首页 > 作文

SpringSecurity实现动态加载权限信息的方法

更新时间:2023-04-04 13:03:47 阅读: 评论:0

①数据库中资源与角色对应关系,以及角色和用户对应关系如下图所示:

②实现filterinvocationcuritymetadatasource类

(1)list<menu> menus = menurvice.getmenuswithroles();这个是你自己的资源对应角色的查询方法。

(2)重写的support方法都返回true

@configurationpublic class myfilterinvocation implements filterinvocationcuritymetadatasource {     @autowired    private menurvice menurvice;     antpathmatcher antpathmatcher = new antpathmatcher();     @override    public collection<configattribute> getattributes(object object) throws illegalargumentexception {        string requesturl = ((filterinvocation) object).getrequesturl();    拉尼娜    list<menu> menus = menurvice.getmenuswithroles();        //- 遍历数据库的url,看请求路径是否与其匹配      催乳素偏高  for (menu menu : menus) {            //- 如果请求路径和数据库的路径匹配            if (antpathmatcher.match(menu.geturl(),requesturl)){                //- 访问该路径需要的角色                list<role> roles = menu.getroles();                string[] strs = new string[roles.size()];                for (int i = 0; i < roles.size(); i++) {                    strs[i] = roles.get(i).getname();                }                return curityconfig.createlist(strs);            }        }        //- 如果请求路径和数据库的所有路径都不匹配,说明这个资源是登录后即可访问的        //- 用户登录即可访问,相当于在curityconfig中配置了.anyrequest().authenticated()        return curityconfig.createlist("role_login");    }     @override    pub词性转换lic collection<configattribute> getallconfigattributes() {        return null;    }     @override    public boolean supports(class<?> clazz大于号) {        return true;    }}

③实现accessdecisionmanager

重写的support方法都返回true

@configurationpublic class mydecisionmanager implements accessdecisionmanager {      @override    public v2009中考作文oid decide(authentication authentication, object object, collection<configattribute> configattributes) throws accessdeniedexception, insufficientauthenticationexception {        for (configattribute configattribute : configattributes) {            string needrole = configattribute.getattribute();            if ("role_login".equals(needrole)) {                //- 用户登录即可访问,相当于在curityconfig中配置了.anyrequest().authenticated()                if (authentication instanceof anonymousauthenticationtoken) {                    throw new accessdeniedexception("尚未登录,请先登录");                } el {                    return;                }            }                        collection<? extends grantedauthority> authorities = authentication.getauthorities();            //这里我写的是只要访问该资源的用户具有`访问该资源所需要角色`的其中一个即可            for (grantedauthority authority : authorities) {                if (authority.getauthority().equals(needrole)) {                    return;                }            }        }        throw new accessdeniedexception("权限不足,请联系管理员");    }     @override    public boolean supports(configattribute attribute) {        return true;    }     @override    public boolean supports(class<?> clazz) {        return true;    }}

④到curityconfig配置类中完成相应配置

    @autowired    private mydecisionmanager mydecisionmanager;        @autowired    private  myfilterinvocation myfilterinvocation;      @override    protected void configure(httpcurity http) throws exception {        http.authorizerequests()                .withobjectpostprocessor(new objectpostprocessor<filtercurityinterceptor>() {                    @override                    public <o extends filtercurityinterceptor> o postprocess(o object) {                        object.taccessdecisionmanager(mydecisionmanager);                        object.tcuritymetadatasource(myfilterinvocation);                        return object;                    }                });             http.exceptionhandling().accessdeniedhandler(myaccessdeniedhandler());     }      @bean    myaccessdeniedhandler myaccessdeniedhandler(){        return new myaccessdeniedhandler();    }

⑤可选,实现accessdeniedhandler

public class myaccessdenied implements accessdeniedhandler {     @override    public void handle(httprvletrequest req, httprvletrespon resp, accessdeniedexception accessdeniedexception) throws ioexception, rvletexception {        resp.tcontenttype("application/json;chart=utf-8");        printwriter pw = resp.getwriter();        pw.write(new objectmapper().writevalueasstring(respbean.error("权限不够,请联系管理员")));        pw.flush();        pw.clo();    }}

到此这篇关于springcurity实现动态加载权限信息的文章就介绍到这了,更多相关springcurity动态加载权限内容请搜索www.887551.com以前的文章或继续浏览下面的相关文章希望大家以后多多支持www.887551.com!

本文发布于:2023-04-04 13:03:46,感谢您对本站的认可!

本文链接:https://www.wtabcd.cn/fanwen/zuowen/4d88dcf856afa4b269514dd62a8e2ae9.html

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。

本文word下载地址:SpringSecurity实现动态加载权限信息的方法.doc

本文 PDF 下载地址:SpringSecurity实现动态加载权限信息的方法.pdf

标签:路径   角色   权限   数据库
相关文章
留言与评论(共有 0 条评论)
   
验证码:
Copyright ©2019-2022 Comsenz Inc.Powered by © 专利检索| 网站地图