Ribbon
什么是Ribbon
**这是在 sys模块中的AUthController**
@GetMapping("/user")
public User getUser(String username){
User user= userService.getUserByUserName(username);
return user;
}
@GetMapping("/permissions")
public List<Permission> getPermissions(Integer userId){
List<Permission> permissions = userService.getUserPermission(userId);
return permissions;
}
@GetMapping("/roles")
public List<Role> getRoles(Integer userId){
List<Role> roles = userService.getUserRoles(userId);
return roles;
}
进行为服务间传递数据 进行登陆验证
package cn.tedu.straw.gateway.security;
import cn.tedu.straw.comments.model.Permission;
import cn.tedu.straw.comments.model.Role;
import cn.tedu.straw.comments.model.User;
import cn.tedu.straw.comments.service.ServiceException;
import com.netflix.discovery.converters.Auto;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import org.springframework.web.client.RestTemplate;
@Component
@Slf4j
public class UserDetailServiceimpl implements UserDetailsService {
@Autowired
RestTemplate restTemplate;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
String url = "http://sys-service/v1/auth/user?username={1}";
User user= restTemplate.getForObject(url,User.class,username);
log.debug("用户信息:{}",user);
if (user == null) {
throw new ServiceException("你是不是忘记账户密码了");
}
url = "http://sys-service/v1/auth/permissions?useId={1}";
Permission[] permissions = restTemplate.getForObject(url,Permission[].class,user.getId());
url = "http://sys-service/v1/auth/roles?userId={1}";
Role[] roles = restTemplate.getForObject(url,Role[].class,user.getId());
//将角色和权限嘻嘻添加到字符串数组
int index=0;
String[] arr=new String[permissions.length+roles.length];
for (Permission permission : permissions) {
arr[index++]=permission.getName();
}
for (Role role : roles) {
arr[index++]=role.getName();
}
UserDetails userDetails = org.springframework.security.core.userdetails.User.builder()
.username(user.getUsername())
.password(user.getPassword())
.authorities(arr)
.disabled(user.getEnabled()==0)
.accountLocked(user.getLocked()==1)
.build();
return userDetails;
}
}
SecurityConfig类
package cn.tedu.straw.gateway.security;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
// @Bean
// public PasswordEncoder passwordEncoder(){
// return new BCryptPasswordEncoder();
// }
@Autowired
private UserDetailServiceimpl userDetatlsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetatlsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//进行授权
http.csrf().disable().authorizeRequests()
.antMatchers(
"/img/*",
"/js/*",
"/css/*",
"/login.html",
"/register.html",
"/register",
"/bower_components/**"
).permitAll()//全部允许
//需要认证的
.anyRequest().authenticated().and().formLogin()//采用表单进行认证
.loginPage("/login.html")//展示验证表单
.loginProcessingUrl("/login")//处理登陆的路径
.failureUrl("/login.html?error")//登陆失败的路径
.defaultSuccessUrl("/index.html")//登陆成功的页面
.and().logout()//等处
.logoutUrl("/logout")//等处的路径
.logoutSuccessUrl("/login.html?logout")//登出成功访问的路径
;
}
}
扫一扫
1166
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
