版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/w_t_y_y/article/details/85317511
现使用springboot+dubbo+vue前后端分离部署实现以下逻辑:用户与角色一对多,角色与权限一对多,不同的用户登录进去可以看到不同的菜单。
一、数据库设计:
1、t_user:
2、t_role:
3、t_module:
4、t_user_role:
5、t_role_module:
根据数据库配置,张三登录可以看到wtyy_cs和wtyy_table两个菜单
;
李四登录可以看到wtyy_table菜单。
二、后端:
1、api:
2、service:
3、web:
(1)跨域配置:
package com.wtyy.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter {
@Override
public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**").allowedHeaders("*")
.allowedMethods("*")
.allowedOrigins("*")
.allowCredentials(true);
}
}
(2)返回类型:
package com.wtyy.dto;
import java.io.Serializable;
public class HttpResult implements Serializable{
private static final long serialVersionUID = 1547811901129089180L;
private int code;
private String message;
public HttpResult(){
}
public HttpResult(int code, String message, Object data){
this.code = code;
this.message = message;
this.data = data;
}
public static HttpResult getSuccessInstance(){
return new HttpResult(ResultCode.SUCCESS, "操作成功", "");
}
public static HttpResult getSuccessInstance(Object data){
return new HttpResult(ResultCode.SUCCESS, "操作成功", data);
}
public static HttpResult getFailedInstance(){
return new HttpResult(ResultCode.FAILED, "操作失败", "");
}
public static HttpResult getFailedInstance(String message){
return new HttpResult(ResultCode.FAILED, message, "");
}
public int getCode() {
return code;
}
public void setCode(int code) {
this.code = code;
}
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
public Object getData() {
return data;
}
public void setData(Object data) {
this.data = data;
}
private Object data;
}
(3)http接口:
HomeController:
package com.wtyy.rest;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import com.wtyy.dto.HttpResult;
import com.wtyy.dto.User;
import com.wtyy.service.UserService;
import com.wtyy.util.JSONUtils;
@RestController
@RequestMapping("/home")
public class HomeController {
@Autowired
private UserService userService;
@RequestMapping("/login")
public HttpResult login(String userName,String pwd,HttpServletRequest req){
try{
Map<String, String> result = new HashMap<String, String>();
User user = userService.login(userName,pwd);
if(user != null){
HttpSession session = req.getSession();
System.out.println("登录时sessionId: "+session.getId());
session.setAttribute("user", user);
result.put("token", (String) session.getId());
return HttpResult.getSuccessInstance(result);
}else{
return HttpResult.getFailedInstance("用户名或者密码错误");
}
}catch (Exception e) {
return HttpResult.getFailedInstance("接口异常");
}
}
}
RoleController:
package com.wtyy.rest;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import com.wtyy.dto.HttpResult;
import com.wtyy.dto.Role;
import com.wtyy.dto.User;
import com.wtyy.service.RoleService;
import com.wtyy.util.JSONUtils;
@RestController
@RequestMapping("/role")
public class RoleController {
@Autowired
private RoleService roleService;
@RequestMapping("/selectAll")
public HttpResult selectAll(){
List<Role> roles = roleService.selectAll();
return HttpResult.getSuccessInstance(roles);
}
}
UserController:
package com.wtyy.rest;
import java.util.List;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import com.wtyy.dto.HttpResult;
import com.wtyy.dto.User;
import com.wtyy.service.ModuleService;
import com.wtyy.service.RoleModuleService;
import com.wtyy.service.UserRoleService;
import com.wtyy.service.UserService;
@RestController
@RequestMapping("/user")
public class UserController {
@Autowired
private UserService userService;
@Autowired
private UserRoleService userRoleService;
@Autowired
private RoleModuleService roleModuleService;
@Autowired
private ModuleService moduleService;
@RequestMapping("/selectAll")
public HttpResult selectAll(){
List<User> users = userService.selectAll();
return HttpResult.getSuccessInstance(users);
}
//获取用户权限
@RequestMapping("/getUserRoles")
public HttpResult getUserRoles(HttpSession session){
System.out.println("获取权限时sessionId: "+session.getId());
User user = (User) session.getAttribute("user");
Integer userId = user.getId();
List<String> roleIds = userRoleService.selectByUserId(userId);
List<String> moduleIds = roleModuleService.selectByRoleIds(roleIds);
List<String> modules = moduleService.selectByIds(moduleIds);
return HttpResult.getSuccessInstance(modules);
}
//获取用户姓名
@RequestMapping("/getUserName")
public HttpResult getUserName(HttpSession session){
System.out.println("获取权限时sessionId: "+session.getId());
User user = (User) session.getAttribute("user");
System.out.println("姓名"+user.getUserName());
return HttpResult.getSuccessInstance(user.getUserName());
}
//退出登录
@RequestMapping("/logout")
public HttpResult logout(HttpSession httpSession){
httpSession.removeAttribute("user");
return HttpResult.getSuccessInstance();
}
}
严格一点的话,应该是在后端加个拦截器,前端的ajax请求(除了登录)都带上token,在拦截器根据token和session的id比较,相同则放行。
三、前端:
见下一篇博客https://blog.csdn.net/w_t_y_y/article/details/85318936