From b66d0e02da504e2cdc28a79e5b457cf1b3d9b633 Mon Sep 17 00:00:00 2001 From: bunny <1319900154@qq.com> Date: Mon, 14 Jul 2025 21:59:16 +0800 Subject: [PATCH] =?UTF-8?q?:poop:=20=E6=9B=B4=E6=94=B9=E6=9C=89=E9=97=AE?= =?UTF-8?q?=E9=A2=98=E7=9A=84=E4=BB=A3=E7=A0=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/com/spring/step2/config/Knife4jConfig.java | 5 +++++ .../step2/controller/PermissionController.java | 2 +- .../com/spring/step2/controller/RoleController.java | 2 ++ .../step2/exception/GlobalExceptionHandler.java | 7 +++++++ .../security/config/SecurityWebConfiguration.java | 12 ++++++------ .../handler/SecurityAccessDeniedHandler.java | 5 +++-- .../handler/SecurityAuthenticationEntryPoint.java | 2 +- .../step2/security/service/DbUserDetailService.java | 12 +++++++----- .../step-2/src/main/resources/mapper/UserMapper.xml | 11 ++++++++--- 9 files changed, 40 insertions(+), 18 deletions(-) diff --git a/spring-security/step-2/src/main/java/com/spring/step2/config/Knife4jConfig.java b/spring-security/step-2/src/main/java/com/spring/step2/config/Knife4jConfig.java index 1adf6da..1289cf3 100644 --- a/spring-security/step-2/src/main/java/com/spring/step2/config/Knife4jConfig.java +++ b/spring-security/step-2/src/main/java/com/spring/step2/config/Knife4jConfig.java @@ -46,4 +46,9 @@ public class Knife4jConfig { public GroupedOpenApi security() { return GroupedOpenApi.builder().group("security接口").pathsToMatch("/api/security/**").build(); } + + @Bean + public GroupedOpenApi test() { + return GroupedOpenApi.builder().group("测试接口").pathsToMatch("/api/test/**").build(); + } } diff --git a/spring-security/step-2/src/main/java/com/spring/step2/controller/PermissionController.java b/spring-security/step-2/src/main/java/com/spring/step2/controller/PermissionController.java index 19df679..9884b0f 100644 --- a/spring-security/step-2/src/main/java/com/spring/step2/controller/PermissionController.java +++ b/spring-security/step-2/src/main/java/com/spring/step2/controller/PermissionController.java @@ -27,7 +27,7 @@ import java.util.List; */ @Tag(name = "系统权限表", description = "系统权限表相关接口") @RestController -@RequestMapping(value = "/api/permission", method = RequestMethod.DELETE) +@RequestMapping(value = "/api/permission") @RequiredArgsConstructor public class PermissionController { diff --git a/spring-security/step-2/src/main/java/com/spring/step2/controller/RoleController.java b/spring-security/step-2/src/main/java/com/spring/step2/controller/RoleController.java index 1981074..98df044 100644 --- a/spring-security/step-2/src/main/java/com/spring/step2/controller/RoleController.java +++ b/spring-security/step-2/src/main/java/com/spring/step2/controller/RoleController.java @@ -11,6 +11,7 @@ import com.spring.step2.service.RoleService; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.Parameter; import io.swagger.v3.oas.annotations.tags.Tag; +import jakarta.annotation.security.PermitAll; import jakarta.validation.Valid; import lombok.RequiredArgsConstructor; import org.springframework.web.bind.annotation.*; @@ -47,6 +48,7 @@ public class RoleController { return Result.success(pageResult); } + @PermitAll @Operation(summary = "获取全部角色列表", description = "获取全部角色列表") @GetMapping("all") public Result> getRoleList() { diff --git a/spring-security/step-2/src/main/java/com/spring/step2/exception/GlobalExceptionHandler.java b/spring-security/step-2/src/main/java/com/spring/step2/exception/GlobalExceptionHandler.java index 900dbe1..c2e29cc 100644 --- a/spring-security/step-2/src/main/java/com/spring/step2/exception/GlobalExceptionHandler.java +++ b/spring-security/step-2/src/main/java/com/spring/step2/exception/GlobalExceptionHandler.java @@ -5,6 +5,7 @@ import com.spring.step2.domain.vo.result.Result; import com.spring.step2.domain.vo.result.ResultCodeEnum; import lombok.extern.slf4j.Slf4j; import org.springframework.context.support.DefaultMessageSourceResolvable; +import org.springframework.security.access.AccessDeniedException; import org.springframework.util.StringUtils; import org.springframework.web.bind.MethodArgumentNotValidException; import org.springframework.web.bind.annotation.ExceptionHandler; @@ -103,4 +104,10 @@ public class GlobalExceptionHandler { return Result.error(ResultCodeEnum.UNKNOWN_EXCEPTION); } } + + // 处理无权访问异常 + @ExceptionHandler(AccessDeniedException.class) + public Result handleAccessDenied(AccessDeniedException exception) { + return Result.error(exception.getMessage(), ResultCodeEnum.FAIL_NO_ACCESS_DENIED); + } } diff --git a/spring-security/step-2/src/main/java/com/spring/step2/security/config/SecurityWebConfiguration.java b/spring-security/step-2/src/main/java/com/spring/step2/security/config/SecurityWebConfiguration.java index d7ef03c..0782969 100644 --- a/spring-security/step-2/src/main/java/com/spring/step2/security/config/SecurityWebConfiguration.java +++ b/spring-security/step-2/src/main/java/com/spring/step2/security/config/SecurityWebConfiguration.java @@ -48,12 +48,12 @@ public class SecurityWebConfiguration { .permitAll() ) .csrf(AbstractHttpConfigurer::disable) - .exceptionHandling(configurer -> configurer - // 自定无权访问返回内容 - .accessDeniedHandler(new SecurityAccessDeniedHandler()) - // 自定义未授权返回内容 - .authenticationEntryPoint(new SecurityAuthenticationEntryPoint()) - ) + .exceptionHandling(exception -> { + // 请求未授权接口 + exception.authenticationEntryPoint(new SecurityAuthenticationEntryPoint()); + // 没有权限访问 + exception.accessDeniedHandler(new SecurityAccessDeniedHandler()); + }) ; return http.build(); diff --git a/spring-security/step-2/src/main/java/com/spring/step2/security/handler/SecurityAccessDeniedHandler.java b/spring-security/step-2/src/main/java/com/spring/step2/security/handler/SecurityAccessDeniedHandler.java index 04ecb9e..5c9ea6a 100644 --- a/spring-security/step-2/src/main/java/com/spring/step2/security/handler/SecurityAccessDeniedHandler.java +++ b/spring-security/step-2/src/main/java/com/spring/step2/security/handler/SecurityAccessDeniedHandler.java @@ -14,12 +14,13 @@ import java.io.IOException; @Slf4j public class SecurityAccessDeniedHandler implements AccessDeniedHandler { + @Override public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException accessDeniedException) throws IOException, ServletException { - log.error("CustomerAccessDeniedHandler:{}", accessDeniedException.getLocalizedMessage()); + log.error("SecurityAccessDeniedHandler:{}", accessDeniedException.getLocalizedMessage()); // 无权访问接口 - Result result = Result.error(accessDeniedException.getMessage(), ResultCodeEnum.FAIL_NO_ACCESS_DENIED); + Result result = Result.error(accessDeniedException.getMessage(), ResultCodeEnum.LOGIN_AUTH); // 转成JSON格式 Object json = JSON.toJSON(result); diff --git a/spring-security/step-2/src/main/java/com/spring/step2/security/handler/SecurityAuthenticationEntryPoint.java b/spring-security/step-2/src/main/java/com/spring/step2/security/handler/SecurityAuthenticationEntryPoint.java index cc1f048..fed3884 100644 --- a/spring-security/step-2/src/main/java/com/spring/step2/security/handler/SecurityAuthenticationEntryPoint.java +++ b/spring-security/step-2/src/main/java/com/spring/step2/security/handler/SecurityAuthenticationEntryPoint.java @@ -16,7 +16,7 @@ public class SecurityAuthenticationEntryPoint implements AuthenticationEntryPoin @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException { - log.error("CustomerAccessDeniedHandler:{}", authException.getLocalizedMessage()); + log.error("SecurityAuthenticationEntryPoint:{}", authException.getLocalizedMessage()); // 未认证---未登录 Result result = Result.error(authException.getMessage(), ResultCodeEnum.LOGIN_AUTH); diff --git a/spring-security/step-2/src/main/java/com/spring/step2/security/service/DbUserDetailService.java b/spring-security/step-2/src/main/java/com/spring/step2/security/service/DbUserDetailService.java index bdb7a0f..ffcd28c 100644 --- a/spring-security/step-2/src/main/java/com/spring/step2/security/service/DbUserDetailService.java +++ b/spring-security/step-2/src/main/java/com/spring/step2/security/service/DbUserDetailService.java @@ -6,6 +6,7 @@ import com.spring.step2.domain.entity.RoleEntity; import com.spring.step2.domain.entity.UserEntity; import com.spring.step2.mapper.UserMapper; import lombok.RequiredArgsConstructor; +import org.apache.commons.lang3.ArrayUtils; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; @@ -40,19 +41,20 @@ public class DbUserDetailService implements UserDetailsService { // 设置用户权限 List permissionsByUserId = findPermissionByUserId(userId); - String[] authorities = permissionsByUserId.toArray(String[]::new); + String[] permissions = permissionsByUserId.toArray(String[]::new); // 也可以转成下面的形式 - // List authorities = permissionsByUserId.stream() + // List permissions = permissionsByUserId.stream() // .map(SimpleGrantedAuthority::new) // .toList(); + String[] authorities = ArrayUtils.addAll(roles, permissions); + + // 设置用户权限 return User.builder() .username(userEntity.getUsername()) .password(userEntity.getPassword()) - // 设置用户角色 - .roles(roles) - // 设置用户权限 + // 设置用户 authorities .authorities(authorities) .build(); } diff --git a/spring-security/step-2/src/main/resources/mapper/UserMapper.xml b/spring-security/step-2/src/main/resources/mapper/UserMapper.xml index 9517d49..72fe4b3 100644 --- a/spring-security/step-2/src/main/resources/mapper/UserMapper.xml +++ b/spring-security/step-2/src/main/resources/mapper/UserMapper.xml @@ -59,9 +59,14 @@