Today, I’m going to take you into an area full of strategy and excitement-permission battles. In this battle, our protagonists are the RABC permission model (Role-Based Access Control) and Spring Security. Together, they will create a safe and stable world for us.
Permission model: the maker of game rules
First, we compare the permission model to a huge game, and our task is to plan the rules of this game. In this game, we have role players such as User, Role, and Permission. They each have unique skills, and the table structure in the database is the map of our game world, filled with tasks and secrets.
-- User table</code><code>CREATE TABLE users (</code><code> id INT PRIMARY KEY AUTO_INCREMENT,</code><code> username VARCHAR(50) NOT NULL,</code> <code> password VARCHAR(100) NOT NULL</code><code>);
-- role table</code><code>CREATE TABLE roles (</code><code> id INT PRIMARY KEY AUTO_INCREMENT,</code><code> role_name VARCHAR(50) NOT NULL</code><code>);
-- User role association table</code><code>CREATE TABLE user_roles (</code><code> user_id INT,</code><code> role_id INT,</code><code> PRIMARY KEY ( user_id, role_id),</code><code> FOREIGN KEY (user_id) REFERENCES users(id),</code><code> FOREIGN KEY (role_id) REFERENCES roles(id)</code><code>);< /pre> <p></p> <pre>-- Permission table</code><code>CREATE TABLE permissions (</code><code> id INT PRIMARY KEY AUTO_INCREMENT,</code><code> permission_name VARCHAR(50) NOT NULL</code><code>);
-- Role permission association table</code><code>CREATE TABLE role_permissions (</code><code> role_id INT,</code><code> permission_id INT,</code><code> PRIMARY KEY ( role_id, permission_id),</code><code> FOREIGN KEY (role_id) REFERENCES roles(id),</code><code> FOREIGN KEY (permission_id) REFERENCES permissions(id)</code><code>);< /pre>
<p>There are countless treasures hidden on this map. Our players need to explore this territory and challenge various tasks.</p>
<h4>Java Code: The Magnificent Mission of the Permission Warrior</h4>
<p>In the Java world, our permission warriors are defined using Java classes. They each have different specialties and can handle a variety of permission requirements. Let us have a look at their style:</p>
<p></p>
<pre>// User class public class User {<!-- --></code><code> private String username;</code><code> private String password;</code><code> private List< Role> roles;</code><code> </code><code> // Omit the constructor and getter and setter methods</code><code>}</code>
<code>//Role class public class Role {<!-- --></code><code> private String roleName;</code><code> private List<Permission> permissions;</code><code> </code><code> // Omit the constructor and getter and setter methods</code><code>}</code>
<code>// Permission class public class Permission {<!-- --></code><code> private String permissionName;</code><code> </code><code> // Omit the constructor and getter , setter method</code><code>}
These Java classes are our permission warriors. They will perform the tasks assigned by us to ensure the security and stability of the system.
Spring Security: The addition of guardians
However, in this challenging game, we also need powerful guardians, and they are Spring Security. Spring Security provides an impenetrable line of defense to protect our systems from external threats. Its addition allows our permission warriors to focus more on performing tasks without having to worry about security issues.
Under the protection of Spring Security, we can use @PreAuthorize annotations and configuration files to define more complex permission rules to ensure that each permission warrior can achieve its maximum potential:
@PreAuthorize("hasRole('ADMIN') and hasPermission('WRITE')")public void performAdminAction() {<!-- --></code><code> // Only users with ADMIN role and WRITE permission can execute this method</code><code>}
The following is a complete Spring Security case, including configuration, database table structure and Java code. In this case, we will use Spring Security to implement a simple role-based permission control system.
-
Configuration file:
First, configure the database connection and Spring Security in the application.properties (or application.yml) file.
propertiesCopy code</code><code># Database connection configuration</code><code>spring.datasource.url=jdbc:mysql://localhost:3306/security_example</code><code>spring.datasource .username=root</code><code>spring.datasource.password=root</code> <code># Spring Security Configuration</code><code>spring.security.user.name=admin</code><code>spring.security.user.password=admin_password
-
Database table structure:
Create a database table structure, including the relationships between users, roles, and permissions. See SQL above
-
Java code:
Create entity classes and Spring Security configuration classes.
// User class</code><code>@Entity</code><code>@Table(name = "users")</code><code>public class User implements UserDetails {<!- - --></code><code>// User class @Entity@Table(name = "users")public class User implements UserDetails {<!-- --></code><code> @Id @GeneratedValue(strategy = GenerationType.IDENTITY)private Long id;</code><code> </code><code> private String username;</code><code> private String password;</code><code> </code><code> // Omit other attributes and getter and setter methods @Overridepublic Collection<? extends GrantedAuthority> getAuthorities() {<!-- --></code><code> // Return the user-owned properties here Permissions, you can query the user's role and permission information from the database</code><code> List<GrantedAuthority> authorities = new ArrayList<>();</code><code> // Query the user's role and permission information, and Add it to authorities return authorities;</code><code> }</code>
<code> // Omit the implementation of other interface methods</code><code>}</code>
<code>// Role class @Entity@Table(name = "roles")public class Role {<!-- --></code><code> @Id@GeneratedValue(strategy = GenerationType.IDENTITY)private Long id;</code><code> </code><code> private String roleName;</code><code> </code><code> // Omit other attributes and getter and setter methods</code><code>}</code>
<code>//Permission class @Entity@Table(name = "permissions")public class Permission {<!-- --></code><code> @Id@GeneratedValue(strategy = GenerationType.IDENTITY)private Long id;</code><code> </code><code> private String permissionName;</code><code> </code><code> // Omit other attributes and getter and setter methods</code><code>}</code>
<code>// Spring Security configuration class @Configuration@EnableWebSecuritypublic class SecurityConfig extends WebSecurityConfigurerAdapter {<!-- --></code><code> </code><code> @Autowiredprivate UserDetailsService userDetailsService;</code><code> </code><code> @Overrideprotected void configure(HttpSecurity http) throws Exception {<!-- --></code><code> http.authorizeRequests()</code><code> .antMatchers(" /admin").hasRole("ADMIN")</code><code> .antMatchers("/user").hasRole("USER")</code><code> .and( )</code><code> .formLogin()</code><code> .and()</code><code> .logout().logoutSuccessUrl("/login").permitAll();</code><code> }</code><code> </code><code> @Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {<!-- --></code><code> auth.userDetailsService( userDetailsService);</code><code> }</code><code>}
In this case, we used Spring Security’s default login page and logout functionality. User’s role and permission information can be dynamically loaded from the database. In actual projects, you can customize and expand it according to your needs to meet specific business needs. I hope this case can help you understand how to use Spring Security to implement a role-based permission control system.
Epilogue: A wonderful adventure in the permission war
Through the RABC permission model, Java’s permission warriors, and the guardians of Spring Security, we have experienced an interesting and challenging permission battle together. This adventure not only allowed us to better understand the nature of permission control, but also exercised our programming skills. In future projects, we can deal with various permission challenges more calmly and create a more secure, stable, and powerful system.
I hope you can also join our permission battle, explore with us, and challenge endless possibilities! Let’s start this exciting adventure of permission war together!
The knowledge points of the article match the official knowledge files, and you can further learn related knowledge. Java Skill TreeHomepageOverview 139,294 people are learning the system