RBAC权限控制
This commit is contained in:
parent
b9b46d4169
commit
c16d71e6e9
36
src/main/java/com/example/springdemo/utils/Result.java
Normal file
36
src/main/java/com/example/springdemo/utils/Result.java
Normal file
@ -0,0 +1,36 @@
|
||||
package com.example.springdemo.utils;
|
||||
|
||||
import lombok.*;
|
||||
import org.jetbrains.annotations.Contract;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
@NoArgsConstructor
|
||||
@AllArgsConstructor
|
||||
@Getter
|
||||
@Setter
|
||||
public class Result<T> implements Serializable {
|
||||
private Integer status = 0;
|
||||
private String message = "";
|
||||
private T data;
|
||||
|
||||
public Result(Integer status, String message) {
|
||||
this.status = status;
|
||||
this.message = message;
|
||||
}
|
||||
|
||||
public Result(Integer status) {
|
||||
this.status = status;
|
||||
}
|
||||
|
||||
@Contract("_, _, _ -> new")
|
||||
public static <T> @NotNull Result<T> of(Integer status, String message, T data) {
|
||||
return new Result<>(status, message, data);
|
||||
}
|
||||
|
||||
@Contract(value = "_, _ -> new", pure = true)
|
||||
public static <T> @NotNull Result<T> of(Integer status, String message) {
|
||||
return Result.of(status, message, null);
|
||||
}
|
||||
}
|
@ -0,0 +1,15 @@
|
||||
package com.example.springdemo.utils;
|
||||
|
||||
// 在Controller中使用该注解,可以实现权限验证
|
||||
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
@Target({java.lang.annotation.ElementType.METHOD, java.lang.annotation.ElementType.TYPE})
|
||||
@Retention(java.lang.annotation.RetentionPolicy.RUNTIME)
|
||||
public @interface RoleVerificationAnnotation {
|
||||
//有权限访问的角色ID
|
||||
long[] RoleIDList() default {1};
|
||||
|
||||
long[] UserIDList() default {};
|
||||
}
|
@ -0,0 +1,86 @@
|
||||
package com.example.springdemo.utils;
|
||||
|
||||
import com.example.springdemo.entities.Users;
|
||||
import jakarta.servlet.http.HttpServletRequest;
|
||||
import org.aspectj.lang.ProceedingJoinPoint;
|
||||
import org.aspectj.lang.Signature;
|
||||
import org.aspectj.lang.annotation.Around;
|
||||
import org.aspectj.lang.annotation.Aspect;
|
||||
import org.aspectj.lang.annotation.Pointcut;
|
||||
import org.aspectj.lang.reflect.MethodSignature;
|
||||
import org.jetbrains.annotations.NotNull;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.context.request.RequestAttributes;
|
||||
import org.springframework.web.context.request.RequestContextHolder;
|
||||
import org.springframework.web.context.request.ServletRequestAttributes;
|
||||
|
||||
import java.lang.reflect.Method;
|
||||
|
||||
//角色权限控制AOP
|
||||
@Component
|
||||
@Aspect
|
||||
public class RoleVerificationAspect {
|
||||
@Pointcut("@annotation(com.example.springdemo.utils.RoleVerificationAnnotation)")
|
||||
public void roleVerification() {
|
||||
}
|
||||
|
||||
@Around("roleVerification()")
|
||||
public Object around(@NotNull ProceedingJoinPoint joinPoint) throws Throwable {
|
||||
Signature signature = joinPoint.getSignature();
|
||||
MethodSignature methodSignature = (MethodSignature) signature;
|
||||
// 获取正在访问的方法
|
||||
Method executingMethod = methodSignature.getMethod();
|
||||
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
|
||||
ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) requestAttributes;
|
||||
Object result;
|
||||
String message = "Permission denied";
|
||||
if (executingMethod.getReturnType().getTypeName().contains(Result.class.getSimpleName())) {
|
||||
result = Result.of(404, message);
|
||||
} else {
|
||||
result = message;
|
||||
}
|
||||
|
||||
if (servletRequestAttributes == null) {
|
||||
return result;
|
||||
}
|
||||
HttpServletRequest request = servletRequestAttributes.getRequest();
|
||||
Integer userID = null;
|
||||
Integer roleID = null;
|
||||
//RolesPermissions rolesPermissions = (RolesPermissions) request.getSession().getAttribute("rolesPermissions");
|
||||
Users users = (Users) request.getSession().getAttribute("users");
|
||||
if (users != null) {
|
||||
userID = users.getId().intValue();
|
||||
roleID = users.getRoles().getId().intValue();
|
||||
}
|
||||
RoleVerificationAnnotation roleVerificationAnnotation = executingMethod.getAnnotation(RoleVerificationAnnotation.class);
|
||||
//获取注解中的types字段
|
||||
long[] rolesIdList = roleVerificationAnnotation.RoleIDList();
|
||||
long[] userIdList = roleVerificationAnnotation.UserIDList();
|
||||
//判断是否有权限访问
|
||||
boolean hasPermission = false;
|
||||
//是否需要进行校验,如果注解中的types为空,即用户列表和角色列表同时为空,则不进行校验
|
||||
boolean needVerify = rolesIdList.length != 0 || userIdList.length != 0;
|
||||
if (needVerify) {
|
||||
for (long roleId : rolesIdList) {
|
||||
if (roleID != null && roleID == roleId) {
|
||||
hasPermission = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
for (long userId : userIdList) {
|
||||
if (userID != null && userID == userId) {
|
||||
hasPermission = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
} else {
|
||||
hasPermission = true;
|
||||
}
|
||||
|
||||
if (hasPermission) {
|
||||
result = joinPoint.proceed();
|
||||
}
|
||||
|
||||
return result;
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user