建立权限管理子系统模型;

配置Spring Security;

pom.xml

@@ -66,6 +66,12 @@
             <artifactId>spring-boot-starter-data-jpa</artifactId>
         </dependency>
 
+        <dependency>
+            <groupId>commons-codec</groupId>
+            <artifactId>commons-codec</artifactId>
+            <version>1.11</version>
+        </dependency>
+
     </dependencies>
 
     <build>

src/main/java/com/codesdream/ase/component/ASEPasswordEncoder.java

@@ -0,0 +1,18 @@
+package com.codesdream.ase.component;
+
+import org.apache.commons.codec.digest.DigestUtils;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Component;
+
+@Component
+public class ASEPasswordEncoder implements PasswordEncoder {
+    @Override
+    public String encode(CharSequence charSequence) {
+        return DigestUtils.sha256Hex(charSequence.toString());
+    }
+
+    @Override
+    public boolean matches(CharSequence charSequence, String s) {
+        return s.equals(DigestUtils.sha256Hex(charSequence.toString()));
+    }
+}

src/main/java/com/codesdream/ase/configure/AppConfigure.java

@@ -1,27 +1,42 @@
 package com.codesdream.ase.configure;
 
-import org.springframework.context.annotation.Configuration;
+import org.springframework.stereotype.Component;
 
-@Configuration
+/**
+ * 应用程序常用配置信息
+ * 用于常见的应用程序本身的相关信息的引用
+ */
+@Component
 public class AppConfigure {
-    private String name = "全员育人";
+    /**
-    private String englishName = "All Staff Education";
+     * 获得应用程序的中文名
-    private String version = "0.0.1";
+     * @return 返回包含完整内容的字符串
-    private String organization = "码梦工坊";
+     */
-
     public String getName() {
-        return name;
+        return "全员育人";
     }
 
+    /**
+     * 获得应用程序的版本号
+     * @return 返回版本号内容的字符串
+     */
     public String getVersion() {
-        return version;
+        return "0.0.1_200204";
     }
 
+    /**
+     * 获得应用程序的英文名
+     * @return 返回包含完整内容的字符串
+     */
     public String getEnglishName() {
-        return englishName;
+        return "All Staff Education";
     }
 
+    /**
+     * 获得开发小组的名称
+     * @return 包含完整内容的字符串
+     */
     public String getOrganization() {
-        return organization;
+        return "全员育人WEB端开发组";
     }
 }

src/main/java/com/codesdream/ase/configure/CustomWebSecurityConfig.java

@@ -1,22 +1,55 @@
 package com.codesdream.ase.configure;
 
+import com.codesdream.ase.component.ASEPasswordEncoder;
+import com.codesdream.ase.service.ASEUserDetailsService;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
+import javax.annotation.Resource;
+
+/**
+ * Spring Security 配置类
+ * 用于Spring Security相关参数的配置
+ */
 @Configuration
 @EnableWebSecurity
 public class CustomWebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    @Autowired
+    ASEUserDetailsService aseUserDetailService;
+
+    @Autowired
+    ASEPasswordEncoder asePasswordEncoder;
+
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        super.configure(http);
+        http.authorizeRequests()
-/*                        .authorizeRequests().anyRequest().permitAll()*/
-/*                .antMatchers("/index", "/assets/**").permitAll()
                 .anyRequest().authenticated()
                 .and()
-                .formLogin()
+                .csrf().disable().formLogin()
-                .loginPage("/login")
+                .and()
-                .permitAll()*/;
+                .formLogin().loginPage("/login").permitAll().defaultSuccessUrl("/").permitAll()
+                .usernameParameter("username")
+                .passwordParameter("password")
+                .and()
+                .logout().permitAll();
+
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(aseUserDetailService).passwordEncoder(asePasswordEncoder);
+    }
+
+    @Override
+    public void configure(WebSecurity web) throws Exception {
+        web
+                .ignoring()
+                .antMatchers("/assets/**");
     }
 }

src/main/java/com/codesdream/ase/configure/GlobalConfigure.java

@@ -8,13 +8,12 @@ import javax.annotation.Resource;
 import java.util.HashMap;
 import java.util.Map;
 
+/**
+ * Spring 框架全局配置类
+ * 主要用于注册或者管理Bean
+ */
 @Configuration
 public class GlobalConfigure {
-    @Resource
-    AppConfigure appConfigure;
 
-    public AppConfigure getAppConfigure() {
-        return appConfigure;
-    }
 
 }

src/main/java/com/codesdream/ase/controller/ASEController.java

@@ -9,6 +9,10 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import javax.annotation.Resource;
 import java.security.Principal;
 
+/**
+ * 管理界面主页控制器类
+ * 现阶段主要用于管理界面主页
+ */
 @Controller
 public class ASEController {
     @Resource

src/main/java/com/codesdream/ase/controller/LoginController.java

@@ -1,27 +1,18 @@
 package com.codesdream.ase.controller;
 
-import com.codesdream.ase.model.User;
+import com.codesdream.ase.model.pernission.User;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
-import org.springframework.util.DigestUtils;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
 
-import javax.servlet.http.HttpServletRequest;
 
+/**
+ * 登录界面控制器类
+ */
 @Controller
 public class LoginController {
     @RequestMapping(value = "/login")
-    String printLogin(Model model){
+    String printLogin(Model model) {
         return "login";
     }
-
-    @RequestMapping(value = "/login", method = RequestMethod.POST)
-    String checkLogin(Model model, HttpServletRequest request){
-        User user = new User();
-        user.setUsername(request.getParameter("username"));
-        user.setPassword(DigestUtils.md5DigestAsHex(request.getParameter("password").getBytes()));
-        return "login";
-    }
-
 }

src/main/java/com/codesdream/ase/model/Permit.java

@@ -1,94 +0,0 @@
-package com.codesdream.ase.model;
-
-import javax.persistence.*;
-import java.util.Objects;
-
-@Entity
-@Table(name = "user_permit")
-public class Permit {
-    @Id
-    @GeneratedValue(strategy = GenerationType.AUTO)
-    private int id;
-    private String name;
-    private String description;
-    private String url;
-    private int pid;
-
-    public Permit(){
-
-    }
-
-    public Permit(String name, String description, String url, int pid) {
-        this.name = name;
-        this.description = description;
-        this.url = url;
-        this.pid = pid;
-    }
-
-    public int getId() {
-        return id;
-    }
-
-    public String getName() {
-        return name;
-    }
-
-    public String getDescription() {
-        return description;
-    }
-
-    public String getUrl() {
-        return url;
-    }
-
-    public int getPid() {
-        return pid;
-    }
-    public void setId(int id) {
-        this.id = id;
-    }
-
-    public void setName(String name) {
-        this.name = name;
-    }
-
-    public void setDescription(String description) {
-        this.description = description;
-    }
-
-    public void setUrl(String url) {
-        this.url = url;
-    }
-
-    public void setPid(int pid) {
-        this.pid = pid;
-    }
-
-    @Override
-    public boolean equals(Object o) {
-        if (this == o) return true;
-        if (o == null || getClass() != o.getClass()) return false;
-        Permit permit = (Permit) o;
-        return id == permit.id &&
-                pid == permit.pid &&
-                Objects.equals(name, permit.name) &&
-                Objects.equals(description, permit.description) &&
-                Objects.equals(url, permit.url);
-    }
-
-    @Override
-    public int hashCode() {
-        return Objects.hash(id, name, description, url, pid);
-    }
-
-    @Override
-    public String toString() {
-        return "Permit{" +
-                "id=" + id +
-                ", name='" + name + '\'' +
-                ", description='" + description + '\'' +
-                ", url='" + url + '\'' +
-                ", pid=" + pid +
-                '}';
-    }
-}

src/main/java/com/codesdream/ase/model/Tag.java

@@ -1,13 +0,0 @@
-package com.codesdream.ase.model;
-
-import javax.persistence.*;
-
-@Entity
-@Table(name = "user_tag")
-public class Tag {
-    @Id
-    @GeneratedValue(strategy = GenerationType.AUTO)
-    private int id;
-    private String name;
-    private String description;
-}

src/main/java/com/codesdream/ase/model/User.java

@@ -1,63 +0,0 @@
-package com.codesdream.ase.model;
-
-import javax.persistence.*;
-import java.util.Objects;
-
-@Entity
-@Table(name = "user_login")
-public class User {
-    @Id
-    @GeneratedValue(strategy = GenerationType.AUTO)
-    private int id;
-    private String username;
-    private String password;
-
-    public User(){
-
-    }
-
-    public User(String username, String password) {
-        this.username = username;
-        this.password = password;
-    }
-
-    public String getUsername() {
-        return username;
-    }
-
-    public void setUsername(String username) {
-        this.username = username;
-    }
-
-    public String getPassword() {
-        return password;
-    }
-
-    public void setPassword(String password) {
-        this.password = password;
-    }
-
-    @Override
-    public boolean equals(Object o) {
-        if (this == o) return true;
-        if (o == null || getClass() != o.getClass()) return false;
-        User user = (User) o;
-        return id == user.id &&
-                Objects.equals(username, user.username) &&
-                Objects.equals(password, user.password);
-    }
-
-    @Override
-    public int hashCode() {
-        return Objects.hash(id, username, password);
-    }
-
-    @Override
-    public String toString() {
-        return "User{" +
-                "id=" + id +
-                ", username='" + username + '\'' +
-                ", password='" + password + '\'' +
-                '}';
-    }
-}

src/main/java/com/codesdream/ase/model/pernission/FunctionalPermissionContainer.java

@@ -0,0 +1,77 @@
+package com.codesdream.ase.model.pernission;
+
+import javax.persistence.*;
+import java.util.List;
+
+@Entity
+@Table(name = "functional_permit_container")
+public class FunctionalPermissionContainer {
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private int id;
+
+    // 功能性权限容器名
+    // @Column(nullable = false, unique = true)
+    private String name;
+
+    // 功能性权限容器解释
+    private String description;
+
+    @ElementCollection
+    @Column(nullable = false)
+    private List<String> urls;
+
+    // @Column(nullable = false)
+    private boolean enabled;
+
+    // @Column(nullable = false)
+    private boolean deleted;
+
+    public int getId() {
+        return id;
+    }
+
+    public void setId(int id) {
+        this.id = id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+
+    public boolean isEnabled() {
+        return enabled;
+    }
+
+    public void setEnabled(boolean enabled) {
+        this.enabled = enabled;
+    }
+
+    public boolean isDeleted() {
+        return deleted;
+    }
+
+    public void setDeleted(boolean deleted) {
+        this.deleted = deleted;
+    }
+
+    public List<String> getUrls() {
+        return urls;
+    }
+
+    public void setUrls(List<String> urls) {
+        this.urls = urls;
+    }
+}

src/main/java/com/codesdream/ase/model/pernission/ScopePermissionContainer.java

@@ -0,0 +1,74 @@
+package com.codesdream.ase.model.pernission;
+
+import javax.persistence.*;
+import java.util.List;
+
+@Entity
+@Table(name = "scope_permit_container")
+public class ScopePermissionContainer {
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private int id;
+
+    @Column(unique = true, nullable = false)
+    private String name;
+
+    private String description;
+
+    @Column(nullable = false)
+    private boolean enabled;
+
+    @Column(nullable = false)
+    private boolean deleted;
+
+    @ElementCollection
+    private List<Tag> tags;
+
+    public int getId() {
+        return id;
+    }
+
+    public void setId(int id) {
+        this.id = id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+
+    public boolean isEnabled() {
+        return enabled;
+    }
+
+    public void setEnabled(boolean enabled) {
+        this.enabled = enabled;
+    }
+
+    public boolean isDeleted() {
+        return deleted;
+    }
+
+    public void setDeleted(boolean deleted) {
+        this.deleted = deleted;
+    }
+
+    public List<Tag> getTags() {
+        return tags;
+    }
+
+    public void setTags(List<Tag> tags) {
+        this.tags = tags;
+    }
+}

src/main/java/com/codesdream/ase/model/pernission/Tag.java

@@ -0,0 +1,82 @@
+package com.codesdream.ase.model.pernission;
+
+import javax.persistence.*;
+import java.util.Objects;
+
+/**
+ * 标签
+ */
+@Entity
+@Table(name = "tag")
+public class Tag {
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private int id;
+
+    // 标签名
+    @Column(nullable = false, unique = true)
+    private String name;
+
+    // 标签解释
+    private String description;
+
+    // 启用标志
+    @Column(nullable = false)
+    private boolean enabled;
+
+    // 删除标志
+    @Column(nullable = false)
+    private boolean deleted;
+
+    public Tag(String name, String description) {
+        this.name = name;
+        this.description = description;
+        this.deleted = false;
+        this.enabled = true;
+    }
+
+    public Tag() {
+        this.deleted = false;
+        this.enabled = true;
+    }
+
+    public int getId() {
+        return id;
+    }
+
+    public void setId(int id) {
+        this.id = id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getDescription() {
+        return description;
+    }
+
+    public void setDescription(String description) {
+        this.description = description;
+    }
+
+    public boolean isEnabled() {
+        return enabled;
+    }
+
+    public void setEnabled(boolean enabled) {
+        this.enabled = enabled;
+    }
+
+    public boolean isDeleted() {
+        return deleted;
+    }
+
+    public void setDeleted(boolean deleted) {
+        this.deleted = deleted;
+    }
+}

src/main/java/com/codesdream/ase/model/pernission/User.java

@@ -0,0 +1,76 @@
+package com.codesdream.ase.model.pernission;
+
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import javax.persistence.*;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Objects;
+
+@Entity
+@Table(name = "user")
+public class User implements UserDetails {
+    @Id
+    @GeneratedValue(strategy = GenerationType.AUTO)
+    private int id;
+    // 用户名
+    private String username;
+    // 密码（必须以哈希值sha256储存）
+    private String password;
+
+    public User(String username, String password) {
+        this.username = username;
+        this.password = password;
+    }
+
+    public User() {
+
+    }
+
+    @Override
+    public String getUsername() {
+        return username;
+    }
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return isEnabled();
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return isEnabled();
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return isEnabled();
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return false;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        Collection<GrantedAuthority> authorities = new ArrayList<>();
+        authorities.add(new SimpleGrantedAuthority("user"));
+        return authorities;
+    }
+
+    @Override
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+}

src/main/java/com/codesdream/ase/repository/PermitRepository.java

@@ -1,12 +0,0 @@
-package com.codesdream.ase.repository;
-
-import com.codesdream.ase.model.Permit;
-import org.springframework.data.repository.CrudRepository;
-import org.springframework.stereotype.Repository;
-
-import java.util.List;
-
-@Repository
-public interface PermitRepository extends CrudRepository<Permit, Long> {
-
-}

src/main/java/com/codesdream/ase/repository/UserRepository.java

@@ -1,6 +1,6 @@
 package com.codesdream.ase.repository;
 
-import com.codesdream.ase.model.User;
+import com.codesdream.ase.model.pernission.User;
 import org.springframework.data.repository.CrudRepository;
 
 import java.util.Optional;

src/main/java/com/codesdream/ase/service/ASEUserDetailsService.java

@@ -0,0 +1,28 @@
+package com.codesdream.ase.service;
+
+import com.codesdream.ase.model.pernission.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+import javax.annotation.Resource;
+import javax.transaction.Transactional;
+
+@Service
+public class ASEUserDetailsService implements UserDetailsService {
+
+    @Resource
+    UserService userService;
+
+    @Override
+    @Transactional
+    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
+        if(!userService.findUserByUsername(s).isPresent()){
+            throw new UsernameNotFoundException("用户不存在");
+        }
+        else {
+            return userService.findUserByUsername(s).get();
+        }
+    }
+}

src/main/java/com/codesdream/ase/service/IPermitService.java

@@ -1,9 +0,0 @@
-package com.codesdream.ase.service;
-
-import com.codesdream.ase.model.Permit;
-
-import java.util.List;
-
-public interface IPermitService {
-    List<Permit> findAll();
-}

src/main/java/com/codesdream/ase/service/IUserService.java

@@ -1,10 +1,11 @@
 package com.codesdream.ase.service;
 
-import com.codesdream.ase.model.User;
+import com.codesdream.ase.model.pernission.User;
 
 import java.util.List;
 import java.util.Optional;
 
+
 public interface IUserService {
    List<User> findAll();
 

src/main/java/com/codesdream/ase/service/PermitService.java

@@ -1,18 +0,0 @@
-package com.codesdream.ase.service;
-
-import com.codesdream.ase.model.Permit;
-import com.codesdream.ase.repository.PermitRepository;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import java.util.List;
-
-public class PermitService implements IPermitService {
-
-    @Autowired
-    PermitRepository permitRepository;
-
-    @Override
-    public List<Permit> findAll() {
-        return (List<Permit>) permitRepository.findAll();
-    }
-}

src/main/java/com/codesdream/ase/service/UserService.java

@@ -1,14 +1,16 @@
 package com.codesdream.ase.service;
 
-import com.codesdream.ase.model.User;
+import com.codesdream.ase.model.pernission.User;
 import com.codesdream.ase.repository.UserRepository;
-import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
 
+import javax.annotation.Resource;
 import java.util.List;
 import java.util.Optional;
 
+@Service
 public class UserService implements IUserService {
-    @Autowired
+    @Resource
     UserRepository userRepository;
 
     @Override

src/main/resources/templates/login.html

@@ -18,11 +18,11 @@
                         <div class="card-body">
                             <div class="form-group">
                                 <label for="username">用户名</label>
-                                <input type="text" class="form-control" id="username" placeholder="这里输入用户名">
+                                <input type="text" class="form-control" id="username" name="username" placeholder="这里输入用户名">
                             </div>
                             <div class="form-group">
                                 <label for="password">密码</label>
-                                <input type="password" class="form-control" id="password" placeholder="这里输入密码">
+                                <input type="password" class="form-control" id="password" name="password" placeholder="这里输入密码">
                             </div>
                         </div>
                         <div class="card-action">