SpringSecurity为项目加入权限控制
2024-08-30 03:37:58
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
"> <!--认证-->
<security:authentication-manager>
<!--数据库认证 user-service-ref配置实现了UserDetailsService接口的bean-->
<security:authentication-provider user-service-ref="userInfoService">
<!--加密方式-->
<!-- 配置加密的方式
<security:password-encoder ref="passwordEncoder"/>
--> <!--xml配置认证-->
<!--
<security:user-service>
<security:user name="admin" password="{noop}admin" authorities="ROLE_ADMIN" />
</security:user-service>
-->
</security:authentication-provider>
</security:authentication-manager> <!--配置不过滤的资源-->
<security:http security="none" pattern="/login.jsp"/>
<security:http security="none" pattern="/failer.jsp"/>
<security:http security="none" pattern="/css/**"/>
<security:http security="none" pattern="/img/**"/>
<security:http security="none" pattern="/plugins/**"/> <!--授权-->
<security:http auto-config="true" use-expressions="false">
<security:intercept-url pattern="/**" access="ROLE_管理员"/> <!--自定义登录-->
<security:form-login
login-page="/login.jsp" login-processing-url="/login"
username-parameter="user" password-parameter="password"
default-target-url="/index.jsp" authentication-failure-url="/failer.jsp"/> <!--注销-->
<security:logout logout-url="/logoutxx.do" invalidate-session="true" logout-success-url="/login.jsp"></security:logout> <!--关闭跨站请求伪造-->
<security:csrf disabled="true" />
</security:http>
</beans>
spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
version="3.1"> <!--spring容器监听器-->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener> <context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml,classpath:spring-security.xml</param-value>
</context-param> <!--配置SpringSecurity的过滤器-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <!--springmvc前端控制器-->
<servlet>
<servlet-name>app</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-mvc.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet> <servlet-mapping>
<servlet-name>app</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping> <!--编码过滤-->
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> </web-app>
web.xml
package cn.itcast.ssm.service;
import org.springframework.security.core.userdetails.UserDetailsService;
public interface IUserInfoService extends UserDetailsService {
}
IUserInfoService.java
package cn.itcast.ssm.service.impl; import cn.itcast.ssm.dao.IUserInfoDao;
import cn.itcast.ssm.domain.Role;
import cn.itcast.ssm.domain.UserInfo;
import cn.itcast.ssm.service.IUserInfoService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service; import java.util.ArrayList;
import java.util.Collection;
import java.util.List; @Service("userInfoService")
public class UserInfoServiceImpl implements IUserInfoService { @Autowired
private IUserInfoDao userInfoDao; @Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//根据用户用查询用户
UserInfo userInfo = null;
try {
userInfo = userInfoDao.findByUserName(username);
} catch (Exception e) {
e.printStackTrace();
}
//将查询出的用户转换为UserDetails
User user = null;
if(userInfo != null){
// user = new User(userInfo.getUsername(), "{noop}" + userInfo.getPassword(), getAuthorities(userInfo.getRoleList()));
user = new User(userInfo.getUsername(), "{noop}" + userInfo.getPassword(),
userInfo.getStatus() == 1 ? true : false, true, true, true,
getAuthorities(userInfo.getRoleList()));
}
return user;
} private Collection<SimpleGrantedAuthority> getAuthorities(List<Role> roleList) {
List<SimpleGrantedAuthority> authorities = new ArrayList<>();
for (Role role : roleList) {
SimpleGrantedAuthority auth = new SimpleGrantedAuthority("ROLE_" + role.getRoleName());
authorities.add(auth);
}
return authorities;
} }
UserInfoServiceImpl
最新文章
- JavaScript 字符串处理详解
- Android入门(六):Android控件布局属性全解
- Apache_proxy负载均衡和Session复制
- js鼠标经过文字滚动,移开还原
- 轻松学习Ionic (一) 搭建开发环境,并创建工程
- [Angular 2] 8. Better ES5 Code
- ViewPager的用法实例
- java Date日期去掉时分秒
- 深入浅出scanf、getcha、gets、cin函数
- CPU使用率和Load Average的关系
- xp对opengl的支持问题
- C++虚函数表调用学习
- Mac OS 的命令行 总结
- caffe源码学习之Proto数据格式【1】
- MySQL-压缩版-windows安装
- c/c++关于指针的一点理解
- MySQL面试题36道
- JDK8新特性,给接口添加一个默认实现
- mybatis在oracle中的分页扩展
- querystring模块详解