0.准备工作
注意!!!
本案例数据库相关请下载例子包,内有数据库脚本、EXCEL数据表和详细的设计文档(功能流程图,权限说明,数据表设计,接口设计等)。
0.1运行环境
jdk1.6
maven
tomcat7
0.2知识储备
对SpringMVC框架有所了解
对AOP编程有所了解
对权限管理的逻辑有所了解,思维清晰
本案例中等难度,代码注释较少,有不明白的地方,或者不正确的地方,欢迎联系作者本人或留言。
1.设计思路
1.1功能点
- 登录
- 防止重复登录
- token有效期内自动relogin
- 角色管理
- 新增角色、修改角色名与角色权限
- 删除角色(连带删除节点下的所有角色)
- 用户管理
- 按用户名模糊查询,按角色名精确查询
- 新增、修改、删除用户
- 组织结构图
- AOP验权
1.2项目结构
/aspect/ 目录下有两个AOP切面,LoginAspect用于login与relogin。
TokenAspect用于token解析与AOP验权。
/controller/ 目录下HomeController用于返回前端jsp页面与用户登录接口
/controller/auth 目录下Auth.User.Role 三个Control 分别实现权限业务逻辑
/dao/impl 数据库操作相关类
/entity/ Auth.User.Role 三个实体类
/util/ token工具类
1.3项目难点
- 对权限管理的理解
- 前后端分离的数据交互
- 稍有涉及数据结构相关知识
2.具体实现
2.1TokenAspect.java --用于token解析与AOP验权
@Component
@Aspect
public class TokenAspect {
@Autowired
UserImpl userImpl;
@Autowired
AuthImpl authImpl;
private static final Logger LOGGER = LoggerFactory.getLogger(TokenAspect.class);
@Pointcut("execution(* com.yyxl.authDemo.controller.auth.*Controller.*(..))")
public void tokenPointCut() {
// Do nothing.Just @Around By method invoke.
}
@Around("tokenPointCut()")
public Object invoke(ProceedingJoinPoint point) throws Throwable { // NOSONAR
Map<String, Object> result = new HashMap<String, Object>();
HttpServletRequest httpServletRequest = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
String tokenInHeader = httpServletRequest.getHeader("Authorization");
Map<String,Object> validRes = JwtUtil.validateToken(tokenInHeader);
if (validRes.containsKey("username")){
String username = (String)validRes.get("username");
//验证username是否存在
TUser tuser = userImpl.getUserByUserame(username);
if (tuser!=null){
//=====AOP验权开始
HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
String uri = request.getRequestURI();
Boolean aopFlag = false;
//获取接口所需权限
List<TAuth> auths = authImpl.getAuthsByURI(uri);
if (auths.size() != 0) {
for (TAuth a : auths
) {
if (authImpl.isUserhasAuth(username, a.getAuthId())) {
aopFlag = true;
break;
}
}
} else {
//不需要权限
aopFlag = true;
}
if (!aopFlag) {
result.put("success", false);
result.put("msg", "无权限");
return result;
}
//=====AOP验权结束
if (tuser.getToken().equals(tokenInHeader)){
Object[] args = point.getArgs();
if (args.length>0) {
args[args.length - 1] = username;
}
Object returnValue = point.proceed(args);
return returnValue;
}else {
result.put("msg","用户在别处登录");
}
}else {
result.put("msg","用户名不存在");
}
}else {
String msg = (String)validRes.get("msg");
result.put("msg",msg);
}
result.put("success",false);
return result;
}
}
2.2UserController.java
@Controller
@RequestMapping(value = "/user")
public class UserController {
@Autowired
UserImpl userImpl;
@Autowired
RoleImpl roleImpl;
@RequestMapping(value = "/relogin")
@ResponseBody
public Map<String, Object> reLogin(HttpServletRequest httpServletRequest,
@RequestParam(required = false) String username){
Map<String, Object> result = new HashMap<String, Object>();
String tokenInHeader = httpServletRequest.getHeader("Authorization");
Map<String,Object> validRes = JwtUtil.validateToken(tokenInHeader);
if (validRes.containsKey("username")){
String newToken = JwtUtil.generateToken(username);
userImpl.updateTokenByUsername(username, newToken);
result.put("msg","OK");
result.put("token",newToken);
}else {
String msg = (String)validRes.get("msg");
result.put("msg",msg);
}
return result;
}
@RequestMapping(value = "/getAllUsers")
@ResponseBody
public Map<String, Object> getAllUsers(@RequestParam(required = false)Map<String, String> params,
@RequestParam(required = false) String username){
Map<String, Object> result = new HashMap<String, Object>();
int start = Integer.valueOf(params.remove("start"));
int limit = Integer.valueOf(params.remove("limit"));
params.remove("_dc");
params.remove("page");
List<TUser> tusers = userImpl.getUsersByFilter(params,start,limit);
if (tusers.size()!=0) {
for (TUser u : tusers
) {
if (u.getRoleId()!=null) {
String roleName = roleImpl.getRoleNameByRoleId(u.getRoleId()+"");
u.setRoleName(roleName);
}else {
u.setRoleName("无");
}
u.setUpdateTime2(u.getUpdateTime().toString());
u.setCreateTime2(u.getCreateTime().toString());
}
result.put("datas", tusers);
}
result.put("totalSize", tusers.size());
return result;
}
@RequestMapping(value = "/delUser")
@ResponseBody
public Map<String, Object> delUser(@RequestParam Map<String, String> params,
@RequestParam(required = false) String username) {
Map<String, Object> result = new HashMap<String, Object>();
String usernameDel = params.get("username");
userImpl.delUser(usernameDel);
result.put("success", true);
return result;
}
@RequestMapping(value = "/getTreeDatas")
@ResponseBody
public Map<String, Object> getUsersByRole(@RequestParam Integer roleId,
@RequestParam(required = false) String username){
List<TUser> tusers = userImpl.getUsersByRoleId(roleId);
List<Map<String, Object>> treeList = new ArrayList<Map<String,Object>>();
Map<String, Object> result = new HashMap<String, Object>();
for (TUser u:tusers
) {
Map<String, Object> treeMap = new HashMap<String, Object>();
treeMap.put("text", u.getUsername());
treeMap.put("leaf", true);
treeList.add(treeMap);
}
result.put("children",treeList);
return result;
}
@RequestMapping(value = "/saveData")
@ResponseBody
public Map<String, Object> saveData(@RequestParam Map<String, String> params,
@RequestParam(required = false) String username) {
Map<String, Object> result = new HashMap<String, Object>();
String saveState = params.remove("saveState");
result.put("success", true);
result.put("msg", "保存成功");
String usernameNew = params.get("username");
String passwordNew = params.get("password");
String roleName = params.get("roleName");
TRole role = roleImpl.getRoleByRoleName(roleName);
if (role==null){
result.put("success", false);
result.put("msg", "角色名不存在");
return result;
}
TUser userNew = new TUser();
userNew.setUsername(usernameNew);
userNew.setPassword(passwordNew);
userNew.setRoleId(role.getRoleId());
Timestamp now = new Timestamp(System.currentTimeMillis());
userNew.setUpdateTime(now);
if ("add".equals(saveState)) {
userNew.setCreateTime(now);
userImpl.addUser(userNew);
} else {
userImpl.edtUser(userNew);
userImpl.updateTokenByUsername(usernameNew,JwtUtil.generateToken(usernameNew));
}
return result;
}
}
3.展示
3.1token过期
3.2登录
3.3主界面
3.4角色管理
3.5用户管理
不知你们发现了没有,新建用户选择权限第一个是全部,然而全部并不是角色,是筛选条件
3.6组织结构图
3.7AOP验权
4总结
上面是贴出的主要代码,完整的请下载demo包,有不明白的地方请在下方评论,或者联系邮箱yaoyunxiaoli@163.com。
我是妖云小离,这是我第三次在Demo大师上发文章,感谢阅读。基于SpringMVC+Ext.js的权限管理系统(无权限框架)
注:本文著作权归作者,由demo大师代发,拒绝转载,转载需要作者授权