GetStart
1. 快速启动
跟着下面的教程来就可以了,但是我们还是给了个demo:
1.1 引入依赖
<dependency>
<groupId>cn.katool.security</groupId>
<artifactId>katool-security-spring-boot-starter</artifactId>
<version>1.1.0.RELEASE</version>
</dependency>
1.1 User类Demo
package cn.katool.security.demo.boot.simple.config;
import cn.katool.security.core.annotation.AuthPrimary;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
import java.util.List;
@Data
@AllArgsConstructor
@NoArgsConstructor
public class User{
@AuthPrimary
String username;
String password;
List<String> userRoles;
List<String> userPermissions;
}
1.2 实现AuthConfig.java
这里我直接拿控制中台的Config来用
package cn.katool.security.demo.boot.simple.config;
import cn.katool.security.logic.KaToolSecurityAuthLogicContainer;
import cn.katool.security.starter.utils.KaSecurityAuthUtil;
import org.springframework.context.annotation.Bean;
import org.springframework.stereotype.Component;
import cn.katool.security.logic.KaSecurityAuthLogic;
import java.util.List;
@Component
public class AuthConfig extends KaSecurityAuthUtil<User> implements KaSecurityAuthLogic<User>{
@Override
public List<String> getUserRoleList() {
// 正常情况下建议用int或者枚举进行映射
return this.getPayLoad().getUserRoles();
}
@Override
public List<String> getUserPermissionCodeList() {
// 正常情况下应该是有专门的权限服务或者读取配置来获取
return this.getPayLoad().getUserPermissions();
}
@Bean
@Override
public void loadPlugin() {
// 加载自定义插件
KaToolSecurityAuthLogicContainer.insert(0,this);
}
}
1.3 控制层编写
package cn.katool.security.demo.boot.simple.controller;
import cn.katool.security.core.annotation.AuthCheck;
import cn.katool.security.core.annotation.AuthControllerCheck;
import cn.katool.security.core.constant.KaSecurityAuthCheckMode;
import cn.katool.security.demo.boot.simple.config.User;
import cn.katool.security.starter.utils.KaSecurityAuthUtil;
import cn.katool.util.auth.AuthUtil;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.annotation.Resource;
@RestController
@RequestMapping("/checklogin")
@AuthControllerCheck(onlyCheckLogin = true,
excludeMethods = {"exclude(String testName)","touchToken(User user)"}
)
public class CheckLoginTestController {
@GetMapping
@AuthCheck
public String lock() {
return "不出意外这个接口需要检查登录";
}
@GetMapping("/unclude")
public String exclude(String testName) {
return "这个接口是排除了的";
}
@GetMapping("/valid/role/any")
@AuthCheck(anyRole = {"user","admin"})
public String validUserRole() {
return "访问成功";
}
@GetMapping("/valid/role/must")
@AuthCheck(mustRole = {"admin"})
public String validUserRole2() {
return "访问成功";
}
@GetMapping("/valid/role/or")
@AuthCheck(anyRole = {"user","admin"}, mustRole = {"test"},roleMode = KaSecurityAuthCheckMode.OR)
public String validUserRole3() {
return "访问成功";
}
@GetMapping("/valid/role/and")
@AuthCheck(anyRole = {"user","admin"}, mustRole = {"test"},roleMode = KaSecurityAuthCheckMode.AND)
public String validUserRole4() {
return "访问成功";
}
@GetMapping("/valid/permission/any")
@AuthCheck(anyPermissionCodes = {"user:read","admin:write"})
public String validUserPermission() {
return "访问成功";
}
@GetMapping("/valid/permission/must")
@AuthCheck(mustPermissionCodes = {"admin:write"})
public String validUserPermission2() {
return "访问成功";
}
@GetMapping("/valid/permission/or")
@AuthCheck(anyPermissionCodes = {"user:read","admin:write"}, mustPermissionCodes = {"test:delete"},permissionMode = KaSecurityAuthCheckMode.OR)
public String validUserPermission3() {
return "访问成功";
}
@GetMapping("/valid/permission/and")
@AuthCheck(anyPermissionCodes = {"user:read","admin:write"}, mustPermissionCodes = {"test:delete"},permissionMode = KaSecurityAuthCheckMode.AND)
public String validUserPermission4() {
return "访问成功";
}
@GetMapping("/valid/mix/any")
@AuthCheck(anyRole = {"user","admin"}, anyPermissionCodes = {"user:read","admin:write"})
public String validUserMix() {
return "访问成功";
}
@GetMapping("/valid/mix/must")
@AuthCheck(mustRole = {"admin"}, mustPermissionCodes = {"admin:write"})
public String validUserMix2() {
return "访问成功";
}
@GetMapping("/valid/mix/or")
@AuthCheck(anyRole = {"user","admin"}, anyPermissionCodes = {"user:read","admin:write"}, mustRole = {"test"}, mustPermissionCodes = {"test:delete"}, roleMode = KaSecurityAuthCheckMode.OR, permissionMode = KaSecurityAuthCheckMode.OR)
public String validUserMix3() {
return "访问成功";
}
@GetMapping("/valid/mix/and")
@AuthCheck(anyRole = {"user","admin"}, anyPermissionCodes = {"user:read","admin:write"}, mustRole = {"test"}, mustPermissionCodes = {"test:delete"},
roleMode = KaSecurityAuthCheckMode.AND, permissionMode = KaSecurityAuthCheckMode.AND
)
public String validUserMix4() {
return "访问成功";
}
@Resource
KaSecurityAuthUtil<User> util;
@GetMapping("/touch/token")
public String touchToken(User user) {
String token = util.login(user);
return token;
}
}
在这里,我们用了@AuthControllerChech和@AuthCheck两个注解,除此之外还有个@AuthServiceCheck,这三个注解都是起到了鉴权的作用,其中
@AuthControllerCheck和@AuthServiceCheck互斥,@AuthCheck优先级最高
1.4 启动项目
到这里,一个简单的鉴权流程就已经做好了,你可以跑起来试一试。
注意点
由于内部使用了封装好的Katool.AuthUtil,其中有自动创建jwt-token的代码,如何需要重新设定SALT,可以参考 KaTool::AuthUtil
目前本框架仅支持Bearer形式的Authorization请求头,且是按照jwt进行运算,如果您采用的是其他方法,我们建议重写个KaSecurityAuthUtil类或者换用其他框架