自定义 hasPermission 校验规则
自定义一个 Spring Security hasPermission 校验规则:
在 tienchin-framework 模块当中进行自定义,新建 CustomSecurityExpressionRoot.java 自定义 hasPermission 判断逻辑类:
/**
* @author BNTang
* @version 1.0
* @description 自定义 hasPermission 判断逻辑
* @since 2023-08-26
**/
public class CustomSecurityExpressionRoot
extends SecurityExpressionRoot
implements MethodSecurityExpressionOperations {
private Object filterObject;
private Object returnObject;
private final AntPathMatcher antPathMatcher = new AntPathMatcher();
/**
* Creates a new instance
*
* @param authentication the {@link Authentication} to use. Cannot be null.
*/
public CustomSecurityExpressionRoot(Authentication authentication) {
super(authentication);
}
/**
* 判断当前对象是否具备某一个权限
*
* @param permission 权限
* @return boolean
* @author BNTang
* @since 2023/08/26 08:43:56
*/
public boolean hasPermission(String permission) {
// 获取当前登录用户所具有的权限
// 这里实际上调用到的是 top.it6666.common.core.domain.model.LoginUser.getAuthorities 方法的返回值
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
for (GrantedAuthority authority : authorities) {
if (antPathMatcher.match(authority.getAuthority(), permission)) {
return true;
}
}
return false;
}
/**
* 是否具备多个权限中的任意一个权限
*
* @param permissions 权限
* @return boolean
* @author BNTang
* @since 2023/08/26 08:44:52
*/
public boolean hasAnyPermissions(String... permissions) {
if (permissions == null || permissions.length == 0) {
return false;
}
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
for (GrantedAuthority authority : authorities) {
for (String permission : permissions) {
if (antPathMatcher.match(authority.getAuthority(), permission)) {
return true;
}
}
}
return false;
}
/**
* 是否具备拥有所有权限
*
* @param permissions 权限
* @return boolean
* @author BNTang
* @since 2023/08/26 08:44:26
*/
public boolean hasAllPermissions(String... permissions) {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
if (permissions == null || permissions.length == 0) {
return false;
}
for (String permission : permissions) {
boolean flag = false;
for (GrantedAuthority authority : authorities) {
if (antPathMatcher.match(authority.getAuthority(), permission)) {
flag = true;
}
}
if (!flag) {
return false;
}
}
return true;
}
@Override
public void setFilterObject(Object filterObject) {
this.filterObject = filterObject;
}
@Override
public Object getFilterObject() {
return filterObject;
}
@Override
public void setReturnObject(Object returnObject) {
this.returnObject = returnObject;
}
@Override
public Object getReturnObject() {
return returnObject;
}
@Override
public Object getThis() {
return this;
}
}
新建自定义 hasPermission 判断逻辑处理器类:
/**
* @author BNTang
* @version 1.0
* @description 自定义 hasPermission 判断逻辑处理器
* @since 2023-08-26
**/
public class CustomMethodSecurityExpressionHandler
extends DefaultMethodSecurityExpressionHandler {
@Override
protected MethodSecurityExpressionOperations createSecurityExpressionRoot(Authentication authentication,
MethodInvocation invocation) {
CustomSecurityExpressionRoot root = new CustomSecurityExpressionRoot(authentication);
root.setTrustResolver(getTrustResolver());
root.setPermissionEvaluator(getPermissionEvaluator());
root.setRoleHierarchy(getRoleHierarchy());
return root;
}
}
注册一下自定义 hasPermission 判断逻辑处理器,更改 ResourcesConfig:
/**
* 自定义 hasPermission 判断逻辑处理器
*
* @return {@code CustomMethodSecurityExpressionHandler }
* @author BNTang
* @since 2023/08/26 08:57:19
*/
@Bean
CustomMethodSecurityExpressionHandler customMethodSecurityExpressionHandler() {
return new CustomMethodSecurityExpressionHandler();
}
更改 LoginUser,完善一下 LoginUser 当中的 getAuthorities 方法:
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
if (permissions != null && !permissions.isEmpty()) {
return permissions.stream()
.map(SimpleGrantedAuthority::new)
.collect(Collectors.toList());
}
return Collections.emptyList();
}
编写查询接口
更改 ChannelController:
/**
* <p>
* 渠道管理表 前端控制器
* </p>
*
* @author BNTang
* @since 2023-08-22
*/
@RestController
@RequestMapping("/tienchin/channel")
public class ChannelController extends BaseController {
@Resource
private IChannelService iChannelService;
@PreAuthorize("hasPermission('tienchin:channel:list')")
@GetMapping("/list")
TableDataInfo list() {
startPage();
return getDataTable(iChannelService.selectChannelList());
}
}
更改 IChannelService:
/**
* <p>
* 渠道管理表 服务类
* </p>
*
* @author BNTang
* @since 2023-08-22
*/
public interface IChannelService
extends IService<Channel> {
/**
* 查询渠道列表
*
* @return {@code List<Channel> }
* @author BNTang
* @since 2023/08/26 09:32:57
*/
List<Channel> selectChannelList();
}
更改 ChannelServiceImpl:
/**
* <p>
* 渠道管理表 服务实现类
* </p>
*
* @author BNTang
* @since 2023-08-22
*/
@Service
public class ChannelServiceImpl
extends ServiceImpl<ChannelMapper, Channel>
implements IChannelService {
@Resource
private ChannelMapper channelMapper;
@Override
public List<Channel> selectChannelList() {
return channelMapper.selectChannelList();
}
}
更改 ChannelMapper:
/**
* <p>
* 渠道管理表 Mapper 接口
* </p>
*
* @author BNTang
* @since 2023-08-22
*/
public interface ChannelMapper extends BaseMapper<Channel> {
/**
* 查询渠道列表
*
* @return {@code List<Channel> }
* @author BNTang
* @since 2023/08/26 09:33:46
*/
List<Channel> selectChannelList();
}
更改 ChannelMapper.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="top.it6666.channel.mapper.ChannelMapper">
<select id="selectChannelList" resultType="top.it6666.channel.domain.Channel">
SELECT channel_id,
channel_name,
status,
remark,
type,
create_by,
update_by,
create_time,
update_time,
del_flag
FROM tienchin_channel
WHERE del_flag = 0
</select>
</mapper>
全局将 @ss.hasPermi 替换为 hasPermission
