Casbin 是一个权限框架,这里就不多赘述了,有兴趣自己了解: Casbin,这里我们使用的是JCasbin。
[request_definition]
r = sub, obj, act
[policy_definition]
p = sub, obj, act
[policy_effect]
e = some(where (p.eft == allow))
[matchers]
m = r.sub == p.sub && keyMatch(r.obj, p.obj) && regexMatch(r.act, p.act)
3.这里采用Mysql作为Policy来源,数据库模型可参考 数据库存储格式
废话不多说,开始上代码
第一步:导入maven
<!-- Jcasbin -->
<dependency>
<groupId>org.casbin</groupId>
<artifactId>jcasbin</artifactId>
<version>1.4.0</version>
</dependency>
<dependency>
<groupId>org.casbin</groupId>
<artifactId>jdbc-adapter</artifactId>
<version>2.0.0</version>
</dependency>
第二步:配置JDBCAdapter
先看一步源码,这里有一个坑,读第一列的时候数据库一般是id,而CasbinRule类这里没有id这个字段,就会导致一个转换异常,也是踩了坑才发现,如果你数据库中Policy没有用id而是和CasbinRule对称,那你可以直接使用源码配置,直接注入JDBCAdapter(datasource),不需要采取第二步的配置
我这里只实现了加载规则loadPolicy,这是我抄源码进行部分修改,重新实现JDBCAdapter
class CasbinRule {
String ptype;
String v0;
String v1;
String v2;
CasbinRule() {
}
}
public class JcasbinJDBCAdapter implements Adapter {
private DataSource dataSource;
public JcasbinJDBCAdapter(DataSource dataSource) throws Exception {
this.dataSource = null;
this.dataSource = dataSource;
}
private void loadPolicyLine(CasbinRule line, Model model) {
String lineText = line.ptype;
if (!line.v0.equals("")) {
lineText = lineText + ", " + line.v0;
}
if (!line.v1.equals("")) {
lineText = lineText + ", " + line.v1;
}
if (!line.v2.equals("")) {
lineText = lineText + ", " + line.v2;
}
Helper.loadPolicyLine(lineText, model);
}
public void loadPolicy(Model model) {
try {
Connection conn = this.dataSource.getConnection();
Throwable var3 = null;
try {
Statement stmt = conn.createStatement();
ResultSet rSet = stmt.executeQuery("SELECT * FROM casbin_rule");
ResultSetMetaData rData = rSet.getMetaData();
while (rSet.next()) {
CasbinRule line = new CasbinRule();
for (int i = 2; i <= rData.getColumnCount(); ++i) {
if (i == 2) {
line.ptype = rSet.getObject(i) == null ? "" : (String) rSet.getObject(i);
}
else if (i == 3) {
line.v0 = rSet.getObject(i) == null ? "" : (String) rSet.getObject(i);
}
else if (i == 4) {
line.v1 = rSet.getObject(i) == null ? "" : (String) rSet.getObject(i);
}
else if (i == 5) {
line.v2 = rSet.getObject(i) == null ? "" : (String) rSet.getObject(i);
}
}
this.loadPolicyLine(line, model);
}
rSet.close();
}
catch (Throwable var17) {
var3 = var17;
throw var17;
}
finally {
if (conn != null) {
if (var3 != null) {
try {
conn.close();
}
catch (Throwable var16) {
var3.addSuppressed(var16);
}
}
else {
conn.close();
}
}
}
}
catch (SQLException var19) {
var19.printStackTrace();
throw new Error(var19);
}
}
@Override
public void savePolicy(Model model) {
}
@Override
public void addPolicy(String sec, String ptype, List<String> rule) {
}
@Override
public void removePolicy(String sec, String ptype, List<String> rule) {
}
@Override
public void removeFilteredPolicy(String sec, String ptype, int fieldIndex, String... fieldValues) {
}
}
第三步:配置Casbin
@Configuration
@Slf4j
public class JcasbinAdapterConfiguration {
//配置model.conf的绝对路径
//至于为什么使用采用配置来加载,是因为如果打成jar情况下会读不到相对路径,算是踩过的一个坑
@Value("${config.model-path:}")
private String modelPath;
@Autowired
private DataSource dataSource;
// 这段是呼应上一部分数据库中没有id字段直接与CasbinRule类对称
// @Bean
// public JDBCAdapter() throws Exception {
// return new JDBCAdapter(dataSource);
// }
@Bean
public JcasbinJDBCAdapter jdbcAdapter() throws Exception {
return new JcasbinJDBCAdapter(dataSource);
}
@Bean
public Enforcer enforcer(JcasbinJDBCAdapter jcasbinJDBCAdapter) throws Exception {
return new Enforcer(modelPath, jcasbinJDBCAdapter);
}
}
第四步:使用Casbin
@RestController
@RequestMapping("/")
public class DataarcheDesignBuildingController {
@Autowired
private Enforcer enforcer;
@GatMapping("/test1")
public R test(){
string authorityId = "888";
string requestURI= "/a";
string requestmethod= "GET";
boolean enforce = enforcer.enforce(authorityId, requestURI, requestmethod);
}
}
