public void configInterceptor(InterceptorLoader interceptorLoader) {
    //事務的攔截器 @Transaction
    interceptorLoader.add(new TransactionInterceptor());
}

@API("/users")
public class UserResource extends ApiResource {
  /**
   * 在一個數據源執(zhí)行多個數據操作使用@Transaction注解
   * 如果時多個數據源 使用 @Transaction(name={"ds1","ds2"})
   * 數據源的名字和application.properties 里對應
   */
  @POST
  @Transaction
  public User save(User user，UserInfo info) {
    return user.save() && info.save();
  }
}

DROP TABLE IF EXISTS sec_user;
CREATE TABLE sec_user (
  id            BIGINT       NOT NULL AUTO_INCREMENT PRIMARY KEY,
  username      VARCHAR(50)  NOT NULL COMMENT '登錄名',
  providername  VARCHAR(50)  NOT NULL COMMENT '提供者',
  email         VARCHAR(200) COMMENT '郵箱',
  mobile        VARCHAR(50) COMMENT '手機',
  password      VARCHAR(200) NOT NULL COMMENT '密碼',
  avatar_url    VARCHAR(255) COMMENT '頭像',
  first_name    VARCHAR(10) COMMENT '名字',
  last_name     VARCHAR(10) COMMENT '姓氏',
  full_name     VARCHAR(20) COMMENT '全名',
  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP   NOT NULL,
  updated_at TIMESTAMP NULL ON UPDATE CURRENT_TIMESTAMP,
  deleted_at TIMESTAMP NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='用戶';

DROP TABLE IF EXISTS sec_user_info;
CREATE TABLE sec_user_info (
  id          BIGINT    NOT NULL AUTO_INCREMENT PRIMARY KEY,
  user_id     BIGINT    NOT NULL COMMENT '用戶id',
  creator_id  BIGINT COMMENT '創(chuàng)建者id',
  gender      INT DEFAULT 0 COMMENT '性別0男，1女',
  province_id BIGINT COMMENT '省id',
  city_id     BIGINT COMMENT '市id',
  county_id   BIGINT COMMENT '縣id',
  street      VARCHAR(500) COMMENT '街道',
  zip_code    VARCHAR(50) COMMENT '郵編',
  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP   NOT NULL,
  updated_at TIMESTAMP NULL ON UPDATE CURRENT_TIMESTAMP,
  deleted_at TIMESTAMP NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='用戶信息';

DROP TABLE IF EXISTS sec_role;
CREATE TABLE sec_role (
  id         BIGINT    NOT NULL AUTO_INCREMENT PRIMARY KEY,
  name       VARCHAR(50)   NOT NULL COMMENT '名稱',
  value      VARCHAR(50)  NOT NULL COMMENT '值',
  intro      VARCHAR(255) COMMENT '簡介',
  pid        BIGINT DEFAULT 0 COMMENT '父級id',
  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP   NOT NULL,
  updated_at TIMESTAMP NULL ON UPDATE CURRENT_TIMESTAMP,
  deleted_at TIMESTAMP NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='角色';

DROP TABLE IF EXISTS sec_user_role;
CREATE TABLE sec_user_role (
  id      BIGINT NOT NULL AUTO_INCREMENT PRIMARY KEY,
  user_id BIGINT NOT NULL,
  role_id BIGINT NOT NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='用戶角色';

DROP TABLE IF EXISTS sec_permission;
CREATE TABLE sec_permission (
  id         BIGINT      NOT NULL AUTO_INCREMENT PRIMARY KEY,
  name       VARCHAR(50) NOT NULL COMMENT '名稱',
  method      VARCHAR(10) NOT NULL COMMENT '方法',
  value      VARCHAR(50) NOT NULL COMMENT '值',
  url        VARCHAR(255) COMMENT 'url地址',
  intro      VARCHAR(255) COMMENT '簡介',
  pid        BIGINT DEFAULT 0 COMMENT '父級id',
  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP   NOT NULL,
  updated_at TIMESTAMP NULL ON UPDATE CURRENT_TIMESTAMP,
  deleted_at TIMESTAMP NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='權限';

DROP TABLE IF EXISTS sec_role_permission;
CREATE TABLE sec_role_permission (
  id            BIGINT NOT NULL AUTO_INCREMENT PRIMARY KEY,
  role_id       BIGINT NOT NULL,
  permission_id BIGINT NOT NULL
) ENGINE =InnoDB DEFAULT CHARSET =utf8 COMMENT ='角色權限';

public class MyAuthenticateService implements AuthenticateService {
  /**
   * 查詢用戶信息  
   * @param username 登錄的用戶名
   * @return 用戶權限對象
   */
  public Principal getPrincipal(String username) {
    Principal<User> principal=null;
    User u = User.dao.findBy("username=?", username);
    if (u != null) {
      principal = new Principal<User>(u.getStr("username"), u.getStr("password"), new HashSet<String>(u.getPermissions()), u);
    }
    return principal;
  }
  /**
   * 加載全部的權限信息
   * @return 權限集合
   */
  public Set<Credential> getAllCredentials() {
    List<Permission> permissions = Permission.dao.findBy("deleted_at is null");
    Set<Credential> credentials = new HashSet<Credential>();

    for (Permission permission : permissions) {
      credentials.add(new Credential(permission.getStr("method"), permission.getStr("url"), permission.getStr("value")));
    }

    return credentials;
  }
}

public void configInterceptor(InterceptorLoader interceptorLoader) {
    //權限攔截器 2表示用戶登錄的最大session數量 MyAuthenticateService 數據加載實現類
    interceptorLoader.add(new SecurityInterceptor(2, new MyAuthenticateService()));
}

-- create role--
INSERT INTO sec_role(name, value, intro, pid,created_at)
VALUES ('超級管理員','R_ADMIN','',0, current_timestamp),
       ('銷售','R_SALER','',1,current_timestamp),
       ('財務','R_FINANCER','',1,current_timestamp),
       ('設置','R_SETTER','',1,current_timestamp);

-- create permission--
INSERT INTO sec_permission( name,method, value, url, intro,pid, created_at)
VALUES ('訂單','*','P_ORDER','/api/v1.0/orders/**','訂單訪問權限',0,current_timestamp),
       ('銷售','*','P_SALE','/api/v1.0/sales/**','銷售訪問權限',0,current_timestamp),
       ('財務','*','P_FINANCE','/api/v1.0/finances/**','財務訪問權限',0,current_timestamp),
       ('倉庫','*','P_STORE','/api/v1.0/stores/**','倉庫訪問權限',0,current_timestamp),
       ('設置','*','P_SETTING','/api/v1.0/settings/**','設置訪問權限',0,current_timestamp);

INSERT INTO sec_role_permission(role_id, permission_id)
VALUES (1,1),(1,2),(1,3),(1,4),(1,5),
       (2,1),(2,2),(2,4),
       (3,1),(3,2),(3,3),(3,4),
       (4,5);

-- user data--
-- create  admin--
INSERT INTO sec_user(username, providername, email, mobile, password, avatar_url, first_name, last_name, full_name, created_at)
VALUES ('admin','dreampie','<a  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"          target="_blank" >[email?protected]</a>','18611434500','a217d8ac340ee5da8098bff32a5769ebad5d4cfd74adebe6c7020db4dc4c3df517f56f6bc41882deb47814bd060db6f1e225219b095d7906d2115ba9e8ab80a0','','仁輝','王','仁輝·王',current_timestamp),
       ('saler','dreampie','<a  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"          target="_blank" >[email?protected]</a>','18611434500','a217d8ac340ee5da8098bff32a5769ebad5d4cfd74adebe6c7020db4dc4c3df517f56f6bc41882deb47814bd060db6f1e225219b095d7906d2115ba9e8ab80a0','','仁輝','王','仁輝·王',current_timestamp),
       ('financer','dreampie','<a  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"          target="_blank" >[email?protected]</a>','18611434500','a217d8ac340ee5da8098bff32a5769ebad5d4cfd74adebe6c7020db4dc4c3df517f56f6bc41882deb47814bd060db6f1e225219b095d7906d2115ba9e8ab80a0','','仁輝','王','仁輝·王',current_timestamp),
       ('setter','dreampie','<a  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"  rel="external nofollow"          target="_blank" >[email?protected]</a>','18611434500','a217d8ac340ee5da8098bff32a5769ebad5d4cfd74adebe6c7020db4dc4c3df517f56f6bc41882deb47814bd060db6f1e225219b095d7906d2115ba9e8ab80a0','','仁輝','王','仁輝·王',current_timestamp);

-- create user_info--
INSERT INTO sec_user_info(user_id, creator_id, gender,province_id,city_id,county_id,street,created_at)
VALUES (1,0,0,1,2,3,'人民大學',current_timestamp),
       (2,0,0,1,2,3,'人民大學',current_timestamp),
       (3,0,0,1,2,3,'人民大學',current_timestamp),
       (4,0,0,1,2,3,'人民大學',current_timestamp);

-- create user_role--
INSERT INTO sec_user_role( user_id, role_id)
VALUES (1,1),(2,2),(3,3),(4,4);