注意。。。。。本文章来源于网上,版权归原作者所有
先看一下springcurity官方对以下几个类或接口的解释,因为这个几个类在程序中会使
用到;
ConfigAttribute:Storesacuritysystemrelatedconfigurationattribute.
SecurityConfig:ConfigAttribute的实现类。
GrantedAuthority:ReprentsanauthoritygrantedtoanAuthenticationobject.
GrantedAuthorityImpl:GrantedAuthority的实现类。
UrDetails:Providescoreurinformation.
Authentication:Reprentsthetokenforanauthenticationrequestorforan
authenticatedprincipaloncetherequesthasbeenprocesdbythe
ticate(Authentication)method.
UrDetailsService:Coreinterfacewhichloadsur-specificdata.
FilterInvocationSecurityMetadataSource:Markerinterfacefor
SecurityMetadataSourceimplementationsthataredesignedtoperformlookups
keyedonFilterInvocations.
AccessDecisionManager:Makesafinalaccesscontrol(authorization)decision.
定义四张表:用户表、角色表、资源表、组织机构表(可选)
首先需要在文件中添加以下配置:
代码
tingFilterProxy
接着配置springcurity的配置文件:
Xml代码
<?xmlversion="1.0"encoding="UTF-8"?>
xmlns:beans="/schema/beans"
xmlns:xsi="/2001/XMLSchema-instance"
xsi:schemaLocation="/schema/beans
/schema/beans/
/schema/curity
/schema/curity/">
u-expressions="true">
/>
ssion-fixation-protection="none">
authentication-failure-url="/?error=true"
always-u-default-target="true"default-target-url="/?error=fal"
/>
"/"/>
="curityFilter"/>
="SecurityInterceptor">
="authenticationManager"/>
="curityAccessDecisionManager"/>
="curityMetadataSource"/>
"curityUrDetailService">
="tyUrDetailService"
/>
="tyAccessDecisionManage
r"/>
="tyMetadataSource"/>
接着需要写一个类实现UrDetails接口,这个并不是我们系统的用户,它只是一个VO,
用于保存从springcurity上下文环境中获取到登录用户,因为从springcurity上下文
环境中获取登录用户的返回值就是UrDetails的实现类:
Java代码
;
tion;
dAuthority;
tails;
publicclassUrDetailInfoimplementsUrDetails{
privatestaticfinallongrialVersionUID=6137832L;
privateStringurName;
privateStringpassword;
privateCollection
publicUrDetailInfo(){}
@Override
publicCollection
returnauthorities;
}
@Override
publicStringgetPassword(){
returnpassword;
}
@Override
publicStringgetUrname(){
returnurName;
}
@Override
publicbooleanisAccountNonExpired(){
returntrue;
}
@Override
publicbooleanisAccountNonLocked(){
returntrue;
}
@Override
publicbooleanisCredentialsNonExpired(){
returntrue;
}
@Override
publicbooleanisEnabled(){
returntrue;
}
publicStringgetUrName(){
returnurName;
}
publicvoidtUrName(StringurName){
me=urName;
}
publicvoidtPassword(Stringpassword){
rd=password;
}
publicvoidtAuthorities(Collection
ities=authorities;
}
}
接着自定义一个继承了AbstractSecurityInterceptor的filter:
Java代码
ty;
ption;
;
Chain;
Config;
tException;
tRequest;
tRespon;
tyMetadataSource;
import
ctSecurityInterceptor;
import
eptorStatusToken;
Invocation;
import
InvocationSecurityMetada
taSource;
publicclassFilterSecurityInterceptorextends
AbstractSecurityInterceptorimplementsFilter{
privateFilterInvocationSecurityMetadataSourcecurityMetadataSource;
@Override
publicvoiddestroy(){
//TODOAuto-generatedmethodstub
}
@Override
publicvoiddoFilter(ServletRequestrequest,ServletResponrespon,
FilterChainfilterChain)throwsIOException,ServletException{
FilterInvocationinvocation=newFilterInvocation(request,respon,
filterChain);
invoke(invocation);
}
publicvoidinvoke(FilterInvocationfilterInvocation)throws
IOException,ServletException{
InterceptorStatusTokentoken=
Invocation(filterInvocation);
try{
in().doFilter(uest(),
pon());
}finally{
nvocation(token,null);
}
}
@Override
publicvoidinit(FilterConfigarg0)throwsServletException{
//TODOAuto-generatedmethodstub
}
@Override
publicClass<?extendsObject>getSecureObjectClass(){
;
}
@Override
publicSecurityMetadataSourceobtainSecurityMetadataSource(){
tyMetadataSource;
}
publicvoid
tSecurityMetadataSource(FilterInvocationSecurityMetadataSource
curityMetadataSource){
tyMetadataSource=curityMetadataSource;
}
publicFilterInvocationSecurityMetadataSourcegetSecurityMetadataSource()
{
tyMetadataSource;
}
}
接着定义一个类,实现了UrDetailsService接口,主要用于获取登录用户信息和用户所
具有的角色
Java代码
ty;
ist;
tion;
;
ce;
cessException;
dAuthority;
dAuthorityImpl;
tails;
tailsService;
import
meNotFoundException;
;
;
tailInfo;
ervice;
publicclassSecurityUrDetailServiceimplementsUrDetailsService{
privateIUrServiceurService;
/**
*获取登录用户信息并添加到curity上下文环境
*/
@Override
publicUrDetailsloadUrByUrname(Stringname)throws
UrnameNotFoundException,DataAccessException{
//定义存放用户角色信息的集合
Collection
ArrayList
//通过已经经过验证的登录用户的用户名查找登录用户信息
Urur=erByProperty("name",name);
//定义一个urDetailInfo对象,该类实现了springcurityUrDetails接
口,因为已经经过验证的登录用户会保持在
//springcurity上下文环境中,通过该上下文环境获取登录用户信息返回的是
UrDetails类型,因此需要定义一个类实现该接口
UrDetailInfourDetailInfo=null;
if(ur!=null){
//获取登录用户信息的角色列表
Set
for(Rolerole:roles){
//利用角色用户具有的角色的编号构造一个GrantedAuthority对象,并把该
对象添加到集合中
GrantedAuthorityImplgrantedAuthorityImpl=new
GrantedAuthorityImpl("ROLE_"+());
(grantedAuthorityImpl);
}
urDetailInfo=newUrDetailInfo();
rName(e());
sword(sword());
//把角色信息添加到urDetailInfo对象中
horities(authorities);
}
returnurDetailInfo;
}
@Resource(name="urService")
publicvoidtUrService(IUrServiceurService){
rvice=urService;
}
}
再接着定义一个实现了FilterInvocationSecurityMetadataSource的类:
Java代码
ty;
ist;
tion;
p;
or;
;
ce;
Attribute;
tyConfig;
Invocation;
import
InvocationSecurityMetada
taSource;
PathMatcher;
cher;
ervice;
/**
*资源源数据管理器
*@authorKeven
*
*/
publicclassSecurityMetadataSourceimplements
FilterInvocationSecurityMetadataSource{
privateIMenuServicemenuService;
//定义一个url匹配工具类
privateUrlMatcherurlMatcher=newAntUrlPathMatcher();
privatestaticMap
null;
//该构造方法由spring容器调用
publicSecurityMetadataSource(){
loadMenuDefine();
}
privatevoidloadMenuDefine(){
menuMap=newHashMap
//初始化匿名用户所拥有的权限
Collection
ArrayList
ConfigAttributeguestAttribute=newSecurityConfig("ROLE_Guest");
(guestAttribute);
("/*",guestAtts);
}
@Override
publicCollection
returnnull;
}
@Override
publicCollection
IllegalArgumentException{
//获取请求url
Stringurl=((FilterInvocation)object).getRequestUrl();
//从数据库获取资源与角色的对应关系,并设置初始化的资源_角色到该Map
uMap(menuMap);
//获取资源列表
Iterator
while(t()){
StringmenuUrl=();
//防止把null值加入到map,报空指针异常
if(menuUrl!=null){
//请求url与角色所拥有的权限做匹配
if(tchesUrl(menuUrl,url))
(menuUrl);
}
}
returnnull;
}
@Override
publicbooleansupports(Class<?>clazz){
returntrue;
}
@Resource(name="menuService")
publicvoidtMenuService(IMenuServicemenuService){
rvice=menuService;
}
}
再接着定义一个实现了AccessDecisionManager的类:
Java代码
ty;
tion;
or;
DecisionManager;
DeniedException;
Attribute;
tyConfig;
import
icientAuthenticationException;
tication;
dAuthority;
/**
*决策管理器,用于判断用户需要访问的资源与用户所拥有的角色是否匹配
*@authorKeven
*
*/
publicclassSecurityAccessDecisionManagerimplements
AccessDecisionManager{
@Override
publicvoiddecide(Authenticationauthentication,Objectobject,
Collection
InsufficientAuthenticationException{
if(configAttributes==null)
return;
//获取资源与角色对应关系列表
Iterator
while(t()){
ConfigAttributeconfigAttribute=();
//获取访问该资源需要的角色
StringneedRole=((SecurityConfig)configAttribute).getAttribute();
//从上下文环境获取用户所具有的角色
for(GrantedAuthoritygrantedAuthority:
horities()){
//判断用户拥有的角色是否与访问该资源所需要的角色匹配
if((hority()))
return;
}
}
thrownewAccessDeniedException("权限不足!");
}
@Override
publicbooleansupports(ConfigAttributearg0){
returntrue;
}
@Override
publicbooleansupports(Class<?>arg0){
returntrue;
}
}
本文发布于:2022-11-27 09:38:15,感谢您对本站的认可!
本文链接:http://www.wtabcd.cn/fanwen/fan/90/30220.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
| 留言与评论(共有 0 条评论) |
