Shulou(Shulou.com)06/02 Report--

This article will explain in detail how the dynamic permissions of URL in SpringBootSecurity are, and the content of the article is of high quality, so the editor will share it with you for reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

Dynamic permission

When the user login authentication is discussed earlier, the user will query the roles owned by the user according to the user name, and automatically determine which roles the currently logged-in user has. It can be said that the dynamic configuration between users and roles and the judgment of security do a very good job. However, when configuring method-level permissions, using annotations is a relatively elegant way, but it is required to know which roles correspond to the current url at the time of development, so it is impossible to achieve dynamic configuration. In actual projects, which roles are allowed for each link is not always the same, so let's make our own routing decisions.

Create a tabl

In the previous discussion, we created the user table, the role table, and the user role middle table. Let's create a menu menu and add the existing url links:

Then create the middle table of the role menu and add the correspondence between the role and the url:

Create a base class

First remove the comments on the previous method-level permissions, and then create the menu entity class:

Create a query method based on the names of all roles corresponding to the url query secondary link:

The corresponding sql statement is as follows:

Route dynamic role acquisition

First, add a processing class to dynamically obtain the role of the current url when you receive the access:

Create a new ObjectPostProcessor class and configure the processing class into it:

Finally, configure the newly created ObjectPostProcessor class into the permission configuration method:

Routing decision management

There is a many-to-many relationship between the user and the role, and there is also a many-to-many relationship between the url and the role. The setting here is that as long as the user has the same role as the url, it means that the user has access rights. First, take a look at the processing class for the corresponding judgment:

Use a double for loop to judge and vote on the result. As you can see in the comments, different approaches lead to different strategies. The next step is to configure the routing policy method in the security configuration class:

Except for the UrlRoleAuthHandler class, all the other decision classes use classes that exist in security, and finally configure decision management in the permission configuration:

test

In this way, the dynamic permission url is configured. According to the data in the above method, you can log in to check whether you have the corresponding url permission and whether the one that is not configured does not have the permission.

Code address: https://gitee.com/blueses/spring-boot-security 11

About how the URL dynamic permissions in SpringBootSecurity is shared here, I hope the above content can be of some help to you, you can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.