# springsecurity_demo **Repository Path**: cheng_du/springsecurity_demo ## Basic Information - **Project Name**: springsecurity_demo - **Description**: study spring security and jwt - **Primary Language**: Unknown - **License**: Not specified - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2024-09-14 - **Last Updated**: 2024-09-19 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README #用户登录流程: 1. 登录接口(spring security 放开接口地址)->post请求输入用户名密码(明文)->后端记录用户名密码并与mysql中的用户名密码进行校验 ->校验通过后将用户名密码+授权信息加密到jwt中->将jwt作为token返回给登录接口调用者 2. 其他需要认证的接口(spring security 不开接口地址)->将登录接口获取的token加入到请求的header中->后端收到请求后先检查header中是否有token ->没有token则认证失败,接口无法调用返回403 ->有token则通过jwtutil解析token,并解密jwt中的用户信息(用户名,密码,授权信息)并保存到SecurityContext-> 通过SecurityContext保存的授权 信息来校验该用户是否有权限来调用后端的方法->如有权限则执行方法 # docker 安装mysql ``` docker pull mysql:5.7 docker run -it -d \ --name=mysql_test \ -e MYSQL_ROOT_PASSWORD=Synnex@123 \ -p 3300:3306 \ mysql:5.7 mysql -h datanodedev2.synnex.org -P 3300 -uroot -pSynnex@123 GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'Synnex@123' WITH GRANT OPTION; FLUSH PRIVILEGES; ``` #RBAC 权限表 ``` CREATE DATABASE `rbac_test`; CREATE TABLE `sys_menu` ( `id` bigint(20) NOT NULL AUTO_INCREMENT, `menu_name` varchar(64) NOT NULL DEFAULT 'NULL' COMMENT '菜单名', `path` varchar(200) DEFAULT NULL COMMENT '路由地址', `component` varchar(255) DEFAULT NULL COMMENT '组件路径', `visible` char(1) DEFAULT '0' COMMENT '菜单状态(0显示 1隐藏)', `status` char(1) DEFAULT '0' COMMENT '菜单状态(0正常 1停用)', `perms` varchar(100) DEFAULT NULL COMMENT '权限标识', `icon` varchar(100) DEFAULT '#' COMMENT '菜单图标', `create_by` bigint(20) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_by` bigint(20) DEFAULT NULL, `update_time` datetime DEFAULT NULL, `del_flag` int(11) DEFAULT '0' COMMENT '是否删除(0未删除 1已删除)', `remark` varchar(500) DEFAULT NULL COMMENT '备注', PRIMARY KEY (`id`), INDEX `idx_status` (`status`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='菜单表'; CREATE TABLE `sys_role` ( `id` bigint(20) NOT NULL AUTO_INCREMENT, `name` varchar(128) DEFAULT NULL, `role_key` varchar(100) DEFAULT NULL COMMENT '角色权限字符串', `status` char(1) DEFAULT '0' COMMENT '角色状态(0正常 1停用)', `del_flag` int(1) DEFAULT '0' COMMENT 'del_flag', `create_by` bigint(20) DEFAULT NULL, `create_time` datetime DEFAULT NULL, `update_by` bigint(20) DEFAULT NULL, `update_time` datetime DEFAULT NULL, `remark` varchar(500) DEFAULT NULL COMMENT '备注', PRIMARY KEY (`id`), INDEX `idx_status` (`status`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='角色表'; CREATE TABLE `sys_role_menu` ( `role_id` bigint(20) NOT NULL COMMENT '角色ID', `menu_id` bigint(20) NOT NULL DEFAULT '0' COMMENT '菜单id', PRIMARY KEY (`role_id`, `menu_id`), INDEX `idx_role_id` (`role_id`), INDEX `idx_menu_id` (`menu_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='角色-菜单关联表'; CREATE TABLE `sys_user` ( `id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '主键', `user_name` varchar(64) NOT NULL DEFAULT 'NULL' COMMENT '用户名', `nick_name` varchar(64) NOT NULL DEFAULT 'NULL' COMMENT '昵称', `password` varchar(64) NOT NULL DEFAULT 'NULL' COMMENT '密码', `status` char(1) DEFAULT '0' COMMENT '账号状态(0正常 1停用)', `email` varchar(64) DEFAULT NULL COMMENT '邮箱', `phonenumber` varchar(32) DEFAULT NULL COMMENT '手机号', `sex` char(1) DEFAULT NULL COMMENT '用户性别(0男,1女,2未知)', `avatar` varchar(128) DEFAULT NULL COMMENT '头像', `user_type` char(1) NOT NULL DEFAULT '1' COMMENT '用户类型(0管理员,1普通用户)', `create_by` bigint(20) DEFAULT NULL COMMENT '创建人的用户id', `create_time` datetime DEFAULT NULL COMMENT '创建时间', `update_by` bigint(20) DEFAULT NULL COMMENT '更新人', `update_time` datetime DEFAULT NULL COMMENT '更新时间', `del_flag` int(11) DEFAULT '0' COMMENT '删除标志(0代表未删除,1代表已删除)', PRIMARY KEY (`id`), INDEX `idx_status` (`status`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户表'; CREATE TABLE `sys_user_role` ( `user_id` bigint(20) NOT NULL COMMENT '用户id', `role_id` bigint(20) NOT NULL DEFAULT '0' COMMENT '角色id', PRIMARY KEY (`user_id`, `role_id`), INDEX `idx_user_id` (`user_id`), INDEX `idx_role_id` (`role_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COMMENT='用户-角色关联表'; SELECT DISTINCT m.`perms` FROM sys_user_role ur JOIN sys_role r ON ur.`role_id` = r.`id` AND r.`status` = '0' JOIN sys_role_menu rm ON r.`id` = rm.`role_id` JOIN sys_menu m ON m.`id` = rm.`menu_id` AND m.`status` = '0' WHERE ur.`user_id` = 2; ``` #RBAC表的样例数据 ``` INSERT INTO `sys_user` (`id`, `user_name`, `nick_name`, `password`, `status`, `email`, `phonenumber`, `sex`, `avatar`, `user_type`, `create_by`, `create_time`, `update_by`, `update_time`, `del_flag`) VALUES (1, 'admin', 'Admin', 'admin123', '0', 'admin@example.com', '1234567890', '0', '/images/admin.png', '0', NULL, NOW(), NULL, NOW(), 0), (2, 'user1', 'User One', 'user123', '0', 'user1@example.com', '0987654321', '1', '/images/user1.png', '1', 1, NOW(), 1, NOW(), 0), (3, 'user2', 'User Two', 'user123', '0', 'user2@example.com', '1122334455', '0', '/images/user2.png', '1', 1, NOW(), 1, NOW(), 0); INSERT INTO `sys_role` (`id`, `name`, `role_key`, `status`, `del_flag`, `create_by`, `create_time`, `update_by`, `update_time`, `remark`) VALUES (1, 'Administrator', 'ROLE_ADMIN', '0', 0, 1, NOW(), 1, NOW(), 'Admin role with full permissions'), (2, 'User', 'ROLE_USER', '0', 0, 1, NOW(), 1, NOW(), 'Standard user role with limited permissions'), (3, 'Guest', 'ROLE_GUEST', '0', 0, 1, NOW(), 1, NOW(), 'Guest role with read-only permissions'); INSERT INTO `sys_menu` (`id`, `menu_name`, `path`, `component`, `visible`, `status`, `perms`, `icon`, `create_by`, `create_time`, `update_by`, `update_time`, `del_flag`, `remark`) VALUES (1, 'Dashboard', '/dashboard', 'DashboardComponent', '0', '0', 'dashboard:view', 'dashboard', 1, NOW(), 1, NOW(), 0, 'Main dashboard menu'), (2, 'User Management', '/users', 'UserComponent', '0', '0', 'user:manage', 'user', 1, NOW(), 1, NOW(), 0, 'Menu for managing users'), (3, 'Settings', '/settings', 'SettingsComponent', '0', '0', 'settings:edit', 'settings', 1, NOW(), 1, NOW(), 0, 'Settings menu for application configuration'); INSERT INTO `sys_role_menu` (`role_id`, `menu_id`) VALUES (1, 1), -- Administrator role has access to Dashboard (1, 2), -- Administrator role has access to User Management (1, 3), -- Administrator role has access to Settings (2, 1), -- User role has access to Dashboard (2, 3), -- User role has access to Settings (3, 1); -- Guest role has access to Dashboard INSERT INTO `sys_user_role` (`user_id`, `role_id`) VALUES (1, 1), -- Admin user has Administrator role (2, 2), -- User1 has User role (3, 3); -- User2 has Guest role ```