关于spring:Spring-Security权限注解

启用注解

@EnableGlobalMethodSecurity(prePostEnabled = true)

失常启用开启那个注解就行，上面放下我的配置

package com.fedtech.sys.provider.config.config;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.data.redis.connection.RedisConnectionFactory;import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;import org.springframework.security.oauth2.provider.token.TokenStore;import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;import javax.annotation.Resource;/** * 资源配置 * * @author <a href = "mailto:njpkhuan@gmail.com" > huan </a > * @date 2021/1/13 * @since 1.0.0 */@Configuration@EnableResourceServer@EnableGlobalMethodSecurity(prePostEnabled = true)public class ResourceServerConfig extends ResourceServerConfigurerAdapter {    @Resource    RedisConnectionFactory redisConnectionFactory;    @Resource    private TokenStore tokenStore;    @Bean    public TokenStore redisTokenStore() {        return new RedisTokenStore(redisConnectionFactory);    }    @Override    public void configure(ResourceServerSecurityConfigurer resources) {        resources.tokenStore(tokenStore);    }}

角色

    /**     * 查问单个用户     *     * @param query {@link UserQuery}     *     * @return com.fedtech.common.util.result.R<com.fedtech.sys.provider.view.UserView>     *     * @author <a href = "mailto:njpkhuan@gmail.com" > huan </a >     * @date 2021/2/20     * @since 1.0.0     */    @GetMapping("select")    @PreAuthorize("hasAuthority('admin')")    public R<UserView> selectUser(UserQuery query) {        UserDto dto = userService.selectUser(query);        return R.successWithData(userMapper.dto2View(dto));    }

权限

默认的是DenyAllPermissionEvaluator，所有权限都回绝，所以要自定义

自定义解决逻辑

我是把权限放到了自定义的userDetails外面

package com.fedtech.common.model;import cn.hutool.core.collection.CollUtil;import lombok.Data;import lombok.extern.slf4j.Slf4j;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.authority.SimpleGrantedAuthority;import org.springframework.security.core.userdetails.UserDetails;import java.util.ArrayList;import java.util.Collection;import java.util.List;import java.util.StringTokenizer;/** * 该类返回的是平安的，可能提供给用户看到的信息，即脱敏后的信息 * * @author <a href = "mailto:njpkhuan@gmail.com" > huan </a > * @date 2021/1/9 * @since 1.0.0 */@Data@Slf4jpublic class SecurityUser implements UserDetails {    private static final long serialVersionUID = 8689435103879098852L;    /**     * 盐     */    private String salt;    /**     * 用户token     */    private String token;    /**     * 用户状态     */    private String status;    /**     * 用户明码     */    private String password;    /**     * 用户登录账号     */    private String loginName;    private Long userId;    /**     * 用户角色     *     * @date 2021/1/10     * @since 1.0.0     */    private List<UserRole> roleList;    /**     * 权限列表     *     * @date 2021/1/11     * @since 1.0.0     */    private List<UserPermission> permissionList;    /**     * 客户端用户     *     * @param client 客户端     *     * @author <a href = "mailto:njpkhuan@gmail.com" > huan </a >     * @date 2021/1/13     * @since 1.0.0     */    public SecurityUser(OauthClientDetails client) {        if (client != null) {            password = client.getClientSecret();            loginName = client.getClientId();            String authorities = client.getAuthorities();            StringTokenizer stringTokenizer = new StringTokenizer(authorities, ", ");            roleList = new ArrayList<>();            if (stringTokenizer.hasMoreTokens()) {                UserRole userRole = new UserRole();                userRole.setCode(stringTokenizer.nextToken());                roleList.add(userRole);            }        }    }    /**     * 普通用户     *     * @param user           用户     * @param roleList       角色     * @param permissionList 权限     *     * @author <a href = "mailto:njpkhuan@gmail.com" > huan </a >     * @date 2021/1/13     * @since 1.0.0     */    public SecurityUser(User user, List<UserRole> roleList, List<UserPermission> permissionList) {        if (user != null) {            salt = user.getSalt();            token = user.getToken();            status = user.getStatus();            password = user.getPassword();            loginName = user.getLoginName();            userId = user.getId();            this.roleList = roleList;            this.permissionList = permissionList;        }    }    @Override    public Collection<? extends GrantedAuthority> getAuthorities() {        Collection<GrantedAuthority> authorities = new ArrayList<>();        if (!CollUtil.isEmpty(roleList)) {            for (UserRole role : roleList) {                SimpleGrantedAuthority authority = new SimpleGrantedAuthority(role.getCode());                authorities.add(authority);            }        }        log.debug("获取到的用户权限：{}", authorities);        return authorities;    }    @Override    public String getPassword() {        return password;    }    @Override    public String getUsername() {        return loginName;    }    @Override    public boolean isAccountNonExpired() {        return true;    }    @Override    public boolean isAccountNonLocked() {        return true;    }    @Override    public boolean isCredentialsNonExpired() {        return true;    }    @Override    public boolean isEnabled() {        return true;    }}

package com.fedtech.common.config;import cn.hutool.core.collection.CollUtil;import com.fedtech.common.model.SecurityUser;import com.fedtech.common.model.UserPermission;import lombok.extern.slf4j.Slf4j;import org.apache.commons.lang3.StringUtils;import org.springframework.context.annotation.Configuration;import org.springframework.security.access.PermissionEvaluator;import org.springframework.security.core.Authentication;import java.io.Serializable;import java.util.List;/** * 自定义权限解决 * * @author <a href="mailto:njpkhuan@gmail.com">huan</a> * @version 1.0.0 * @date 2021/2/26 */@Slf4j@Configurationpublic class MyPermissionEvaluator implements PermissionEvaluator {    @Override    public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) {        SecurityUser principal = (SecurityUser) authentication.getPrincipal();        List<UserPermission> permissionList = principal.getPermissionList();        if (CollUtil.isNotEmpty(permissionList)) {            return permissionList.stream().anyMatch(x -> StringUtils.equals(x.getUrl(), (CharSequence) targetDomainObject) &&                    StringUtils.equals(x.getCode(), (CharSequence) permission));        }        return false;    }    @Override    public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) {        return false;    }}

应用

    /**     * 查问单个用户     *     * @param query {@link UserQuery}     *     * @return com.fedtech.common.util.result.R<com.fedtech.sys.provider.view.UserView>     *     * @author <a href = "mailto:njpkhuan@gmail.com" > huan </a >     * @date 2021/2/20     * @since 1.0.0     */    @GetMapping("select")    @PreAuthorize("hasPermission('/sys/user/insert','userInsert')")    public R<UserView> selectUser(UserQuery query) {        UserDto dto = userService.selectUser(query);        return R.successWithData(userMapper.dto2View(dto));    }