一、授权demo:
1、资源权限:
@RequestMapping("/menu")
@RestController
public class MenuManageController {@RequestMapping("/test")public String test(){return "这是菜单管理";}
}@RequestMapping("/role")
@RestController
public class RoleManageController {@RequestMapping("/test")public String test(){return "这是角色管理";}
}@RequestMapping("/school")
@RestController
public class SchoolManageController {@RequestMapping("/test")public String test(){return "这是学校管理";}
}@RequestMapping("/user")
@RestController
public class UserController {@RequestMapping("/test")public String test(){return "这是user test";}
}
2、资源权限控制:在配置文件的configure(HttpSecurity http)验证规则方法中添加权限控制:
这里用的是hasAuthority / hasAnyAuthority,资源匹配,也可以使用角色匹配。
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{/*** 设置 HTTP 验证规则* @param http* @throws Exception*/@Overrideprotected void configure(HttpSecurity http) throws Exception{http.authorizeRequests().antMatchers("/school/**").hasAuthority("school_manage").antMatchers("/menu/**").hasAnyAuthority("menu_manage","role_manage").antMatchers("/role/**").hasAuthority("role_manage").antMatchers("/user/**").permitAll().anyRequest().authenticated().and().formLogin();}
}
3、身份认证
4、授权:
最后启动项目测试:
(1)无需权限校验,如这里/user/**接口,访问localhost:8089/securityDemo/user/test无需登陆直接返回接口信息;
(2)