基于resty?security的Api權(quán)限控制與事務(wù)支持的方法
這篇文章主要介紹了基于resty security的Api權(quán)限控制與事務(wù)支持的方法的相關(guān)知識,內(nèi)容詳細易懂����,操作簡單快捷,具有一定借鑒價值�,相信大家閱讀完這篇基于resty security的Api權(quán)限控制與事務(wù)支持的方法文章都會有所收獲,下面我們一起來看看吧��。
讓數(shù)據(jù)操作處于事務(wù)控制下
1. 在Appconfig里配置事務(wù)攔截器
public void configInterceptor(InterceptorLoader interceptorLoader) {
//事務(wù)的攔截器 @Transaction
interceptorLoader.add(new TransactionInterceptor());
}2. 在Resource的方法上使用Transaction注解配置事務(wù)
@API("/users")
public class UserResource extends ApiResource {
/**
* 在一個數(shù)據(jù)源執(zhí)行多個數(shù)據(jù)操作使用@Transaction注解
* 如果時多個數(shù)據(jù)源 使用 @Transaction(name={"ds1","ds2"})
* 數(shù)據(jù)源的名字和application.properties 里對應(yīng)
*/
@POST
@Transaction
public User save(User user����,UserInfo info) {
return user.save() && info.save();
}
} 對Api進行權(quán)限控制
1. 設(shè)計權(quán)限數(shù)據(jù)結(jié)構(gòu)
DROP TABLE IF EXISTS sec_user;
CREATE TABLE sec_user (
id BIGINT NOT NULL AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL COMMENT '登錄名',
providername VARCHAR(50) NOT NULL COMMENT '提供者',
email VARCHAR(200) COMMENT '郵箱',
mobile VARCHAR(50) COMMENT '手機',
password VARCHAR(200) NOT NULL COMMENT '密碼',
avatar_url VARCHAR(255) COMMENT '頭像',
first_name VARCHAR(10) COMMENT '名字',
last_name VARCHAR(10) COMMENT '姓氏',
full_name VARCHAR(20) COMMENT '全名',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
updated_at TIMESTAMP NULL ON UPDATE CURRENT_TIMESTAMP,
deleted_at TIMESTAMP NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='用戶';
DROP TABLE IF EXISTS sec_user_info;
CREATE TABLE sec_user_info (
id BIGINT NOT NULL AUTO_INCREMENT PRIMARY KEY,
user_id BIGINT NOT NULL COMMENT '用戶id',
creator_id BIGINT COMMENT '創(chuàng)建者id',
gender INT DEFAULT 0 COMMENT '性別0男��,1女',
province_id BIGINT COMMENT '省id',
city_id BIGINT COMMENT '市id',
county_id BIGINT COMMENT '縣id',
street VARCHAR(500) COMMENT '街道',
zip_code VARCHAR(50) COMMENT '郵編',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
updated_at TIMESTAMP NULL ON UPDATE CURRENT_TIMESTAMP,
deleted_at TIMESTAMP NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='用戶信息';
DROP TABLE IF EXISTS sec_role;
CREATE TABLE sec_role (
id BIGINT NOT NULL AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(50) NOT NULL COMMENT '名稱',
value VARCHAR(50) NOT NULL COMMENT '值',
intro VARCHAR(255) COMMENT '簡介',
pid BIGINT DEFAULT 0 COMMENT '父級id',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
updated_at TIMESTAMP NULL ON UPDATE CURRENT_TIMESTAMP,
deleted_at TIMESTAMP NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='角色';
DROP TABLE IF EXISTS sec_user_role;
CREATE TABLE sec_user_role (
id BIGINT NOT NULL AUTO_INCREMENT PRIMARY KEY,
user_id BIGINT NOT NULL,
role_id BIGINT NOT NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='用戶角色';
DROP TABLE IF EXISTS sec_permission;
CREATE TABLE sec_permission (
id BIGINT NOT NULL AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(50) NOT NULL COMMENT '名稱',
method VARCHAR(10) NOT NULL COMMENT '方法',
value VARCHAR(50) NOT NULL COMMENT '值',
url VARCHAR(255) COMMENT 'url地址',
intro VARCHAR(255) COMMENT '簡介',
pid BIGINT DEFAULT 0 COMMENT '父級id',
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL,
updated_at TIMESTAMP NULL ON UPDATE CURRENT_TIMESTAMP,
deleted_at TIMESTAMP NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='權(quán)限';
DROP TABLE IF EXISTS sec_role_permission;
CREATE TABLE sec_role_permission (
id BIGINT NOT NULL AUTO_INCREMENT PRIMARY KEY,
role_id BIGINT NOT NULL,
permission_id BIGINT NOT NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='角色權(quán)限';
2. 實現(xiàn)AuthenticateService權(quán)限數(shù)據(jù)加載接口
public class MyAuthenticateService implements AuthenticateService {
/**
* 查詢用戶信息
* @param username 登錄的用戶名
* @return 用戶權(quán)限對象
*/
public Principal getPrincipal(String username) {
Principal<User> principal=null;
User u = User.dao.findBy("username=?", username);
if (u != null) {
principal = new Principal<User>(u.getStr("username"), u.getStr("password"), new HashSet<String>(u.getPermissions()), u);
}
return principal;
}
/**
* 加載全部的權(quán)限信息
* @return 權(quán)限集合
*/
public Set<Credential> getAllCredentials() {
List<Permission> permissions = Permission.dao.findBy("deleted_at is null");
Set<Credential> credentials = new HashSet<Credential>();
for (Permission permission : permissions) {
credentials.add(new Credential(permission.getStr("method"), permission.getStr("url"), permission.getStr("value")));
}
return credentials;
}
}3. 在AppConfig里配置SecurityInterceptor權(quán)限攔截器
public void configInterceptor(InterceptorLoader interceptorLoader) {
//權(quán)限攔截器 2表示用戶登錄的最大session數(shù)量 MyAuthenticateService 數(shù)據(jù)加載實現(xiàn)類
interceptorLoader.add(new SecurityInterceptor(2, new MyAuthenticateService()));
}4. 模擬的用戶數(shù)據(jù)
-- create role--
INSERT INTO sec_role(name, value, intro, pid,created_at)
VALUES ('超級管理員','R_ADMIN','',0, current_timestamp),
('銷售','R_SALER','',1,current_timestamp),
('財務(wù)','R_FINANCER','',1,current_timestamp),
('設(shè)置','R_SETTER','',1,current_timestamp);
-- create permission--
INSERT INTO sec_permission( name,method, value, url, intro,pid, created_at)
VALUES ('訂單','*','P_ORDER','/api/v1.0/orders/**','訂單訪問權(quán)限',0,current_timestamp),
('銷售','*','P_SALE','/api/v1.0/sales/**','銷售訪問權(quán)限',0,current_timestamp),
('財務(wù)','*','P_FINANCE','/api/v1.0/finances/**','財務(wù)訪問權(quán)限',0,current_timestamp),
('倉庫','*','P_STORE','/api/v1.0/stores/**','倉庫訪問權(quán)限',0,current_timestamp),
('設(shè)置','*','P_SETTING','/api/v1.0/settings/**','設(shè)置訪問權(quán)限',0,current_timestamp);
INSERT INTO sec_role_permission(role_id, permission_id)
VALUES (1,1),(1,2),(1,3),(1,4),(1,5),
(2,1),(2,2),(2,4),
(3,1),(3,2),(3,3),(3,4),
(4,5);
-- user data--
-- create admin--
INSERT INTO sec_user(username, providername, email, mobile, password, avatar_url, first_name, last_name, full_name, created_at)
VALUES ('admin','dreampie','<a href="https://dreampie.gitbooks.io/cdn-cgi/l/email-protection" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" target="_blank" >[email protected]</a>','18611434500','a217d8ac340ee5da8098bff32a5769ebad5d4cfd74adebe6c7020db4dc4c3df517f56f6bc41882deb47814bd060db6f1e225219b095d7906d2115ba9e8ab80a0','','仁輝','王','仁輝·王',current_timestamp),
('saler','dreampie','<a href="https://dreampie.gitbooks.io/cdn-cgi/l/email-protection" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" target="_blank" >[email protected]</a>','18611434500','a217d8ac340ee5da8098bff32a5769ebad5d4cfd74adebe6c7020db4dc4c3df517f56f6bc41882deb47814bd060db6f1e225219b095d7906d2115ba9e8ab80a0','','仁輝','王','仁輝·王',current_timestamp),
('financer','dreampie','<a href="https://dreampie.gitbooks.io/cdn-cgi/l/email-protection" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" target="_blank" >[email protected]</a>','18611434500','a217d8ac340ee5da8098bff32a5769ebad5d4cfd74adebe6c7020db4dc4c3df517f56f6bc41882deb47814bd060db6f1e225219b095d7906d2115ba9e8ab80a0','','仁輝','王','仁輝·王',current_timestamp),
('setter','dreampie','<a href="https://dreampie.gitbooks.io/cdn-cgi/l/email-protection" rel="external nofollow" rel="external nofollow" rel="external nofollow" rel="external nofollow" target="_blank" >[email protected]</a>','18611434500','a217d8ac340ee5da8098bff32a5769ebad5d4cfd74adebe6c7020db4dc4c3df517f56f6bc41882deb47814bd060db6f1e225219b095d7906d2115ba9e8ab80a0','','仁輝','王','仁輝·王',current_timestamp);
-- create user_info--
INSERT INTO sec_user_info(user_id, creator_id, gender,province_id,city_id,county_id,street,created_at)
VALUES (1,0,0,1,2,3,'人民大學(xué)',current_timestamp),
(2,0,0,1,2,3,'人民大學(xué)',current_timestamp),
(3,0,0,1,2,3,'人民大學(xué)',current_timestamp),
(4,0,0,1,2,3,'人民大學(xué)',current_timestamp);
-- create user_role--
INSERT INTO sec_user_role( user_id, role_id)
VALUES (1,1),(2,2),(3,3),(4,4);關(guān)于“基于resty security的Api權(quán)限控制與事務(wù)支持的方法”這篇文章的內(nèi)容就介紹到這里�,感謝各位的閱讀!相信大家對“基于resty security的Api權(quán)限控制與事務(wù)支持的方法”知識都有一定的了解���,大家如果還想學(xué)習(xí)更多知識�,歡迎關(guān)注億速云行業(yè)資訊頻道���。
