Article directory
1. mall open source project
1.1 Source
mall learning tutorial , comprehensive analysis of architecture, business and technical points. The mall project ( 50k+star ) is an e-commerce system that is implemented using current mainstream technologies. Covers SpringBoot 2.3.0, MyBatis 3.4.6, Elasticsearch 7.6.2, RabbitMQ 3.7.15, Redis 5.0, MongoDB 4.2.5, Mysql5.7 and other technologies, using Docker container deployment.
Project github address: mall open source project
1.2 Project transfer
You can transfer projects on github to gitee for easy cloning to idea.
Specific steps are as follows:
1.3 Project cloning
Since github is deployed abroad, although idea also supports pulling from github, the cloning speed is too slow, so it is recommended to clone the project to idea after importing gitee as mentioned above.
The specific cloning steps are too simple and routine. Readers can complete it by themselves, or search on Baidu~
2. Sa-Toekn framework
2.1 Sa-Token Summary
Sa-Token is a lightweight Java permission authentication framework that mainly solves a series of permission-related issues such as login authentication , permission authentication , single sign-on , OAuth2.0 , distributed Session session , and microservice gateway authentication .
Sa-Token currently has five main functional modules: login authentication, authority authentication, single sign-on, OAuth2.0, and microservice authentication.
The function overview is as follows:
sa-token development document address: sa-token.cc
2.2 Usage process of distributed back-end projects
The figure below is a basic usage process summarized by myself based on project experience and Baidu search information.
The usage flow chart of sa-token is as follows:
2.3 Usage scenarios of distributed backend projects
The picture below is a basic usage scenario summarized by myself based on project experience and Baidu search information.
The usage scenario diagram of sa-token is as follows:
3. Source code analysis
Looking at the source code, I summarized the basic steps when looking at a new project. First, look at integration and configuration, then analyze it from a business perspective, and combine the integrated framework and components to explore the system architecture in turn.
Analysis content : Most of the analysis content below is explained in the figure, and I will not elaborate too much outside.
3.1 Integration and configuration
Take the source code analysis directly and only analyze the parts related to sa-token. Readers of other parts are asked to read the source code analysis by themselves.
Project startup : Only mall-tiny-sa-token
the module part needs to be started.
Required for startup : Start the mysql5 service, create a database, and import tables (the location of the sql file is in a document
folder at the same level of the project).
ps : Remember to modify the configuration information of the database connection.
3.1.1 Import dependencies
pom文件
Import the relevant dependencies of sa-token in .
3.1.2 Add configuration
Add the relevant configuration of sa-token in application.yml
. The project supports front-end and back-end separation projects. Turn off reading token from cookie and change the configuration of reading token from head .
3.1.3 Exception handling
For handling exceptions that are not logged in, have no permissions, and have no roles, you need to handle them globally.
Take login as a small example: Sa-Token will throw an exception due to accessing the interface without logging in. At this time, the return and response information (result information of exception handling) NotLoginException
will be returned according to the customized return information.状态码401
未提供token
3.1.4 Storing user information
There are two users, admin
user has ROLE_ADMIN
role and macro
user has ROLE_USER
role.
**ps:** The related information of the two tables in the simulated database is related based on ID, that is, assigning roles to users.
3.2 Login authentication
3.2.1 Configure black and white lists
In the management system, in addition to the login interface, login authentication is basically required. It is most convenient to use routing interception authentication in sa-token. That is to say, configure the interceptor for sa-token, implement the interface, and configure the black and white list WebMvcConfigurer
.
ps : The customized whitelist is application.yml
the information obtained from the file.
3.2.2 Interpretation of login business code
1. First is the control layer, UmsAdminController
add a login interface in it login
.
2. Next, in the business layer, UmsAdminServiceImpl
add the specific logic of login, first verify the password, and then call it StpUtil.login(adminUser.getId())
to achieve login.
3.2.3 Test login
Method 1 : Use Postman
test
Method 2 : Use swagger
the interface document test (it is recommended to use it, and after writing it, you can test it by directly accessing it. The access address is: Swagger UI ). Since you have already obtained the token, you will not do repeated testing. You can directly test another interface and query the current Login status interface.
3.3 Role authentication
Following the above, let me implement it! Role authentication means defining a set of rules for accessing the interface. For example, ROLE-ADMIN
a role can access /brand
all resources, but ROLE_USER
a role can only access /brand/listAll
certain resources.
Configuring global exceptions : See the subtitle 3.1.3
for description, without going into too much detail.
Sa-Token will throw an exception when the user is not allowed access NotRoleException
.
3.3.1 Permission verification interface extension
Extend the sa-token StpInterface
interface and override the method to return the user's role name and role permission list.
Since the interface StpInterfaceImpl
is implemented StpInterface
, the methods inside are rewritten. Therefore, the role information SaTokenConfig
in the configuration file StpUtil.checkRole("ROLE_ADMIN")
can be matched to the simulated database. The same applies to permission information, so I won’t list them one by one.
3.3.2 Configuring interceptors
Configuring routing rules in the interceptor, ROLE_ADMIN
the role has access to all paths and ROLE_USER
only /brand/listAll
paths.
3.3.3 Test role
For admin
users have ROLE_ADMIN
roles, macro
users have ROLE_USER
roles.
- You can access it normally using
admin
the account access interface./brand/{id}
- The account
macro
access/brand/{id}
interface cannot be accessed normally, and the returncode
is403
We will not test the admin here. The following is macro用户
a test to see the effect of not having permission.
3.4 Permission authentication
When permissions are assigned to roles and then roles are assigned to users , the users have these permissions.
For permission authentication, you can also assign different permissions to each interface , and users with this permission can access the interface.
Configuring global exceptions : See the subtitle 3.1.3
for description, without going into too much detail.
When the user does not have permission to access, Sa-Token will throw NotPermissionException
an exception.
3.4.1 Configuring interceptors
Configure routing rules for the interceptor . admin
Users can access all paths, but macro
users only have read permissions and do not have write, modify, or delete permissions.
3.4.2 Test permissions
All paths can be accessed by admin
the user, but macro
the user only has read permissions and does not have write, modify, or delete permissions.
- You can access it normally using
admin
the account access interface./brand/delete
- Normal access cannot be accessed using
macro
the account , and the return is/brand/delete
code
403
We will not test the admin here. The following is macro用户
a test to see the effect of not having permission.
4. Summary
In this article, I first obtained the requirements from the actual project, so as to learn SpringSecurity
and combine the source code to learn. In another project, since the authentication has been deployed on a different IP, the project can be called. Sa-TokenOath2
is used in the project. It is a lightweight Java permission authentication framework. You can see it clearly from the official website, but I don’t know how to get started. So I wrote this article. I learned a lot about sa-token from open source projects. I hope this article will also be useful to you. will help.mall
In the future, I will also combine this framework to learn other technology stacks.
七夕~盈若安好,便是晴天