diff --git a/README.md b/README.md index 7254a68..82bfebe 100644 --- a/README.md +++ b/README.md @@ -61,9 +61,8 @@ docker容器化部署 | ✔ ELK日志收集功能 | ✔ RabbitMq异步通信 | ✔ RestTemplate服务间调用 | ✔ -SpringSecurity权限管理功能 | +SpringSecurity权限管理功能 | ✔ 集成SpringCloud | -集成SpringCloudSecurity | ### 使用工具 @@ -235,7 +234,7 @@ Linux远程连接工具 | http://www.netsarang.com/download/software.html #### 订单管理 -#### 权限管理 +#### 权限管理 ✔ > **权限管理** diff --git a/mall-admin/src/main/java/com/macro/mall/bo/AdminUserDetails.java b/mall-admin/src/main/java/com/macro/mall/bo/AdminUserDetails.java index cd5010c..1c54b6f 100644 --- a/mall-admin/src/main/java/com/macro/mall/bo/AdminUserDetails.java +++ b/mall-admin/src/main/java/com/macro/mall/bo/AdminUserDetails.java @@ -1,12 +1,14 @@ package com.macro.mall.bo; import com.macro.mall.model.UmsAdmin; +import com.macro.mall.model.UmsPermission; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; -import java.util.Arrays; import java.util.Collection; +import java.util.List; +import java.util.stream.Collectors; /** * SpringSecurity需要的用户详情 @@ -14,15 +16,19 @@ import java.util.Collection; */ public class AdminUserDetails implements UserDetails { private UmsAdmin umsAdmin; - - public AdminUserDetails(UmsAdmin umsAdmin) { + private List permissionList; + public AdminUserDetails(UmsAdmin umsAdmin,List permissionList) { this.umsAdmin = umsAdmin; + this.permissionList = permissionList; } @Override public Collection getAuthorities() { //返回当前用户的权限 - return Arrays.asList(new SimpleGrantedAuthority("TEST")); + return permissionList.stream() + .filter(permission -> permission.getValue()!=null) + .map(permission ->new SimpleGrantedAuthority(permission.getValue())) + .collect(Collectors.toList()); } @Override diff --git a/mall-admin/src/main/java/com/macro/mall/config/SecurityConfig.java b/mall-admin/src/main/java/com/macro/mall/config/SecurityConfig.java index 3d5cceb..6ad7523 100644 --- a/mall-admin/src/main/java/com/macro/mall/config/SecurityConfig.java +++ b/mall-admin/src/main/java/com/macro/mall/config/SecurityConfig.java @@ -5,6 +5,7 @@ import com.macro.mall.component.JwtAuthenticationTokenFilter; import com.macro.mall.component.RestAuthenticationEntryPoint; import com.macro.mall.component.RestfulAccessDeniedHandler; import com.macro.mall.model.UmsAdmin; +import com.macro.mall.model.UmsPermission; import com.macro.mall.service.UmsAdminService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.web.servlet.FilterRegistrationBean; @@ -14,11 +15,11 @@ import org.springframework.http.HttpMethod; import org.springframework.security.authentication.encoding.Md5PasswordEncoder; import org.springframework.security.authentication.encoding.PasswordEncoder; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; -import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; @@ -26,6 +27,8 @@ import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.UrlBasedCorsConfigurationSource; import org.springframework.web.filter.CorsFilter; +import java.util.List; + /** * SpringSecurity的配置 @@ -33,6 +36,7 @@ import org.springframework.web.filter.CorsFilter; */ @Configuration @EnableWebSecurity +@EnableGlobalMethodSecurity(prePostEnabled=true) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UmsAdminService adminService; @@ -92,15 +96,13 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Bean public UserDetailsService userDetailsService() { //获取登录用户信息 - return new UserDetailsService() { - @Override - public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { - UmsAdmin admin = adminService.getAdminByUsername(username); - if (admin != null) { - return new AdminUserDetails(admin); - } - throw new UsernameNotFoundException("用户名或密码错误"); + return username -> { + UmsAdmin admin = adminService.getAdminByUsername(username); + if (admin != null) { + List permissionList = adminService.getPermissionList(admin.getId()); + return new AdminUserDetails(admin,permissionList); } + throw new UsernameNotFoundException("用户名或密码错误"); }; } diff --git a/mall-admin/src/main/java/com/macro/mall/controller/PmsBrandController.java b/mall-admin/src/main/java/com/macro/mall/controller/PmsBrandController.java index 5a173f7..365333b 100644 --- a/mall-admin/src/main/java/com/macro/mall/controller/PmsBrandController.java +++ b/mall-admin/src/main/java/com/macro/mall/controller/PmsBrandController.java @@ -3,12 +3,10 @@ package com.macro.mall.controller; import com.macro.mall.dto.CommonResult; import com.macro.mall.dto.PmsBrandParam; import com.macro.mall.service.PmsBrandService; -import com.macro.mall.validator.FlagValidator; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Controller; import org.springframework.validation.BindingResult; import org.springframework.validation.annotation.Validated; @@ -30,6 +28,7 @@ public class PmsBrandController { @ApiOperation(value = "获取全部品牌列表") @RequestMapping(value = "/listAll", method = RequestMethod.GET) @ResponseBody + @PreAuthorize("hasAuthority('pms:brand:read')") public Object getList() { return new CommonResult().success(brandService.listAllBrand()); } @@ -37,6 +36,7 @@ public class PmsBrandController { @ApiOperation(value = "添加品牌") @RequestMapping(value = "/create", method = RequestMethod.POST) @ResponseBody + @PreAuthorize("hasAuthority('pms:brand:create')") public Object create(@Validated @RequestBody PmsBrandParam pmsBrand, BindingResult result) { CommonResult commonResult; int count = brandService.createBrand(pmsBrand); @@ -51,6 +51,7 @@ public class PmsBrandController { @ApiOperation(value = "更新品牌") @RequestMapping(value = "/update/{id}", method = RequestMethod.POST) @ResponseBody + @PreAuthorize("hasAuthority('pms:brand:update')") public Object update(@PathVariable("id") Long id, @Validated @RequestBody PmsBrandParam pmsBrandParam, BindingResult result) { @@ -67,6 +68,7 @@ public class PmsBrandController { @ApiOperation(value = "删除品牌") @RequestMapping(value = "/delete/{id}", method = RequestMethod.GET) @ResponseBody + @PreAuthorize("hasAuthority('pms:brand:delete')") public Object delete(@PathVariable("id") Long id) { int count = brandService.deleteBrand(id); if (count == 1) { @@ -79,6 +81,7 @@ public class PmsBrandController { @ApiOperation(value = "根据品牌名称分页获取品牌列表") @RequestMapping(value = "/list", method = RequestMethod.GET) @ResponseBody + @PreAuthorize("hasAuthority('pms:brand:read')") public Object getList(@RequestParam(value = "keyword", required = false) String keyword, @RequestParam(value = "pageNum", defaultValue = "1") Integer pageNum, @RequestParam(value = "pageSize", defaultValue = "5") Integer pageSize) { @@ -88,6 +91,7 @@ public class PmsBrandController { @ApiOperation(value = "根据编号查询品牌信息") @RequestMapping(value = "/{id}", method = RequestMethod.GET) @ResponseBody + @PreAuthorize("hasAuthority('pms:brand:read')") public Object getItem(@PathVariable("id") Long id) { return new CommonResult().success(brandService.getBrand(id)); } @@ -95,6 +99,7 @@ public class PmsBrandController { @ApiOperation(value = "批量删除品牌") @RequestMapping(value = "/delete/batch", method = RequestMethod.POST) @ResponseBody + @PreAuthorize("hasAuthority('pms:brand:delete')") public Object deleteBatch(@RequestParam("ids") List ids) { int count = brandService.deleteBrand(ids); if (count > 0) { @@ -107,6 +112,7 @@ public class PmsBrandController { @ApiOperation(value = "批量更新显示状态") @RequestMapping(value = "/update/showStatus", method = RequestMethod.POST) @ResponseBody + @PreAuthorize("hasAuthority('pms:brand:update')") public Object updateShowStatus(@RequestParam("ids") List ids, @RequestParam("showStatus") Integer showStatus) { int count = brandService.updateShowStatus(ids, showStatus); @@ -120,6 +126,7 @@ public class PmsBrandController { @ApiOperation(value = "批量更新厂家制造商状态") @RequestMapping(value = "/update/factoryStatus", method = RequestMethod.POST) @ResponseBody + @PreAuthorize("hasAuthority('pms:brand:update')") public Object updateFactoryStatus(@RequestParam("ids") List ids, @RequestParam("factoryStatus") Integer factoryStatus) { int count = brandService.updateFactoryStatus(ids, factoryStatus); diff --git a/mall-admin/src/main/java/com/macro/mall/controller/PmsProductCategoryController.java b/mall-admin/src/main/java/com/macro/mall/controller/PmsProductCategoryController.java index 069eda6..b8f3d7d 100644 --- a/mall-admin/src/main/java/com/macro/mall/controller/PmsProductCategoryController.java +++ b/mall-admin/src/main/java/com/macro/mall/controller/PmsProductCategoryController.java @@ -8,6 +8,7 @@ import com.macro.mall.service.PmsProductCategoryService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Controller; import org.springframework.validation.BindingResult; import org.springframework.validation.annotation.Validated; @@ -29,6 +30,7 @@ public class PmsProductCategoryController { @ApiOperation("添加产品分类") @RequestMapping(value = "/create", method = RequestMethod.POST) @ResponseBody + @PreAuthorize("hasAuthority('pms:productCategory:create')") public Object create(@Validated @RequestBody PmsProductCategoryParam productCategoryParam, BindingResult result) { int count = productCategoryService.create(productCategoryParam); @@ -42,6 +44,7 @@ public class PmsProductCategoryController { @ApiOperation("修改商品分类") @RequestMapping(value = "/update/{id}", method = RequestMethod.POST) @ResponseBody + @PreAuthorize("hasAuthority('pms:productCategory:update')") public Object update(@PathVariable Long id, @Validated @RequestBody PmsProductCategoryParam productCategoryParam, @@ -57,6 +60,7 @@ public class PmsProductCategoryController { @ApiOperation("分页查询商品分类") @RequestMapping(value = "/list/{parentId}", method = RequestMethod.GET) @ResponseBody + @PreAuthorize("hasAuthority('pms:productCategory:read')") public Object getList(@PathVariable Long parentId, @RequestParam(value = "pageSize", defaultValue = "5") Integer pageSize, @RequestParam(value = "pageNum", defaultValue = "1") Integer pageNum) { @@ -67,6 +71,7 @@ public class PmsProductCategoryController { @ApiOperation("根据id获取商品分类") @RequestMapping(value = "/{id}", method = RequestMethod.GET) @ResponseBody + @PreAuthorize("hasAuthority('pms:productCategory:read')") public Object getItem(@PathVariable Long id) { PmsProductCategory productCategory = productCategoryService.getItem(id); return new CommonResult().success(productCategory); @@ -75,6 +80,7 @@ public class PmsProductCategoryController { @ApiOperation("删除商品分类") @RequestMapping(value = "/delete/{id}", method = RequestMethod.POST) @ResponseBody + @PreAuthorize("hasAuthority('pms:productCategory:delete')") public Object delete(@PathVariable Long id) { int count = productCategoryService.delete(id); if (count > 0) { @@ -87,6 +93,7 @@ public class PmsProductCategoryController { @ApiOperation("修改导航栏显示状态") @RequestMapping(value = "/update/navStatus", method = RequestMethod.POST) @ResponseBody + @PreAuthorize("hasAuthority('pms:productCategory:update')") public Object updateNavStatus(@RequestParam("ids") List ids, @RequestParam("navStatus") Integer navStatus) { int count = productCategoryService.updateNavStatus(ids, navStatus); if (count > 0) { @@ -99,6 +106,7 @@ public class PmsProductCategoryController { @ApiOperation("修改显示状态") @RequestMapping(value = "/update/showStatus", method = RequestMethod.POST) @ResponseBody + @PreAuthorize("hasAuthority('pms:productCategory:update')") public Object updateShowStatus(@RequestParam("ids") List ids, @RequestParam("showStatus") Integer showStatus) { int count = productCategoryService.updateShowStatus(ids, showStatus); if (count > 0) { @@ -111,6 +119,7 @@ public class PmsProductCategoryController { @ApiOperation("查询所有一级分类及子分类") @RequestMapping(value = "/list/withChildren", method = RequestMethod.GET) @ResponseBody + @PreAuthorize("hasAuthority('pms:productCategory:read')") public Object listWithChildren() { List list = productCategoryService.listWithChildren(); return new CommonResult().success(list); diff --git a/mall-admin/src/main/java/com/macro/mall/controller/PmsProductController.java b/mall-admin/src/main/java/com/macro/mall/controller/PmsProductController.java index fa7826b..92150a1 100644 --- a/mall-admin/src/main/java/com/macro/mall/controller/PmsProductController.java +++ b/mall-admin/src/main/java/com/macro/mall/controller/PmsProductController.java @@ -9,6 +9,7 @@ import com.macro.mall.service.PmsProductService; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Controller; import org.springframework.validation.BindingResult; import org.springframework.web.bind.annotation.*; @@ -29,6 +30,7 @@ public class PmsProductController { @ApiOperation("创建商品") @RequestMapping(value = "/create", method = RequestMethod.POST) @ResponseBody + @PreAuthorize("hasAuthority('pms:product:create')") public Object create(@RequestBody PmsProductParam productParam, BindingResult bindingResult) { int count = productService.create(productParam); if (count > 0) { @@ -41,6 +43,7 @@ public class PmsProductController { @ApiOperation("根据商品id获取商品编辑信息") @RequestMapping(value = "/updateInfo/{id}", method = RequestMethod.GET) @ResponseBody + @PreAuthorize("hasAuthority('pms:product:read')") public Object getUpdateInfo(@PathVariable Long id) { PmsProductResult productResult = productService.getUpdateInfo(id); return new CommonResult().success(productResult); @@ -49,6 +52,7 @@ public class PmsProductController { @ApiOperation("更新商品") @RequestMapping(value = "/update/{id}", method = RequestMethod.POST) @ResponseBody + @PreAuthorize("hasAuthority('pms:product:update')") public Object update(@PathVariable Long id, @RequestBody PmsProductParam productParam, BindingResult bindingResult) { int count = productService.update(id, productParam); if (count > 0) { @@ -61,6 +65,7 @@ public class PmsProductController { @ApiOperation("查询商品") @RequestMapping(value = "/list", method = RequestMethod.GET) @ResponseBody + @PreAuthorize("hasAuthority('pms:product:read')") public Object getList(PmsProductQueryParam productQueryParam, @RequestParam(value = "pageSize", defaultValue = "5") Integer pageSize, @RequestParam(value = "pageNum", defaultValue = "1") Integer pageNum) { @@ -71,6 +76,7 @@ public class PmsProductController { @ApiOperation("批量修改审核状态") @RequestMapping(value = "/update/verifyStatus",method = RequestMethod.POST) @ResponseBody + @PreAuthorize("hasAuthority('pms:product:update')") public Object updateVerifyStatus(@RequestParam("ids") List ids, @RequestParam("verifyStatus") Integer verifyStatus, @RequestParam("detail") String detail) { @@ -85,6 +91,7 @@ public class PmsProductController { @ApiOperation("批量上下架") @RequestMapping(value = "/update/publishStatus",method = RequestMethod.POST) @ResponseBody + @PreAuthorize("hasAuthority('pms:product:update')") public Object updatePublishStatus(@RequestParam("ids") List ids, @RequestParam("publishStatus") Integer publishStatus) { int count = productService.updatePublishStatus(ids, publishStatus); @@ -98,6 +105,7 @@ public class PmsProductController { @ApiOperation("批量推荐商品") @RequestMapping(value = "/update/recommendStatus",method = RequestMethod.POST) @ResponseBody + @PreAuthorize("hasAuthority('pms:product:update')") public Object updateRecommendStatus(@RequestParam("ids") List ids, @RequestParam("recommendStatus") Integer recommendStatus) { int count = productService.updateRecommendStatus(ids, recommendStatus); @@ -111,6 +119,7 @@ public class PmsProductController { @ApiOperation("批量设为新品") @RequestMapping(value = "/update/newStatus",method = RequestMethod.POST) @ResponseBody + @PreAuthorize("hasAuthority('pms:product:update')") public Object updateNewStatus(@RequestParam("ids") List ids, @RequestParam("newStatus") Integer newStatus) { int count = productService.updateNewStatus(ids, newStatus); @@ -124,6 +133,7 @@ public class PmsProductController { @ApiOperation("批量修改删除状态") @RequestMapping(value = "/update/deleteStatus",method = RequestMethod.POST) @ResponseBody + @PreAuthorize("hasAuthority('pms:product:delete')") public Object updateDeleteStatus(@RequestParam("ids") List ids, @RequestParam("deleteStatus") Integer deleteStatus) { int count = productService.updateDeleteStatus(ids, deleteStatus);