更新权限. 角色.

2018-04-21 00:11:44 +08:00 · 2018-04-21 00:11:44 +08:00 · 280904d1a4
parent 985fb40582
commit 280904d1a4
7 changed files with 30 additions and 27 deletions
--- a/others/database/initial_data.ddl
+++ b/others/database/initial_data.ddl
@ -5,19 +5,23 @@ truncate user_privilege;
 -- admin, password is admin  ( All privileges)
 insert into user_(id,guid,create_time,email,password,phone,username,default_user)
 values
-(21,'29f6004fb1b0466f9572b02bf2ac1be8',now(),'admin@andaily.com','$2a$10$XWN7zOvSLDiyxQnX01KMXuf5NTkkuAUtt23YxUMWaIPURcR7bdULi','028-1234567','admin',true);
+(21,'29f6004fb1b0466f9572b02bf2ac1be8',now(),'admin@andaily.com','$2a$10$XWN7zOvSLDiyxQnX01KMXuf5NTkkuAUtt23YxUMWaIPURcR7bdULi','028-1234567','admin',1);
+
+insert into user_privilege(user_id,privilege) values (21,'ADMIN');
+insert into user_privilege(user_id,privilege) values (21,'UNITY');
+insert into user_privilege(user_id,privilege) values (21,'MOBILE');

 -- unity, password is unity  ( ROLE_UNITY)
 insert into user_(id,guid,create_time,email,password,phone,username,default_user)
 values
-(22,'55b713df1c6f423e842ad68668523c49',now(),'unity@andaily.com','$2a$10$gq3eUch/h.eHt20LpboSXeeZinzSLBk49K5KD.Ms4/1tOAJIsrrfq','','unity',false);
+(22,'55b713df1c6f423e842ad68668523c49',now(),'unity@andaily.com','$2a$10$gq3eUch/h.eHt20LpboSXeeZinzSLBk49K5KD.Ms4/1tOAJIsrrfq','','unity',0);

 insert into user_privilege(user_id,privilege) values (22,'UNITY');

 -- mobile, password is mobile  ( ROLE_MOBILE)
 insert into user_(id,guid,create_time,email,password,phone,username,default_user)
 values
-(23,'612025cb3f964a64a48bbdf77e53c2c1',now(),'mobile@andaily.com','$2a$10$BOmMzLDaoiIQ4Q1pCw6Z4u0gzL01B8bNL.0WUecJ2YxTtHVRIA8Zm','','mobile',false);
+(23,'612025cb3f964a64a48bbdf77e53c2c1',now(),'mobile@andaily.com','$2a$10$BOmMzLDaoiIQ4Q1pCw6Z4u0gzL01B8bNL.0WUecJ2YxTtHVRIA8Zm','','mobile',0);

 insert into user_privilege(user_id,privilege) values (23,'MOBILE');

--- a/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java
+++ b/src/main/java/com/monkeyk/sos/config/WebSecurityConfigurer.java
@ -55,7 +55,7 @@ public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {
                .antMatchers("/oauth2/rest_token*").permitAll()
                .antMatchers("/login*").permitAll()

-                .antMatchers("/admin/**").hasAnyRole("ADMIN")
+                .antMatchers("/user/**").hasAnyRole("ADMIN")

                .antMatchers(HttpMethod.GET, "/login*").anonymous()
                .anyRequest().authenticated()
--- a/src/main/java/com/monkeyk/sos/domain/shared/security/WdcyUserDetails.java
+++ b/src/main/java/com/monkeyk/sos/domain/shared/security/WdcyUserDetails.java
@ -13,7 +13,7 @@ import java.util.List;
 /**
 * @author Shengzhao Li
 */
-public class WdcyUserDetails implements UserDetails {
+public class SOSUserDetails implements UserDetails {

    private static final long serialVersionUID = 3957586021470480642L;

@ -24,10 +24,10 @@ public class WdcyUserDetails implements UserDetails {

    protected List<GrantedAuthority> grantedAuthorities = new ArrayList<>();

-    public WdcyUserDetails() {
+    public SOSUserDetails() {
    }

-    public WdcyUserDetails(User user) {
+    public SOSUserDetails(User user) {
        this.user = user;
        initialAuthorities();
    }
@ -35,15 +35,10 @@ public class WdcyUserDetails implements UserDetails {
    private void initialAuthorities() {
        //Default, everyone have it
        this.grantedAuthorities.add(DEFAULT_USER_ROLE);
-        //default user have all privileges
-        if (user.defaultUser()) {
-            this.grantedAuthorities.add(new SimpleGrantedAuthority(ROLE_PREFIX + Privilege.UNITY.name()));
-            this.grantedAuthorities.add(new SimpleGrantedAuthority(ROLE_PREFIX + Privilege.MOBILE.name()));
-        } else {
-            final List<Privilege> privileges = user.privileges();
-            for (Privilege privilege : privileges) {
-                this.grantedAuthorities.add(new SimpleGrantedAuthority(ROLE_PREFIX + privilege.name()));
-            }
+
+        final List<Privilege> privileges = user.privileges();
+        for (Privilege privilege : privileges) {
+            this.grantedAuthorities.add(new SimpleGrantedAuthority(ROLE_PREFIX + privilege.name()));
        }
    }

--- a/src/main/java/com/monkeyk/sos/domain/user/Privilege.java
+++ b/src/main/java/com/monkeyk/sos/domain/user/Privilege.java
@ -7,6 +7,7 @@ public enum Privilege {

    USER,          //Default privilege

+    ADMIN,     //admin
    UNITY,
    MOBILE
 }
--- a/src/main/java/com/monkeyk/sos/service/impl/UserServiceImpl.java
+++ b/src/main/java/com/monkeyk/sos/service/impl/UserServiceImpl.java
@ -4,7 +4,7 @@ import com.monkeyk.sos.service.dto.UserDto;
 import com.monkeyk.sos.service.dto.UserFormDto;
 import com.monkeyk.sos.service.dto.UserJsonDto;
 import com.monkeyk.sos.service.dto.UserOverviewDto;
-import com.monkeyk.sos.domain.shared.security.WdcyUserDetails;
+import com.monkeyk.sos.domain.shared.security.SOSUserDetails;
 import com.monkeyk.sos.domain.user.User;
 import com.monkeyk.sos.domain.user.UserRepository;
 import com.monkeyk.sos.service.UserService;
@ -39,7 +39,7 @@ public class UserServiceImpl implements UserService {
            throw new UsernameNotFoundException("Not found any user for username[" + username + "]");
        }

-        return new WdcyUserDetails(user);
+        return new SOSUserDetails(user);
    }

    @Override
@ -52,7 +52,7 @@ public class UserServiceImpl implements UserService {
                (principal instanceof String || principal instanceof org.springframework.security.core.userdetails.User)) {
            return loadOauthUserJsonDto((OAuth2Authentication) authentication);
        } else {
-            final WdcyUserDetails userDetails = (WdcyUserDetails) principal;
+            final SOSUserDetails userDetails = (SOSUserDetails) principal;
            return new UserJsonDto(userRepository.findByGuid(userDetails.user().guid()));
        }
    }
--- a/src/main/webapp/WEB-INF/jsp/index.jsp
+++ b/src/main/webapp/WEB-INF/jsp/index.jsp
@ -5,6 +5,7 @@

 <%@ page contentType="text/html;charset=UTF-8" language="java" %>
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
+<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
 <%@ taglib tagdir="/WEB-INF/tags" prefix="tags" %>
 <!DOCTYPE HTML>
 <html>
@ -22,7 +23,7 @@
    Logged: <span class="text-success">${SPRING_SECURITY_CONTEXT.authentication.principal.username}</span>
    <form action="${contextPath}/signout" method="post">
        <tags:csrf/>
-        <button class="btn btn-link" type="submit">Logout</button>
+        <button class="btn btn-default" type="submit">Logout</button>
    </form>
 </div>
 <br/>
@ -79,11 +80,13 @@
            <a href="client_details">client_details</a> <span class="text-muted">- 管理ClientDetails</span>
        </p>
    </li>
-    <li>
-        <p>
-            <a href="${contextPath}/user/overview">User</a> <span class="text-muted">- 管理User</span>
-        </p>
-    </li>
+    <sec:authorize access="hasRole('ROLE_ADMIN')">
+        <li>
+            <p>
+                <a href="${contextPath}/user/overview">User</a> <span class="text-muted">- 管理User</span>
+            </p>
+        </li>
+    </sec:authorize>
    <li>
        <p>
            <a href="${contextPath}/unity/dashboard">Unity</a> <span class="text-muted">- Unity 资源(resource), 需要具有 [ROLE_UNITY] 权限(resourceId:
--- a/src/main/webapp/WEB-INF/jsp/login.jsp
+++ b/src/main/webapp/WEB-INF/jsp/login.jsp
@ -65,14 +65,14 @@
            <tr>
                <th>Username</th>
                <th>Password</th>
-                <th>Privileges</th>
+                <th>Remark</th>
            </tr>
            </thead>
            <tbody>
            <tr>
                <td>admin</td>
                <td>admin</td>
-                <td>All privileges, allow visit [Mobile] and [Unity] resources</td>
+                <td>All privileges, allow visit [Mobile] and [Unity] resources, manage user</td>
            </tr>
            <tr>
                <td>unity</td>