Back-end permission control
1. Each request will carry a token. Spring Security will judge the user information according to the token and authorize the user. 2, For the control of interface permissions, we can use the Spring EL expression with @preauthorize (“hasAnyRole(‘ADMIN’)”) annotation to control the interface permissions. This annotation indicates that only when the current user’s role is ADMIN, Spring Security will release it. Note: It is recommended that ROLE_* be stored in the database to specify the role name.
@PreAuthorize("hasAnyRole('ADMIN')")
@RequestMapping(value = "/getRoleList",method = RequestMethod.POST)
public RetResult getRoleList(@RequestBody Map<String.Object> map){
/ /...
}
Copy the codeExample
System administrators and test users using this system respectively use Postman test, which is to test user access to access, will throw AccessDeniedException insufficient permission.
Using the system management meta-test results, you can access the interface to retrieve data.
Front-end access control
1, because the system uses dynamic load routing, so if the current user’s route list does not have you will be transferred to the 404 page. 2. Customize permission judgment methods. Verify with V-IF instruction.
Create the SRC \ utils \ permission. Js
import store from '@/store'
export default function hasPermission(value) {
if (value && value instanceof Array && value.length > 0) {
const roles = store.getters && store.getters.roles
const permissionList = value
const isPermission = roles.some(role= > {
return permissionList.includes(role.rolename)
})
if(! isPermission) {
return false
}
return true
} else {
this.$message({
message: 'Required Role Permissions List'.
type: 'error'
})
return false
}
}
Copy the codeTo explain: get the role from Vuex, and then with the page defined by the authority role to judge, if included, you can access.
<template slot-scope="scope">
<el-popover
// Use it herev-ifJust judge
v-if="hasPermission(['ROLE_ADMIN'])"
:ref="scope.row.id"
placement="top"
width="180">
<p>Are you sure to delete this data?</p>
<div style="text-align: right; margin: 0">
<el-button size="mini" type="text" @click="$refs[scope.row.id].doClose()">cancel</el-button>
<el-button :loading="delLoading" type="primary" size="mini" @click="subDelete(scope.row.id)">determine</el-button>
</div>
<el-button slot="reference" :disabled="scope.row.id === 1" type="danger" size="mini">delete</el-button>
</el-popover>
</template>
.
<script>
import hasPermission from '@/utils/permission'
.
methods: {
hasPermission,
}
Copy the codeThis allows you to control the permissions of buttons, or parts of a page
GitHub paging plugin
Spring Boot uses Github as a pagination plugin
<! -- Github paging plugin -->
<dependency>
<groupId>com.github.pagehelper</groupId>
<artifactId>pagehelper-spring-boot-starter</artifactId>
<version>1.2.3</version>
</dependency>
Copy the code2. Configure PageHelper in application.yml as follows
pagehelper:
helperDialect: mysql
reasonable: true
supportMethodsArguments: true
params: count=countSql
Copy the code3, it is recommended to encapsulate a PageUtil, because usually Vue front-end paging requires us to pass the current page :pageNum, pageSize :pageSize, total number of pageTotal and other parameters.
package com.example.security.util;
import com.github.pagehelper.Page;
import lombok.Data;
import java.util.List;
/ * *
* @Autoor: wen-bin Yang
* @Date: 2019/1/21
* @Description:
* /
@Data
public class PageUtil {
private Integer pageCur;
private Integer pageSize;
private Integer rowTotal;
private Integer pageTotal;
private List data;
public PageUtil(Page page,List data) {
this.pageCur = page.getPageNum();
this.pageSize = page.getPageSize();
this.rowTotal = page.getPages();
this.pageTotal = Integer.valueOf((int)page.getTotal());
this.data = data;
}
}
Copy the codeThe format of the returned data
Then render the data in the front end and it’s ok. Currently do the role management page, which is also used for the role operation column
hasPermissionAccess control is carried out. The code has been synchronized to
GithubPlease feel free to contact me if you have any suggestions
