权限控制（springboot整合security实现权限控制）

　　权限控制（springboot整合security实现权限控制）1.建表，五张表，如下：1.1.用户表CREATETABLE`t_sys_user`(`user_id`bigint(20)NOTNULLAUTO_INCREMENTCOMMENT'用户ID',`user_name`varchar(30)NOTNULLCOMMENT'用户名',`user_password`varchar(128)NOTNULLCOMMENT'用户密码',`salt`varchar(64)DEFAULTNULLCOMMENT'加密盐',`user_phone`varchar(20)DEFAULTNULLCOMMENT'手机号',`user_emai`varchar(20)DEFAULTNULLCOMMENT'邮箱',`user_title`varchar(20)DEFAULTNULLCOMMENT'职称',`creater_id`bigint(20)DEFAULTNULLCOMMENT'创建人ID',`creater_name`varchar(30)DEFAULTNULLCOMMENT'创建人名称',`creater_time`timestampNULLDEFAULTCURRENT_TIMESTAMPCOMMENT'创建时间',`updater_id`bigint(20)DEFAULTNULLCOMMENT'更新人ID',`updater_name`varchar(30)DEFAULTNULLCOMMENT'更新人名称',`updater_time`timestampNULLDEFAULTCURRENT_TIMESTAMPCOMMENT'更新时间',`role_ids`varchar(200)DEFAULTNULL,`role_names`varchar(300)DEFAULTNULL,  PRIMARYKEY(`user_id`)  )ENGINE=InnoDBAUTO_INCREMENT=17DEFAULTCHARSET=utf8;1.2.用户角色表CREATETABLE`t_sys_user_role`(`user_role_id`bigint(20)NOTNULLAUTO_INCREMENTCOMMENT'用户角色ID',`user_id`bigint(20)NOTNULLCOMMENT'用户ID',`role_id`bigint(20)NOTNULLCOMMENT'角色ID',  PRIMARYKEY(`user_role_id`)  )ENGINE=InnoDBAUTO_INCREMENT=29DEFAULTCHARSET=utf8;1.3.角色表CREATETABLE`t_sys_role`(`role_id`bigint(20)NOTNULLAUTO_INCREMENTCOMMENT'角色ID',`role_name`varchar(100)NOTNULLCOMMENT'角色名称',`role_code`varchar(100)NOTNULLCOMMENT'角色编码',`creater_id`bigint(20)DEFAULTNULLCOMMENT'创建人ID',`creater_name`varchar(30)DEFAULTNULLCOMMENT'创建人名称',`creater_time`timestampNULLDEFAULTCURRENT_TIMESTAMPCOMMENT'创建时间',`updater_id`bigint(20)DEFAULTNULLCOMMENT'更新人ID',`updater_name`varchar(30)DEFAULTNULLCOMMENT'更新人名称',`updater_time`timestampNULLDEFAULTCURRENT_TIMESTAMPCOMMENT'更新时间',`permission_ids`varchar(200)DEFAULTNULL,`permission_names`varchar(300)DEFAULTNULL,  PRIMARYKEY(`role_id`)  )ENGINE=InnoDBAUTO_INCREMENT=4DEFAULTCHARSET=utf8;1.4.角色权限表CREATETABLE`t_sys_role_permission`(`role_permission_id`bigint(20)NOTNULLAUTO_INCREMENTCOMMENT'角色权限ID',`role_id`bigint(20)NOTNULLCOMMENT'角色ID',`permission_id`bigint(20)NOTNULLCOMMENT'权限ID',  PRIMARYKEY(`role_permission_id`)  )ENGINE=InnoDBAUTO_INCREMENT=78DEFAULTCHARSET=utf8;
　　1.5.权限表CREATETABLE`t_sys_permission`(`permission_id`bigint(20)NOTNULLAUTO_INCREMENTCOMMENT'权限ID',`permission_name`varchar(100)NOTNULLCOMMENT'权限名称',`permission_code`varchar(100)NOTNULLCOMMENT'权限编码',`creater_id`bigint(20)DEFAULTNULLCOMMENT'创建人ID',`creater_name`varchar(30)DEFAULTNULLCOMMENT'创建人名称',`creater_time`timestampNULLDEFAULTCURRENT_TIMESTAMPCOMMENT'创建时间',`updater_id`bigint(20)DEFAULTNULLCOMMENT'更新人ID',`updater_name`varchar(30)DEFAULTNULLCOMMENT'更新人名称',`updater_time`timestampNULLDEFAULTCURRENT_TIMESTAMPCOMMENT'更新时间',  PRIMARYKEY(`permission_id`)  )ENGINE=InnoDBAUTO_INCREMENT=26DEFAULTCHARSET=utf8;2.pom.xml引入依赖：<dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-security</artifactId></dependency>3.编码步骤：3.1.在用户实体类中实现UserDetails接口的方法packagecom.lz.hehuorenservice.system.entity;importcom.lz.hehuorenservice.common.entity.BaseEntity;importio.swagger.annotations.ApiModelProperty;importorg.springframework.security.core.GrantedAuthority;importorg.springframework.security.core.authority.SimpleGrantedAuthority;importorg.springframework.security.core.userdetails.UserDetails;importjava.util.*;/**Createbyhyhwebon2021/6/616:24*/publicclassUserextendsBaseEntityimplementsUserDetails{/**用户主键ID*/@ApiModelProperty(value=＂用户主键ID＂)privateLonguserId;/**用户名*/@ApiModelProperty(value=＂用户名＂)privateStringuserName;/**用户密码*/@ApiModelProperty(value=＂用户密码＂)privateStringuserPassword;@ApiModelProperty(value=＂＂)privateStringsalt;/**手机号*/@ApiModelProperty(value=＂手机号＂)privateStringuserPhone;/**邮箱*/@ApiModelProperty(value=＂邮箱＂)privateStringuserEmai;/**职称*/@ApiModelProperty(value=＂职称＂)privateStringuserTitle;@ApiModelProperty(value=＂角色ID＂)privateStringroleIds;@ApiModelProperty(value=＂角色名称＂)privateStringroleNames;/**创建人ID*/@ApiModelProperty(value=＂创建人ID＂)privateLongcreaterId;/**创建人名称*/@ApiModelProperty(value=＂创建人名称＂)privateStringcreaterName;/**创建时间*/@ApiModelProperty(value=＂创建时间＂)privateDatecreaterTime;/**更新人ID*/@ApiModelProperty(value=＂更新人ID＂)privateLongupdaterId;/**更新人名称*/@ApiModelProperty(value=＂更新人名称＂)privateStringupdaterName;/**更新时间*/@ApiModelProperty(value=＂更新时间＂)privateDateupdaterTime;privateSet<String>permissions;@OverridepublicCollection<?extendsGrantedAuthority>getAuthorities(){  List<SimpleGrantedAuthority>authorities=newArrayList<>();/*  //绑定角色的授权方法  if(roles!=null){  for(RolesysRole:roles){  authorities.add(newSimpleGrantedAuthority(sysRole.getRoleCode()));  }  }*///绑定权限的授权方法if(permissions!=null){for(Stringpermission:permissions){  authorities.add(newSimpleGrantedAuthority(permission));  }  }returnauthorities;  }@OverridepublicStringgetPassword(){returnuserPassword;  }@OverridepublicStringgetUsername(){returnuserName;  }@OverridepublicbooleanisAccountNonExpired(){returntrue;  }@OverridepublicbooleanisAccountNonLocked(){returntrue;  }@OverridepublicbooleanisCredentialsNonExpired(){returntrue;  }@OverridepublicbooleanisEnabled(){returntrue;  }publicLonggetUserId(){returnuserId;  }publicvoidsetUserId(LonguserId){this.userId=userId;  }publicStringgetUserName(){returnuserName;  }publicvoidsetUserName(StringuserName){this.userName=userName;  }publicStringgetUserPassword(){returnuserPassword;  }publicvoidsetUserPassword(StringuserPassword){this.userPassword=userPassword;  }publicStringgetSalt(){returnsalt;  }publicvoidsetSalt(Stringsalt){this.salt=salt;  }publicStringgetUserPhone(){returnuserPhone;  }publicvoidsetUserPhone(StringuserPhone){this.userPhone=userPhone;  }publicStringgetUserEmai(){returnuserEmai;  }publicvoidsetUserEmai(StringuserEmai){this.userEmai=userEmai;  }publicStringgetUserTitle(){returnuserTitle;  }publicvoidsetUserTitle(StringuserTitle){this.userTitle=userTitle;  }publicStringgetRoleIds(){returnroleIds;  }publicvoidsetRoleIds(StringroleIds){this.roleIds=roleIds;  }publicStringgetRoleNames(){returnroleNames;  }publicvoidsetRoleNames(StringroleNames){this.roleNames=roleNames;  }publicLonggetCreaterId(){returncreaterId;  }publicvoidsetCreaterId(LongcreaterId){this.createrId=createrId;  }publicStringgetCreaterName(){returncreaterName;  }publicvoidsetCreaterName(StringcreaterName){this.createrName=createrName;  }publicDategetCreaterTime(){returncreaterTime;  }publicvoidsetCreaterTime(DatecreaterTime){this.createrTime=createrTime;  }publicLonggetUpdaterId(){returnupdaterId;  }publicvoidsetUpdaterId(LongupdaterId){this.updaterId=updaterId;  }publicStringgetUpdaterName(){returnupdaterName;  }publicvoidsetUpdaterName(StringupdaterName){this.updaterName=updaterName;  }publicDategetUpdaterTime(){returnupdaterTime;  }publicvoidsetUpdaterTime(DateupdaterTime){this.updaterTime=updaterTime;  }publicSet<String>getPermissions(){returnpermissions;  }publicvoidsetPermissions(Set<String>permissions){this.permissions=permissions;  }  }3.2.在用户的服务实现类中，实现UserDetailsService接口的loadUserByUsername方法，返回用户的所有信息。packagecom.lz.hehuorenservice.system.service.impl;importcom.lz.hehuorenservice.common.service.impl.BaseServiceImpl;importcom.lz.hehuorenservice.system.dao.UserDao;importcom.lz.hehuorenservice.system.entity.User;importcom.lz.hehuorenservice.system.service.UserService;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.security.core.userdetails.UserDetails;importorg.springframework.security.core.userdetails.UserDetailsService;importorg.springframework.security.core.userdetails.UsernameNotFoundException;importorg.springframework.stereotype.Service;importjava.util.Set;/**Createbyhyhwebon2021/6/616:28*/@ServicepublicclassUserServiceImplextendsBaseServiceImpl<User,Long>implementsUserService,UserDetailsService{@AutowiredUserDaouserDao;@OverridepublicUserDetailsloadUserByUsername(StringuserName)throwsUsernameNotFoundException{  Useruser=userDao.getUserByName(userName);if(user==null){thrownewUsernameNotFoundException(＂账户不存在＂);  }  Set<String>permissions=userDao.getPermissionByUserId(user.getUserId());  user.setPermissions(permissions);returnuser;  }  }3.3.编写配置类，重写WebSecurityConfigurerAdapter类的三个configure方法，也就是重新配置三个对象AuthenticationManagerBuilder，HttpSecurity，WebSecurity。packagecom.lz.hehuorenservice.common.config;importcom.fasterxml.jackson.databind.ObjectMapper;importcom.lz.hehuorenservice.common.bean.CustomAccessDeniedHandler;importcom.lz.hehuorenservice.common.bean.CustomAuthenticationEntryPoint;importcom.lz.hehuorenservice.common.filter.CustomAuthenticationFilter;importcom.lz.hehuorenservice.system.entity.User;importcom.lz.hehuorenservice.system.service.impl.UserServiceImpl;importorg.springframework.beans.factory.annotation.Autowired;importorg.springframework.context.annotation.Bean;importorg.springframework.context.annotation.Configuration;importorg.springframework.security.authentication.*;importorg.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;importorg.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;importorg.springframework.security.config.annotation.web.builders.HttpSecurity;importorg.springframework.security.config.annotation.web.builders.WebSecurity;importorg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;importorg.springframework.security.core.Authentication;importorg.springframework.security.core.AuthenticationException;importorg.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;importorg.springframework.security.crypto.password.PasswordEncoder;importorg.springframework.security.web.access.AccessDeniedHandler;importorg.springframework.security.web.authentication.AuthenticationFailureHandler;importorg.springframework.security.web.authentication.AuthenticationSuccessHandler;importorg.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;importorg.springframework.security.web.authentication.logout.LogoutHandler;importorg.springframework.security.web.authentication.logout.LogoutSuccessHandler;importorg.springframework.web.cors.CorsUtils;importjavax.servlet.ServletException;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;importjava.io.IOException;importjava.io.PrintWriter;importjava.util.HashMap;importjava.util.Map;/**Createbyhyhwebon2021/6/78:26*/@Configuration@EnableGlobalMethodSecurity(prePostEnabled=true,securedEnabled=true)publicclassWebSecurityConfigextendsWebSecurityConfigurerAdapter{  @AutowiredUserServiceImpluserService;//这个必须是接口的实现类，不能是接口@BeanPasswordEncoderpasswordEncoder(){returnnewBCryptPasswordEncoder(10);//returnNoOpPasswordEncoder.getInstance();}/*@Bean  RoleHierarchyroleHierarchy(){  RoleHierarchyImplroleHierarchy=newRoleHierarchyImpl();  //Stringhierarchy=＂ROLE_dba>ROLE_admin\nROLE_admin>ROLE_user＂;  Stringhierarchy=＂ROLE_admin>ROLE_user＂;  roleHierarchy.setHierarchy(hierarchy);  returnroleHierarchy;  }*/@BeanCustomAuthenticationFiltercustomAuthenticationFilter()throwsException{CustomAuthenticationFilterfilter=newCustomAuthenticationFilter();filter.setAuthenticationSuccessHandler(  newAuthenticationSuccessHandler(){  @OverridepublicvoidonAuthenticationSuccess(HttpServletRequestreq,HttpServletResponseresp,Authenticationauth)throwsIOException,ServletException{Objectprincipal=auth.getPrincipal();  resp.setContentType(＂application/json;charset=utf-8＂);PrintWriterout=resp.getWriter();  resp.setStatus(200);Map<String,Object>map=newHashMap<>();map.put(＂code＂,＂1＂);map.put(＂success＂,true);map.put(＂message＂,＂登录成功＂);Useruser=(User)principal;  user.setUserPassword(null);map.put(＂data＂,user);ObjectMapperom=newObjectMapper();  out.write(om.writeValueAsString(map));  out.flush();  out.close();/*resp.setContentType(＂application/json;charset=utf-8＂);  PrintWriterout=resp.getWriter();  Map<String,Object>map=newHashMap<String,Object>();  map.put(＂message＂,＂登录成功＂);  out.write(newObjectMapper().writeValueAsString(map));  out.flush();  out.close();*/}  });filter.setAuthenticationFailureHandler(  newAuthenticationFailureHandler(){  @OverridepublicvoidonAuthenticationFailure(HttpServletRequestreq,HttpServletResponseresp,AuthenticationExceptione)throwsIOException,ServletException{  resp.setContentType(＂application/json;charset=utf-8＂);PrintWriterout=resp.getWriter();  resp.setStatus(401);Map<String,Object>map=newHashMap<>();map.put(＂status＂,401);if(einstanceofLockedException){map.put(＂msg＂,＂账号被锁定，登录失败＂);  }elseif(einstanceofBadCredentialsException){map.put(＂msg＂,＂账号或密码输入错误，请重新登录＂);  }elseif(einstanceofDisabledException){map.put(＂msg＂,＂账号被禁用，登录失败＂);  }elseif(einstanceofAccountExpiredException){map.put(＂msg＂,＂账号过期，登录失败＂);  }elseif(einstanceofCredentialsExpiredException){map.put(＂msg＂,＂密码过期，登录失败＂);  }else{map.put(＂msg＂,＂登录失败＂);  }ObjectMapperom=newObjectMapper();  out.write(om.writeValueAsString(map));  out.flush();  out.close();/*resp.setContentType(＂application/json;charset=utf-8＂);  PrintWriterout=resp.getWriter();  Map<String,Object>map=newHashMap<String,Object>();  map.put(＂message＂,＂登录失败＂);  out.write(newObjectMapper().writeValueAsString(map));  out.flush();  out.close();*/}  });filter.setAuthenticationManager(authenticationManagerBean());returnfilter;  }  @Overrideprotectedvoidconfigure(AuthenticationManagerBuilderauth)throwsException{  auth.userDetailsService(userService);  }  @BeanpublicAccessDeniedHandlergetAccessDeniedHandler(){returnnewCustomAccessDeniedHandler();  }  @Overridepublicvoidconfigure(WebSecurityweb)throwsException{  web.ignoring()  .antMatchers(＂/sessionInvalid＂,＂/register＂,＂/app/**＂,＂/login_page＂)  .antMatchers(＂/index.html＂,＂/static/**＂,＂/favicon.ico＂)  .antMatchers(＂/swagger-ui/**＂,＂/swagger/**＂,＂/doc.html＂,＂/swagger-resources/**＂,＂/images/**＂,＂/webjars/**＂,＂/v3/api-docs＂,＂/configuration/ui＂,＂/configuration/security＂);  }  @Overrideprotectedvoidconfigure(HttpSecurityhttp)throwsException{  http.cors()//开启跨域.and()//获取一个安全编译器.authorizeRequests()//授权请求.requestMatchers(CorsUtils::isPreFlightRequest)  .permitAll()//跨域的请求开放所有权限.anyRequest()//所有请求.authenticated()//所有请求都需要认证.and()  .sessionManagement()  .invalidSessionUrl(＂/session/invalid＂)  .and()//获取一个安全编译器.formLogin()//表单登录配置.loginPage(＂/login_page＂)//登录页面访问地址.loginProcessingUrl(＂/login＂)//配置登录接口地址.usernameParameter(＂userName＂)//配置登录的账号字段.passwordParameter(＂userPassWord＂)//配置登录密码字段.and()//获取一个安全编译器.logout()//退出登录配置.logoutUrl(＂/logout＂)//设置退出登录的接口地址.clearAuthentication(true)//清除所有认证信息.invalidateHttpSession(true)//让session失效.addLogoutHandler(  newLogoutHandler(){//退出登录时的处理器@Overridepublicvoidlogout(HttpServletRequesthttpServletRequest,HttpServletResponsehttpServletResponse,Authenticationauthentication){}  })  .logoutSuccessHandler(  newLogoutSuccessHandler(){//退出成功后的处理器@OverridepublicvoidonLogoutSuccess(HttpServletRequesthttpServletRequest,HttpServletResponsehttpServletResponse,Authenticationauthentication)throwsIOException,ServletException{  httpServletResponse.setContentType(＂application/json;charset=utf-8＂);PrintWriterout=httpServletResponse.getWriter();Map<String,Object>map=newHashMap<>();map.put(＂message＂,＂退出成功＂);map.put(＂code＂,＂1＂);map.put(＂success＂,true);ObjectMapperom=newObjectMapper();  out.write(om.writeValueAsString(map));  out.flush();  out.close();  }  })  .permitAll()//设置退出登录的所有权限.and()//获取一个安全编译器.csrf()  .disable()//关闭csrf跨站点请求伪造.exceptionHandling()  .authenticationEntryPoint(newCustomAuthenticationEntryPoint());//自定义认证的入口异常处理方法http.addFilterAt(customAuthenticationFilter(),UsernamePasswordAuthenticationFilter.class);  //重写用户名密码的过滤器，实现前后端分离获取登录的用户名，密码信息http.exceptionHandling().accessDeniedHandler(getAccessDeniedHandler());  //没有权限访问的处理器  }  }
　　3.3.1CustomAccessDeniedHandler自定义没权限方法的处理器packagecom.lz.hehuorenservice.common.bean;importcom.fasterxml.jackson.databind.ObjectMapper;importorg.springframework.security.access.AccessDeniedException;importorg.springframework.security.web.access.AccessDeniedHandler;importjavax.servlet.ServletException;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;importjava.io.IOException;importjava.io.PrintWriter;importjava.util.HashMap;importjava.util.Map;/**Createbyhyhwebon2021/6/711:50*/publicclassCustomAccessDeniedHandlerimplementsAccessDeniedHandler{  @Overridepublicvoidhandle(HttpServletRequesthttpServletRequest,HttpServletResponsehttpServletResponse,AccessDeniedExceptione)throwsIOException,ServletException{  httpServletResponse.setContentType(＂application/json;charset=utf-8＂);PrintWriterout=httpServletResponse.getWriter();Mapmap=newHashMap<>();map.put(＂message＂,＂权限不足，请联系管理员开通权限＂);map.put(＂code＂,0);map.put(＂status＂,403);map.put(＂success＂,false);Stringresult=newObjectMapper().writeValueAsString(map);  out.write(result);  out.flush();  out.close();  }  }3.3.2CustomAuthenticationEntryPoint自定义认证的入口packagecom.lz.hehuorenservice.common.bean;importcom.fasterxml.jackson.databind.ObjectMapper;importorg.springframework.security.core.AuthenticationException;importorg.springframework.security.web.AuthenticationEntryPoint;importjavax.servlet.ServletException;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;importjava.io.IOException;importjava.io.PrintWriter;importjava.util.HashMap;importjava.util.Map;/**Createbyhyhwebon2021/6/711:42*/publicclassCustomAuthenticationEntryPointimplementsAuthenticationEntryPoint{  @Overridepublicvoidcommence(HttpServletRequesthttpServletRequest,HttpServletResponsehttpServletResponse,AuthenticationExceptione)throwsIOException,ServletException{  httpServletResponse.setContentType(＂application/json;charset=utf-8＂);PrintWriterout=httpServletResponse.getWriter();Mapmap=newHashMap<>();map.put(＂message＂,＂还没登录，请重新登录＂);map.put(＂code＂,302);Stringresult=newObjectMapper().writeValueAsString(map);  out.write(result);  out.flush();  out.close();  }  }3.3.3.CustomAuthenticationFilter自定义packagecom.lz.hehuorenservice.common.filter;importorg.springframework.http.MediaType;importorg.springframework.security.authentication.UsernamePasswordAuthenticationToken;importorg.springframework.security.core.Authentication;importorg.springframework.security.core.AuthenticationException;importorg.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;importjava.io.IOException;importjava.io.InputStream;/**Createbyhyhwebon2021/6/712:07*/publicclassCustomAuthenticationFilterextendsUsernamePasswordAuthenticationFilter{@OverridepublicAuthenticationattemptAuthentication(  HttpServletRequestrequest,HttpServletResponseresponse)throwsAuthenticationException{if(request.getContentType().equals(MediaType.APPLICATION_JSON_UTF8_VALUE)  ||request.getContentType().equals(MediaType.APPLICATION_JSON_VALUE)){  UsernamePasswordAuthenticationTokenauthRequest=null;try(InputStreamis=request.getInputStream()){  ObjectMappermapper=newObjectMapper();  Map<String,String>authenticationBean=mapper.readValue(is,Map.class);  authRequest=newUsernamePasswordAuthenticationToken(  authenticationBean.get(＂userName＂),authenticationBean.get(＂userPassWord＂));/*authRequest=  newUsernamePasswordAuthenticationToken(  request.getParameter(＂userName＂),request.getParameter(＂userPassWord＂));*/}catch(IOExceptione){  e.printStackTrace();  authRequest=newUsernamePasswordAuthenticationToken(＂＂,＂＂);  }finally{  setDetails(request,authRequest);returnthis.getAuthenticationManager().authenticate(authRequest);  }  }else{returnsuper.attemptAuthentication(request,response);  }  }  }4.controller层使用权限注释@PreAuthorize实现权限控制@RestController@RequestMapping(＂/user＂)@Api(tags=＂用户信息＂)  publicclassUserController{@AutowiredprivateUserServiceuserService;@ApiOperation(value=＂删除单个对象＂,notes=＂删除单个对象接口＂)@GetMapping(＂/delete/{id}＂)@PreAuthorize(＂hasAuthority('delete')＂)  publicApiResultdeleteById(@PathVariablelongid){returnuserService.deleteById(id);  }  }附加说明：Spring Security的表达式对象的基类：
　　org.springframework.security.access.expression.SecurityExpressionRoot
　　在controller的方法中使用注释，如下：
　　@PreAuthorize(＂表达式('权限值')＂)@PreAuthorize(＂hasAuthority('zixunguanli-xinzeng')＂)  publicApiResultadd(@RequestBodyStringjson){returninfoService.add(JSON.parseObject(json,InfoReq.class));  }
　　表达式如下：booleanhasAuthority(Stringvar1);booleanhasAnyAuthority(String...var1);booleanhasRole(Stringvar1);booleanhasAnyRole(String...var1);booleanpermitAll();booleandenyAll();booleanisAnonymous();booleanisAuthenticated();booleanisRememberMe();booleanisFullyAuthenticated();booleanhasPermission(Objectvar1,Objectvar2);booleanhasPermission(Objectvar1,Stringvar2,Objectvar3);Spring Security的重构获取用户名和密码的方式，实现前后端分离的json格式，如下：
　　重构
　　org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter的attemptAuthentication方法