✨ 模板元注解的深入使用

2025-07-15 09:19:43 +08:00 · 2025-07-15 09:19:43 +08:00 · 459739b212
parent fae4d505de
commit 459739b212
11 changed files with 156 additions and 17 deletions
--- a/spring-security/ReadMe.md
+++ b/spring-security/ReadMe.md
@ -1078,6 +1078,35 @@ public @interface UserOrPermission {
 public Report getReport(Long id) { ... }
 ```
 **自定义Any模板元注解**
 如果需要自定义任意权限都可通过需要引入下面的内容。
 ```java
@Bean
 static PrePostTemplateDefaults prePostTemplateDefaults() {
 	return new PrePostTemplateDefaults();
 }
 ```
 **示例**
 ```java
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@PreAuthorize("hasAnyAuthority({auth})")
 public @interface HasAnyAuthority {
    String[] auth();
 }
@HasAnyAuthority(auth = {"'USER'", "'ADMIN'"})
@Operation(summary = "拥有 HasAnyXXX 的角色可以访问", description = "当前用户拥有 HasAnyXXX 角色可以访问这个接口")
@GetMapping("role-user")
 public Result<String> roleUser() {
    return Result.success();
 }
 ```
 ### 4. 其他注解支持
 #### JSR-250注解
--- a/spring-security/step-2/src/main/java/com/spring/step2/config/Knife4jConfig.java
+++ b/spring-security/step-2/src/main/java/com/spring/step2/config/Knife4jConfig.java
@ -47,13 +47,4 @@ public class Knife4jConfig {
        return GroupedOpenApi.builder().group("security接口").pathsToMatch("/api/security/**").build();
    }
    @Bean
    public GroupedOpenApi test() {
        return GroupedOpenApi.builder().group("测试接口").pathsToMatch("/api/test/**").build();
    }
    @Bean
    public GroupedOpenApi testAdmin() {
        return GroupedOpenApi.builder().group("测试包含管理员接口").pathsToMatch("/api/test-admin/**").build();
    }
 }
--- a/spring-security/step-2/src/main/java/com/spring/step2/controller/test/CheckController.java
+++ b/spring-security/step-2/src/main/java/com/spring/step2/controller/test/CheckController.java
@ -1,4 +1,4 @@
-package com.spring.step2.controller;
+package com.spring.step2.controller.test;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
--- a/spring-security/step-2/src/main/java/com/spring/step2/controller/test/SecurityAdminController.java
+++ b/spring-security/step-2/src/main/java/com/spring/step2/controller/test/SecurityAdminController.java
@ -0,0 +1,41 @@
 package com.spring.step2.controller.test;
 import com.spring.step2.domain.vo.result.Result;
 import com.spring.step2.security.annotation.IsAdmin;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@Tag(name = "ADMIN接口", description = "只要包含 Admin 角色都可以访问")
@Slf4j
@RestController
@RequestMapping("/api/security/admin")
 public class SecurityAdminController {
    @IsAdmin
    @Operation(summary = "拥有 IsAdmin 的角色可以访问", description = "当前用户拥有 IsAdmin 角色可以访问这个接口")
    @GetMapping("role-user")
    public Result<String> roleUser() {
        return Result.success();
    }
    @IsAdmin
    @Operation(summary = "拥有 IsAdmin 的角色可以访问", description = "当前用户拥有 IsAdmin 角色可以访问这个接口")
    @GetMapping("upper-user")
    public Result<String> upperUser() {
        String data = "是区分大小写的";
        return Result.success(data);
    }
    @IsAdmin
    @Operation(summary = "拥有 IsAdmin 的角色可以访问", description = "当前用户拥有 IsAdmin 角色可以访问这个接口")
    @GetMapping("lower-user")
    public Result<String> lowerUser() {
        String data = "如果是大写，但是在这里是小写无法访问";
        return Result.success(data);
    }
 }
--- a/spring-security/step-2/src/main/java/com/spring/step2/controller/test/SecurityController.java
+++ b/spring-security/step-2/src/main/java/com/spring/step2/controller/test/SecurityController.java
@ -10,11 +10,11 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
-@Tag(name = "测试接口", description = "测试用的接口")
+@Tag(name = "NORMAl接口", description = "测试用的NORMAl接口")
@Slf4j
@RestController
-@RequestMapping("/api/test")
+@RequestMapping("/api/security/normal")
-public class TestController {
+public class SecurityController {
    @PreAuthorize("hasAuthority('role::read')")
    @Operation(summary = "拥有 role:read 的角色可以访问", description = "当前用户拥有 role:read 角色可以访问这个接口")
--- a/spring-security/step-2/src/main/java/com/spring/step2/controller/test/SecurityHasAnyAuthorityController.java
+++ b/spring-security/step-2/src/main/java/com/spring/step2/controller/test/SecurityHasAnyAuthorityController.java
@ -0,0 +1,40 @@
 package com.spring.step2.controller.test;
 import com.spring.step2.domain.vo.result.Result;
 import com.spring.step2.security.annotation.HasAnyAuthority;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@Tag(name = "ANY ROLES", description = "只要包含 ANY 角色都可以访问")
@Slf4j
@RestController
@RequestMapping("/api/security/any")
 public class SecurityHasAnyAuthorityController {
    @HasAnyAuthority(auth = {"'USER'", "'ADMIN'"})
    @Operation(summary = "拥有 HasAnyXXX 的角色可以访问", description = "当前用户拥有 HasAnyXXX 角色可以访问这个接口")
    @GetMapping("role-user")
    public Result<String> roleUser() {
        return Result.success();
    }
    @HasAnyAuthority(auth = {"'USER'", "'ADMIN'"})
    @Operation(summary = "拥有 HasAnyXXX 的角色可以访问", description = "当前用户拥有 HasAnyXXX 角色可以访问这个接口")
    @GetMapping("upper-user")
    public Result<String> upperUser() {
        String data = "是区分大小写的";
        return Result.success(data);
    }
    @HasAnyAuthority(auth = {"'USER'", "'ADMIN'"})
    @Operation(summary = "拥有 HasAnyXXX 的角色可以访问", description = "当前用户拥有 HasAnyXXX 角色可以访问这个接口")
    @GetMapping("lower-user")
    public Result<String> lowerUser() {
        String data = "如果是大写，但是在这里是小写无法访问";
        return Result.success(data);
    }
 }
--- a/spring-security/step-2/src/main/java/com/spring/step2/controller/test/SecurityUserController.java
+++ b/spring-security/step-2/src/main/java/com/spring/step2/controller/test/SecurityUserController.java
@ -9,11 +9,11 @@ import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
-@Tag(name = "测试包含 USER 接口", description = "只要包含 USER 角色都可以访问")
+@Tag(name = "USER测试", description = "只要包含 USER 角色都可以访问")
@Slf4j
@RestController
-@RequestMapping("/api/test-admin")
+@RequestMapping("/api/security/user")
-public class TestAdminController {
+public class SecurityUserController {
    @HasUSERAuthorize("role:read")
    @Operation(summary = "拥有 role:read 的角色可以访问", description = "当前用户拥有 role:read 角色可以访问这个接口")
--- a/spring-security/step-2/src/main/java/com/spring/step2/security/annotation/HasAnyAuthority.java
+++ b/spring-security/step-2/src/main/java/com/spring/step2/security/annotation/HasAnyAuthority.java
@ -0,0 +1,15 @@
 package com.spring.step2.security.annotation;
 import org.springframework.security.access.prepost.PreAuthorize;
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@PreAuthorize("hasAnyAuthority({auth})")
 public @interface HasAnyAuthority {
    String[] auth();
 }
--- a/spring-security/step-2/src/main/java/com/spring/step2/security/annotation/IsAdmin.java
+++ b/spring-security/step-2/src/main/java/com/spring/step2/security/annotation/IsAdmin.java
@ -0,0 +1,17 @@
 package com.spring.step2.security.annotation;
 import org.springframework.security.access.prepost.PreAuthorize;
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
 import java.lang.annotation.Target;
 /**
 * 判断当前是否是Admin用户
 */
@Target({ElementType.METHOD, ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@PreAuthorize("hasAuthority('ADMIN')")
 public @interface IsAdmin {
 }
--- a/spring-security/step-2/src/main/java/com/spring/step2/security/config/SecurityConfiguration.java
+++ b/spring-security/step-2/src/main/java/com/spring/step2/security/config/SecurityConfiguration.java
@ -3,6 +3,7 @@ package com.spring.step2.security.config;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authorization.method.PrePostTemplateDefaults;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
@ -13,6 +14,11 @@ import org.springframework.security.provisioning.InMemoryUserDetailsManager;
@Configuration
 public class SecurityConfiguration {
    @Bean
    PrePostTemplateDefaults prePostTemplateDefaults() {
        return new PrePostTemplateDefaults();
    }
    /**
     * 添加内存用户
     *
--- a/spring-security/step-2/src/main/resources/templates/index.html
+++ b/spring-security/step-2/src/main/resources/templates/index.html
@ -379,7 +379,7 @@
            </div>
            <ul class="nav-links">
                <li><a href="#features">特性</a></li>
-                <li><a href="#docs" target="_blank">文档</a></li>
+                <li><a href="#docs">文档</a></li>
                <li><a href="/user" target="_blank">用户管理</a></li>
                <li><a href="/login" target="_blank">登录</a></li>
            </ul>