SpringSecurity为项目加入权限控制
Posted mozq
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了SpringSecurity为项目加入权限控制相关的知识,希望对你有一定的参考价值。
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 4 xmlns:security="http://www.springframework.org/schema/security" 5 xsi:schemaLocation="http://www.springframework.org/schema/beans 6 http://www.springframework.org/schema/beans/spring-beans.xsd 7 http://www.springframework.org/schema/security 8 http://www.springframework.org/schema/security/spring-security.xsd 9 "> 10 11 <!--认证--> 12 <security:authentication-manager> 13 <!--数据库认证 user-service-ref配置实现了UserDetailsService接口的bean--> 14 <security:authentication-provider user-service-ref="userInfoService"> 15 <!--加密方式--> 16 <!-- 配置加密的方式 17 <security:password-encoder ref="passwordEncoder"/> 18 --> 19 20 <!--xml配置认证--> 21 <!-- 22 <security:user-service> 23 <security:user name="admin" password="noopadmin" authorities="ROLE_ADMIN" /> 24 </security:user-service> 25 --> 26 </security:authentication-provider> 27 </security:authentication-manager> 28 29 <!--配置不过滤的资源--> 30 <security:http security="none" pattern="/login.jsp"/> 31 <security:http security="none" pattern="/failer.jsp"/> 32 <security:http security="none" pattern="/css/**"/> 33 <security:http security="none" pattern="/img/**"/> 34 <security:http security="none" pattern="/plugins/**"/> 35 36 <!--授权--> 37 <security:http auto-config="true" use-expressions="false"> 38 <security:intercept-url pattern="/**" access="ROLE_管理员"/> 39 40 <!--自定义登录--> 41 <security:form-login 42 login-page="/login.jsp" login-processing-url="/login" 43 username-parameter="user" password-parameter="password" 44 default-target-url="/index.jsp" authentication-failure-url="/failer.jsp"/> 45 46 <!--注销--> 47 <security:logout logout-url="/logoutxx.do" invalidate-session="true" logout-success-url="/login.jsp"></security:logout> 48 49 <!--关闭跨站请求伪造--> 50 <security:csrf disabled="true" /> 51 </security:http> 52 </beans>
1 <?xml version="1.0" encoding="UTF-8"?> 2 <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" 3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 4 xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" 5 version="3.1"> 6 7 <!--spring容器监听器--> 8 <listener> 9 <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 10 </listener> 11 12 <context-param> 13 <param-name>contextConfigLocation</param-name> 14 <param-value>classpath:applicationContext.xml,classpath:spring-security.xml</param-value> 15 </context-param> 16 17 <!--配置SpringSecurity的过滤器--> 18 <filter> 19 <filter-name>springSecurityFilterChain</filter-name> 20 <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 21 </filter> 22 <filter-mapping> 23 <filter-name>springSecurityFilterChain</filter-name> 24 <url-pattern>/*</url-pattern> 25 </filter-mapping> 26 27 <!--springmvc前端控制器--> 28 <servlet> 29 <servlet-name>app</servlet-name> 30 <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 31 <init-param> 32 <param-name>contextConfigLocation</param-name> 33 <param-value>classpath:spring-mvc.xml</param-value> 34 </init-param> 35 <load-on-startup>1</load-on-startup> 36 </servlet> 37 38 <servlet-mapping> 39 <servlet-name>app</servlet-name> 40 <url-pattern>*.do</url-pattern> 41 </servlet-mapping> 42 43 44 <!--编码过滤--> 45 <filter> 46 <filter-name>CharacterEncodingFilter</filter-name> 47 <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 48 <init-param> 49 <param-name>encoding</param-name> 50 <param-value>UTF-8</param-value> 51 </init-param> 52 </filter> 53 <filter-mapping> 54 <filter-name>CharacterEncodingFilter</filter-name> 55 <url-pattern>/*</url-pattern> 56 </filter-mapping> 57 58 </web-app>
1 package cn.itcast.ssm.service; 2 3 import org.springframework.security.core.userdetails.UserDetailsService; 4 5 public interface IUserInfoService extends UserDetailsService 6 7
1 package cn.itcast.ssm.service.impl; 2 3 import cn.itcast.ssm.dao.IUserInfoDao; 4 import cn.itcast.ssm.domain.Role; 5 import cn.itcast.ssm.domain.UserInfo; 6 import cn.itcast.ssm.service.IUserInfoService; 7 import org.springframework.beans.factory.annotation.Autowired; 8 import org.springframework.security.core.GrantedAuthority; 9 import org.springframework.security.core.authority.SimpleGrantedAuthority; 10 import org.springframework.security.core.userdetails.User; 11 import org.springframework.security.core.userdetails.UserDetails; 12 import org.springframework.security.core.userdetails.UsernameNotFoundException; 13 import org.springframework.stereotype.Service; 14 15 import java.util.ArrayList; 16 import java.util.Collection; 17 import java.util.List; 18 19 @Service("userInfoService") 20 public class UserInfoServiceImpl implements IUserInfoService 21 22 @Autowired 23 private IUserInfoDao userInfoDao; 24 25 @Override 26 public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException 27 //根据用户用查询用户 28 UserInfo userInfo = null; 29 try 30 userInfo = userInfoDao.findByUserName(username); 31 catch (Exception e) 32 e.printStackTrace(); 33 34 //将查询出的用户转换为UserDetails 35 User user = null; 36 if(userInfo != null) 37 // user = new User(userInfo.getUsername(), "noop" + userInfo.getPassword(), getAuthorities(userInfo.getRoleList())); 38 user = new User(userInfo.getUsername(), "noop" + userInfo.getPassword(), 39 userInfo.getStatus() == 1 ? true : false, true, true, true, 40 getAuthorities(userInfo.getRoleList())); 41 42 return user; 43 44 45 private Collection<SimpleGrantedAuthority> getAuthorities(List<Role> roleList) 46 List<SimpleGrantedAuthority> authorities = new ArrayList<>(); 47 for (Role role : roleList) 48 SimpleGrantedAuthority auth = new SimpleGrantedAuthority("ROLE_" + role.getRoleName()); 49 authorities.add(auth); 50 51 return authorities; 52 53 54
以上是关于SpringSecurity为项目加入权限控制的主要内容,如果未能解决你的问题,请参考以下文章
项目一众筹网07_01_SpringSecurity框架简介和用法SpringSecurity负责的是 权限验证Spring的注解模式maven引入Spring环境加入layUI环境
SpringBoot整合SpringSecurity权限控制(动态拦截url+单点登录)
项目一众筹网07_03_SpringSecurity退出登录禁用CSRF基于角色或权限访问控制自定义403页面
spring mvc怎么加入权限控制,在未登录前,任何访问url都跳转到login页面;登录成功