Java 如何仅限制某些用户访问应用程序中的特定功能?
我正在使用Angular和Java Spring引导。我的问题是,我应该在哪里修改代码,只允许某些用户访问特定功能?我应该触摸后端的哪个部分?至于现在,每个人都可以访问 我相信这就是密码,对吗?因此,我需要限制对名为Java 如何仅限制某些用户访问应用程序中的特定功能?,java,angular,spring-boot,Java,Angular,Spring Boot,我正在使用Angular和Java Spring引导。我的问题是,我应该在哪里修改代码,只允许某些用户访问特定功能?我应该触摸后端的哪个部分?至于现在,每个人都可以访问 我相信这就是密码,对吗?因此,我需要限制对名为变更计划的客户模块下的函数的访问。假设授权用户是A、B、C、D,我该怎么做 const routes: Routes = [ { path: '', redirectTo: genRouterLink([RouteConstant.POSTLOGIN, Route
变更计划的客户模块下的函数的访问。假设授权用户是A、B、C、D,我该怎么做
const routes: Routes = [
{
path: '',
redirectTo: genRouterLink([RouteConstant.POSTLOGIN, RouteConstant.DASHBOARD]),
pathMatch: 'full'
},
{
path: '',
component: PreloginComponent,
children: [
{
path: RouteConstant.LOGIN,
component: LoginComponent,
},
{
path: RouteConstant.ACCOUNT_OPENING,
loadChildren: () => import('./feature/dealer-account-opening/dealer-account-opening.module').then(m => m.DealerAccountOpeningModule)
},
{
path: RouteConstant.FORGOT_PASSWORD,
component: ForgotPasswordComponent,
},
{
path: RouteConstant.RESET_PASSWORD,
component: ResetPasswordComponent,
},
]
},
{
path: RouteConstant.POSTLOGIN,
component: PostloginComponent,
canActivateChild: [AuthGuard],
children: [
{
path: '',
redirectTo: RouteConstant.DASHBOARD,
pathMatch: 'full'
},
{
path: RouteConstant.DASHBOARD,
loadChildren: () => import('./feature/dashboard/dashboard.module').then(m => m.DashboardModule)
},
{
path: RouteConstant.REGO,
loadChildren: () => import('./feature/rego/rego.module').then(m => m.RegoModule)
},
{
path: RouteConstant.CUSTOMERS,
loadChildren: () => import('./feature/customers/customers.module').then(m => m.CustomersModule)
},
landing.component.html
<div class="my-2" *ngIf="(dealer$ | async).userName == 'admin' || (dealer$ | async).userName == 'GCS001'">
<button class="w-100" mat-raised-button color="accent"
(click)="navigate([RouteConstant.POSTLOGIN, RouteConstant.CUSTOMERS, RouteConstant.CHANGE_PLAN])">Change Plan</button>
</div>
变更计划
着陆组件
export class LandingComponent implements OnInit {
offerSelection: Array<SelectModel> = [];
dealerAcctBalance: number;
planSelected: string;
RouteConstant = RouteConstant;
@Select(DealerState.getDealer)
dealer$: Observable<DealerUserModel>;
constructor(private fb: FormBuilder, private router: Router,
private walletRestService: WalletRestService, private store: Store,
private modalService: ModalService, private currencyPipe: CurrencyPipe) {
}
ngOnInit(): void {
this.initPlanSelection();
this.getWalletBalance();
}
initPlanSelection(): void {
this.offerSelection = PlanConstant.OFFER_PLAN_SELECTION.map((plan: PlanModel) => {
return {
label: plan.planName,
value: plan.planKey
}
});
this.planSelected = this.offerSelection[0].value;
}
private getWalletBalance() {
const dealerId: string = this.store.selectSnapshot(DealerState.getDealerId);
this.walletRestService.retrieveWalletAmount(dealerId).subscribe((genericResponseModel: GenericResponseModel) => {
this.dealerAcctBalance = genericResponseModel.walletAmount;
this.store.dispatch(new SetWalletBalance(this.dealerAcctBalance));
}, (err) => {
console.error(err);
});
}
导出类着陆组件实现OnInit{
offerSelection:Array=[];
dealerAcctBalance:编号;
所选平面:字符串;
RouteConstant=RouteConstant;
@选择(DealerState.getDealer)
交易商美元:可观察;
构造函数(专用fb:FormBuilder、专用路由器:路由器、,
私人walletRestService:walletRestService,私人商店:商店,
专用modalService:modalService,专用currencyPipe:currencyPipe){
}
ngOnInit():void{
这是.initPlanSelection();
这个.getWalletBalance();
}
initPlanSelection():void{
this.offerSelection=PlanConstant.OFFER\u PLAN\u SELECTION.map((PLAN:PlanModel)=>{
返回{
标签:plan.planName,
价值:plan.planKey
}
});
this.planSelected=this.offerSelection[0]。值;
}
私有getWalletBalance(){
const dealerId:string=this.store.selectSnapshot(DealerState.getDealerId);
this.walletRestService.retrieveWalletAmount(dealerId).subscribe((genericResponseModel:genericResponseModel)=>{
this.dealerAcctBalance=generiresponsemodel.walletAmount;
this.store.dispatch(新的SetWalletBalance(this.dealerAcctBalance));
},(错误)=>{
控制台错误(err);
});
}
使用AuthGuard将允许您编写逻辑,仅授权用户A、B、C、D访问特定URL使用的更改计划
功能的特定路径。在canActivate
功能中,您可以编写一些条件检查,以验证用户确实是A、B、C或D。如果不是,则拒绝访问该路由(URL),因为用户“未经授权”
因为我不能完全确定您在id
或某些属性方面的条件要求是什么,以确定用户是否是A、B、C、D。下面是一个伪代码示例,我希望这对您有所帮助
export class AuthGuard implements CanActivate {
// get current sessions user to check authorization for
user: any = this.userService.getCurrentUser();
// dependency inject any services you might need to access users for checks
constructor(private router: Router, private userService: UserService) {}
canActivate(next: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean> | boolean {
// check if user is A,B,C,D (pseudo example based on ID)
if (user.id !== 'A' || user.id !== 'B' || user.id !== 'C' || user.id !== 'D') {
alert("Access denied.");
this.route.navigate(['some-url']);
}
// otherwise user is A,B,C,D and authorized to access route
return true;
}
}
导出类AuthGuard实现CanActivate{
//获取当前会话用户以检查其授权
user:any=this.userService.getCurrentUser();
//依赖注入您可能需要访问用户进行检查的任何服务
构造函数(专用路由器:路由器,专用用户服务:用户服务){}
canActivate(下一步:ActivatedRouteSnapshot,状态:RouterStateSnashot):可观察的布尔值{
//检查用户是否为A、B、C、D(基于ID的伪示例)
if(user.id!='A'| | user.id!='B'| | user.id!='C'| | user.id!='D'){
警报(“访问被拒绝”);
this.route.navigate(['some-url']);
}
//否则,用户是A、B、C、D并有权访问路由
返回true;
}
}
如果您询问的是什么“路线”或者用户也可以有特定访问权限的URL,我建议您在路由
数组中实现AuthGuard以及canActivate
,以便仅在某些情况下允许访问。谢谢。我刚刚更新了我的问题。您能检查一下吗?当然可以。您只需要在AuthGuard中编写逻辑,以便授权A、B、C、D等用户。因此,在canActivate
函数中编写一些条件检查,以确保用户是A、B、C、D,如果是,则返回true,否则返回false,并为未经授权访问URL提供错误消息。@PaulDickson让我知道这是否对您有所帮助。我刚刚尝试过这个,它很有效!我确实有一些问题。如果我采取另一种方法,即只为没有访问权限的用户隐藏按钮,会怎么样?认为它也会起作用吗?我在问题中包括了.html和.ts文件。@PaulDickson好的!我很高兴它对您起作用。是的,该实现会起作用,而不是生成警报()
或“未经授权的访问”消息。只需从DOM中抓取按钮并用CSS将其可视化隐藏,而不是为未经授权的用户生成警报。