💩 更改有问题的代码

2025-07-14 21:59:16 +08:00 · 2025-07-14 21:59:16 +08:00 · b66d0e02da
parent 0b3c1f59e5
commit b66d0e02da
9 changed files with 40 additions and 18 deletions
--- a/spring-security/step-2/src/main/java/com/spring/step2/config/Knife4jConfig.java
+++ b/spring-security/step-2/src/main/java/com/spring/step2/config/Knife4jConfig.java
@ -46,4 +46,9 @@ public class Knife4jConfig {
    public GroupedOpenApi security() {
        return GroupedOpenApi.builder().group("security接口").pathsToMatch("/api/security/**").build();
    }
+
+    @Bean
+    public GroupedOpenApi test() {
+        return GroupedOpenApi.builder().group("测试接口").pathsToMatch("/api/test/**").build();
+    }
 }
--- a/spring-security/step-2/src/main/java/com/spring/step2/controller/PermissionController.java
+++ b/spring-security/step-2/src/main/java/com/spring/step2/controller/PermissionController.java
@ -27,7 +27,7 @@ import java.util.List;
 */
@Tag(name = "系统权限表", description = "系统权限表相关接口")
@RestController
-@RequestMapping(value = "/api/permission", method = RequestMethod.DELETE)
+@RequestMapping(value = "/api/permission")
@RequiredArgsConstructor
 public class PermissionController {

--- a/spring-security/step-2/src/main/java/com/spring/step2/controller/RoleController.java
+++ b/spring-security/step-2/src/main/java/com/spring/step2/controller/RoleController.java
@ -11,6 +11,7 @@ import com.spring.step2.service.RoleService;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.tags.Tag;
+import jakarta.annotation.security.PermitAll;
 import jakarta.validation.Valid;
 import lombok.RequiredArgsConstructor;
 import org.springframework.web.bind.annotation.*;
@ -47,6 +48,7 @@ public class RoleController {
        return Result.success(pageResult);
    }

+    @PermitAll
    @Operation(summary = "获取全部角色列表", description = "获取全部角色列表")
    @GetMapping("all")
    public Result<List<RoleVo>> getRoleList() {
--- a/spring-security/step-2/src/main/java/com/spring/step2/exception/GlobalExceptionHandler.java
+++ b/spring-security/step-2/src/main/java/com/spring/step2/exception/GlobalExceptionHandler.java
@ -5,6 +5,7 @@ import com.spring.step2.domain.vo.result.Result;
 import com.spring.step2.domain.vo.result.ResultCodeEnum;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.context.support.DefaultMessageSourceResolvable;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.MethodArgumentNotValidException;
 import org.springframework.web.bind.annotation.ExceptionHandler;
@ -103,4 +104,10 @@ public class GlobalExceptionHandler {
            return Result.error(ResultCodeEnum.UNKNOWN_EXCEPTION);
        }
    }
+
+    // 处理无权访问异常
+    @ExceptionHandler(AccessDeniedException.class)
+    public Result<String> handleAccessDenied(AccessDeniedException exception) {
+        return Result.error(exception.getMessage(), ResultCodeEnum.FAIL_NO_ACCESS_DENIED);
+    }
 }
--- a/spring-security/step-2/src/main/java/com/spring/step2/security/config/SecurityWebConfiguration.java
+++ b/spring-security/step-2/src/main/java/com/spring/step2/security/config/SecurityWebConfiguration.java
@ -48,12 +48,12 @@ public class SecurityWebConfiguration {
                        .permitAll()
                )
                .csrf(AbstractHttpConfigurer::disable)
-                .exceptionHandling(configurer -> configurer
-                        // 自定无权访问返回内容
-                        .accessDeniedHandler(new SecurityAccessDeniedHandler())
-                        // 自定义未授权返回内容
-                        .authenticationEntryPoint(new SecurityAuthenticationEntryPoint())
-                )
+                .exceptionHandling(exception -> {
+                    // 请求未授权接口
+                    exception.authenticationEntryPoint(new SecurityAuthenticationEntryPoint());
+                    // 没有权限访问
+                    exception.accessDeniedHandler(new SecurityAccessDeniedHandler());
+                })
        ;

        return http.build();
--- a/spring-security/step-2/src/main/java/com/spring/step2/security/handler/SecurityAccessDeniedHandler.java
+++ b/spring-security/step-2/src/main/java/com/spring/step2/security/handler/SecurityAccessDeniedHandler.java
@ -14,12 +14,13 @@ import java.io.IOException;

@Slf4j
 public class SecurityAccessDeniedHandler implements AccessDeniedHandler {
+    
    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException {
-        log.error("CustomerAccessDeniedHandler:{}", accessDeniedException.getLocalizedMessage());
+        log.error("SecurityAccessDeniedHandler:{}", accessDeniedException.getLocalizedMessage());

        // 无权访问接口
-        Result<Object> result = Result.error(accessDeniedException.getMessage(), ResultCodeEnum.FAIL_NO_ACCESS_DENIED);
+        Result<Object> result = Result.error(accessDeniedException.getMessage(), ResultCodeEnum.LOGIN_AUTH);

        // 转成JSON格式
        Object json = JSON.toJSON(result);
--- a/spring-security/step-2/src/main/java/com/spring/step2/security/handler/SecurityAuthenticationEntryPoint.java
+++ b/spring-security/step-2/src/main/java/com/spring/step2/security/handler/SecurityAuthenticationEntryPoint.java
@ -16,7 +16,7 @@ public class SecurityAuthenticationEntryPoint implements AuthenticationEntryPoin

    @Override
    public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException {
-        log.error("CustomerAccessDeniedHandler:{}", authException.getLocalizedMessage());
+        log.error("SecurityAuthenticationEntryPoint:{}", authException.getLocalizedMessage());

        // 未认证---未登录
        Result<Object> result = Result.error(authException.getMessage(), ResultCodeEnum.LOGIN_AUTH);
--- a/spring-security/step-2/src/main/java/com/spring/step2/security/service/DbUserDetailService.java
+++ b/spring-security/step-2/src/main/java/com/spring/step2/security/service/DbUserDetailService.java
@ -6,6 +6,7 @@ import com.spring.step2.domain.entity.RoleEntity;
 import com.spring.step2.domain.entity.UserEntity;
 import com.spring.step2.mapper.UserMapper;
 import lombok.RequiredArgsConstructor;
+import org.apache.commons.lang3.ArrayUtils;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
@ -40,19 +41,20 @@ public class DbUserDetailService implements UserDetailsService {

        // 设置用户权限
        List<String> permissionsByUserId = findPermissionByUserId(userId);
-        String[] authorities = permissionsByUserId.toArray(String[]::new);
+        String[] permissions = permissionsByUserId.toArray(String[]::new);

        // 也可以转成下面的形式
-        // List<String> authorities = permissionsByUserId.stream()
+        // List<String> permissions = permissionsByUserId.stream()
        //         .map(SimpleGrantedAuthority::new)
        //         .toList();

+        String[] authorities = ArrayUtils.addAll(roles, permissions);
+
+        // 设置用户权限
        return User.builder()
                .username(userEntity.getUsername())
                .password(userEntity.getPassword())
-                // 设置用户角色
-                .roles(roles)
-                // 设置用户权限
+                // 设置用户 authorities
                .authorities(authorities)
                .build();
    }
--- a/spring-security/step-2/src/main/resources/mapper/UserMapper.xml
+++ b/spring-security/step-2/src/main/resources/mapper/UserMapper.xml
@ -59,9 +59,14 @@

    <!-- 根据用户id查找该用户的角色内容 -->
    <select id="selectRolesByUserId" resultType="com.spring.step2.domain.entity.RoleEntity">
-        select *
-        from t_user_role tur
-                 join t_role tr on tur.role_id = tr.id
+        SELECT tr.*
+        FROM t_user_role tur
+        JOIN t_role tr ON tur.role_id = tr.id
+        <where>
+            <if test="userId != null">
+                tur.user_id = #{userId}
+            </if>
+        </where>
    </select>

 </mapper>