bilibili官网网页入口_软件推广兼职可以做吗_竞价托管哪家专业_灰色行业推广渠道

时间:2025/8/29 10:21:22来源：https://blog.csdn.net/2301_79499223/article/details/146393424 浏览次数:0次

在实现 RBAC（基于角色的访问控制）后，我们需要向数据库中插入一些测试数据，并验证权限管理是否正常工作。以下是详细的步骤和代码示例，展示如何插入测试数据并进行测试。

1. 插入测试数据

1.1 插入角色和权限

在数据库中插入一些角色和权限数据。例如：

插入角色：

INSERT INTO role (name) VALUES ('ADMIN');
INSERT INTO role (name) VALUES ('USER');

插入权限：

INSERT INTO permission (name) VALUES ('READ');
INSERT INTO permission (name) VALUES ('WRITE');
INSERT INTO permission (name) VALUES ('DELETE');

关联角色和权限：

-- ADMIN 角色拥有 READ、WRITE、DELETE 权限
INSERT INTO role_permission (role_id, permission_id) VALUES (1, 1);
INSERT INTO role_permission (role_id, permission_id) VALUES (1, 2);
INSERT INTO role_permission (role_id, permission_id) VALUES (1, 3);-- USER 角色拥有 READ 权限
INSERT INTO role_permission (role_id, permission_id) VALUES (2, 1);

1.2 插入用户

插入一些用户数据，并关联角色。

插入用户：

-- 密码使用 BCrypt 加密后的值（例如 "password" 加密后为 "$2a$10$...")
INSERT INTO user (username, password, enabled) VALUES ('admin', '$2a$10$...', true);
INSERT INTO user (username, password, enabled) VALUES ('user', '$2a$10$...', true);

关联用户和角色：

-- admin 用户拥有 ADMIN 角色
INSERT INTO user_role (user_id, role_id) VALUES (1, 1);-- user 用户拥有 USER 角色
INSERT INTO user_role (user_id, role_id) VALUES (2, 2);

2. 创建测试 API

在 com.jd.jdmall.controller 包下创建测试控制器，用于验证权限管理。

TestController.java

package com.jd.jdmall.controller;import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;@RestController
@RequestMapping("/api")
public class TestController {@GetMapping("/public")public String publicEndpoint() {return "This is a public endpoint.";}@GetMapping("/admin")@PreAuthorize("hasRole('ADMIN')") // 仅允许 ADMIN 角色访问public String adminEndpoint() {return "This is an admin endpoint.";}@GetMapping("/user")@PreAuthorize("hasRole('USER')") // 仅允许 USER 角色访问public String userEndpoint() {return "This is a user endpoint.";}@GetMapping("/read")@PreAuthorize("hasAuthority('READ')") // 仅允许拥有 READ 权限的用户访问public String readEndpoint() {return "This is a read endpoint.";}@GetMapping("/write")@PreAuthorize("hasAuthority('WRITE')") // 仅允许拥有 WRITE 权限的用户访问public String writeEndpoint() {return "This is a write endpoint.";}@GetMapping("/delete")@PreAuthorize("hasAuthority('DELETE')") // 仅允许拥有 DELETE 权限的用户访问public String deleteEndpoint() {return "This is a delete endpoint.";}
}

3. 配置 Spring Security

在 SecurityConfig.java 中配置权限规则，确保 API 的访问受到 RBAC 控制。

SecurityConfig.java

package com.jd.jdmall.config;import com.jd.jdmall.service.CustomUserDetailsService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;@Configuration
@EnableWebSecurity
@EnableMethodSecurity(prePostEnabled = true) // 启用方法级别的权限控制
public class SecurityConfig {private final CustomUserDetailsService userDetailsService;public SecurityConfig(CustomUserDetailsService userDetailsService) {this.userDetailsService = userDetailsService;}@Beanpublic SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {http.authorizeHttpRequests(auth -> auth.requestMatchers("/api/public").permitAll() // 放行公共 API.anyRequest().authenticated()) // 其他 API 需要认证.formLogin(form -> form.loginPage("/login") // 自定义登录页面.permitAll()).logout(logout -> logout.permitAll()).userDetailsService(userDetailsService); // 使用自定义 UserDetailsServicereturn http.build();}@Beanpublic PasswordEncoder passwordEncoder() {return new BCryptPasswordEncoder();}
}