resty security的Api权限控制与事务支持

网友投稿 256 2022-06-06


让数据操作处于事务控制下

1. 在Appconfig里配置事务拦截器

public void configInterceptor(InterceptorLoader interceptorLoader) {
    //事务的拦截器 @Transaction
    interceptorLoader.add(new TransactionInterceptor());
}

2. 在Resource的方法上使用Transaction注解配置事务

@API("/users")
public class UserResource extends ApiResource {
  /**
   * 在一个数据源执行多个数据操作使用@Transaction注解
   * 如果时多个数据源 使用 @Transaction(name={"ds1","ds2"})
   * 数据源的名字和application.properties 里对应
   */
  @POST
  @Transaction
  public User save(User user,UserInfo info) {
    return user.save() && info.save();
  }
}

 对Api进行权限控制

1. 设计权限数据结构

DROP TABLE IF EXISTS sec_user;
CREATE TABLE sec_user (
  id            BIGINT       NOT NULL AUTO_INCREMENT PRIMARY KEY,
  username      VARCHAR(50)  NOT NULL COMMENT '登录名',
  providername  VARCHAR(50)  NOT NULL COMMENT '提供者',
  email         VARCHAR(200) COMMENT '邮箱',
  mobile        VARCHAR(50) COMMENT '手机',
  password      VARCHAR(200) NOT NULL COMMENT '密码',
  avatar_url    VARCHAR(255) COMMENT '头像',
  first_name    VARCHAR(10) COMMENT '名字',
  last_name     VARCHAR(10) COMMENT '姓氏',
  full_name     VARCHAR(20) COMMENT '全名',
  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP   NOT NULL,
  updated_at TIMESTAMP NULL ON UPDATE CURRENT_TIMESTAMP,
  deleted_at TIMESTAMP NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='用户';

DROP TABLE IF EXISTS sec_user_info;
CREATE TABLE sec_user_info (
  id          BIGINT    NOT NULL AUTO_INCREMENT PRIMARY KEY,
  user_id     BIGINT    NOT NULL COMMENT '用户id',
  creator_id  BIGINT COMMENT '创建者id',
  gender      INT DEFAULT 0 COMMENT '性别0男,1女',
  province_id BIGINT COMMENT '省id',
  city_id     BIGINT COMMENT '市id',
  county_id   BIGINT COMMENT '县id',
  street      VARCHAR(500) COMMENT '街道',
  zip_code    VARCHAR(50) COMMENT '邮编',
  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP   NOT NULL,
  updated_at TIMESTAMP NULL ON UPDATE CURRENT_TIMESTAMP,
  deleted_at TIMESTAMP NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='用户信息';

DROP TABLE IF EXISTS sec_role;
CREATE TABLE sec_role (
  id         BIGINT    NOT NULL AUTO_INCREMENT PRIMARY KEY,
  name       VARCHAR(50)   NOT NULL COMMENT '名称',
  value      VARCHAR(50)  NOT NULL COMMENT '值',
  intro      VARCHAR(255) COMMENT '简介',
  pid        BIGINT DEFAULT 0 COMMENT '父级id',
  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP   NOT NULL,
  updated_at TIMESTAMP NULL ON UPDATE CURRENT_TIMESTAMP,
  deleted_at TIMESTAMP NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='角色';

DROP TABLE IF EXISTS sec_user_role;
CREATE TABLE sec_user_role (
  id      BIGINT NOT NULL AUTO_INCREMENT PRIMARY KEY,
  user_id BIGINT NOT NULL,
  role_id BIGINT NOT NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='用户角色';

DROP TABLE IF EXISTS sec_permission;
CREATE TABLE sec_permission (
  id         BIGINT      NOT NULL AUTO_INCREMENT PRIMARY KEY,
  name       VARCHAR(50) NOT NULL COMMENT '名称',
  method      VARCHAR(10) NOT NULL COMMENT '方法',
  value      VARCHAR(50) NOT NULL COMMENT '值',
  url        VARCHAR(255) COMMENT 'url地址',
  intro      VARCHAR(255) COMMENT '简介',
  pid        BIGINT DEFAULT 0 COMMENT '父级id',
  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP   NOT NULL,
  updated_at TIMESTAMP NULL ON UPDATE CURRENT_TIMESTAMP,
  deleted_at TIMESTAMP NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='权限';

DROP TABLE IF EXISTS sec_role_permission;
CREATE TABLE sec_role_permission (
  id            BIGINT NOT NULL AUTO_INCREMENT PRIMARY KEY,
  role_id       BIGINT NOT NULL,
  permission_id BIGINT NOT NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='角色权限';

2. 实现AuthenticateService权限数据加载接口

public class MyAuthenticateService implements AuthenticateService {
  /**
   * 查询用户信息  
   * @param username 登录的用户名
   * @return 用户权限对象
   */
  public Principal getPrincipal(String username) {
    Principal<User> principal=null;
    User u = User.dao.findBy("username=?", username);
    if (u != null) {
      principal = new Principal<User>(u.getStr("username"), u.getStr("password"), new HashSet<String>(u.getPermissions()), u);
    }
    return principal;
  }
  /**
   * 加载全部的权限信息
   * @return 权限集合
   */
  public Set<Credential> getAllCredentials() {
    List<Permission> permissions = Permission.dao.findBy("deleted_at is null");
    Set<Credential> credentials = new HashSet<Credential>();

    for (Permission permission : permissions) {
      credentials.add(new Credential(permission.getStr("method"), permission.getStr("url"), permission.getStr("value")));
    }

    return credentials;
  }
}

3. 在AppConfig里配置SecurityInterceptor权限拦截器

public void configInterceptor(InterceptorLoader interceptorLoader) {
    //权限拦截器 2表示用户登录的最大session数量 MyAuthenticateService 数据加载实现类
    interceptorLoader.add(new SecurityInterceptor(2, new MyAuthenticateService()));
}

4. 模拟的用户数据

-- create role--
INSERT INTO sec_role(name, value, intro, pid,created_at)
VALUES ('超级管理员','R_ADMIN','',0, current_timestamp),
       ('销售','R_SALER','',1,current_timestamp),
       ('财务','R_FINANCER','',1,current_timestamp),
       ('设置','R_SETTER','',1,current_timestamp);

-- create permission--
INSERT INTO sec_permission( name,method, value, url, intro,pid, created_at)
VALUES ('订单','*','P_ORDER','/api/v1.0/orders/**','订单访问权限',0,current_timestamp),
       ('销售','*','P_SALE','/api/v1.0/sales/**','销售访问权限',0,current_timestamp),
       ('财务','*','P_FINANCE','/api/v1.0/finances/**','财务访问权限',0,current_timestamp),
       ('仓库','*','P_STORE','/api/v1.0/stores/**','仓库访问权限',0,current_timestamp),
       ('设置','*','P_SETTING','/api/v1.0/settings/**','设置访问权限',0,current_timestamp);

INSERT INTO sec_role_permission(role_id, permission_id)
VALUES (1,1),(1,2),(1,3),(1,4),(1,5),
       (2,1),(2,2),(2,4),
       (3,1),(3,2),(3,3),(3,4),
       (4,5);

-- user data--
-- create  admin--
INSERT INTO sec_user(username, providername, email, mobile, password, avatar_url, first_name, last_name, full_name, created_at)
VALUES ('admin','dreampie','<a href="https://dreampie.gitbooks.io/cdn-cgi/l/email-protection" rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"          target="_blank" >[email protected]</a>','18611434500','a217d8ac340ee5da8098bff32a5769ebad5d4cfd74adebe6c7020db4dc4c3df517f56f6bc41882deb47814bd060db6f1e225219b095d7906d2115ba9e8ab80a0','','仁辉','王','仁辉·王',current_timestamp),
       ('saler','dreampie','<a href="https://dreampie.gitbooks.io/cdn-cgi/l/email-protection" rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"          target="_blank" >[email protected]</a>','18611434500','a217d8ac340ee5da8098bff32a5769ebad5d4cfd74adebe6c7020db4dc4c3df517f56f6bc41882deb47814bd060db6f1e225219b095d7906d2115ba9e8ab80a0','','仁辉','王','仁辉·王',current_timestamp),
       ('financer','dreampie','<a href="https://dreampie.gitbooks.io/cdn-cgi/l/email-protection" rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"          target="_blank" >[email protected]</a>','18611434500','a217d8ac340ee5da8098bff32a5769ebad5d4cfd74adebe6c7020db4dc4c3df517f56f6bc41882deb47814bd060db6f1e225219b095d7906d2115ba9e8ab80a0','','仁辉','王','仁辉·王',current_timestamp),
       ('setter','dreampie','<a href="https://dreampie.gitbooks.io/cdn-cgi/l/email-protection" rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"          target="_blank" >[email protected]</a>','18611434500','a217d8ac340ee5da8098bff32a5769ebad5d4cfd74adebe6c7020db4dc4c3df517f56f6bc41882deb47814bd060db6f1e225219b095d7906d2115ba9e8ab80a0','','仁辉','王','仁辉·王',current_timestamp);

-- create user_info--
INSERT INTO sec_user_info(user_id, creator_id, gender,province_id,city_id,county_id,street,created_at)
VALUES (1,0,0,1,2,3,'人民大学',current_timestamp),
       (2,0,0,1,2,3,'人民大学',current_timestamp),
       (3,0,0,1,2,3,'人民大学',current_timestamp),
       (4,0,0,1,2,3,'人民大学',current_timestamp);

-- create user_role--
INSERT INTO sec_user_role( user_id, role_id)
VALUES (1,1),(2,2),(3,3),(4,4);


版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。

上一篇:header控制api数据源读写分离
下一篇:resty client Java客户端访问Api
相关文章

 发表评论

暂时没有评论,来抢沙发吧~