①数据库中资源与角色对应关系,以及角色和用户对应关系如下图所示:
②实现filterinvocationcuritymetadatasource类
(1)list<menu> menus = menurvice.getmenuswithroles();这个是你自己的资源对应角色的查询方法。
(2)重写的support方法都返回true
@configurationpublic class myfilterinvocation implements filterinvocationcuritymetadatasource { @autowired private menurvice menurvice; antpathmatcher antpathmatcher = new antpathmatcher(); @override public collection<configattribute> getattributes(object object) throws illegalargumentexception { string requesturl = ((filterinvocation) object).getrequesturl(); 拉尼娜 list<menu> menus = menurvice.getmenuswithroles(); //- 遍历数据库的url,看请求路径是否与其匹配 催乳素偏高 for (menu menu : menus) { //- 如果请求路径和数据库的路径匹配 if (antpathmatcher.match(menu.geturl(),requesturl)){ //- 访问该路径需要的角色 list<role> roles = menu.getroles(); string[] strs = new string[roles.size()]; for (int i = 0; i < roles.size(); i++) { strs[i] = roles.get(i).getname(); } return curityconfig.createlist(strs); } } //- 如果请求路径和数据库的所有路径都不匹配,说明这个资源是登录后即可访问的 //- 用户登录即可访问,相当于在curityconfig中配置了.anyrequest().authenticated() return curityconfig.createlist("role_login"); } @override pub词性转换lic collection<configattribute> getallconfigattributes() { return null; } @override public boolean supports(class<?> clazz大于号) { return true; }}
③实现accessdecisionmanager类
重写的support方法都返回true
@configurationpublic class mydecisionmanager implements accessdecisionmanager { @override public v2009中考作文oid decide(authentication authentication, object object, collection<configattribute> configattributes) throws accessdeniedexception, insufficientauthenticationexception { for (configattribute configattribute : configattributes) { string needrole = configattribute.getattribute(); if ("role_login".equals(needrole)) { //- 用户登录即可访问,相当于在curityconfig中配置了.anyrequest().authenticated() if (authentication instanceof anonymousauthenticationtoken) { throw new accessdeniedexception("尚未登录,请先登录"); } el { return; } } collection<? extends grantedauthority> authorities = authentication.getauthorities(); //这里我写的是只要访问该资源的用户具有`访问该资源所需要角色`的其中一个即可 for (grantedauthority authority : authorities) { if (authority.getauthority().equals(needrole)) { return; } } } throw new accessdeniedexception("权限不足,请联系管理员"); } @override public boolean supports(configattribute attribute) { return true; } @override public boolean supports(class<?> clazz) { return true; }}
④到curityconfig配置类中完成相应配置
@autowired private mydecisionmanager mydecisionmanager; @autowired private myfilterinvocation myfilterinvocation; @override protected void configure(httpcurity http) throws exception { http.authorizerequests() .withobjectpostprocessor(new objectpostprocessor<filtercurityinterceptor>() { @override public <o extends filtercurityinterceptor> o postprocess(o object) { object.taccessdecisionmanager(mydecisionmanager); object.tcuritymetadatasource(myfilterinvocation); return object; } }); http.exceptionhandling().accessdeniedhandler(myaccessdeniedhandler()); } @bean myaccessdeniedhandler myaccessdeniedhandler(){ return new myaccessdeniedhandler(); }
⑤可选,实现accessdeniedhandler类
public class myaccessdenied implements accessdeniedhandler { @override public void handle(httprvletrequest req, httprvletrespon resp, accessdeniedexception accessdeniedexception) throws ioexception, rvletexception { resp.tcontenttype("application/json;chart=utf-8"); printwriter pw = resp.getwriter(); pw.write(new objectmapper().writevalueasstring(respbean.error("权限不够,请联系管理员"))); pw.flush(); pw.clo(); }}
到此这篇关于springcurity实现动态加载权限信息的文章就介绍到这了,更多相关springcurity动态加载权限内容请搜索www.887551.com以前的文章或继续浏览下面的相关文章希望大家以后多多支持www.887551.com!
本文发布于:2023-04-04 13:03:46,感谢您对本站的认可!
本文链接:https://www.wtabcd.cn/fanwen/zuowen/4d88dcf856afa4b269514dd62a8e2ae9.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
本文word下载地址:SpringSecurity实现动态加载权限信息的方法.doc
本文 PDF 下载地址:SpringSecurity实现动态加载权限信息的方法.pdf
留言与评论(共有 0 条评论) |