{"id":14972976,"url":"https://github.com/heeexy/springboot-shiro-vue","last_synced_at":"2025-05-14T10:07:51.187Z","repository":{"id":37334590,"uuid":"111139246","full_name":"Heeexy/SpringBoot-Shiro-Vue","owner":"Heeexy","description":"提供一套基于Spring Boot-Shiro-Vue的权限管理思路.前后端都加以控制,做到按钮/接口级别的权限。（当前新版本已移除shiro依赖，简化了配置）","archived":false,"fork":false,"pushed_at":"2024-08-12T01:10:44.000Z","size":418,"stargazers_count":4572,"open_issues_count":3,"forks_count":1787,"subscribers_count":191,"default_branch":"master","last_synced_at":"2024-10-29T15:18:52.956Z","etag":null,"topics":["permissions","shiro","springboot","vue"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Heeexy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-11-17T18:49:06.000Z","updated_at":"2024-10-29T06:48:22.000Z","dependencies_parsed_at":"2024-01-14T04:45:17.288Z","dependency_job_id":"345402a3-b1f6-48a7-a1ee-30a1107a707c","html_url":"https://github.com/Heeexy/SpringBoot-Shiro-Vue","commit_stats":{"total_commits":91,"total_committers":6,"mean_commits":"15.166666666666666","dds":0.3626373626373627,"last_synced_commit":"170e06aec4f118e2cb9ba0ae995f7b341806ddf1"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Heeexy%2FSpringBoot-Shiro-Vue","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Heeexy%2FSpringBoot-Shiro-Vue/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Heeexy%2FSpringBoot-Shiro-Vue/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Heeexy%2FSpringBoot-Shiro-Vue/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Heeexy","download_url":"https://codeload.github.com/Heeexy/SpringBoot-Shiro-Vue/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247954202,"owners_count":21024180,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["permissions","shiro","springboot","vue"],"created_at":"2024-09-24T13:47:52.245Z","updated_at":"2025-04-09T01:23:28.347Z","avatar_url":"https://github.com/Heeexy.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Spring Boot-Shiro-Vue\n提供一套基于SpringBoot-shiro-vue的权限管理思路.\n\n前后端都加以控制,做到按钮/接口级别的权限\n\n# DEMO\n[测试地址](https://g.heeexy.com)\n\nadmin/123456 管理员身份登录,可以新增用户,角色.\n\n角色可以分配权限\n\n控制菜单是否显示,新增/删除按钮是否显示\n\n# 更新记录\nv2.0.0  2021.05.09\n1. 支持一个用户多个角色\n2. 使用token作为登录凭证,不使用session,避免跨域问题\n3. 使用自定义注解+aop 替代shiro的功能,简化了配置，增强了可拓展性\n\n# 设计思路\n\n### 核心\n\n \t每个登录用户拥有各自的N条权限,比如 文章:查看/编辑/发布/删除\n\n### 后端\n\n基于 [RBAC新解](http://globeeip.iteye.com/blog/1236167) . \n\n通常我们的权限设计都是 用户--角色--权限 ,其中**角色**是我们写代码的人没法控制的,它可以有多条权限,每个用户又可以设计为拥有多个角色.因此如果从角色着手进行权限验证,系统都必须根据用户的配置动起来,非常复杂.\n\n所以我们后台设计的关键点就在于: **后台接口只验证权限,不看角色.**\n\n角色的作用其实只是用来管理分配权限的,真正的验证只验证**权限** ,而不去管你是否是那种角色.体现在代码上就是接口上注解为\n\n```java\n@RequiresPermissions(\"article:add\")\n```\n\n而不是\n\n```java\n@RequiresRoles(value = {\"admin\",\"manager\",\"writer\"}, logical = Logical.OR) \n```\n\n![api权限](https://img.heeexy.com/api-permission.png)\n\n### 前端\n\n采用了[vueAdmin-template](https://github.com/PanJiaChen/vueAdmin-template) , [ElementUI](https://github.com/ElemeFE/element) , 权限设计思路也是参考了 vueAdmin 的动态路由的设计.\n\n后端负责了接口的安全性,而前端之所以要做权限处理,最主要的目的就是**隐藏掉不具有权限的菜单(路由)和按钮**.\n\n登录系统后,后端返回此用户的权限信息,比如 \n```json\n \"userPermission\":{  \n         \"menuList\":[  \n            \"role\",\n            \"user\",\n            \"article\"\n         ],\n         \"roleId\":1,\n         \"nickname\":\"超级用户\",\n         \"roleName\":\"管理员\",\n         \"permissionList\":[  \n            \"article:list\",\n            \"article:add\",\n            \"user:list\",\n         ],\n         \"userId\":10003\n      }\n```\n根据**menuList**判断给此用户生成哪些路由, 根据**permissionList**判断给用户显示哪些按钮,能请求哪些接口.\n\n### 数据库\n最主要的是要有一张本系统内的全部权限明细表,比如下面这样\n![权限表](https://img.heeexy.com/permissionDatabase.png)\n![权限数据](https://img.heeexy.com/permissionData.png)\n\n如果某用户拥有表格中前五条权限,就可以查出他就拥有article和user两个菜单,至于页面内是否显示(新增)(修改)按钮,就根据他的permissionList来判断.\n\n## 具体实现\n有了思路,就可以根据各自的业务进行实现,本项目在此进行了简单的实现,后端代码在back文件夹,前端代码在vue文件夹.前端启动只需\n```\nnpm install\nnpm run dev\n```\n\n后端就是常规的shiro配置,前端代码如果看不明白,可以参考[前端权限代码说明](./explain-frontend.md) \n\n## 分配权限页面效果\n![分配权限页面](https://img.heeexy.com/role_permission.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fheeexy%2Fspringboot-shiro-vue","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fheeexy%2Fspringboot-shiro-vue","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fheeexy%2Fspringboot-shiro-vue/lists"}