

}

 

public Date getLastLoginTime() {

return lastLoginTime;

}

 

public void setLastLoginTime(Date lastLoginTime) {

this.lastLoginTime = lastLoginTime;

}

 

@Override

public boolean isEnabled() {

return enabled;

}

 

public void setEnabled(boolean enabled) {

this.enabled = enabled;

}

 

@Override

public boolean isAccountNonExpired() {

return accountNonExpired;

}

 

public void setAccountNonExpired(boolean accountNonExpired) {

this.accountNonExpired = accountNonExpired;

}

 

@Override

public boolean isAccountNonLocked() {

return accountNonLocked;

}

 

public void setAccountNonLocked(boolean accountNonLocked) {

this.accountNonLocked = accountNonLocked;

}

 

@Override

public boolean isCredentialsNonExpired() {

return credentialsNonExpired;

}

 

public void setCredentialsNonExpired(boolean credentialsNonExpired) {

this.credentialsNonExpired = credentialsNonExpired;

}

 

@Override

public String toString() {

return "User{" +

"id=" + id +

", username='" + username + ''' +

", realname='" + realname + ''' +

", password='" + password + ''' +

", createDate=" + createDate +

", lastLoginTime=" + lastLoginTime +

", enabled=" + enabled +

", accountNonExpired=" + accountNonExpired +

", accountNonLocked=" + accountNonLocked +

", credentialsNonExpired=" + credentialsNonExpired +

", authorities=" + authorities +

'}';

}

}

 

给TA打赏
共{{data.count}}人
人已打赏
安全技术

c++ list, vector, map, set 区别与用法比较

2022-1-11 12:36:11

气候事件

国家防总:“苏拉”“达维”将影响中国十余省

2012-7-31 23:05:33

个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索