文章目录
一、授权(权限)
1.1 什么是权限
授权,也叫访问控制,即在应用中控制谁能访问哪些资源(如访问页面/编辑数据/页面操作等)。
1.2 权限框架
shiro
spring security
Apache Shiro是Java的一个安全框架。目前,使用Apache Shiro的人越来越多,因为它相当简单,
对比Spring Security,可能没有Spring Security做的功能强大,但是在实际工作时可能并不需要那么
复杂的东西,所以使用小而简单的Shiro就足够了。对于它俩到底哪个好,这个不必纠结,能更简单
的解决项目问题就好了。
二、身份验证Subject(配置文件版)
2.1 导入依赖
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
<version>1.2.2</version>
</dependency>
2.2 shiro.ini
记录用户账户密码的配置文件
在shiro中可以配置文件,也可以连接数据库
其实在shiro中被称为Subject:主体
代表了当前 “用户”,这个用户不一定是一个具体的人,与当前应用交互的任何东西都是
[users]
zhang=123
wang=123
2.3 权限验证(登录)
//1、获取SecurityManager工厂,此处使用Ini配置文件初始化SecurityManager
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager manager = factory.getInstance();
//2、得到SecurityManager实例 并绑定给SecurityUtils
SecurityUtils.setSecurityManager(manager);
Subject subject = SecurityUtils.getSubject();
//3、Subject用户名/密码身份验证Token凭证
UsernamePasswordToken token = new UsernamePasswordToken("zhang","123");
try {
subject.login(token);
} catch (UnknownAccountException e) {
System.out.println("账号不存在");
e.printStackTrace();
} catch (IncorrectCredentialsException e) {
System.out.println("密码错误");
e.printStackTrace();
} catch (AuthenticationException e) {
System.out.println("其他账号登录失败异常");
e.printStackTrace();
}
System.out.println(subject.isAuthenticated());
//6、退出
subject.logout();
tips:
1.SecurityManager权限验证工厂
2.SecurityManager 一个全局唯一的安全管理器
3.SecurityUtils可以通过这个工具类获取全局的SecurityManager
但是需要我们首先设置一下
4.Subject我们当前登录的账号(用户),通过isAuthenticated方法知道是否登录了
5.UsernamePasswordToken是登录的凭证,用户输入的账号密码放进去,让subject判断是否登录成功
6.login登录的时候通过异常判断是哪种登录失败
7.如果身份验证失败请捕获 AuthenticationException 或其子类,常见的如:
DisabledAccountException(禁用的帐号)、LockedAccountException(锁定的帐号)、UnknownAccountException(错误的帐号)、ExcessiveAttemptsException(登录失败次数过多)、IncorrectCredentialsException (错误的凭证)、ExpiredCredentialsException(过期的凭证)等,
具体请查看其继承关系;对于页面的错误消息展示,最好使用如 “用户名 / 密码错误” 而不是 “用户名错误”/“密码错误”,防止一些恶意用户非法扫描帐号库;
2.4 身份认证流程
流程如下:
首先调用 Subject.login(token) 进行登录,其会自动委托给 Security Manager,调用之前必须通过 SecurityUtils.setSecurityManager() 设置;
SecurityManager 负责真正的身份验证逻辑;它会委托给 Authenticator 进行身份验证;
Authenticator 才是真正的身份验证者,Shiro API 中核心的身份认证入口点,此处可以自定义插入自己的实现;
Authenticator 可能会委托给相应的 AuthenticationStrategy 进行多 Realm 身份验证,默认 ModularRealmAuthenticator 会调用 AuthenticationStrategy 进行多 Realm 身份验证;
Authenticator 会把相应的 token 传入 Realm,从 Realm 获取身份验证信息,如果没有返回 / 抛出异常表示身份验证失败了。此处可以配置多个 Realm,将按照相应的顺序及策略进行访问。
三、角色Role\权限Permission
3.1 角色Role
角色代表的是当前账号所在的身份
比如:在一家公司里面,每个人都有属于自己的角色:老板、主管、财务、人事、工程师、后台、运维、前台
而我们认为可以给账号分配一个或者多个角色:
比如:项目经理又是主管、又是工程师
财务主管:又是主管、又是工程师
研发只是工程师
3.2 权限Permission
我们根据不同的角色分配不同的权限
比如:
老板:管理所有员工流动、管理所有员工的工资
主管:管理所在部门员工流动、管理所在部门员工的工资
工程师:公司上班
那么我们根据每个账号subject可以获取不同的角色role,而根据不同的角色获取不同的权限
最后决定当前登录的账号是否有权限进行对应的操作
3.3 ini文件
[users]
#用户名=密码,角色1,角色2
zhangSan=123,admin,user
liSi=123,user
[roles]
#角色=权限
admin=*
admin2=*:select
user=video:*,chapter:*
user2=video:select,chapter:select
user3=video:insert,video:update,video:select,video:delete
# 上面角色就有amdin,admin2,user,user2,user3
3.3 Java代码
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:Shiro_privilege.ini");
SecurityManager manager = factory.getInstance();
SecurityUtils.setSecurityManager(manager);
Subject subject = SecurityUtils.getSubject();
UsernamePasswordToken token = new UsernamePasswordToken("liSi","123");
try {
subject.login(token);
} catch (Exception e) {
e.printStackTrace();
}
boolean b=subject.isAuthenticated();
System.out.println("是否认证成功"+b);
//判断是否有某个角色
boolean a= subject.hasRole("admin");
//判断是否有某些角色
List<String> roles = new ArrayList<String>();
roles.add("admin");
roles.add("user");
System.out.println("admin和user角色:"+subject.hasAllRoles(roles));
//判断是否有权限
boolean b=subject.isPermitted("user:insert");
//检查是否有权限,没有的话会报异常
subject.checkPermission("video:insert");
四、Realm域
4.1 什么是Realm
域,Shiro 从从 Realm 获取安全数据(如用户、角色、权限),就是说 SecurityManager 要验证用户身份,
那么它需要从 Realm 获取相应的用户进行比较以确定用户身份是否合法;
也需要从 Realm 得到用户相应的角色 / 权限进行验证用户是否能进行操作;
可以把 Realm 看成 DataSource,即安全数据源。
也就是说对于我们而言,最简单的一个 Shiro 应用:
应用代码通过 Subject 来进行认证和授权,而 Subject 又委托给 SecurityManager;
我们需要给 Shiro 的 SecurityManager 注入 Realm,从而让 SecurityManager 能得到合法的用户及其权限进行判断。
从以上也可以看出,Shiro 不提供维护用户 / 权限,而是通过 Realm 让开发人员自己注入。
Realm个人其实理解为就是来判断当前的subject用户是登录成功、失败的一个东西
4.2 MyRealm 自定义Realm
前面我们写的一个代码中,我们把subject用户的,账号密码通过token传递过去,
执行login方法就得到结果,当时的Realm就是shiro自己写的
这次就是我们自己写自定义的Realm域
package com.zhiyou100.realm;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.realm.Realm;
public class MyRealm implements Realm{
//判断登录的方法
public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String username = (String) token.getPrincipal();
String password = new String((char[])token.getCredentials());
if (!"zhang1".equals(username)) {
throw new UnknownAccountException();
}
if (!"123".equals(password)) {
throw new IncorrectCredentialsException(); //如果密码错误
}
return new SimpleAuthenticationInfo(username,password,getName());
}
//得到当前的realm名称
public String getName() {
// TODO Auto-generated method stub
return "user";
}
//支持哪种登录方式
public boolean supports(AuthenticationToken token) {
// TODO Auto-generated method stub
return token instanceof UsernamePasswordToken;
}
}
4.3 shiro.ini
告诉
myRealm1=com.zhiyou100.realm.MyRealm
securityManager.realms=$myRealm1
4.4 Realm的继承关系
1)在这个图片中我们可以看见‘I’代表的是接口,‘c’代表的抽象类和普通类
2)Realm是最上层的接口,所有的东西都需要我们自己实现
3)IniRealm是我们之前没有自定义realm使用的
4)JdbcRealm是链接数据库使用的,但是因为属于shiro自己写的,所以他对数据库表的格式要求有规范的
5)所以我们更多的使用的是AuthorizingRealm
4.5 权限验证(登录)
同2.3一样
五、自定义域Realm和 权限Permission
5.1 shiro.ini
myRealm1=com.zhiyou100.realm.MyRealm
securityManager.realms=$myRealm1
5.2 MyRealm
package com.zhiyou100.realm;
import java.util.HashSet;
import java.util.Set;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.subject.PrincipalCollection;
public class MyRealm extends AuthorizingRealm {
//权限\角色返回
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection arg0) {
String username = (String) arg0.getPrimaryPrincipal();
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo ();
if (username.equals("zhangSan")) {
Set<String> roles = new HashSet();
roles.add("admin");
roles.add("user");
info.setRoles(roles);
Set<String> permissions = new HashSet<String>();
permissions.add("video:select");
permissions.add("video:insert");
permissions.add("video:delete");
permissions.add("video:update");
info.setStringPermissions(permissions);
}else if (username.equals("liSi")) {
info.addRole("user");
info.addStringPermission("video:select");
}
return info;
}
//登录判断
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken arg0) throws AuthenticationException {
return new SimpleAuthenticationInfo(arg0.getPrincipal(),arg0.getCredentials(),"myrealm");
}
}
5.3 使用
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager manager = factory.getInstance();
// 2、得到SecurityManager实例 并绑定给SecurityUtils
SecurityUtils.setSecurityManager(manager);
Subject subject = SecurityUtils.getSubject();
// 3、Subject用户名/密码身份验证Token凭证
UsernamePasswordToken token = new UsernamePasswordToken("zhangSan", "123");
try {
subject.login(token);
} catch (UnknownAccountException e) {
System.out.println("账号不存在");
e.printStackTrace();
} catch (IncorrectCredentialsException e) {
System.out.println("密码错误");
e.printStackTrace();
} catch (AuthenticationException e) {
System.out.println("其他账号登录失败异常");
e.printStackTrace();
}
System.out.println("登录:"+subject.isAuthenticated());
System.out.println("admin:"+subject.hasRole("admin"));
System.out.println("user:"+subject.hasRole("user"));
System.out.println("user:select:"+subject.isPermitted("user:insert"));
// 6、退出
subject.logout();
六、链接数据库
6.1 JdbcRealm
在这里我们因为使用的是系统定义好的JdbcRealm,所以表的内容都规定好了必须这么使用
/*
Navicat MySQL Data Transfer
Source Server : localhost_3306
Source Server Version : 50535
Source Host : localhost:3306
Source Database : shiro
Target Server Type : MYSQL
Target Server Version : 50535
File Encoding : 65001
Date: 2020-01-09 09:23:29
*/
SET FOREIGN_KEY_CHECKS=0;
-- ----------------------------
-- Table structure for `roles_permissions`
-- ----------------------------
DROP TABLE IF EXISTS `roles_permissions`;
CREATE TABLE `roles_permissions` (
`id` int(11) NOT NULL DEFAULT '0',
`role_name` varchar(20) DEFAULT NULL,
`permission` varchar(20) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of roles_permissions
-- ----------------------------
INSERT INTO `roles_permissions` VALUES ('1', 'system', 'system');
-- ----------------------------
-- Table structure for `users`
-- ----------------------------
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(20) DEFAULT NULL,
`password` varchar(20) DEFAULT NULL,
`password_salt` int(11) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of users
-- ----------------------------
INSERT INTO `users` VALUES ('1', 'admin', '123', null);
-- ----------------------------
-- Table structure for `user_roles`
-- ----------------------------
DROP TABLE IF EXISTS `user_roles`;
CREATE TABLE `user_roles` (
`id` int(11) NOT NULL DEFAULT '0',
`username` varchar(20) DEFAULT NULL,
`role_name` varchar(20) DEFAULT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of user_roles
-- ----------------------------
INSERT INTO `user_roles` VALUES ('1', 'admin', 'system');
6.2 pom.xml
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-all</artifactId>
<version>1.2.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.26</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework/spring-jdbc -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>5.1.6.RELEASE</version>
</dependency>
6.3 ini
myRealm1=org.apache.shiro.realm.jdbc.JdbcRealm
dataSource1=org.springframework.jdbc.datasource.DriverManagerDataSource
dataSource1.driverClassName=com.mysql.jdbc.Driver
dataSource1.url=jdbc:mysql://localhost:3306/shiro
dataSource1.username=root
dataSource1.password=123
myRealm1.dataSource=$dataSource1
# 解决权限不开启的问题
myRealm1.permissionsLookupEnabled=true
securityManager.realms=$myRealm1
6.4 Java
Factory<SecurityManager> factory = new IniSecurityManagerFactory("classpath:shiro.ini");
SecurityManager manager = factory.getInstance();
SecurityUtils.setSecurityManager(manager);
Subject subject = SecurityUtils.getSubject();
AuthenticationToken token = new UsernamePasswordToken("admin","123");
try {
subject.login(token);
} catch (Exception e) {
e.printStackTrace();
}
System.out.println("是否登录:"+subject.isAuthenticated());
System.out.println("是否拥有角色admin:"+subject.hasRole("system"));
// System.out.println("是否拥有角色user:"+subject.hasRole("user"));
System.out.println("是否拥有权限select:"+subject.isPermitted("video"));
subject.logout();
七、Shiro Web 集成
7.1 与 Web 集成
Shiro 提供了与 Web 集成的支持,其通过一个 ShiroFilter 入口来拦截需要安全控制的 URL,然后进行相应的控制,
ShiroFilter 类似于如 Strut2/SpringMVC 这种 web 框架的前端控制器,其是安全控制的入口点,
其负责读取配置(如 ini 配置文件),然后判断 URL 是否需要登录 / 权限等工作。
7.2 pom.xml
<dependency>
<groupId>com.github.pagehelper</groupId>
<artifactId>pagehelper</artifactId>
<version>5.1.8</version>
</dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-all</artifactId>
<version>1.2.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/javax.servlet/jstl -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework/spring-context -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring-version}</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework/spring-context -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring-version}</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework/spring-jdbc -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>${spring-version}</version>
</dependency>
<!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.26</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.mybatis/mybatis -->
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis</artifactId>
<version>3.4.5</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.mybatis/mybatis-spring -->
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis-spring</artifactId>
<version>2.0.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/commons-io/commons-io -->
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<!-- https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload -->
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.1</version>
</dependency>
7.3 springmvc.xml
<bean id="myRealm" class="com.zhiyou100.realm.UserRealm"></bean>
<bean id="securityManager" class="org.apache.shiro.web.mgt.DefaultWebSecurityManager">
<property name="realm" ref="myRealm"></property>
</bean>
<bean id="shiroFilter" class="org.apache.shiro.spring.web.ShiroFilterFactoryBean">
<property name="securityManager" ref="securityManager"></property>
<!-- 跳转到登录页面 -->
<property name="loginUrl" value="/login.jsp"></property>
<!-- 成功页面 -->
<property name="successUrl" value="/index.jsp"></property>
<!-- 权限不足的错误提示页面 -->
<property name="unauthorizedUrl" value="/error.jsp"></property>
<!-- 是所有的请求都要经过登录过滤器,如果没有登录就会跳 转到登录界面,所以静态资源同样会被拦截 anon过滤器处理原则 :随便访问 authc需要进行权限认证 -->
<property name="filterChainDefinitions">
<value>
/css/** = anon
/images/** = anon
/js/** = anon
/lib/** = anon
/login.jsp = anon
/index.jsp = anon
/error.jsp = anon
/user/login.do = anon
/** = authc
</value>
</property>
</bean>
<!-- 开启shiro自动代理 -->
<bean name="defaultAdvisorAutoProxyCreator" class="org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator">
<!-- 指定强制使用cglib为action创建代理对象 -->
<property name="proxyTargetClass" value="true"></property>
</bean>
<bean class="org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor"></bean>
7.4 web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/*.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/*.xml</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>shiroFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>shiroFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
7.5 UserRealm
public class UserRealm extends AuthorizingRealm{
@Resource
private UserService userService;
//获取用户的角色和权限
@Override
protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection collection) {
User user = (User) collection.getPrimaryPrincipal();
SimpleAuthorizationInfo info = new SimpleAuthorizationInfo ();
user = userService.findByAccout(user.getAccount());
for(Role role : user.getRoles()){
info.addRole(role.getName());
}
System.out.println(user);
for(Permission permission : user.getPermissions()){
info.addStringPermission(permission.getName());
}
return info;
}
//判断账号密码是否正确
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
String account = (String) token.getPrincipal();
String password = new String((char[])token.getCredentials());
System.out.println(token.getCredentials());
User user = userService.findByAccout(account);
System.out.println("myrealm:"+password);
if (user == null) {
throw new UnknownAccountException("账号不存在");
}
if (!password.equals(user.getPassword())) {
throw new IncorrectCredentialsException("密码错误");
}
return new SimpleAuthenticationInfo(user, password,getName());
}
}
7.6 jsp
# 导入标签
<%@ taglib prefix="shiro" uri="http://shiro.apache.org/tags"%>
# 判断是否有角色
<shiro:hasRole name="管理员">
</shiro:hasRole>
# 判断是否有权限
<shiro:hasPermission name="user:select">
</shiro:hasPermission>
# 获取当前登录的账号,account代表调用account属性
<shiro:principal property="account" />
(1)@RequiresAuthentication :表示当前Subject已经通过login 进行了身份验证;即Subject. isAuthenticated()返回true
(2)@RequiresUse:表示当前Subject已经身份验证或者通过记住我登录的
(3)@RequiresGuest :表示当前Subject没有身份验证或通过记住我登录过,即是游客身份
(4)@RequiresRoles(value={“admin”, “user”}, logical= Logical.AND)
(5)@RequiresPermissions (value={“user:a”, “user:b”}, logical= Logical.OR) :表示当前Subject需要权限user:a或user:b
7.7 Controller
@RequiresPermissions("user:delete")
@RequiresRoles("管理员")
7.8 sql
-- ----------------------------
-- Table structure for `permission`
-- ----------------------------
DROP TABLE IF EXISTS `permission`;
CREATE TABLE `permission` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(20) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=13 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of permission
-- ----------------------------
INSERT INTO `permission` VALUES ('1', 'user:select');
INSERT INTO `permission` VALUES ('2', 'user:insert');
INSERT INTO `permission` VALUES ('3', 'user:update');
INSERT INTO `permission` VALUES ('4', 'user:delete');
INSERT INTO `permission` VALUES ('5', '*');
INSERT INTO `permission` VALUES ('6', 'role:select');
INSERT INTO `permission` VALUES ('7', 'role:insert');
INSERT INTO `permission` VALUES ('8', 'role:update');
INSERT INTO `permission` VALUES ('9', 'role:delete');
INSERT INTO `permission` VALUES ('10', 'user:*');
INSERT INTO `permission` VALUES ('11', 'role:*');
INSERT INTO `permission` VALUES ('12', '*:select');
-- ----------------------------
-- Table structure for `role`
-- ----------------------------
DROP TABLE IF EXISTS `role`;
CREATE TABLE `role` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`name` varchar(20) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `name` (`name`)
) ENGINE=InnoDB AUTO_INCREMENT=6 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of role
-- ----------------------------
INSERT INTO `role` VALUES ('3', '普通用户');
INSERT INTO `role` VALUES ('5', '王五');
INSERT INTO `role` VALUES ('2', '管理员');
INSERT INTO `role` VALUES ('1', '超级管理员');
INSERT INTO `role` VALUES ('4', '运维');
-- ----------------------------
-- Table structure for `role_permission`
-- ----------------------------
DROP TABLE IF EXISTS `role_permission`;
CREATE TABLE `role_permission` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`role_id` int(11) NOT NULL,
`permission_id` int(11) NOT NULL,
PRIMARY KEY (`id`),
KEY `role_id` (`role_id`),
KEY `permission_id` (`permission_id`),
CONSTRAINT `role_permission_ibfk_1` FOREIGN KEY (`role_id`) REFERENCES `role` (`id`),
CONSTRAINT `role_permission_ibfk_2` FOREIGN KEY (`permission_id`) REFERENCES `permission` (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=18 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of role_permission
-- ----------------------------
INSERT INTO `role_permission` VALUES ('14', '1', '5');
INSERT INTO `role_permission` VALUES ('17', '4', '12');
-- ----------------------------
-- Table structure for `user`
-- ----------------------------
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`account` varchar(20) NOT NULL,
`password` varchar(200) NOT NULL,
`review_num` int(11) NOT NULL,
`head` varchar(250) DEFAULT NULL,
`qq` int(11) DEFAULT NULL,
`email` varchar(50) DEFAULT NULL,
`phone` mediumtext,
`login_time` varchar(20) DEFAULT NULL,
`ip` varchar(20) NOT NULL,
`status` int(11) NOT NULL,
`index` int(11) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `account` (`account`)
) ENGINE=InnoDB AUTO_INCREMENT=32 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of user
-- ----------------------------
INSERT INTO `user` VALUES ('4', 'admin1', '123', '0', null, null, null, null, null, '0.0.0.0', '0', '4');
INSERT INTO `user` VALUES ('5', 'q4', '123', '0', null, null, null, null, null, '0.0.0.0', '0', '5');
INSERT INTO `user` VALUES ('6', 'q5', '123', '0', null, null, null, null, null, '0.0.0.0', '0', '6');
INSERT INTO `user` VALUES ('7', 'q6', '123', '0', null, null, null, null, null, '0.0.0.0', '0', '7');
INSERT INTO `user` VALUES ('8', 'q7', '123', '0', null, null, null, null, null, '0.0.0.0', '0', '8');
-- ----------------------------
-- Table structure for `user_role`
-- ----------------------------
DROP TABLE IF EXISTS `user_role`;
CREATE TABLE `user_role` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`user_id` int(11) NOT NULL,
`role_id` int(11) NOT NULL,
PRIMARY KEY (`id`),
KEY `user_id` (`user_id`),
KEY `role_id` (`role_id`),
CONSTRAINT `user_role_ibfk_2` FOREIGN KEY (`role_id`) REFERENCES `role` (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=24 DEFAULT CHARSET=utf8;
-- ----------------------------
-- Records of user_role
-- ----------------------------
INSERT INTO `user_role` VALUES ('10', '1', '1');
INSERT INTO `user_role` VALUES ('12', '6', '3');
INSERT INTO `user_role` VALUES ('13', '8', '3');
INSERT INTO `user_role` VALUES ('14', '9', '3');
INSERT INTO `user_role` VALUES ('15', '10', '3');
INSERT INTO `user_role` VALUES ('16', '11', '3');
INSERT INTO `user_role` VALUES ('17', '12', '3');
INSERT INTO `user_role` VALUES ('18', '13', '3');
INSERT INTO `user_role` VALUES ('19', '14', '3');
INSERT INTO `user_role` VALUES ('20', '3', '1');
INSERT INTO `user_role` VALUES ('22', '2', '1');
INSERT INTO `user_role` VALUES ('23', '4', '4');