权限系统直接数据库控制，不需要具体些方法

sql/sys-user.sql

@@ -4,47 +4,74 @@ CREATE DATABASE  `sys-user` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
 use `sys-user`;
 
 -- ----------------------------
+-- Table structure for sys_role
 -- ----------------------------
-DROP TABLE IF EXISTS `role`;
-CREATE TABLE `role` (
+DROP TABLE IF EXISTS `sys_role`;
+CREATE TABLE `sys_role` (
   `id` bigint(20) NOT NULL AUTO_INCREMENT,
   `name` varchar(255) NOT NULL,
   PRIMARY KEY (`id`)
 ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
 
 -- ----------------------------
+-- Table structure for sys_user
 -- ----------------------------
-DROP TABLE IF EXISTS `user`;
-CREATE TABLE `user` (
+DROP TABLE IF EXISTS `sys_user`;
+CREATE TABLE `sys_user` (
   `id` bigint(20) NOT NULL AUTO_INCREMENT,
   `password` varchar(255) DEFAULT NULL,
   `username` varchar(255) NOT NULL,
   PRIMARY KEY (`id`),
-  UNIQUE KEY `UK_sb8bbouer5wak8vyiiy4pf2bx` (`username`)
+  UNIQUE KEY `uk_username` (`username`)
 ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
 
 -- ----------------------------
 -- Table structure for user_role
 -- ----------------------------
-DROP TABLE IF EXISTS `user_role`;
-CREATE TABLE `user_role` (
+DROP TABLE IF EXISTS `sys_user_role`;
+CREATE TABLE `sys_user_role` (
   `user_id` bigint(20) NOT NULL,
+  `role_id` bigint(20) NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+-- ----------------------------
+-- Table structure for sys_permission
+-- ----------------------------
+DROP TABLE IF EXISTS `sys_permission`;
+CREATE TABLE `sys_permission` (
+  `id` bigint(20) NOT NULL AUTO_INCREMENT,
+  `name` varchar(255) NOT NULL,
+  `descritpion` varchar(255) DEFAULT NULL,
+  `url` varchar(255) NOT NULL,
+  `pid` bigint(20) DEFAULT NULL,
+  `method` varchar(255) NOT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8;
+
+-- ----------------------------
+-- Table structure for sys_role_permission
+-- ----------------------------
+DROP TABLE IF EXISTS `sys_role_permission`;
+CREATE TABLE `sys_role_permission` (
   `role_id` bigint(20) NOT NULL,
-  KEY `FKa68196081fvovjhkek5m97n3y` (`role_id`),
-  KEY `FK859n2jvi8ivhui0rl0esws6o` (`user_id`),
-  CONSTRAINT `FK859n2jvi8ivhui0rl0esws6o` FOREIGN KEY (`user_id`) REFERENCES `user` (`id`),
-  CONSTRAINT `FKa68196081fvovjhkek5m97n3y` FOREIGN KEY (`role_id`) REFERENCES `role` (`id`)
+  `permission_id` bigint(20) NOT NULL
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
 
+INSERT INTO `sys_user` VALUES ('1', '{bcrypt}$2a$10$rlM./Q4dh5qXYmxFxUqkRetMPf6JewV/Hj/s4qBg/6U1.mzcue2oK', 'guest');
+INSERT INTO `sys_user` VALUES ('2', '{bcrypt}$2a$10$rlM./Q4dh5qXYmxFxUqkRetMPf6JewV/Hj/s4qBg/6U1.mzcue2oK', 'admin');
+
+
+INSERT INTO `sys_role` VALUES ('1', 'ROLE_USER');
+INSERT INTO `sys_role` VALUES ('2', 'ROLE_ADMIN');
 
-INSERT INTO `user` VALUES ('1', '{bcrypt}$2a$10$rlM./Q4dh5qXYmxFxUqkRetMPf6JewV/Hj/s4qBg/6U1.mzcue2oK', 'gdm');
+INSERT INTO `sys_user_role` VALUES ('1', '1');
+INSERT INTO `sys_user_role` VALUES ('2', '2');
 
+INSERT INTO `sys_permission` VALUES ('1', '根据用户名获取用户','根据用户名获取用户','/user/{username}',null,"ALL");
+INSERT INTO `sys_permission` VALUES ('2', '根据用户id获取用户信息','根据用户id获取用户信息','/user/getById',null,"ALL");
 
-INSERT INTO `role` VALUES ('1', 'ROLE_USER');
-INSERT INTO `role` VALUES ('2', 'ROLE_ADMIN');
 
-INSERT INTO `user_role` VALUES ('1', '1');
-INSERT INTO `user_role` VALUES ('1', '2');
+INSERT INTO `sys_role_permission` VALUES ('1', '2');
+INSERT INTO `sys_role_permission` VALUES ('2', '1');
+INSERT INTO `sys_role_permission` VALUES ('2', '2');
 

uaa-service/src/main/java/com/diagbot/config/WebSecurityConfig.java

@@ -1,7 +1,6 @@
 package com.diagbot.config;
 
-
-import com.diagbot.service.UserServiceDetail;
+import com.diagbot.service.UrlUserService;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -9,7 +8,6 @@ import org.springframework.security.config.annotation.authentication.builders.Au
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.AuthenticationEntryPoint;
@@ -55,8 +53,8 @@ class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     }
 
     @Bean
-    UserDetailsService userServiceDetail() {
-        return new UserServiceDetail();
+    UrlUserService urlUserService() {
+        return new UrlUserService();
     }
 
     @Bean
@@ -66,6 +64,6 @@ class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     @Override
     protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-        auth.userDetailsService(userServiceDetail()).passwordEncoder(passwordEncoder());
+        auth.userDetailsService(urlUserService()).passwordEncoder(passwordEncoder());
     }
 }

uaa-service/src/main/java/com/diagbot/entity/Permission.java

@@ -0,0 +1,94 @@
+package com.diagbot.entity;
+
+import com.baomidou.mybatisplus.annotation.TableName;
+import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.TableId;
+import java.io.Serializable;
+
+/**
+ * <p>
+ * 
+ * </p>
+ *
+ * @author gaodm
+ * @since 2018-08-22
+ */
+@TableName("sys_permission")
+public class Permission implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    @TableId(value = "id", type = IdType.AUTO)
+    private Long id;
+
+    private String name;
+
+    private String descritpion;
+
+    private String url;
+
+    private Long pid;
+
+    private String method;
+
+
+    public Long getId() {
+        return id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getDescritpion() {
+        return descritpion;
+    }
+
+    public void setDescritpion(String descritpion) {
+        this.descritpion = descritpion;
+    }
+
+    public String getUrl() {
+        return url;
+    }
+
+    public void setUrl(String url) {
+        this.url = url;
+    }
+
+    public Long getPid() {
+        return pid;
+    }
+
+    public void setPid(Long pid) {
+        this.pid = pid;
+    }
+
+    public String getMethod() {
+        return method;
+    }
+
+    public void setMethod(String method) {
+        this.method = method;
+    }
+
+    @Override
+    public String toString() {
+        return "Permission{" +
+        ", id=" + id +
+        ", name=" + name +
+        ", descritpion=" + descritpion +
+        ", url=" + url +
+        ", pid=" + pid +
+        ", method=" + method +
+        "}";
+    }
+}

uaa-service/src/main/java/com/diagbot/entity/Role.java

@@ -1,52 +1,50 @@
 package com.diagbot.entity;
 
+import com.baomidou.mybatisplus.annotation.TableName;
 import com.baomidou.mybatisplus.annotation.IdType;
 import com.baomidou.mybatisplus.annotation.TableId;
-import org.springframework.security.core.GrantedAuthority;
-
 import java.io.Serializable;
 
 /**
  * <p>
- *
+ * 
  * </p>
  *
  * @author gaodm
- * @since 2018-08-02
+ * @since 2018-08-22
  */
-public class Role implements GrantedAuthority, Serializable {
+@TableName("sys_role")
+public class Role implements Serializable {
+
+    private static final long serialVersionUID = 1L;
 
-	@TableId(value = "id", type = IdType.AUTO)
-	private Long id;
-	private String name;
+    @TableId(value = "id", type = IdType.AUTO)
+    private Long id;
 
+    private String name;
 
-	public Long getId() {
-		return id;
-	}
 
-	public void setId(Long id) {
-		this.id = id;
-	}
+    public Long getId() {
+        return id;
+    }
 
-	public String getName() {
-		return name;
-	}
+    public void setId(Long id) {
+        this.id = id;
+    }
 
-	public void setName(String name) {
-		this.name = name;
-	}
+    public String getName() {
+        return name;
+    }
 
-	@Override
-	public String toString() {
-		return "Role{" +
-				", id=" + id +
-				", name=" + name +
-				"}";
-	}
+    public void setName(String name) {
+        this.name = name;
+    }
 
-	@Override
-	public String getAuthority() {
-		return name;
-	}
+    @Override
+    public String toString() {
+        return "Role{" +
+        ", id=" + id +
+        ", name=" + name +
+        "}";
+    }
 }

uaa-service/src/main/java/com/diagbot/entity/User.java

@@ -1,5 +1,9 @@
 package com.diagbot.entity;
 
+import com.baomidou.mybatisplus.annotation.TableName;
+import com.baomidou.mybatisplus.annotation.IdType;
+import com.baomidou.mybatisplus.annotation.TableId;
+import com.fasterxml.jackson.annotation.JsonIgnore;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 
@@ -7,94 +11,92 @@ import java.io.Serializable;
 import java.util.Collection;
 import java.util.List;
 
-
-import com.baomidou.mybatisplus.annotation.IdType;
-import com.baomidou.mybatisplus.annotation.TableId;
-
 /**
  * <p>
- *
+ * 
  * </p>
  *
  * @author gaodm
- * @since 2018-08-02
+ * @since 2018-08-22
  */
-public class User implements UserDetails, Serializable {
-	private static final long serialVersionUID = 1L;
-
-	@TableId(value = "id", type = IdType.AUTO)
-	private Long id;
-	private String password;
-	private String username;
-
-	private List<Role> authorities;
-
-	@Override
-	public String toString() {
-		return "User{" +
-				", id=" + id +
-				", password=" + password +
-				", username=" + username +
-				"}";
-	}
-
-
-	public User() {
-	}
-
-	public Long getId() {
-		return id;
-	}
-	public void setId(Long id) {
-		this.id = id;
-	}
-
-	@Override
-	public Collection<? extends GrantedAuthority> getAuthorities() {
-		return authorities;
-	}
-
-	public void setAuthorities(List<Role> authorities) {
-		this.authorities = authorities;
-	}
-
-	@Override
-	public String getUsername() {
-		return username;
-	}
-
-	public void setUsername(String username) {
-		this.username = username;
-	}
-
-	@Override
-	public String getPassword() {
-		return password;
-	}
-
-	public void setPassword(String password) {
-		this.password = password;
-	}
-
-	@Override
-	public boolean isAccountNonExpired() {
-		return true;
-	}
-
-	@Override
-	public boolean isAccountNonLocked() {
-		return true;
-	}
-
-	@Override
-	public boolean isCredentialsNonExpired() {
-		return true;
-	}
-
-	@Override
-	public boolean isEnabled() {
-		return true;
-	}
-
-
+@TableName("sys_user")
+public class User implements UserDetails,Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    @TableId(value = "id", type = IdType.AUTO)
+    private Long id;
+
+    private String password;
+
+    private String username;
+
+    private List<? extends GrantedAuthority> authorities;
+
+    @Override
+    @JsonIgnore
+    public boolean isAccountNonExpired() {
+        return true;
+    }
+
+    @Override
+    @JsonIgnore
+    public boolean isAccountNonLocked() {
+        return true;
+    }
+
+    @Override
+    @JsonIgnore
+    public boolean isCredentialsNonExpired() {
+        return true;
+    }
+
+    @Override
+    @JsonIgnore
+    public boolean isEnabled() {
+        return true;
+    }
+
+    @JsonIgnore
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return authorities;
+    }
+
+    public void setGrantedAuthorities(List<? extends GrantedAuthority> authorities) {
+        this.authorities = authorities;
+    }
+
+
+    public Long getId() {
+        return id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(String username) {
+        this.username = username;
+    }
+
+    @Override
+    public String toString() {
+        return "User{" +
+        ", id=" + id +
+        ", password=" + password +
+        ", username=" + username +
+        "}";
+    }
 }

uaa-service/src/main/java/com/diagbot/mapper/PermissionMapper.java

@@ -0,0 +1,18 @@
+package com.diagbot.mapper;
+
+import com.diagbot.entity.Permission;
+import com.baomidou.mybatisplus.core.mapper.BaseMapper;
+
+import java.util.List;
+
+/**
+ * <p>
+ *  Mapper 接口
+ * </p>
+ *
+ * @author gaodm
+ * @since 2018-08-22
+ */
+public interface PermissionMapper extends BaseMapper<Permission> {
+    List<Permission> getByUserId(Long userId);
+}

uaa-service/src/main/java/com/diagbot/mapper/UserMapper.java

@@ -12,5 +12,5 @@ import com.baomidou.mybatisplus.core.mapper.BaseMapper;
  * @since 2018-08-02
  */
 public interface UserMapper extends BaseMapper<User> {
-    User findByUsername(String username);
+    User getByUserName(String username);
 }

uaa-service/src/main/java/com/diagbot/service/UrlGrantedAuthority.java

@@ -0,0 +1,40 @@
+package com.diagbot.service;
+
+import org.springframework.security.core.GrantedAuthority;
+
+/**
+ * @Description:
+ * @author: gaodm
+ * @time: 2018/8/23 14:09
+ */
+public class UrlGrantedAuthority implements GrantedAuthority {
+
+    private String permissionUrl;
+    private String method;
+
+    public String getPermissionUrl() {
+        return permissionUrl;
+    }
+
+    public void setPermissionUrl(String permissionUrl) {
+        this.permissionUrl = permissionUrl;
+    }
+
+    public String getMethod() {
+        return method;
+    }
+
+    public void setMethod(String method) {
+        this.method = method;
+    }
+
+    public UrlGrantedAuthority(String permissionUrl, String method) {
+        this.permissionUrl = permissionUrl;
+        this.method = method;
+    }
+
+    @Override
+    public String getAuthority() {
+        return this.permissionUrl + ";"+this.method;
+    }
+}

uaa-service/src/main/java/com/diagbot/service/UrlUserService.java

@@ -0,0 +1,47 @@
+package com.diagbot.service;
+
+import com.diagbot.entity.Permission;
+import com.diagbot.entity.User;
+import com.diagbot.mapper.PermissionMapper;
+import com.diagbot.mapper.UserMapper;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @Description: 用户权限信息获取
+ * @author: gaodm
+ * @time: 2018/8/23 11:39
+ */
+@Service
+public class UrlUserService implements UserDetailsService {
+    @Autowired
+    UserMapper userMapper;
+    @Autowired
+    PermissionMapper permissionMapper;
+    @Override
+    public UserDetails loadUserByUsername(String userName) { //重写loadUserByUsername 方法获得 userdetails 类型用户
+
+        User user = userMapper.getByUserName(userName);
+        if (user != null) {
+            List<Permission> permissions = permissionMapper.getByUserId(user.getId());
+            List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
+            for (Permission permission : permissions) {
+                if (permission != null && permission.getName()!=null) {
+                    GrantedAuthority grantedAuthority = new UrlGrantedAuthority(permission.getUrl(),permission.getMethod());
+                    grantedAuthorities.add(grantedAuthority);
+                }
+            }
+            user.setGrantedAuthorities(grantedAuthorities);
+            return user;
+        } else {
+            throw new UsernameNotFoundException("admin: " + userName + " do not exist!");
+        }
+    }
+}

uaa-service/src/main/java/com/diagbot/service/UserServiceDetail.java

@@ -1,25 +0,0 @@
-package com.diagbot.service;
-
-
-import com.diagbot.mapper.UserMapper;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.stereotype.Service;
-
-/**
- * @Description: 实现用户详细信息
- * @author: gaodm
- * @time: 2018/8/2 16:47
- */
-@Service
-public class UserServiceDetail implements UserDetailsService {
-
-    @Autowired
-    private UserMapper userMapper;
-    @Override
-    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
-        return userMapper.findByUsername(username);
-    }
-}

uaa-service/src/main/resources/mapper/PermissionMapper.xml

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.diagbot.mapper.PermissionMapper">
+
+    <!-- 通用查询映射结果 -->
+    <resultMap id="BaseResultMap" type="com.diagbot.entity.Permission">
+        <id column="id" property="id" />
+        <result column="name" property="name" />
+        <result column="descritpion" property="descritpion" />
+        <result column="url" property="url" />
+        <result column="pid" property="pid" />
+        <result column="method" property="method" />
+    </resultMap>
+    
+    <select id="getByUserId" parameterType="java.lang.Long" resultType="com.diagbot.entity.Permission">
+      select p.*
+		from sys_user u
+        LEFT JOIN sys_user_role sru on u.id= sru.user_id
+        LEFT JOIN sys_role r on sru.role_id=r.id
+        LEFT JOIN sys_role_permission srp on srp.role_id=r.id
+        LEFT JOIN sys_permission p on p.id =srp.permission_id
+        where u.id=#{userId}
+ </select>
+</mapper>

uaa-service/src/main/resources/mapper/UserMapper.xml

@@ -14,16 +14,11 @@
         <id column="id" property="id" />
         <result column="password" property="password" />
         <result column="username" property="username" />
-        <collection property="authorities" ofType="com.diagbot.entity.Role">
-            <result column="name" property="name"/>
-        </collection>
     </resultMap>
 
-    <select id="findByUsername" parameterType="java.lang.String" resultMap="userMap">
-		select u.*,r.name
-		from user u
-        LEFT JOIN user_role ur on u.id= ur.user_id
-        LEFT JOIN role r on ur.role_id=r.id
-        where username= #{username}
+    <select id="getByUserName" parameterType="java.lang.String" resultMap="userMap">
+		select u.*
+		from sys_user u
+        where u.username= #{username}
 	</select>
 </mapper>

uaa-service/src/test/java/com/diagbot/CodeGeneration.java

@@ -53,9 +53,9 @@ public class CodeGeneration {
 
         // 策略配置
         StrategyConfig strategy = new StrategyConfig();
-//        strategy.setTablePrefix(new String[] { "sys_" });// 此处可以修改为您的表前缀
+        strategy.setTablePrefix(new String[] { "sys_" });// 此处可以修改为您的表前缀
         strategy.setNaming(NamingStrategy.underline_to_camel);// 表名生成策略
-        strategy.setInclude(new String[] { "user","role" }); // 需要生成的表
+        strategy.setInclude(new String[] { "sys_user","sys_role","sys_permission" }); // 需要生成的表
 
         strategy.setSuperServiceClass(null);
         strategy.setSuperServiceImplClass(null);

user-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java

@@ -0,0 +1,76 @@
+package com.diagbot.config.security;
+
+import org.springframework.security.access.AccessDecisionManager;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.authentication.InsufficientAuthenticationException;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.stereotype.Service;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Collection;
+import java.util.List;
+
+
+/**
+ * @Description:
+ * @author: gaodm
+ * @time: 2018/8/23 13:46
+ */
+@Service
+public class UrlAccessDecisionManager implements AccessDecisionManager {
+    @Override
+    public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
+        HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
+        String url, method;
+        if ("anonymousUser".equals(authentication.getPrincipal())
+                && (matchers("/swagger/**", request)
+                || matchers("/v2/**", request)
+                || matchers("/webjars/**", request)
+                || matchers("/user/login/**", request)
+                || matchers("/user/registry/**", request)
+                || matchers("/user/test/**", request)
+                || matchers("/druid/**", request)
+                || matchers("/actuator/**", request)
+                || matchers("/hystrix/**", request)
+                || matchers("/hi/**", request)
+                || matchers("/", request))) {
+            return;
+        } else {
+            for (GrantedAuthority ga : authentication.getAuthorities()) {
+                String[] authority = ga.getAuthority().split(";");
+                url = authority[0];
+                method = authority[1];
+                if (matchers(url, request)) {
+                    if (method.equals(request.getMethod()) || "ALL".equals(method)) {
+                        return;
+                    }
+                }
+            }
+        }
+        throw new AccessDeniedException("no right");
+    }
+
+
+    @Override
+    public boolean supports(ConfigAttribute attribute) {
+        return true;
+    }
+
+    @Override
+    public boolean supports(Class<?> clazz) {
+        return true;
+    }
+
+
+    private boolean matchers(String url, HttpServletRequest request) {
+        AntPathRequestMatcher matcher = new AntPathRequestMatcher(url);
+        if (matcher.matches(request)) {
+            return true;
+        }
+        return false;
+    }
+}

user-service/src/main/java/com/diagbot/config/security/UrlConfigAttribute.java

@@ -0,0 +1,29 @@
+package com.diagbot.config.security;
+
+import org.springframework.security.access.ConfigAttribute;
+
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * @Description:
+ * @author: gaodm
+ * @time: 2018/8/23 13:47
+ */
+public class UrlConfigAttribute implements ConfigAttribute {
+
+    private final HttpServletRequest httpServletRequest;
+
+    public UrlConfigAttribute(HttpServletRequest httpServletRequest) {
+        this.httpServletRequest = httpServletRequest;
+    }
+
+
+    @Override
+    public String getAttribute() {
+        return null;
+    }
+
+    public HttpServletRequest getHttpServletRequest() {
+        return httpServletRequest;
+    }
+}

user-service/src/main/java/com/diagbot/config/security/UrlFilterSecurityInterceptor.java

@@ -0,0 +1,79 @@
+package com.diagbot.config.security;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.SecurityMetadataSource;
+import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
+import org.springframework.security.access.intercept.InterceptorStatusToken;
+import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
+import org.springframework.stereotype.Service;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import java.io.IOException;
+
+/**
+ * @Description:
+ * @author: gaodm
+ * @time: 2018/8/23 13:47
+ */
+@Service
+public class UrlFilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
+
+
+    @Autowired
+    private FilterInvocationSecurityMetadataSource securityMetadataSource;
+
+    @Autowired
+    public void setUrlAccessDecisionManager(UrlAccessDecisionManager urlAccessDecisionManager) {
+        super.setAccessDecisionManager(urlAccessDecisionManager);
+    }
+
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+
+        FilterInvocation fi = new FilterInvocation(request, response, chain);
+        invoke(fi);
+    }
+
+
+    public void invoke(FilterInvocation fi) throws IOException, ServletException {
+        //fi里面有一个被拦截的url
+        //里面调用UrlMetadataSource的getAttributes(Object object)这个方法获取fi对应的所有权限
+        //再调用UrlAccessDecisionManager的decide方法来校验用户的权限是否足够
+        InterceptorStatusToken token = super.beforeInvocation(fi);
+        try {
+            //执行下一个拦截器
+            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
+        } finally {
+            super.afterInvocation(token, null);
+        }
+    }
+
+
+    @Override
+    public void destroy() {
+
+    }
+
+    @Override
+    public Class<?> getSecureObjectClass() {
+        return FilterInvocation.class;
+
+    }
+
+    @Override
+    public SecurityMetadataSource obtainSecurityMetadataSource() {
+        return this.securityMetadataSource;
+    }
+}

user-service/src/main/java/com/diagbot/config/security/UrlMetadataSourceService.java

@@ -0,0 +1,40 @@
+package com.diagbot.config.security;
+
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.web.FilterInvocation;
+import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
+import org.springframework.stereotype.Service;
+
+import javax.servlet.http.HttpServletRequest;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * @Description:
+ * @author: gaodm
+ * @time: 2018/8/23 13:47
+ */
+@Service
+public class UrlMetadataSourceService implements
+        FilterInvocationSecurityMetadataSource {
+
+    @Override
+    public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
+        final HttpServletRequest request = ((FilterInvocation) object).getRequest();
+        Set<ConfigAttribute> allAttributes = new HashSet<>();
+        ConfigAttribute configAttribute = new UrlConfigAttribute(request);
+        allAttributes.add(configAttribute);
+        return allAttributes;
+    }
+
+    @Override
+    public Collection<ConfigAttribute> getAllConfigAttributes() {
+        return null;
+    }
+
+    @Override
+    public boolean supports(Class<?> clazz) {
+        return true;
+    }
+}

user-service/src/main/java/com/diagbot/entity/User.java

@@ -2,6 +2,8 @@ package com.diagbot.entity;
 
 import com.baomidou.mybatisplus.annotation.IdType;
 import com.baomidou.mybatisplus.annotation.TableId;
+import com.baomidou.mybatisplus.annotation.TableName;
+
 import java.io.Serializable;
 
 /**
@@ -10,15 +12,18 @@ import java.io.Serializable;
  * </p>
  *
  * @author gaodm
- * @since 2018-08-02
+ * @since 2018-08-22
  */
+@TableName("sys_user")
 public class User implements Serializable {
 
     private static final long serialVersionUID = 1L;
 
     @TableId(value = "id", type = IdType.AUTO)
     private Long id;
+
     private String password;
+
     private String username;
 
 

user-service/src/main/java/com/diagbot/mapper/UserMapper.java

@@ -1,7 +1,6 @@
 package com.diagbot.mapper;
 
 import com.baomidou.mybatisplus.core.mapper.BaseMapper;
-import com.baomidou.mybatisplus.core.metadata.IPage;
 import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
 import com.diagbot.entity.User;
 import org.apache.ibatis.annotations.Param;

user-service/src/main/java/com/diagbot/web/UserController.java

@@ -53,7 +53,6 @@ public class UserController {
 
     @ApiOperation(value = "根据用户名获取用户", notes = "根据用户名获取用户")
     @PostMapping("/{username}")
-    @PreAuthorize("hasRole('USER')")
     @SysLogger("getUserInfo")
 //    @PreAuthorize("hasAnyAuthority('ROLE_USER')")
     public RespDTO getUserInfo(@PathVariable("username") String username){
@@ -64,9 +63,7 @@ public class UserController {
 
     @ApiOperation(value = "根据用户id获取用户信息", notes = "根据用户id获取用户信息")
     @PostMapping("/getById")
-    @PreAuthorize("hasRole('USER')")
-//    @SysLogger("getUserInfoByID")
-    //    @PreAuthorize("hasAnyAuthority('ROLE_USER')")
+    @SysLogger("getUserInfoByID")
     public RespDTO getUserInfoByID(Long id, Page page){
         //参数判读省略
         Page<Map> mapPage = new Page<>(page.getCurrent(),page.getSize());

user-service/src/main/resources/mapper/UserMapper.xml

@@ -10,15 +10,15 @@
     </resultMap>
 
     <select id="findByName" resultMap="BaseResultMap" parameterType="java.lang.String">
-        select * from user
+        select * from sys_user
         where username = #{username}
     </select>
 
     <select id="selectUserListPage" resultType="com.diagbot.entity.User">
 		select u.*
-		from user u
-        LEFT JOIN user_role ur on u.id= ur.user_id
-        LEFT JOIN role r on ur.role_id=r.id
+		from sys_user u
+        LEFT JOIN sys_user_role ur on u.id= ur.user_id
+        LEFT JOIN sys_role r on ur.role_id=r.id
         where 1=1
         <if test="user.id != null">
             and u.id = #{user.id}