SpringSecurity为项目加入权限控制

Posted mozq

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了SpringSecurity为项目加入权限控制相关的知识,希望对你有一定的参考价值。

技术图片
 1 <?xml version="1.0" encoding="UTF-8"?>
 2 <beans xmlns="http://www.springframework.org/schema/beans"
 3        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4        xmlns:security="http://www.springframework.org/schema/security"
 5        xsi:schemaLocation="http://www.springframework.org/schema/beans
 6                 http://www.springframework.org/schema/beans/spring-beans.xsd
 7                 http://www.springframework.org/schema/security
 8                 http://www.springframework.org/schema/security/spring-security.xsd
 9                ">
10 
11     <!--认证-->
12     <security:authentication-manager>
13         <!--数据库认证 user-service-ref配置实现了UserDetailsService接口的bean-->
14         <security:authentication-provider user-service-ref="userInfoService">
15             <!--加密方式-->
16             <!-- 配置加密的方式
17                 <security:password-encoder ref="passwordEncoder"/>
18             -->
19 
20             <!--xml配置认证-->
21             <!--
22                 <security:user-service>
23                     <security:user name="admin" password="noopadmin" authorities="ROLE_ADMIN" />
24                 </security:user-service>
25             -->
26         </security:authentication-provider>
27     </security:authentication-manager>
28 
29     <!--配置不过滤的资源-->
30     <security:http security="none" pattern="/login.jsp"/>
31     <security:http security="none" pattern="/failer.jsp"/>
32     <security:http security="none" pattern="/css/**"/>
33     <security:http security="none" pattern="/img/**"/>
34     <security:http security="none" pattern="/plugins/**"/>
35 
36     <!--授权-->
37     <security:http auto-config="true" use-expressions="false">
38         <security:intercept-url pattern="/**" access="ROLE_管理员"/>
39 
40         <!--自定义登录-->
41         <security:form-login
42                 login-page="/login.jsp" login-processing-url="/login"
43                 username-parameter="user" password-parameter="password"
44                 default-target-url="/index.jsp" authentication-failure-url="/failer.jsp"/>
45 
46         <!--注销-->
47         <security:logout logout-url="/logoutxx.do" invalidate-session="true" logout-success-url="/login.jsp"></security:logout>
48 
49         <!--关闭跨站请求伪造-->
50         <security:csrf disabled="true" />
51     </security:http>
52 </beans>
spring-security.xml
技术图片
 1 <?xml version="1.0" encoding="UTF-8"?>
 2 <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
 3          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4          xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
 5          version="3.1">
 6 
 7     <!--spring容器监听器-->
 8     <listener>
 9         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
10     </listener>
11 
12     <context-param>
13         <param-name>contextConfigLocation</param-name>
14         <param-value>classpath:applicationContext.xml,classpath:spring-security.xml</param-value>
15     </context-param>
16 
17     <!--配置SpringSecurity的过滤器-->
18     <filter>
19         <filter-name>springSecurityFilterChain</filter-name>
20         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
21     </filter>
22     <filter-mapping>
23         <filter-name>springSecurityFilterChain</filter-name>
24         <url-pattern>/*</url-pattern>
25     </filter-mapping>
26 
27     <!--springmvc前端控制器-->
28     <servlet>
29         <servlet-name>app</servlet-name>
30         <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
31         <init-param>
32             <param-name>contextConfigLocation</param-name>
33             <param-value>classpath:spring-mvc.xml</param-value>
34         </init-param>
35         <load-on-startup>1</load-on-startup>
36     </servlet>
37 
38     <servlet-mapping>
39         <servlet-name>app</servlet-name>
40         <url-pattern>*.do</url-pattern>
41     </servlet-mapping>
42 
43 
44     <!--编码过滤-->
45     <filter>
46         <filter-name>CharacterEncodingFilter</filter-name>
47         <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
48         <init-param>
49             <param-name>encoding</param-name>
50             <param-value>UTF-8</param-value>
51         </init-param>
52     </filter>
53     <filter-mapping>
54         <filter-name>CharacterEncodingFilter</filter-name>
55         <url-pattern>/*</url-pattern>
56     </filter-mapping>
57 
58 </web-app>
web.xml
技术图片
1 package cn.itcast.ssm.service;
2 
3 import org.springframework.security.core.userdetails.UserDetailsService;
4 
5 public interface IUserInfoService extends UserDetailsService 
6 
7 
IUserInfoService.java
技术图片
 1 package cn.itcast.ssm.service.impl;
 2 
 3 import cn.itcast.ssm.dao.IUserInfoDao;
 4 import cn.itcast.ssm.domain.Role;
 5 import cn.itcast.ssm.domain.UserInfo;
 6 import cn.itcast.ssm.service.IUserInfoService;
 7 import org.springframework.beans.factory.annotation.Autowired;
 8 import org.springframework.security.core.GrantedAuthority;
 9 import org.springframework.security.core.authority.SimpleGrantedAuthority;
10 import org.springframework.security.core.userdetails.User;
11 import org.springframework.security.core.userdetails.UserDetails;
12 import org.springframework.security.core.userdetails.UsernameNotFoundException;
13 import org.springframework.stereotype.Service;
14 
15 import java.util.ArrayList;
16 import java.util.Collection;
17 import java.util.List;
18 
19 @Service("userInfoService")
20 public class UserInfoServiceImpl implements IUserInfoService 
21 
22     @Autowired
23     private IUserInfoDao userInfoDao;
24 
25     @Override
26     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException 
27         //根据用户用查询用户
28         UserInfo userInfo = null;
29         try 
30             userInfo = userInfoDao.findByUserName(username);
31          catch (Exception e) 
32             e.printStackTrace();
33         
34         //将查询出的用户转换为UserDetails
35         User user = null;
36         if(userInfo != null)
37 //            user = new User(userInfo.getUsername(), "noop" + userInfo.getPassword(), getAuthorities(userInfo.getRoleList()));
38             user = new User(userInfo.getUsername(), "noop" + userInfo.getPassword(),
39                     userInfo.getStatus() == 1 ? true : false, true, true, true,
40                     getAuthorities(userInfo.getRoleList()));
41         
42         return user;
43     
44 
45     private Collection<SimpleGrantedAuthority> getAuthorities(List<Role> roleList) 
46         List<SimpleGrantedAuthority> authorities = new ArrayList<>();
47         for (Role role : roleList) 
48             SimpleGrantedAuthority auth = new SimpleGrantedAuthority("ROLE_" + role.getRoleName());
49             authorities.add(auth);
50         
51         return authorities;
52     
53 
54 
UserInfoServiceImpl

 

 

技术图片

以上是关于SpringSecurity为项目加入权限控制的主要内容,如果未能解决你的问题,请参考以下文章

项目一众筹网07_01_SpringSecurity框架简介和用法SpringSecurity负责的是 权限验证Spring的注解模式maven引入Spring环境加入layUI环境

SpringBoot整合SpringSecurity权限控制(动态拦截url+单点登录)

项目一众筹网07_03_SpringSecurity退出登录禁用CSRF基于角色或权限访问控制自定义403页面

spring mvc怎么加入权限控制,在未登录前,任何访问url都跳转到login页面;登录成功

五SpringSecurity Web权限方案——自定义登录页面与权限访问控制

五SpringSecurity Web权限方案——自定义登录页面与权限访问控制