权限控制菜单

由于不同的用户拥有不同的权限，所以在前端页面左侧侧边栏中，当用户拥有指定的权限时，才显示指定的子菜单
做1个监听器，监听到用户认证成功后，则获取该用户拥有的权限，重新封装1个SysUser对象交给security处理

 # core模块编写1个接口
public interface AuthenticationSuccessListener {
 
    void successListener(HttpServletRequest request, HttpServletResponse response, Authentication authentication);
 
}
 
# 监听器注入认证成功的处理器，监听该处理器
@Autowired(required = false) // 容器中可以不需要有接口的实现，如果有则自动注入
AuthenticationSuccessListener authenticationSuccessListener;
 
if(authenticationSuccessListener != null) {
    // 当认证之后 ，调用此监听，进行后续处理，比如加载用户权限菜单
    authenticationSuccessListener.successListener(request, response, authentication);
}
 
# web模块中实现该监听器，在实现类中获取并封装SysUser对象
@Component
public class MenuAuthenticationSuccessListener implements AuthenticationSuccessListener {
 
    Logger logger = LoggerFactory.getLogger(getClass());
 
    /**
     * 查询当前用户所拥有的权限菜单
     * 获取到权限后，会在AbstractUserDetailsService中将SysUser交给security处理
     * 前端根据每个人不同的权限显示不同的菜单
     * 前端获取每个人权限的方法，查看博客https://www.cnblogs.com/chniny/p/16409107.html
     */
    @Override
    public void successListener(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
        Object principal = authentication.getPrincipal();
        if(principal != null && principal instanceof SysUser) {
            SysUser sysUser = (SysUser)principal;
            loadMenuTree(sysUser);
        }
        // 打印每个用户所拥有的权限
        Object newPrincipal = authentication.getPrincipal();
        logger.info("newPrincipal: " + newPrincipal);
    }
 
    /**
     * 只加载菜单 ，不需要按钮
     * @param sysUser
     */
    public void loadMenuTree(SysUser sysUser) {
        // 获取到了当前登录用户的菜单 和按钮
        List<SysPermission> permissions = sysUser.getPermissions();
        if(CollectionUtils.isEmpty(permissions)) {
            return;
        }
        // 1. 获取权限集合中所有的菜单 ，不要按钮
        List<SysPermission> menuList = Lists.newArrayList();
        for(SysPermission p: permissions) {
            if(p.getType().equals(1)) {
                menuList.add(p);
            }
        }
        // 2. 获取一下每个菜单 的子菜单
        for(SysPermission menu: menuList) {
            // 存放当前菜单的所有子菜单
            List<SysPermission> childMenu = Lists.newArrayList();
            List<String> childUrl = Lists.newArrayList();
            // 获取menu菜单下的所有子菜单
            for(SysPermission p: menuList) {
                // 如果p.parentId等于menu.id则就是它的子菜单
                if(p.getParentId().equals(menu.getId())) {
                    childMenu.add(p);
                    childUrl.add(p.getUrl());
                }
            }
            // 设置子菜单
            menu.setChildren(childMenu);
            menu.setChildrenUrl(childUrl);
        }
        // 3. menuList 里面每个SysPermission都有一个 子菜单Children集合
        // 首页》Children没有元素， 系统管理SysPermission》Children有3个元素（用户，角色，权限）
        List<SysPermission> result = Lists.newArrayList();
        for(SysPermission menu: menuList) {
            // 如果父id是0，则根菜单
            if(menu.getParentId().equals(0L)) {
                result.add(menu);
            }
        }
        // 最终把获取的根菜单（子菜单集合）重新设置到permission集合中
        sysUser.setPermissions(result);
    }
 
}

测试

 # 浏览器
http://localhost/login
 
# 控制台
09:57:53.294  INFO 8128 --- [p-nio-80-exec-2] c.y.s.service.CustomUserDetailsService   : 请求认证的用户名: test
09:57:54.954  INFO 8128 --- [p-nio-80-exec-2] com.alibaba.druid.pool.DruidDataSource   : {dataSource-1} inited
09:57:54.958 DEBUG 8128 --- [p-nio-80-exec-2] c.y.s.mapper.SysUserMapper.selectOne     : ==>  Preparing: SELECT id,update_date,nick_name,mobile,is_account_non_locked,password,is_account_non_expired,is_credentials_non_expired,is_enabled,email,username,create_date FROM sys_user WHERE (username = ?) 
09:57:54.969 DEBUG 8128 --- [p-nio-80-exec-2] c.y.s.mapper.SysUserMapper.selectOne     : ==> Parameters: test(String)
09:57:55.002 DEBUG 8128 --- [p-nio-80-exec-2] c.y.s.mapper.SysUserMapper.selectOne     : <==      Total: 1
09:57:55.004 DEBUG 8128 --- [p-nio-80-exec-2] c.y.s.m.S.selectPermissionByUserId       : ==>  Preparing: SELECT DISTINCT p.id, p.parent_id, p. NAME, p. CODE, p.url, p.type, p.icon, p.remark, p.create_date, p.update_date FROM sys_user AS u LEFT JOIN sys_user_role AS ur ON u.id = ur.user_id LEFT JOIN sys_role AS r ON ur.role_id = r.id LEFT JOIN sys_role_permission AS rp ON rp.role_id = r.id LEFT JOIN sys_permission AS p ON rp.permission_id = p.id WHERE u.id = ? 
09:57:55.004 DEBUG 8128 --- [p-nio-80-exec-2] c.y.s.m.S.selectPermissionByUserId       : ==> Parameters: 10(Long)
09:57:55.026 DEBUG 8128 --- [p-nio-80-exec-2] c.y.s.m.S.selectPermissionByUserId       : <==      Total: 7
09:57:55.091  INFO 8128 --- [p-nio-80-exec-2] .y.s.a.MenuAuthenticationSuccessListener : 查询用户所拥有的权限菜单: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@c0f3a48d: Principal: SysUser(id=10, username=test, password=$2a$10$rDkPvvAFV8kqwvKJzwlRv.i.q.wz1w1pz0SFsHn/55jNeZFQv/eCm, isAccountNonExpired=true, isAccountNonLocked=true, isCredentialsNonExpired=true, isEnabled=true, authorities=[sys:permission:list, sys:manage, sys:user, sys:user:list, sys:role, sys:role:list, sys:permission], nickName=测试, mobile=16888886666, email=test11@qq.com, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Tue Aug 08 11:11:11 GMT+08:00 2023, roleList=[], roleIds=[], permissions=[SysPermission(id=29, parentId=28, parentName=根菜单, name=列表, code=sys:permission:list, url=null, type=2, icon=null, remark=权限列表, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Tue Aug 08 11:11:11 GMT+08:00 2023, children=null, childrenUrl=null), SysPermission(id=17, parentId=0, parentName=根菜单, name=系统管理, code=sys:manage, url=null, type=1, icon=fa fa-cogs, remark=null, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Wed Aug 09 15:26:28 GMT+08:00 2023, children=null, childrenUrl=null), SysPermission(id=18, parentId=17, parentName=根菜单, name=用户管理, code=sys:user, url=/user, type=1, icon=fa fa-users, remark=null, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Wed Aug 09 15:26:28 GMT+08:00 2023, children=null, childrenUrl=null), SysPermission(id=19, parentId=18, parentName=根菜单, name=列表, code=sys:user:list, url=, type=2, icon=, remark=员工列表, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Tue Aug 08 11:11:11 GMT+08:00 2023, children=null, childrenUrl=null), SysPermission(id=23, parentId=17, parentName=根菜单, name=角色管理, code=sys:role, url=/role, type=1, icon=fa fa-user-secret, remark=null, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Wed Aug 09 15:26:28 GMT+08:00 2023, children=null, childrenUrl=null), SysPermission(id=24, parentId=23, parentName=根菜单, name=列表, code=sys:role:list, url=null, type=2, icon=null, remark=角色列表, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Tue Aug 08 11:11:11 GMT+08:00 2023, children=null, childrenUrl=null), SysPermission(id=28, parentId=17, parentName=根菜单, name=权限管理, code=sys:permission, url=/permission, type=1, icon=fa fa-cog, remark=null, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Wed Aug 09 15:26:28 GMT+08:00 2023, children=null, childrenUrl=null)]); Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: sys:permission:list, sys:manage, sys:user, sys:user:list, sys:role, sys:role:list, sys:permission
09:57:55.092  INFO 8128 --- [p-nio-80-exec-2] .y.s.a.MenuAuthenticationSuccessListener : newPrincipal: SysUser(id=10, username=test, password=$2a$10$rDkPvvAFV8kqwvKJzwlRv.i.q.wz1w1pz0SFsHn/55jNeZFQv/eCm, isAccountNonExpired=true, isAccountNonLocked=true, isCredentialsNonExpired=true, isEnabled=true, authorities=[sys:permission:list, sys:manage, sys:user, sys:user:list, sys:role, sys:role:list, sys:permission], nickName=测试, mobile=16888886666, email=test11@qq.com, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Tue Aug 08 11:11:11 GMT+08:00 2023, roleList=[], roleIds=[], permissions=[SysPermission(id=17, parentId=0, parentName=根菜单, name=系统管理, code=sys:manage, url=null, type=1, icon=fa fa-cogs, remark=null, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Wed Aug 09 15:26:28 GMT+08:00 2023, children=[SysPermission(id=18, parentId=17, parentName=根菜单, name=用户管理, code=sys:user, url=/user, type=1, icon=fa fa-users, remark=null, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Wed Aug 09 15:26:28 GMT+08:00 2023, children=[], childrenUrl=[]), SysPermission(id=23, parentId=17, parentName=根菜单, name=角色管理, code=sys:role, url=/role, type=1, icon=fa fa-user-secret, remark=null, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Wed Aug 09 15:26:28 GMT+08:00 2023, children=[], childrenUrl=[]), SysPermission(id=28, parentId=17, parentName=根菜单, name=权限管理, code=sys:permission, url=/permission, type=1, icon=fa fa-cog, remark=null, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Wed Aug 09 15:26:28 GMT+08:00 2023, children=[], childrenUrl=[])], childrenUrl=[/user, /role, /permission])])
CustomAuthenticationSuccessHandler ---> success

posted @ 2022-06-30 10:11 DogLeftover 阅读(39) 评论(0) 编辑收藏举报

刷新页面返回顶部

登录后才能查看或发表评论，立即登录或者逛逛博客园首页

相关博文：

· 整合mybatis plus，实现数据库动态认证

· 权限资源管理

· 【学生管理系统】权限管理

· 手把手带你开发一套用户权限系统，精确到按钮级

· 【系统权限管理】SpringSecurity实现动态权限菜单控制（【Springboot系列】Springboot入门到项目实战）

阅读排行：
· DeepSeek 开源周回顾「GitHub 热点速览」
· 物流快递公司核心技术能力-地址解析分单基础技术分享
· .NET 10首个预览版发布：重大改进与新特性概览！
· AI与.NET技术实操系列（二）：开始使用ML.NET
· 单线程的Redis速度为什么快？

权限控制菜单

我的标签

合集 (4)

随笔分类 (1350)

阅读排行榜

推荐排行榜

	# core模块编写1个接口
	public interface AuthenticationSuccessListener {

	void successListener(HttpServletRequest request, HttpServletResponse response, Authentication authentication);

	}

	# 监听器注入认证成功的处理器，监听该处理器
	@Autowired(required = false) // 容器中可以不需要有接口的实现，如果有则自动注入
	AuthenticationSuccessListener authenticationSuccessListener;

	if(authenticationSuccessListener != null) {
	// 当认证之后，调用此监听，进行后续处理，比如加载用户权限菜单
	authenticationSuccessListener.successListener(request, response, authentication);
	}

	# web模块中实现该监听器，在实现类中获取并封装SysUser对象
	@Component
	public class MenuAuthenticationSuccessListener implements AuthenticationSuccessListener {

	Logger logger = LoggerFactory.getLogger(getClass());

	/**
	* 查询当前用户所拥有的权限菜单
	* 获取到权限后，会在AbstractUserDetailsService中将SysUser交给security处理
	* 前端根据每个人不同的权限显示不同的菜单
	* 前端获取每个人权限的方法，查看博客https://www.cnblogs.com/chniny/p/16409107.html
	*/
	@Override
	public void successListener(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
	Object principal = authentication.getPrincipal();
	if(principal != null && principal instanceof SysUser) {
	SysUser sysUser = (SysUser)principal;
	loadMenuTree(sysUser);
	}
	// 打印每个用户所拥有的权限
	Object newPrincipal = authentication.getPrincipal();
	logger.info("newPrincipal: " + newPrincipal);
	}

	/**
	* 只加载菜单，不需要按钮
	* @param sysUser
	*/
	public void loadMenuTree(SysUser sysUser) {
	// 获取到了当前登录用户的菜单和按钮
	List<SysPermission> permissions = sysUser.getPermissions();
	if(CollectionUtils.isEmpty(permissions)) {
	return;
	}
	// 1. 获取权限集合中所有的菜单，不要按钮
	List<SysPermission> menuList = Lists.newArrayList();
	for(SysPermission p: permissions) {
	if(p.getType().equals(1)) {
	menuList.add(p);
	}
	}
	// 2. 获取一下每个菜单的子菜单
	for(SysPermission menu: menuList) {
	// 存放当前菜单的所有子菜单
	List<SysPermission> childMenu = Lists.newArrayList();
	List<String> childUrl = Lists.newArrayList();
	// 获取menu菜单下的所有子菜单
	for(SysPermission p: menuList) {
	// 如果p.parentId等于menu.id则就是它的子菜单
	if(p.getParentId().equals(menu.getId())) {
	childMenu.add(p);
	childUrl.add(p.getUrl());
	}
	}
	// 设置子菜单
	menu.setChildren(childMenu);
	menu.setChildrenUrl(childUrl);
	}
	// 3. menuList 里面每个SysPermission都有一个子菜单Children集合
	// 首页》Children没有元素，系统管理SysPermission》Children有3个元素（用户，角色，权限）
	List<SysPermission> result = Lists.newArrayList();
	for(SysPermission menu: menuList) {
	// 如果父id是0，则根菜单
	if(menu.getParentId().equals(0L)) {
	result.add(menu);
	}
	}
	// 最终把获取的根菜单（子菜单集合）重新设置到permission集合中
	sysUser.setPermissions(result);
	}

	}

	# 浏览器
	http://localhost/login

	# 控制台
	09:57:53.294 INFO 8128 --- [p-nio-80-exec-2] c.y.s.service.CustomUserDetailsService : 请求认证的用户名: test
	09:57:54.954 INFO 8128 --- [p-nio-80-exec-2] com.alibaba.druid.pool.DruidDataSource : {dataSource-1} inited
	09:57:54.958 DEBUG 8128 --- [p-nio-80-exec-2] c.y.s.mapper.SysUserMapper.selectOne : ==> Preparing: SELECT id,update_date,nick_name,mobile,is_account_non_locked,password,is_account_non_expired,is_credentials_non_expired,is_enabled,email,username,create_date FROM sys_user WHERE (username = ?)
	09:57:54.969 DEBUG 8128 --- [p-nio-80-exec-2] c.y.s.mapper.SysUserMapper.selectOne : ==> Parameters: test(String)
	09:57:55.002 DEBUG 8128 --- [p-nio-80-exec-2] c.y.s.mapper.SysUserMapper.selectOne : <== Total: 1
	09:57:55.004 DEBUG 8128 --- [p-nio-80-exec-2] c.y.s.m.S.selectPermissionByUserId : ==> Preparing: SELECT DISTINCT p.id, p.parent_id, p. NAME, p. CODE, p.url, p.type, p.icon, p.remark, p.create_date, p.update_date FROM sys_user AS u LEFT JOIN sys_user_role AS ur ON u.id = ur.user_id LEFT JOIN sys_role AS r ON ur.role_id = r.id LEFT JOIN sys_role_permission AS rp ON rp.role_id = r.id LEFT JOIN sys_permission AS p ON rp.permission_id = p.id WHERE u.id = ?
	09:57:55.004 DEBUG 8128 --- [p-nio-80-exec-2] c.y.s.m.S.selectPermissionByUserId : ==> Parameters: 10(Long)
	09:57:55.026 DEBUG 8128 --- [p-nio-80-exec-2] c.y.s.m.S.selectPermissionByUserId : <== Total: 7
	09:57:55.091 INFO 8128 --- [p-nio-80-exec-2] .y.s.a.MenuAuthenticationSuccessListener : 查询用户所拥有的权限菜单: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@c0f3a48d: Principal: SysUser(id=10, username=test, password=$2a$10$rDkPvvAFV8kqwvKJzwlRv.i.q.wz1w1pz0SFsHn/55jNeZFQv/eCm, isAccountNonExpired=true, isAccountNonLocked=true, isCredentialsNonExpired=true, isEnabled=true, authorities=[sys:permission:list, sys:manage, sys:user, sys:user:list, sys:role, sys:role:list, sys:permission], nickName=测试, mobile=16888886666, email=test11@qq.com, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Tue Aug 08 11:11:11 GMT+08:00 2023, roleList=[], roleIds=[], permissions=[SysPermission(id=29, parentId=28, parentName=根菜单, name=列表, code=sys:permission:list, url=null, type=2, icon=null, remark=权限列表, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Tue Aug 08 11:11:11 GMT+08:00 2023, children=null, childrenUrl=null), SysPermission(id=17, parentId=0, parentName=根菜单, name=系统管理, code=sys:manage, url=null, type=1, icon=fa fa-cogs, remark=null, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Wed Aug 09 15:26:28 GMT+08:00 2023, children=null, childrenUrl=null), SysPermission(id=18, parentId=17, parentName=根菜单, name=用户管理, code=sys:user, url=/user, type=1, icon=fa fa-users, remark=null, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Wed Aug 09 15:26:28 GMT+08:00 2023, children=null, childrenUrl=null), SysPermission(id=19, parentId=18, parentName=根菜单, name=列表, code=sys:user:list, url=, type=2, icon=, remark=员工列表, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Tue Aug 08 11:11:11 GMT+08:00 2023, children=null, childrenUrl=null), SysPermission(id=23, parentId=17, parentName=根菜单, name=角色管理, code=sys:role, url=/role, type=1, icon=fa fa-user-secret, remark=null, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Wed Aug 09 15:26:28 GMT+08:00 2023, children=null, childrenUrl=null), SysPermission(id=24, parentId=23, parentName=根菜单, name=列表, code=sys:role:list, url=null, type=2, icon=null, remark=角色列表, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Tue Aug 08 11:11:11 GMT+08:00 2023, children=null, childrenUrl=null), SysPermission(id=28, parentId=17, parentName=根菜单, name=权限管理, code=sys:permission, url=/permission, type=1, icon=fa fa-cog, remark=null, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Wed Aug 09 15:26:28 GMT+08:00 2023, children=null, childrenUrl=null)]); Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: null; Granted Authorities: sys:permission:list, sys:manage, sys:user, sys:user:list, sys:role, sys:role:list, sys:permission
	09:57:55.092 INFO 8128 --- [p-nio-80-exec-2] .y.s.a.MenuAuthenticationSuccessListener : newPrincipal: SysUser(id=10, username=test, password=$2a$10$rDkPvvAFV8kqwvKJzwlRv.i.q.wz1w1pz0SFsHn/55jNeZFQv/eCm, isAccountNonExpired=true, isAccountNonLocked=true, isCredentialsNonExpired=true, isEnabled=true, authorities=[sys:permission:list, sys:manage, sys:user, sys:user:list, sys:role, sys:role:list, sys:permission], nickName=测试, mobile=16888886666, email=test11@qq.com, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Tue Aug 08 11:11:11 GMT+08:00 2023, roleList=[], roleIds=[], permissions=[SysPermission(id=17, parentId=0, parentName=根菜单, name=系统管理, code=sys:manage, url=null, type=1, icon=fa fa-cogs, remark=null, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Wed Aug 09 15:26:28 GMT+08:00 2023, children=[SysPermission(id=18, parentId=17, parentName=根菜单, name=用户管理, code=sys:user, url=/user, type=1, icon=fa fa-users, remark=null, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Wed Aug 09 15:26:28 GMT+08:00 2023, children=[], childrenUrl=[]), SysPermission(id=23, parentId=17, parentName=根菜单, name=角色管理, code=sys:role, url=/role, type=1, icon=fa fa-user-secret, remark=null, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Wed Aug 09 15:26:28 GMT+08:00 2023, children=[], childrenUrl=[]), SysPermission(id=28, parentId=17, parentName=根菜单, name=权限管理, code=sys:permission, url=/permission, type=1, icon=fa fa-cog, remark=null, createDate=Tue Aug 08 11:11:11 GMT+08:00 2023, updateDate=Wed Aug 09 15:26:28 GMT+08:00 2023, children=[], childrenUrl=[])], childrenUrl=[/user, /role, /permission])])
	CustomAuthenticationSuccessHandler ---> success