Article directory
1. mall open source project
1.1 Source
mall learning tutorial , comprehensive analysis of architecture, business and technical points. The mall project ( 50k+star ) is an e-commerce system that is implemented using current mainstream technologies. Covers SpringBoot 2.3.0, MyBatis 3.4.6, Elasticsearch 7.6.2, RabbitMQ 3.7.15, Redis 5.0, MongoDB 4.2.5, Mysql5.7 and other technologies, using Docker container deployment.
Project github address: mall open source project
1.2 Project transfer
You can transfer projects on github to gitee for easy cloning to idea.
Specific steps are as follows:
1.3 Project cloning
Since github is deployed abroad, although idea also supports pulling from github, the cloning speed is too slow, so it is recommended to clone the project to idea after importing gitee as mentioned above.
The specific cloning steps are too simple and routine. Readers can complete it by themselves, or search on Baidu~
2. Sa-Toekn framework
2.1 Sa-Token Summary
Sa-Token is a lightweight Java permission authentication framework that mainly solves a series of permission-related issues such as login authentication , permission authentication , single sign-on , OAuth2.0 , distributed Session session , and microservice gateway authentication .
Sa-Token currently has five main functional modules: login authentication, authority authentication, single sign-on, OAuth2.0, and microservice authentication.
The function overview is as follows:
sa-token development document address: sa-token.cc
2.2 Usage process of distributed back-end projects
The figure below is a basic usage process summarized by myself based on project experience and Baidu search information.
The usage flow chart of sa-token is as follows:
2.3 Usage scenarios of distributed backend projects
The picture below is a basic usage scenario summarized by myself based on project experience and Baidu search information.
The usage scenario diagram of sa-token is as follows:
3. Source code analysis
Looking at the source code, I summarized the basic steps when looking at a new project. First, look at integration and configuration, then analyze it from a business perspective, and combine the integrated framework and components to explore the system architecture in turn.
Analysis content : Most of the analysis content below is explained in the figure, and I will not elaborate too much outside.
3.1 Integration and configuration
Take the source code analysis directly and only analyze the parts related to sa-token. Readers of other parts are asked to read the source code analysis by themselves.
Project startup : Only mall-tiny-sa-tokenthe module part needs to be started.
Required for startup : Start the mysql5 service, create a database, and import tables (the location of the sql file is in a documentfolder at the same level of the project).
ps : Remember to modify the configuration information of the database connection.
3.1.1 Import dependencies
pom文件Import the relevant dependencies of sa-token in .
3.1.2 Add configuration
Add the relevant configuration of sa-token in application.yml. The project supports front-end and back-end separation projects. Turn off reading token from cookie and change the configuration of reading token from head .
3.1.3 Exception handling
For handling exceptions that are not logged in, have no permissions, and have no roles, you need to handle them globally.
Take login as a small example: Sa-Token will throw an exception due to accessing the interface without logging in. At this time, the return and response information (result information of exception handling) NotLoginExceptionwill be returned according to the customized return information.状态码401未提供token
3.1.4 Storing user information
There are two users, adminuser has ROLE_ADMINrole and macrouser has ROLE_USERrole.
**ps:** The related information of the two tables in the simulated database is related based on ID, that is, assigning roles to users.
3.2 Login authentication
3.2.1 Configure black and white lists
In the management system, in addition to the login interface, login authentication is basically required. It is most convenient to use routing interception authentication in sa-token. That is to say, configure the interceptor for sa-token, implement the interface, and configure the black and white list WebMvcConfigurer.
ps : The customized whitelist is application.ymlthe information obtained from the file.
3.2.2 Interpretation of login business code
1. First is the control layer, UmsAdminControlleradd a login interface in it login.
2. Next, in the business layer, UmsAdminServiceImpladd the specific logic of login, first verify the password, and then call it StpUtil.login(adminUser.getId())to achieve login.
3.2.3 Test login
Method 1 : Use Postmantest
Method 2 : Use swaggerthe interface document test (it is recommended to use it, and after writing it, you can test it by directly accessing it. The access address is: Swagger UI ). Since you have already obtained the token, you will not do repeated testing. You can directly test another interface and query the current Login status interface.
3.3 Role authentication
Following the above, let me implement it! Role authentication means defining a set of rules for accessing the interface. For example, ROLE-ADMINa role can access /brandall resources, but ROLE_USERa role can only access /brand/listAllcertain resources.
Configuring global exceptions : See the subtitle 3.1.3for description, without going into too much detail.
Sa-Token will throw an exception when the user is not allowed access NotRoleException.
3.3.1 Permission verification interface extension
Extend the sa-token StpInterfaceinterface and override the method to return the user's role name and role permission list.
Since the interface StpInterfaceImplis implemented StpInterface, the methods inside are rewritten. Therefore, the role information SaTokenConfigin the configuration file StpUtil.checkRole("ROLE_ADMIN")can be matched to the simulated database. The same applies to permission information, so I won’t list them one by one.
3.3.2 Configuring interceptors
Configuring routing rules in the interceptor, ROLE_ADMINthe role has access to all paths and ROLE_USERonly /brand/listAllpaths.
3.3.3 Test role
For adminusers have ROLE_ADMINroles, macrousers have ROLE_USERroles.
- You can access it normally using
adminthe account access interface./brand/{id} - The account
macroaccess/brand/{id}interface cannot be accessed normally, and the returncodeis403
We will not test the admin here. The following is macro用户a test to see the effect of not having permission.
3.4 Permission authentication
When permissions are assigned to roles and then roles are assigned to users , the users have these permissions.
For permission authentication, you can also assign different permissions to each interface , and users with this permission can access the interface.
Configuring global exceptions : See the subtitle 3.1.3for description, without going into too much detail.
When the user does not have permission to access, Sa-Token will throw NotPermissionExceptionan exception.
3.4.1 Configuring interceptors
Configure routing rules for the interceptor . adminUsers can access all paths, but macrousers only have read permissions and do not have write, modify, or delete permissions.
3.4.2 Test permissions
All paths can be accessed by adminthe user, but macrothe user only has read permissions and does not have write, modify, or delete permissions.
- You can access it normally using
adminthe account access interface./brand/delete - Normal access cannot be accessed using
macrothe account , and the return is/brand/deletecode403
We will not test the admin here. The following is macro用户a test to see the effect of not having permission.
4. Summary
In this article, I first obtained the requirements from the actual project, so as to learn SpringSecurityand combine the source code to learn. In another project, since the authentication has been deployed on a different IP, the project can be called. Sa-TokenOath2 is used in the project. It is a lightweight Java permission authentication framework. You can see it clearly from the official website, but I don’t know how to get started. So I wrote this article. I learned a lot about sa-token from open source projects. I hope this article will also be useful to you. will help.mall
In the future, I will also combine this framework to learn other technology stacks.
七夕~盈若安好,便是晴天