在认证后进行授权需要根据用户id查询到用户的权限,写法如下:
编写用户、角色、权限实体类
//用户类
/**
* @Author yqq
* @Date 2022/05/17 22:47
* @Version 1.0
*/
public class Users {
private Integer uid;
private String username;
private String password;
private String phone;
}
//角色类
public class Role {
private Integer rid;
private String rolename;
private String roledesc;
}
//权限类
public class Permission {
private Integer pid;
private String permissionname;
private String url;编写UserMapper接口
public interface UsersMapper extends BaseMapper<Users> {
List<Permission> findPermissionByUserName(String username);
}在resources目录中编写UsersMapper的映射文件
<select id="findPermissionByUserName" resultType="com.neu.model.Permission">
SELECT
p.pid,p.permissionName,p.url
FROM
users u
LEFT JOIN users_role ur ON u.uid = ur.uid
LEFT JOIN role r ON ur.rid = r.rid
LEFT JOIN role_permission rp ON r.rid = rp.rid
LEFT JOIN permission p ON rp.pid = p.pid
WHERE username = #{username}
</select>测试
public class MapperTest {
private UsersMapper usersMapper;
public void test(){
List<Permission> permissions = usersMapper.findPermissionByUserName("yqq");
permissions.forEach(System.out::println);
}
}
认证成功后把权限封装GrantedAuthority类
public class MyUserDetailService implements UserDetailsService {
private UsersMapper usersMapper;
//自定义认证逻辑
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//1 构造查询条件
QueryWrapper<Users> wrapper = new QueryWrapper<Users>().eq("username", username);
//2 查询用户
Users users = usersMapper.selectOne(wrapper);
if (users == null)
return null;
//3 查询用户权限
List<Permission> permissions = usersMapper.findPermissionByUserName(username);
//4 将自定义权限集合转换为Security的权限类型集合
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
permissions.forEach(e -> {
grantedAuthorities.add(new SimpleGrantedAuthority(e.getUrl()));
});
//5 封装为UserDetails对象
UserDetails userDetails = User.withUsername(users.getUsername())
.password(users.getPassword())
.authorities(grantedAuthorities)
.build();
//6 返回封装好的userDetails对象
return userDetails;
}
}
