Back-end permission control
1. Each request will carry a token. Spring Security will judge the user information according to the token and authorize the user. 2, For the control of interface permissions, we can use the Spring EL expression with @preauthorize (“hasAnyRole(‘ADMIN’)”) annotation to control the interface permissions. This annotation indicates that only when the current user’s role is ADMIN, Spring Security will release it. Note: It is recommended that ROLE_* be stored in the database to specify the role name.
@PreAuthorize("hasAnyRole('ADMIN')")
@RequestMapping(value = "/getRoleList",method = RequestMethod.POST)
public RetResult getRoleList(@RequestBody Map<String.Object> map){
/ /...
}
Copy the code
Example
System administrators and test users using this system respectively use Postman test, which is to test user access to access, will throw AccessDeniedException insufficient permission.
Using the system management meta-test results, you can access the interface to retrieve data.
Front-end access control
1, because the system uses dynamic load routing, so if the current user’s route list does not have you will be transferred to the 404 page. 2. Customize permission judgment methods. Verify with V-IF instruction.
Create the SRC \ utils \ permission. Js
import store from '@/store'
export default function hasPermission(value) {
if (value && value instanceof Array && value.length > 0) {
const roles = store.getters && store.getters.roles
const permissionList = value
const isPermission = roles.some(role= > {
return permissionList.includes(role.rolename)
})
if(! isPermission) {
return false
}
return true
} else {
this.$message({
message: 'Required Role Permissions List'.
type: 'error'
})
return false
}
}
Copy the code
To explain: get the role from Vuex, and then with the page defined by the authority role to judge, if included, you can access.
<template slot-scope="scope">
<el-popover
// Use it herev-ifJust judge
v-if="hasPermission(['ROLE_ADMIN'])"
:ref="scope.row.id"
placement="top"
width="180">
<p>Are you sure to delete this data?</p>
<div style="text-align: right; margin: 0">
<el-button size="mini" type="text" @click="$refs[scope.row.id].doClose()">cancel</el-button>
<el-button :loading="delLoading" type="primary" size="mini" @click="subDelete(scope.row.id)">determine</el-button>
</div>
<el-button slot="reference" :disabled="scope.row.id === 1" type="danger" size="mini">delete</el-button>
</el-popover>
</template>
.
<script>
import hasPermission from '@/utils/permission'
.
methods: {
hasPermission,
}
Copy the code
This allows you to control the permissions of buttons, or parts of a page
GitHub paging plugin
Spring Boot uses Github as a pagination plugin
<! -- Github paging plugin -->
<dependency>
<groupId>com.github.pagehelper</groupId>
<artifactId>pagehelper-spring-boot-starter</artifactId>
<version>1.2.3</version>
</dependency>
Copy the code
2. Configure PageHelper in application.yml as follows
pagehelper:
helperDialect: mysql
reasonable: true
supportMethodsArguments: true
params: count=countSql
Copy the code
3, it is recommended to encapsulate a PageUtil, because usually Vue front-end paging requires us to pass the current page :pageNum, pageSize :pageSize, total number of pageTotal and other parameters.
package com.example.security.util;
import com.github.pagehelper.Page;
import lombok.Data;
import java.util.List;
/ * *
* @Autoor: wen-bin Yang
* @Date: 2019/1/21
* @Description:
* /
@Data
public class PageUtil {
private Integer pageCur;
private Integer pageSize;
private Integer rowTotal;
private Integer pageTotal;
private List data;
public PageUtil(Page page,List data) {
this.pageCur = page.getPageNum();
this.pageSize = page.getPageSize();
this.rowTotal = page.getPages();
this.pageTotal = Integer.valueOf((int)page.getTotal());
this.data = data;
}
}
Copy the code
The format of the returned data
Then render the data in the front end and it’s ok. Currently do the role management page, which is also used for the role operation column
hasPermission
Access control is carried out. The code has been synchronized to
GithubPlease feel free to contact me if you have any suggestions