权限模型设计完全指南

张

张建站

2026/5/25 0:51:42

10分钟阅读

权限模型设计完全指南前言合理的权限模型设计是系统安全的基础本文介绍常见的权限模型及其实现。一、权限模型1.1 RBAC模型┌─────────────────────────────────────────────────────┐ │ RBAC Model │ │ │ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ │ │ │ User │─────▶│ Role │◀─────│ Permission│ │ │ └──────────┘ └──────────┘ └──────────┘ │ │ │ │ │ │ │ │ ┌──────────────┘ │ │ │ │ │ │ │ │ ▼ ▼ ▼ │ │ ┌──────────┐ ┌──────────┐│ │ │ User-Role│ │Role-Perm ││ │ └──────────┘ └──────────┘│ └─────────────────────────────────────────────────────┘1.2 数据模型Entity Table(name users) public class User { Id GeneratedValue(strategy GenerationType.IDENTITY) private Long id; Column(unique true) private String username; private String password; ManyToMany(fetch FetchType.EAGER) JoinTable( name user_roles, joinColumns JoinColumn(name user_id), inverseJoinColumns JoinColumn(name role_id) ) private SetRole roles; } Entity Table(name roles) public class Role { Id GeneratedValue(strategy GenerationType.IDENTITY) private Long id; Column(unique true) private String name; ManyToMany(fetch FetchType.EAGER) JoinTable( name role_permissions, joinColumns JoinColumn(name role_id), inverseJoinColumns JoinColumn(name permission_id) ) private SetPermission permissions; } Entity Table(name permissions) public class Permission { Id GeneratedValue(strategy GenerationType.IDENTITY) private Long id; Column(unique true) private String code; private String name; private String description; }二、权限服务2.1 权限检查Service RequiredArgsConstructor public class PermissionService { public boolean hasPermission(Authentication authentication, String permission) { if (authentication null || permission null) { return false; } Collection? extends GrantedAuthority authorities authentication.getAuthorities(); return authorities.stream() .anyMatch(auth - auth.getAuthority().equals(permission) || auth.getAuthority().equals(ROLE_ADMIN)); } public boolean hasAnyPermission(Authentication authentication, String... permissions) { if (authentication null || permissions null) { return false; } return Arrays.stream(permissions) .anyMatch(perm - hasPermission(authentication, perm)); } }三、总结RBAC模型是权限管理的基础通过用户-角色-权限的映射关系可以实现灵活的权限控制。