• SpringSecurity为项目加入权限控制


     1 <?xml version="1.0" encoding="UTF-8"?>
     2 <beans xmlns="http://www.springframework.org/schema/beans"
     3        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     4        xmlns:security="http://www.springframework.org/schema/security"
     5        xsi:schemaLocation="http://www.springframework.org/schema/beans
     6                 http://www.springframework.org/schema/beans/spring-beans.xsd
     7                 http://www.springframework.org/schema/security
     8                 http://www.springframework.org/schema/security/spring-security.xsd
     9                ">
    10 
    11     <!--认证-->
    12     <security:authentication-manager>
    13         <!--数据库认证 user-service-ref配置实现了UserDetailsService接口的bean-->
    14         <security:authentication-provider user-service-ref="userInfoService">
    15             <!--加密方式-->
    16             <!-- 配置加密的方式
    17                 <security:password-encoder ref="passwordEncoder"/>
    18             -->
    19 
    20             <!--xml配置认证-->
    21             <!--
    22                 <security:user-service>
    23                     <security:user name="admin" password="{noop}admin" authorities="ROLE_ADMIN" />
    24                 </security:user-service>
    25             -->
    26         </security:authentication-provider>
    27     </security:authentication-manager>
    28 
    29     <!--配置不过滤的资源-->
    30     <security:http security="none" pattern="/login.jsp"/>
    31     <security:http security="none" pattern="/failer.jsp"/>
    32     <security:http security="none" pattern="/css/**"/>
    33     <security:http security="none" pattern="/img/**"/>
    34     <security:http security="none" pattern="/plugins/**"/>
    35 
    36     <!--授权-->
    37     <security:http auto-config="true" use-expressions="false">
    38         <security:intercept-url pattern="/**" access="ROLE_管理员"/>
    39 
    40         <!--自定义登录-->
    41         <security:form-login
    42                 login-page="/login.jsp" login-processing-url="/login"
    43                 username-parameter="user" password-parameter="password"
    44                 default-target-url="/index.jsp" authentication-failure-url="/failer.jsp"/>
    45 
    46         <!--注销-->
    47         <security:logout logout-url="/logoutxx.do" invalidate-session="true" logout-success-url="/login.jsp"></security:logout>
    48 
    49         <!--关闭跨站请求伪造-->
    50         <security:csrf disabled="true" />
    51     </security:http>
    52 </beans>
    spring-security.xml
     1 <?xml version="1.0" encoding="UTF-8"?>
     2 <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
     3          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     4          xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
     5          version="3.1">
     6 
     7     <!--spring容器监听器-->
     8     <listener>
     9         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    10     </listener>
    11 
    12     <context-param>
    13         <param-name>contextConfigLocation</param-name>
    14         <param-value>classpath:applicationContext.xml,classpath:spring-security.xml</param-value>
    15     </context-param>
    16 
    17     <!--配置SpringSecurity的过滤器-->
    18     <filter>
    19         <filter-name>springSecurityFilterChain</filter-name>
    20         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    21     </filter>
    22     <filter-mapping>
    23         <filter-name>springSecurityFilterChain</filter-name>
    24         <url-pattern>/*</url-pattern>
    25     </filter-mapping>
    26 
    27     <!--springmvc前端控制器-->
    28     <servlet>
    29         <servlet-name>app</servlet-name>
    30         <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    31         <init-param>
    32             <param-name>contextConfigLocation</param-name>
    33             <param-value>classpath:spring-mvc.xml</param-value>
    34         </init-param>
    35         <load-on-startup>1</load-on-startup>
    36     </servlet>
    37 
    38     <servlet-mapping>
    39         <servlet-name>app</servlet-name>
    40         <url-pattern>*.do</url-pattern>
    41     </servlet-mapping>
    42 
    43 
    44     <!--编码过滤-->
    45     <filter>
    46         <filter-name>CharacterEncodingFilter</filter-name>
    47         <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    48         <init-param>
    49             <param-name>encoding</param-name>
    50             <param-value>UTF-8</param-value>
    51         </init-param>
    52     </filter>
    53     <filter-mapping>
    54         <filter-name>CharacterEncodingFilter</filter-name>
    55         <url-pattern>/*</url-pattern>
    56     </filter-mapping>
    57 
    58 </web-app>
    web.xml
    1 package cn.itcast.ssm.service;
    2 
    3 import org.springframework.security.core.userdetails.UserDetailsService;
    4 
    5 public interface IUserInfoService extends UserDetailsService {
    6 
    7 }
    IUserInfoService.java
     1 package cn.itcast.ssm.service.impl;
     2 
     3 import cn.itcast.ssm.dao.IUserInfoDao;
     4 import cn.itcast.ssm.domain.Role;
     5 import cn.itcast.ssm.domain.UserInfo;
     6 import cn.itcast.ssm.service.IUserInfoService;
     7 import org.springframework.beans.factory.annotation.Autowired;
     8 import org.springframework.security.core.GrantedAuthority;
     9 import org.springframework.security.core.authority.SimpleGrantedAuthority;
    10 import org.springframework.security.core.userdetails.User;
    11 import org.springframework.security.core.userdetails.UserDetails;
    12 import org.springframework.security.core.userdetails.UsernameNotFoundException;
    13 import org.springframework.stereotype.Service;
    14 
    15 import java.util.ArrayList;
    16 import java.util.Collection;
    17 import java.util.List;
    18 
    19 @Service("userInfoService")
    20 public class UserInfoServiceImpl implements IUserInfoService {
    21 
    22     @Autowired
    23     private IUserInfoDao userInfoDao;
    24 
    25     @Override
    26     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    27         //根据用户用查询用户
    28         UserInfo userInfo = null;
    29         try {
    30             userInfo = userInfoDao.findByUserName(username);
    31         } catch (Exception e) {
    32             e.printStackTrace();
    33         }
    34         //将查询出的用户转换为UserDetails
    35         User user = null;
    36         if(userInfo != null){
    37 //            user = new User(userInfo.getUsername(), "{noop}" + userInfo.getPassword(), getAuthorities(userInfo.getRoleList()));
    38             user = new User(userInfo.getUsername(), "{noop}" + userInfo.getPassword(),
    39                     userInfo.getStatus() == 1 ? true : false, true, true, true,
    40                     getAuthorities(userInfo.getRoleList()));
    41         }
    42         return user;
    43     }
    44 
    45     private Collection<SimpleGrantedAuthority> getAuthorities(List<Role> roleList) {
    46         List<SimpleGrantedAuthority> authorities = new ArrayList<>();
    47         for (Role role : roleList) {
    48             SimpleGrantedAuthority auth = new SimpleGrantedAuthority("ROLE_" + role.getRoleName());
    49             authorities.add(auth);
    50         }
    51         return authorities;
    52     }
    53 
    54 }
    UserInfoServiceImpl

  • 相关阅读:
    出现“在与 SQL Server 建立连接时出现与网络相关的或特定于实例的错误。未找到或无法访问服务器。请验证实例名称是否正确并且 SQL Server 已配置为允许远程连接。”这样的错误!
    关于sql server 2008过期导致 MSSQLSERVER服务就无法启动,手动启动就报告错误代码17051。
    ASP.NET 回调技术(CallBack)
    Asp.net中的ajax回调模式(ICallbackEventHandler)
    CKEditor4.1和CKFinder2.3.1 for Mvc4最新 破解版,结合 打造"帅"的编辑器 For .Net
    .net_ckeditor+ckfinder的图片上传配置
    文件上传限制大小 dotnet/C#
    C#.Net 上传图片,限制图片大小,检查类型完整版
    图片上传代码(C#)
    C#中操作xml文件(插入节点、修改、删除)
  • 原文地址:https://www.cnblogs.com/mozq/p/11067653.html
Copyright © 2020-2023  润新知