hsweb提供了一个灵活的权限控制,设置方式,实现了多维度,可自定义的RBAC和数据权限控制.
<!--权限控制--><dependency><groupId>org.hswebframework.web</groupId><artifactId>hsweb-authorization-basic</artifactId><version>${hsweb.framework.version}</version></dependency>
在启动类上注解:@EnableAopAuthorize
@SpringBootApplication@MapperScan(basePackages = "com.mycompany.dao", markerInterface = Dao.class)@EnableAopAuthorize //开启AOP权限控制public class MyProjectApplication {public static void main(String[] args) {SpringApplication.run(MyProjectApplication.class, args);}}
在application.yml
中加入配置
hsweb:users:admin:name: 超级管理员username: adminpassword: adminroles: #用户的角色- id: adminname: 管理员- id: username: 用户permissions: # 用户的权限- id: test #权限标识,可以理解为资源actions: query,get,update,delete #用户持有对该资源的操作dataAccesses: # 数据权限配置,此配置表示在对test进行query操作的时候,不能查询password和salt字段- action: querytype: DENY_FIELDSfields:- password- salt
在TestController
中加入权限控制,在类上注解@Authorize(permission = "test")
@RestController@RequestMapping("/test")@Authorize(permission = "test")public class TestController implements SimpleGenericEntityController<TestEntity, String, QueryParamEntity> {@AutowiredTestService testService;@Overridepublic CrudService<TestEntity, String> getService() {return testService;}}