权限管理
作者:互联网
文章目录
角色添加.
Contoller.
@RequestMapping("/findUserByIdAndAllRole")
public String findUserByIdAndAllRole(Model model,@RequestParam(name = "id",required = true) String userid){
//根据用户id查询用户
UserInfo userInfo = service.findById(userid);
//根据用户id查询可以添加的角色
List<Role> otherRoles = service.findOtherRoles(userid);
model.addAttribute("user",userInfo);
model.addAttribute("roleList",otherRoles);
return "user-role-add";
Service.
UserInfo findById(String id);
List<Role> findOtherRoles(String userid);
Serivecimpl
@Override
public UserInfo findById(String id) {
return userDao.findById( id);
}
@Override
public List<Role> findOtherRoles(String userid) {
return userDao.findOtherRoles(userid);
}
Dao.
@Select("select * from users where id = #{id}")
@Results({
@Result(id = true, property = "id", column = "id"),
@Result(property = "username", column = "username"),
@Result(property = "email", column = "email"),
@Result(property = "password", column = "password"),
@Result(property = "phoneNum", column = "phoneNum"),
@Result(property = "status", column = "status"),
@Result(property = "roles",column = "id",javaType = java.util.List.class,many = @Many(select = "com.itheima.dao.IRoleDao.findRoleByUserId"))
})
UserInfo findById(String id);
//查询出没有关联的的角色信息 //这里查询的是没有关联的数据
@Select("select * from role where id not in (select from user_role where userId = #{userId})")
List<Role> findOtherRoles(String userid);
}
可以根据用户ID查询出能添加的角色,但是点击保存却没有任何效果
Controller.
@RequestMapping("/addRoleToUser")
public String addRoleTOUSer(@RequestParam(name = "userId",required = true) String userId ,@RequestParam(name = "ids" ,required = true) String []roleIds ){
service.addRoleToUser(userId , roleIds);
return "redirect:findAll";
}
Service.
void addRoleToUser(String userId, String [] roleIds);
ServiceImpl.
@Override
public void addRoleToUser(String userId, String[] roleIds) {
//因为需要添加的角色有多个 使用这里使用for循环
for(String roleId : roleIds){
userDao.addRoleToUser(userId, userId);
}
}
Dao.
//添加id数据进用户与角色的中间表,让两表关联
@Insert("insert into users_role(userId,roleId) values(#{userId},#{roleId})")
void addRoleToUser(@Param("userId") String userId, @Param("roleId") String roleId);
角色关联权限.
Controller
//根据roleId查询role,并查询可以添加的权限
@RequestMapping("/findRoleByIdAndAllPermission")
public String findRoleByIdAndAllPermission(Model model,@RequestParam(name = "id",required = true)String roleId){
System.out.println(roleId);
//根据roleId查询role
Role role = service.findById(roleId);
//根据roleId查询可以添加的权限
List<Permission> otherPermission = service.findOtherPermissions(roleId);
model.addAttribute("role",role);
model.addAttribute("permissionList",otherPermission);
return "role-permission-add";
}
}
Service.
Role findById(String roleId);
List<Permission> findOtherPermissions(String roleId);
ServiceImpl.
@Override
public Role findById(String roleId) {
return dao.findById(roleId);
}
@Override
public List<Permission> findOtherPermissions(String roleId) {
return dao.findOtherPermissions(roleId);
}
Dao.
role-permisssion.add.jsp
给角色添加权限(之前我们查询出来哪些权限可以添加)
Controller.
//通过name获取隐藏域的id也就是我们点击角色的id , 获取我们选择添加权限的id 多个 所以使用数组
@RequestMapping("/addPermissionToRole")
public String addPermisssionToRole(@RequestParam(name = "roleId",required = true)String roleId,@RequestParam(name = "ids",required = true)String[] permissionIds ){
for(String per : permissionIds){
System.out.println(per);
}
service.addPermissionToRole(roleId ,permissionIds);
return "redirect:findAll";
}
Service.
void addPermissionToRole(String roleId, String[] permissionIds);
Serviceimpl.
@Override
public void addPermissionToRole(String roleId, String[] permissionIds) {
for(String permissionId : permissionIds){
dao.addPermissionToRole(roleId,permissionId);
}
}
Dao.
//为角色添加权限
@Insert("insert into role_permission(roleId,permissionId) values(#{roleId},#{permissionId})")
void addPermissionToRole(@Param("roleId") String roleId, @Param("permissionId") String permissionId);
权限不足是无法浏览对应页面的.但是403页面太丑了所以,自己创建一个403页面
JSR-250
<!-- 开启jsr-250-->
<security:global-method-security jsr250-annotations="enabled"></security:global-method-security>
3.
@Secured()
基于表达式操作.
获取当前操作的用户信息.
第一步.
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.security.version}</version>
</dependency>
第二步.
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
第三步.
<%-- 获得当前正在操作的对象的用户名--%>
<security:authentication property="principal.username"></security:authentication>
控制标签是否显示
第一步
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
第二步
第三步.
第三步(方法二).
加入这条配置
<bean id="webexpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />
AOP日志
实体类.
@Data
public class SysLog {
private String id;
private Date visitTime;
private String visitTimeStr;
private String username;
private String ip;
private String url;
private Long executionTime;
private String method;
}
刚满20就秃顶
发布了24 篇原创文章 · 获赞 2 · 访问量 420
私信
关注
标签:String,管理,roleId,userId,public,role,权限,id 来源: https://blog.csdn.net/tiangoua/article/details/103934032