1. Function introduction
Implemented through interface configuration, the access authority control and data authority control of the interface, the interface is a REST interface, and the interface authority authentication mechanism uses Json web token (JWT)
Interface permission calling process:
(1) Through the user name and password of the interface user, call the authentication token interface to obtain the token of the interface user
The token is valid within 2 hours
(2) Taking the obtained token as a parameter, when calling the interface, it will be authenticated according to the token
(3) After the authentication is passed, the interface will check whether it has access rights according to the code defined by the interface.
If there is, you can continue to access, otherwise, it will prompt that access is restricted.
(4) If you have access rights, obtain the data permission rules of the interface, and return the required data according to the authorized data permission rules
To implement a new interface without paying attention to the authentication mechanism of the token, you need to implement the following steps:
(1) Develop a rest interface
(2) The interface code is defined in the enumeration class InterfaceEnum
(3) Call the InterfaceUtil tool class getInterfaceRuleDto to obtain the interface permission, verify whether there is access permission, and obtain the data permission
(4) According to the obtained data permissions, assemble the query conditions to return the interface data
2. Permission interface definition
Develop an interface rest interface, and define the interface code in the public enum InterfaceEnum class
- blacklist_list("blacklist_list", "Blacklist paging query", "/rest/tsBlackListController", "GET", 1)
- blacklist_list 为接口编码
3. 接口管理
3.1 配置接口权限,
接口权限管理--接口权限录入,
接口添加:
说明:
- 接口权限编码:该编码比较重要,每个接口一个编码,不能重复。该编码由开发者制定(见接口权限开发,接口编码定义)
- 接口权限名称:定义名称
- 接口权限等级:一级权限,下级权限区分
- 父级接口:上下级关系维护(父子关系)
- 接口权限地址:接口请求地址
- 请求方式:GET、POST、PUT、DELETE
- 接口权限排序:树形列表展示的顺序
以上信息:接口权限编码字段比较重要,其他的字段与权限控制无关,只做说明使用
3.2 增加数据规则权限
4. 创建接口角色
4.1 创建接口角色,进行角色授权,然后分配角色给接口用户
接口权限---接口角色管理 创建接口角色
5. 接口开发实现
5.1 校验接口访问权限
- InterfaceRuleDto interfaceRuleDto = InterfaceUtil.getInterfaceRuleDto(request, InterfaceEnum.blacklist_list);
- if(interfaceRuleDto==null){
- return Result.error("您没有该接口的权限!");
- }
5.2 接口权限规则注入
方案一:查询器处理
- CriteriaQuery cq = new CriteriaQuery(TsBlackListEntity.class, dataGrid);
- nterfaceUtil.installCriteriaQuery(cq, interfaceRuleDto, InterfaceEnum.blacklist_list);
方案二:Sql和hql 处理
- String qlStr = InterfaceUtil.getQL(interfaceRuleDto, InterfaceEnum.blacklist_list);
把组装的qlStr 追加到查询语句中
6. 接口测试
- //获取token
- public static String getToken(String userName,String password){
- String url = "http://localhost:8888/jeecg-bpm/rest/tokens?username="+userName+"&password="+password;
- String token= JwtHttpUtil.httpRequest(url, "POST", null);
- return token;
- }
- //获取黑名单列表
- public static JSONObject getBlackList(String token){
- String url = "http://localhost:8888/jeecg-bpm/rest/tsBlackListController";
- JSONObject resp= JwtHttpUtil.httpRequest(url, "GET", null,token);
- return resp;
- }
- public static void main(String[] args) {
- //接口角色授权的用户账号密码
- String token = getToken("interfaceuser","123456");
- //获取黑名单列表
- System.out.println("======获取黑名单列表======="+getBlackList(token));
- }