{"id":16195670,"url":"https://github.com/lijunping365/open-authority","last_synced_at":"2025-07-24T10:09:44.067Z","repository":{"id":196965245,"uuid":"487458586","full_name":"lijunping365/Open-Authority","owner":"lijunping365","description":"经典的权限管理系统","archived":false,"fork":false,"pushed_at":"2023-05-03T07:32:21.000Z","size":4559,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-07T16:40:45.165Z","etag":null,"topics":["authorization"],"latest_commit_sha":null,"homepage":"http://www.openbytecode.com/openAdmin/front/welcome","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lijunping365.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2022-05-01T06:01:07.000Z","updated_at":"2023-09-28T09:24:50.000Z","dependencies_parsed_at":null,"dependency_job_id":"af599e16-399e-4316-b08c-abe0fd7f7871","html_url":"https://github.com/lijunping365/Open-Authority","commit_stats":null,"previous_names":["lijunping365/open-authority"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/lijunping365/Open-Authority","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lijunping365%2FOpen-Authority","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lijunping365%2FOpen-Authority/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lijunping365%2FOpen-Authority/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lijunping365%2FOpen-Authority/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lijunping365","download_url":"https://codeload.github.com/lijunping365/Open-Authority/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lijunping365%2FOpen-Authority/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":266824099,"owners_count":23990155,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-24T02:00:09.469Z","response_time":99,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authorization"],"created_at":"2024-10-10T08:44:54.213Z","updated_at":"2025-07-24T10:09:44.037Z","avatar_url":"https://github.com/lijunping365.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Open-Authority\n\n这是一个经典的权限管理系统\n\n\u003e 权限管理，一般指根据系统设置的安全规则或者安全策略，用户可以访问而且只能访问自己被授权的资源，不多不少。对权限做管理的系统，就是权限管理系统。\n\n## 功能列表\n\n1. 基于 RBAC 模型的权限系统，我们在该模型的基础上进行了拓展，使得该权限系统通用且好理解，该权限系统应用范围广，适用于各种管理后台，凡是需要用到权限的都可以参考\n\n2. 内部实现基于自研的认证 starter（open-starter-oauth） 和授权 starter（open-starter-security），相对于 Spring Security 和 Shiro 我们更轻量，使用更简单，更能轻松实现权限控制功能\n\n3. 认证服务和授权服务解耦，无论你是单体应用还是微服务或者是在网关上用都支持\n\n4. 我们对授权 starter 的 AccessDeniedHandler 接口做了自定义实现，用于验证用户是否有权访问资源\n\n5. 菜单支持接口返回，即支持用户可以有哪些菜单和没有哪些菜单\n\n6. 一个用户可以拥有多个角色，可以为不同的角色分配不同的菜单与资源\n\n## 设计原则\n\n1. 角色\n\n操作者的身份，不同身份权限不同，看到的菜单内容也不同。常见的角色有：运营、开发者、admin等。\n\n2. 菜单\n\n即用户在系统中可以看到的页面,菜单为树形结构，包含多个一级菜单，一个一级菜单包含多个二级菜单或页面，二级菜单包含多个页面。\n\n![图片](/img/menu.png)\n\n菜单信息一般包含\n\n![图片](/img/menu2.png)\n\n3. 权限\n\n当用户拥有某个菜单，那么该用户便拥有菜单下的全部请求路径，比如增删改查，但是需求是该用户拥有菜单下的查，但是没有增删改权限，所以不能将菜单和权限直接绑定。\n\n我们的实现方案是菜单就是菜单，数据权限就是数据权限，因为有些接口不属于菜单，它可能是页面上的一个按钮，可能是所有人都拥有的权限，\n\n像这种所有人都有的权限，它只需要校验你有没有带 token，而不需要你拥有某个角色才能访问，为了方便管理这些权限，我们对这些权限进行了分组，\n\n例如基础权限（根据 token 获取个人用户信息，获取个人菜单树，查询个人消息、、、），其他权限。\n\n![图片](/img/authority.png)\n\n4. 关系\n\n权限管理系统的核心是管理角色的权限。即角色、菜单、权限之间的关系。上面讲了各个组成后，这之间的关系就比较简单了\n\n![图片](/img/relation.png)\n\n角色配置的时候和菜单、接口进行绑定，所以就实现了角色-菜单-接口权限之间的对应关系。\n\n标准的 RBAC 有 5 张表，分别是 user, role, menu, user_role, role_menu\n\n但是为了方便也可以去掉关联表，留下了 user, role, menu, 但是它们之间的关系任然存在，即 RBAC 模型任然存在，这样可以提高查询效率，\n\n## 权限系统的前提\n\n使用权限管理系统需要有两个前提\n\n1. 需要有账号体系。\n\n拥有账号体系意味着能够获取用户id，此时权限管理系统才能被使用。\n\n2. 需要有申请流程\n\n很多公司做权限管理系统的时候，并没有申请流程。添加新用户需管理员在后台人工添加，不但需要录入大量信息，而且容易出错，大大增加了管理员的成本。\n\n合理的方式为，用户申请权限，系统自动录入数据，管理员审核\n\n权限管理系统往往用于后台，虽流量不高，但也需要关注性能问题，尤其像接口权限验证，几乎每次都需要请求，此时就需要使用缓存来提高性能。\n\n## 总结\n\n按照该设计搭建的权限管理系统可以满足大部分业务需求。角色和菜单、接口进行绑定，这种设计更直观、易理解。\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flijunping365%2Fopen-authority","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flijunping365%2Fopen-authority","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flijunping365%2Fopen-authority/lists"}