1.新建RbacService:
/**
* 项目授权服务接口
*
* @author zhaohaibin
*/
public interface RbacService {
/**
* 权限判断
*
* @param request
* @param authentication
* @return
*/
boolean hasPermission(HttpServletRequest request, Authentication authentication);
}
2.实现RbacService:
/**
* 项目授权服务接口实现
*
* @author zhaohaibin
*/
@Component("rbacService")
public class RbacServiceImpl implements RbacService {
private AntPathMatcher antPathMatcher = new AntPathMatcher();
@Override
public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
Object principal = authentication.getPrincipal();
boolean hasPermission = false;
if (principal instanceof UserDetails) {
// 如果用户名是admin,就永远返回true
if (StringUtils.equals(((UserDetails) principal).getUsername(), ISysConstants.S_SYSTEM_SUPER_ADMIN)) {
hasPermission = true;
} else {
// 读取用户所拥有权限的所有URL
Set<String> urls = ((SystemUserDto) principal).getUrls();
for (String url : urls) {
if (antPathMatcher.match(SecurityConstants.DEFAULT_PROJECT_NAME_URL + url, request.getRequestURI())) {
hasPermission = true;
break;
}
}
}
}
return hasPermission;
}
}
SystemUserDto extends SystemUserPojo;
SystemUserPojo implements UserDetails
更新loadUserByUsername方法返回对象:
@Override
public SystemUserDto loadUserByUsername(String userName) throws UsernameNotFoundException{...}
3.引用RbacServiceImpl(更新MyAuthorizeConfigProvider):
/**
* 项目授权配置
*
* @author zhaohaibin
*/
@Component
@Order(Integer.MAX_VALUE)
public class MyAuthorizeConfigProvider implements AuthorizeConfigProvider {
@Override
public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
// config.antMatchers("/user").hasRole("ADMIN");
config.anyRequest().access("@rbacService.hasPermission(request,authentication)");
}
}
4.因为都要执行config.anyRequest(),所以增加Order注解,同时更新DemoAuthorizeConfigManager和DemoAuthorizeConfigProvider:
DemoAuthorizeConfigManager:
// 其余请求都要认证
// config.anyRequest().authenticated();
DemoAuthorizeConfigProvider:
@Component
@Order(Integer.MIN_VALUE)
public class DemoAuthorizeConfigProvider implements AuthorizeConfigProvider {...}
问题排查:
暂无