snoopy7713
- 浏览: 1125562 次
- 性别:
- 来自: 火星郊区
-
博客专栏
-
-
OSGi
浏览量:0
文章分类
- 全部博客 (695)
- 项目管理 (48)
- OSGi (122)
- java (79)
- Vaadin (5)
- RAP (47)
- mysql (40)
- Maven (22)
- SVN (8)
- 孔雀鱼 (10)
- hibernate (9)
- spring (10)
- css (3)
- 年审 (6)
- ant (1)
- jdbc (3)
- FusionCharts (2)
- struts (4)
- 决策分析 (2)
- 生活 (10)
- 架构设计 (5)
- 破解 (2)
- 狼文化 (4)
- JVM (14)
- J2EE (1)
- 应用服务器 (1)
- 我的链接 (5)
- 数学 (2)
- 报表 (1)
- 百科 (6)
- Flex (7)
- log4j (2)
- PHP (1)
- 系统 (2)
- Web前端 (7)
- linux (6)
- Office (1)
- 安全管理 (5)
- python (2)
- dom4j (1)
- 工作流 (3)
- 养生保健 (4)
- Eclipse (8)
- 监控开发 (1)
- 设计 (3)
- CAS (1)
- ZK (41)
- BluePrint (3)
- 工具 (1)
- SWT (7)
- google (2)
- NIO (1)
- 企业文化 (2)
- Windoes (0)
- RCP (7)
- JavaScript (10)
- UML (1)
- 产品经理 (2)
- Velocity (10)
- C (1)
- 单元测试 (1)
- 设计模式 (2)
- 系统分析师 (2)
- 架构 (4)
- 面试 (2)
- 代码走查 (1)
- MongoDB (1)
- 企业流程优化 (1)
- 模式 (1)
- EJB (1)
- Jetty (1)
- Git (13)
- IPV6 (1)
- JQuery (8)
- SSH (1)
- mybatis (10)
- SiteMesh (2)
- JSTL (1)
- veloctiy (1)
- Spring MVC (1)
- struts2 (3)
- Servlet (1)
- 权限管理 (1)
- Java Mina (1)
- java 系统信息 (6)
- OSGi 基础 (3)
- html (1)
- spring--security (6)
- HTML5 (1)
- java爬虫搜索 (1)
- mvc (3)
最新评论
-
Tom.X:
http://osgia.com/
将web容器置于OSGi框架下进行web应用的开发 -
chenyuguxing:
你好, 为什么我的bundle export到felix工程中 ...
在Apache Felix中运行bundle -
string2020:
<niceManifest>true</ni ...
Bundle Plugin for Maven -
jsonmong:
OSGI,是未来的主流,目前已相当成熟。应用OSGI比较好的, ...
基于OSGi的声明式服务 -
zyhui98:
貌似是翻译过来的,有很少人在linux上做开发吧
如何成为“10倍效率”开发者
在spring security3进级篇II中,虽然将用户和权限存入到数据库中,但在配置文件中仍然要对URL地址配置角色进行控制访问,如何将用户,角色,资源存放 到数据库中,进行统一管理,逐步实现RBAC的模型呢,这需要更复杂的实现,这一篇将实现将所有的信息存储到数据库中,但不涉及组,许可等表。
1、首先建立数据表
Sql代码 
- CREATE DATABASE IF NOT EXISTS spring_securityiii;
- USE spring_securityiii;
- --
- -- Definition of table `pub_resources`
- --
- DROP TABLE IF EXISTS `pub_resources`;
- CREATE TABLE `pub_resources` (
- `id` bigint (20) NOT NULL AUTO_INCREMENT,
- `resource_name` varchar (50) NOT NULL ,
- `resource_type` varchar (50) NOT NULL ,
- `resource_string` varchar (200) NOT NULL ,
- `resource_enabled` tinyint(1) NOT NULL ,
- `resource_desc` varchar (200) DEFAULT NULL ,
- PRIMARY KEY (`id`),
- UNIQUE KEY `uk_pub_resource` (`resource_name`)
- ) ENGINE=InnoDB AUTO_INCREMENT=402 DEFAULT CHARSET=utf8;
- --
- -- Dumping data for table `pub_resources`
- --
- /*!40000 ALTER TABLE `pub_resources` DISABLE KEYS */;
- INSERT INTO `pub_resources` (`id`,`resource_name`,`resource_type`,`resource_string`,`resource_enabled`,`resource_desc`) VALUES
- (400,'index页面' , 'url' , '/index.*' ,1, 'index页面' ),
- (401,'admin页面' , 'url' , '/admin.*' ,1, 'admin页面' );
- /*!40000 ALTER TABLE `pub_resources` ENABLE KEYS */;
- --
- -- Definition of table `pub_roles`
- --
- DROP TABLE IF EXISTS `pub_roles`;
- CREATE TABLE `pub_roles` (
- `id` bigint (20) NOT NULL AUTO_INCREMENT,
- `role_name` varchar (100) NOT NULL ,
- `role_enabled` tinyint(1) NOT NULL ,
- `role_desc` varchar (200) DEFAULT NULL ,
- PRIMARY KEY (`id`),
- UNIQUE KEY `uk_pub_role` (`role_name`)
- ) ENGINE=InnoDB AUTO_INCREMENT=202 DEFAULT CHARSET=utf8;
- --
- -- Dumping data for table `pub_roles`
- --
- /*!40000 ALTER TABLE `pub_roles` DISABLE KEYS */;
- INSERT INTO `pub_roles` (`id`,`role_name`,`role_enabled`,`role_desc`) VALUES
- (200,'ROLE_ADMIN' ,1, '管理员角色' ),
- (201,'ROLE_USER' ,1, '普通用户角色' );
- /*!40000 ALTER TABLE `pub_roles` ENABLE KEYS */;
- --
- -- Definition of table `pub_roles_resources`
- --
- DROP TABLE IF EXISTS `pub_roles_resources`;
- CREATE TABLE `pub_roles_resources` (
- `id` bigint (20) NOT NULL AUTO_INCREMENT,
- `role_id` bigint (20) NOT NULL ,
- `resource_id` bigint (20) NOT NULL ,
- PRIMARY KEY (`id`),
- KEY `roles_resources_ibfk_1` (`role_id`),
- KEY `roles_resources_ibfk_2` (`resource_id`),
- CONSTRAINT `roles_resources_ibfk_1` FOREIGN KEY (`role_id`) REFERENCES `pub_roles` (`id`),
- CONSTRAINT `roles_resources_ibfk_2` FOREIGN KEY (`resource_id`) REFERENCES `pub_resources` (`id`)
- ) ENGINE=InnoDB AUTO_INCREMENT=503 DEFAULT CHARSET=utf8;
- --
- -- Dumping data for table `pub_roles_resources`
- --
- /*!40000 ALTER TABLE `pub_roles_resources` DISABLE KEYS */;
- INSERT INTO `pub_roles_resources` (`id`,`role_id`,`resource_id`) VALUES
- (500,200,400),
- (501,200,401),
- (502,201,400);
- /*!40000 ALTER TABLE `pub_roles_resources` ENABLE KEYS */;
- --
- -- Definition of table `pub_users`
- --
- DROP TABLE IF EXISTS `pub_users`;
- CREATE TABLE `pub_users` (
- `id` bigint (20) NOT NULL AUTO_INCREMENT,
- `user_account` varchar (50) NOT NULL ,
- `user_password` varchar (20) NOT NULL ,
- `user_enabled` tinyint(1) NOT NULL ,
- `user_desc` varchar (200) DEFAULT NULL ,
- PRIMARY KEY (`id`),
- UNIQUE KEY `uk_pub_user` (`user_account`)
- ) ENGINE=InnoDB AUTO_INCREMENT=102 DEFAULT CHARSET=utf8;
- --
- -- Dumping data for table `pub_users`
- --
- /*!40000 ALTER TABLE `pub_users` DISABLE KEYS */;
- INSERT INTO `pub_users` (`id`,`user_account`,`user_password`,`user_enabled`,`user_desc`) VALUES
- (100,'admin' , 'admin' ,1, '管理员' ),
- (101,'user' , 'user' ,1, '普通用户' );
- /*!40000 ALTER TABLE `pub_users` ENABLE KEYS */;
- --
- -- Definition of table `pub_users_roles`
- --
- DROP TABLE IF EXISTS `pub_users_roles`;
- CREATE TABLE `pub_users_roles` (
- `id` bigint (20) NOT NULL AUTO_INCREMENT,
- `user_id` bigint (20) NOT NULL ,
- `role_id` bigint (20) NOT NULL ,
- `ur_enabled` tinyint(1) NOT NULL ,
- PRIMARY KEY (`id`),
- KEY `users_roles_ibfk_1` (`user_id`),
- KEY `users_roles_ibfk_2` (`role_id`),
- CONSTRAINT `users_roles_ibfk_1` FOREIGN KEY (`user_id`) REFERENCES `pub_users` (`id`),
- CONSTRAINT `users_roles_ibfk_2` FOREIGN KEY (`role_id`) REFERENCES `pub_roles` (`id`)
- ) ENGINE=InnoDB AUTO_INCREMENT=303 DEFAULT CHARSET=utf8;
- --
- -- Dumping data for table `pub_users_roles`
- --
- /*!40000 ALTER TABLE `pub_users_roles` DISABLE KEYS */;
- INSERT INTO `pub_users_roles` (`id`,`user_id`,`role_id`,`ur_enabled`) VALUES
- (300,100,200,1),
- (301,100,201,1),
- (302,101,201,1);
- /*!40000 ALTER TABLE `pub_users_roles` ENABLE KEYS */;
2、自定义实现spring security的四个类
Java代码
- package com.spring.security.service.impl;
- import javax.annotation.Resource;
- import org.springframework.security.core.userdetails.UserDetails;
- import org.springframework.security.core.userdetails.UsernameNotFoundException;
- import org.springframework.stereotype.Service;
- import com.spring.security.dao.UserDao;
- import com.spring.security.domain.User;
- import com.spring.security.service.CustomUserDetailsService;
- @Service ( "customUserDetailsService" )
- public class CustomUserDetailsServiceImpl implements CustomUserDetailsService {
- @Resource
- private UserDao userDao;
- @Override
- public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException {
- User user = userDao.findUserByName(userName);
- if (user == null ) {
- throw new UsernameNotFoundException( "用户名" + userName + "不存在" );
- }
- // 因为User已经实现了UserDetails接口,所以直接返回user即可
- return user;
- }
- }
Java代码
- package com.spring.security.service.impl;
- import java.util.Collection;
- import java.util.Iterator;
- import org.springframework.security.access.AccessDeniedException;
- import org.springframework.security.access.ConfigAttribute;
- import org.springframework.security.access.SecurityConfig;
- import org.springframework.security.authentication.InsufficientAuthenticationException;
- import org.springframework.security.core.Authentication;
- import org.springframework.security.core.GrantedAuthority;
- import org.springframework.stereotype.Service;
- import com.spring.security.service.CustomAccessDecisionManager;
- /**
- * AccessdecisionManager在Spring security中是很重要的。
- *
- * 在验证部分简略提过了,所有的Authentication实现需要保存在一个GrantedAuthority对象数组中。 这就是赋予给主体的权限。
- * GrantedAuthority对象通过AuthenticationManager 保存到
- * Authentication对象里,然后从AccessDecisionManager读出来,进行授权判断。
- *
- * Spring Security提供了一些拦截器,来控制对安全对象的访问权限,例如方法调用或web请求。
- * 一个是否允许执行调用的预调用决定,是由AccessDecisionManager实现的。 这个 AccessDecisionManager
- * 被AbstractSecurityInterceptor调用, 它用来作最终访问控制的决定。
- * 这个AccessDecisionManager接口包含三个方法:
- *
- * void decide(Authentication authentication, Object secureObject,
- * List<ConfigAttributeDefinition> config) throws AccessDeniedException; boolean
- * supports(ConfigAttribute attribute); boolean supports(Class clazz);
- *
- * 从第一个方法可以看出来,AccessDecisionManager使用方法参数传递所有信息,这好像在认证评估时进行决定。
- * 特别是,在真实的安全方法期望调用的时候,传递安全Object启用那些参数。 比如,让我们假设安全对象是一个MethodInvocation。
- * 很容易为任何Customer参数查询MethodInvocation,
- * 然后在AccessDecisionManager里实现一些有序的安全逻辑,来确认主体是否允许在那个客户上操作。
- * 如果访问被拒绝,实现将抛出一个AccessDeniedException异常。
- *
- * 这个 supports(ConfigAttribute) 方法在启动的时候被
- * AbstractSecurityInterceptor调用,来决定AccessDecisionManager
- * 是否可以执行传递ConfigAttribute。 supports(Class)方法被安全拦截器实现调用,
- * 包含安全拦截器将显示的AccessDecisionManager支持安全对象的类型。
- */
- @Service ( "customAccessDecisionManager" )
- public class CustomAccessDecisionManagerImpl implements CustomAccessDecisionManager {
- /* (non-Javadoc)
- * @see org.springframework.security.access.AccessDecisionManager#decide(org.springframework.security.core.Authentication, java.lang.Object, java.util.Collection)
- */
- public void decide(Authentication authentication, Object object,Collection<ConfigAttribute> configAttributes)
- throws AccessDeniedException, InsufficientAuthenticationException {
- if (configAttributes == null ) {
- return ;
- }
- Iterator<ConfigAttribute> ite = configAttributes.iterator();
- while (ite.hasNext()) {
- ConfigAttribute ca = ite.next();
- String needRole = ((SecurityConfig) ca).getAttribute();
- // ga 为用户所被赋予的权限。 needRole 为访问相应的资源应该具有的权限。
- for (GrantedAuthority ga : authentication.getAuthorities()) {
- if (needRole.trim().equals(ga.getAuthority().trim())) {
- return ;
- }
- }
- }
- throw new AccessDeniedException( "Acess Denied" );
- }
- /* (non-Javadoc)
- * @see org.springframework.security.access.AccessDecisionManager#supports(org.springframework.security.access.ConfigAttribute)
- */
- public boolean supports(ConfigAttribute attribute) {
- return true ;
- }
- /* (non-Javadoc)
- * @see org.springframework.security.access.AccessDecisionManager#supports(java.lang.Class)
- */
- public boolean supports(Class<?> clazz) {
- return true ;
- }
- }
Java代码
- package com.spring.security.service.impl;
- import java.io.IOException;
- import javax.servlet.FilterChain;
- import javax.servlet.FilterConfig;
- import javax.servlet.ServletException;
- import javax.servlet.ServletRequest;
- import javax.servlet.ServletResponse;
- import org.springframework.security.access.SecurityMetadataSource;
- import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
- import org.springframework.security.access.intercept.InterceptorStatusToken;
- import org.springframework.security.web.FilterInvocation;
- import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
- import org.springframework.stereotype.Service;
- import com.spring.security.service.CustomFilterSecurityInterceptor;
- /** */
- /**
- * 该过滤器的主要作用就是通过spring著名的IoC生成securityMetadataSource。
- * securityMetadataSource相当于本包中自定义的MyInvocationSecurityMetadataSourceService。
- * 该MyInvocationSecurityMetadataSourceService的作用提从数据库提取权限和资源,装配到HashMap中,
- * 供Spring Security使用,用于权限校验。
- *
- */
- @Service ( "customFilterSecurityInterceptor" )
- public class CustomFilterSecurityInterceptorImpl extends AbstractSecurityInterceptor implements CustomFilterSecurityInterceptor {
- private FilterInvocationSecurityMetadataSource securityMetadataSource;
- public void setSecurityMetadataSource(
- FilterInvocationSecurityMetadataSource securityMetadataSource) {
- this .securityMetadataSource = securityMetadataSource;
- }
- public void doFilter(ServletRequest request, ServletResponse response,FilterChain chain) throws IOException, ServletException {
- FilterInvocation fi = new FilterInvocation(request, response, chain);
- invoke(fi);
- }
- public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() {
- return this .securityMetadataSource;
- }
- public Class<? extends Object> getSecureObjectClass() {
- return FilterInvocation. class ;
- }
- public void invoke(FilterInvocation fi) throws IOException,ServletException {
- InterceptorStatusToken token = super .beforeInvocation(fi);
- try {
- fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
- } finally {
- super .afterInvocation(token, null );
- }
- }
- @Override
- public SecurityMetadataSource obtainSecurityMetadataSource() {
- return this .securityMetadataSource;
- }
- public void destroy() {
- }
- public void init(FilterConfig filterconfig) throws ServletException {
- }
- }
Java代码
- package com.spring.security.service.impl;
- import java.util.ArrayList;
- import java.util.Collection;
- import java.util.HashMap;
- import java.util.HashSet;
- import java.util.Iterator;
- import java.util.List;
- import java.util.Map;
- import java.util.Set;
- import javax.annotation.PostConstruct;
- import javax.servlet.http.HttpServletRequest;
- import org.springframework.security.access.ConfigAttribute;
- import org.springframework.security.access.SecurityConfig;
- import org.springframework.security.web.FilterInvocation;
- import org.springframework.security.web.util.AntPathRequestMatcher;
- import org.springframework.stereotype.Service;
- import com.spring.security.dao.ResourceDao;
- import com.spring.security.domain.Resource;
- import com.spring.security.domain.Role;
- import com.spring.security.service.CustomInvocationSecurityMetadataSource;
- @Service ( "customInvocationSecurityMetadataSource" )
- public class CustomInvocationSecurityMetadataSourceImpl implements CustomInvocationSecurityMetadataSource {
- @javax .annotation.Resource
- private ResourceDao resourceDao;
- private AntPathRequestMatcher pathMatcher;
- private HashMap<String, Collection<ConfigAttribute>> resourceMap = null ;
- /**
- * 自定义方法,这个类放入到Spring容器后,
- * 指定init为初始化方法,从数据库中读取资源
- *
- */
- @PostConstruct
- public void init(){
- this .resourceMap = new HashMap<String, Collection<ConfigAttribute>>();
- for (Resource item : resourceDao.getAllResource()) {
- resourceMap.put(item.getResource_string(), listToCollection(item.getRoles()));
- }
- }
- @Override
- public Collection<ConfigAttribute> getAllConfigAttributes() {
- Set<ConfigAttribute> allAttributes = new HashSet<ConfigAttribute>();
- for (Map.Entry<String, Collection<ConfigAttribute>> entry : resourceMap.entrySet()) {
- allAttributes.addAll(entry.getValue());
- }
- return allAttributes;
- }
- @Override
- public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
- HttpServletRequest request = ((FilterInvocation) object).getRequest();
- System.out.println("requestUrl is " + request.getRequestURI());
- if (resourceMap == null ) {
- this .loadAllResourcesAndAuthorities();
- }
- Iterator<String> it = resourceMap.keySet().iterator();
- while (it.hasNext()) {
- String resURL = it.next();
- pathMatcher = new AntPathRequestMatcher(resURL);
- if (pathMatcher.matches(request)) {
- Collection<ConfigAttribute> returnCollection = resourceMap.get(resURL);
- return returnCollection;
- }
- }
- return null ;
- }
- @Override
- public boolean supports(Class<?> arg0) {
- // TODO Auto-generated method stub
- return true ;
- }
- /**
- * 自定义方法,将List<Role>集合转换为框架需要的Collection<ConfigAttribute>集合
- *
- * @param roles
- * @return
- */
- private Collection<ConfigAttribute> listToCollection(List<Role> roles) {
- List<ConfigAttribute> list = new ArrayList<ConfigAttribute>();
- for (Role role : roles) {
- list.add(new SecurityConfig(role.getRole_name()));
- }
- return list;
- }
- /**
- * 加载所有资源与权限的关系
- */
- private void loadAllResourcesAndAuthorities() {
- if (resourceMap == null ) {
- resourceMap = new HashMap<String, Collection<ConfigAttribute>>();
- }
- List<Resource> resources = this .resourceDao.getAllResource();
- for (Resource resource : resources) {
- resourceMap.put(resource.getResource_string(),listToCollection(resource.getRoles()));
- }
- }
- }
3、定义用户,角色,资源的类
Java代码
- package com.spring.security.domain;
- import java.io.Serializable;
- import java.util.ArrayList;
- import java.util.List;
- /**
- * Resources
- */
- public class Resource implements Serializable {
- private static final long serialVersionUID = 1L;
- private Integer id;
- private String resource_name;
- private String resource_type;
- private String resource_string;
- private String resource_enabled;
- private String resource_desc;
- private List<Role> roles = new ArrayList<Role>();
- public Integer getId() {
- return id;
- }
- public void setId(Integer id) {
- this .id = id;
- }
- public String getResource_name() {
- return resource_name;
- }
- public void setResource_name(String resource_name) {
- this .resource_name = resource_name;
- }
- public String getResource_type() {
- return resource_type;
- }
- public void setResource_type(String resource_type) {
- this .resource_type = resource_type;
- }
- public String getResource_string() {
- return resource_string;
- }
- public void setResource_string(String resource_string) {
- this .resource_string = resource_string;
- }
- public String getResource_enabled() {
- return resource_enabled;
- }
- public void setResource_enabled(String resource_enabled) {
- this .resource_enabled = resource_enabled;
- }
- public String getResource_desc() {
- return resource_desc;
- }
- public void setResource_desc(String resource_desc) {
- this .resource_desc = resource_desc;
- }
- public List<Role> getRoles() {
- return roles;
- }
- public void setRoles(List<Role> roles) {
- this .roles = roles;
- }
- }
Java代码
- package com.spring.security.domain;
- import java.io.Serializable;
- /**
- * Roles.
- */
- public class Role implements Serializable {
- private static final long serialVersionUID = 1L;
- private Integer id;
- private String role_name;
- private Integer role_enabled;
- private String role_desc;
- public Role() {
- }
- public Integer getId() {
- return id;
- }
- public void setId(Integer id) {
- this .id = id;
- }
- public String getRole_name() {
- return role_name;
- }
- public void setRole_name(String role_name) {
- this .role_name = role_name;
- }
- public Integer getRole_enabled() {
- return role_enabled;
- }
- public void setRole_enabled(Integer role_enabled) {
- this .role_enabled = role_enabled;
- }
- public String getRole_desc() {
- return role_desc;
- }
- public void setRole_desc(String role_desc) {
- this .role_desc = role_desc;
- }
- }
Java代码
- package com.spring.security.domain;
- import java.io.Serializable;
- import java.util.ArrayList;
- import java.util.Collection;
- import java.util.List;
- import org.springframework.security.core.GrantedAuthority;
- import org.springframework.security.core.authority.SimpleGrantedAuthority;
- import org.springframework.security.core.userdetails.UserDetails;
- public class User implements UserDetails, Serializable {
- private static final long serialVersionUID = 1L;
- private Integer id;
- private String user_account;
- private Integer user_enabled;
- private String user_password;
- private String user_desc;
- private List<Role> roles = new ArrayList<Role>();
- public User() {
- }
- public Integer getId() {
- return id;
- }
- public void setId(Integer id) {
- this .id = id;
- }
- public String getUser_account() {
- return user_account;
- }
- public void setUser_account(String user_account) {
- this .user_account = user_account;
- }
- public Integer getUser_enabled() {
- return user_enabled;
- }
- public void setUser_enabled(Integer user_enabled) {
- this .user_enabled = user_enabled;
- }
- public String getUser_password() {
- return user_password;
- }
- public void setUser_password(String user_password) {
- this .user_password = user_password;
- }
- public String getUser_desc() {
- return user_desc;
- }
- public void setUser_desc(String user_desc) {
- this .user_desc = user_desc;
- }
- public List<Role> getRoles() {
- return roles;
- }
- public void setRoles(List<Role> roles) {
- this .roles = roles;
- }
- /*
- * 获取用户权限集合,权限使用GrantedAuthority接口表示,框架中有它的实现类
- * GrantedAuthorityImpl,只需要把角色的名称放入即可 (non-Javadoc)
- *
- * @see
- * org.springframework.security.core.userdetails.UserDetails#getAuthorities
- * ()
- */
- @Override
- public Collection<? extends GrantedAuthority> getAuthorities() {
- List<GrantedAuthority> list = new ArrayList<GrantedAuthority>();
- for (Role role : roles) {
- list.add(new SimpleGrantedAuthority(role.getRole_name()));
- }
- return list;
- }
- /*
- * 获取用户名 (non-Javadoc)
- *
- * @see
- * org.springframework.security.core.userdetails.UserDetails#getUsername()
- */
- @Override
- public String getUsername() {
- // TODO Auto-generated method stub
- return this .user_account;
- }
- /*
- * 用户密码 (non-Javadoc)
- *
- * @see
- * org.springframework.security.core.userdetails.UserDetails#getPassword()
- */
- @Override
- public String getPassword() {
- // TODO Auto-generated method stub
- return this .user_password;
- }
- /*
- * 直接返回true,表示没有过期 (non-Javadoc)
- *
- * @see
- * org.springframework.security.core.userdetails.UserDetails#isAccountNonExpired
- * ()
- */
- @Override
- public boolean isAccountNonExpired() {
- // TODO Auto-generated method stub
- return true ;
- }
- /*
- * 直接返回true,表示没有锁定 (non-Javadoc)
- *
- * @see
- * org.springframework.security.core.userdetails.UserDetails#isAccountNonLocked
- * ()
- */
- @Override
- public boolean isAccountNonLocked() {
- // TODO Auto-generated method stub
- return true ;
- }
- @Override
- public boolean isCredentialsNonExpired() {
- // TODO Auto-generated method stub
- return true ;
- }
- /*
- * 是否禁用 (non-Javadoc)
- *
- * @see
- * org.springframework.security.core.userdetails.UserDetails#isEnabled()
- */
- @Override
- public boolean isEnabled() {
- // TODO Auto-generated method stub
- return true ;
- }
- }
4 用户,资源,角色DAo类的实现
Java代码
- package com.spring.security.dao.impl;
- import java.sql.ResultSet;
- import java.sql.SQLException;
- import java.util.List;
- import org.springframework.jdbc.core.BeanPropertyRowMapper;
- import org.springframework.jdbc.core.RowMapper;
- import org.springframework.stereotype.Repository;
- import com.spring.security.dao.UserDao;
- import com.spring.security.dao.support.SimpleDaoSupport;
- import com.spring.security.domain.Role;
- import com.spring.security.domain.User;
- @Repository ( "userDao" )
- public class UserDaoImpl extends SimpleDaoSupport implements UserDao {
- @Override
- public User findUserByName(String userName) {
- String sql = "SELECT id,user_account,user_enabled,user_password,user_desc FROM pub_users where user_account=?" ;
- return this .getSimpleJdbcTemplate().queryForObject(sql,
- new UserMapper(), userName);
- }
- /**
- * 获取User对象的role列表
- *
- * @param userID
- * @return RoleList
- */
- public List<Role> getRolesByUserID(String userName) {
- String sql = "SELECT r.id,r.role_name,r.role_enabled,r.role_desc FROM pub_users u,pub_roles r,pub_users_roles ur "
- + "WHERE u.id=ur.user_id AND r.id=ur.role_id AND u.user_account=?" ;
- return this .getSimpleJdbcTemplate().query(sql,
- BeanPropertyRowMapper.newInstance(Role.class ), userName);
- }
- /**
- * 定义UserMapper
- */
- protected class UserMapper implements RowMapper<User> {
- public User mapRow(ResultSet rs, int rowNum) throws SQLException {
- User user = new User();
- user.setId(rs.getInt("id" ));
- user.setUser_account(rs.getString("user_account" ));
- user.setUser_password(rs.getString("user_password" ));
- user.setUser_enabled(rs.getInt("user_enabled" ));
- user.setUser_desc(rs.getString("user_desc" ));
- // 调用上面的方法获取用户所有的权限
- user.setRoles(getRolesByUserID(rs.getString("user_account" )));
- return user;
- }
- }
- }
Java代码
- package com.spring.security.dao.impl;
- import java.sql.ResultSet;
- import java.sql.SQLException;
- import java.util.List;
- import org.springframework.jdbc.core.RowMapper;
- import org.springframework.stereotype.Repository;
- import com.spring.security.dao.ResourceDao;
- import com.spring.security.dao.support.SimpleDaoSupport;
- import com.spring.security.domain.Resource;
- import com.spring.security.domain.Role;
- @Repository ( "resourceDao" )
- public class ResourceDaoImpl extends SimpleDaoSupport implements ResourceDao {
- @Override
- public List<Resource> getAllResource() {
- List<Resource> list = null ;
- String sql = "SELECT * from pub_resources" ;
- list = this .getSimpleJdbcTemplate().query(sql, new RowMapper<Resource>() {
- public Resource mapRow(ResultSet rs, int arg1) throws SQLException {
- Resource resource = new Resource();
- resource.setId(rs.getInt("id" ));
- resource.setResource_name(rs.getString("resource_name" ));
- resource.setResource_type(rs.getString("resource_type" ));
- resource.setResource_string(rs.getString("resource_string" ));
- resource.setResource_enabled(rs.getString("resource_enabled" ));
- resource.setResource_desc(rs.getString("resource_desc" ));
- resource.setRoles(getRoleByResourceId(resource.getId()));
- return resource;
- }
- });
- return list;
- }
- private List<Role> getRoleByResourceId( int id) {
- String sql = "SELECT r.id,r.role_name,r.role_enabled,r.role_desc FROM pub_roles r,pub_roles_resources rr WHERE rr.role_id=r.id AND rr.resource_id=?" ;
- return this .getSimpleJdbcTemplate().query(sql, new RowMapper<Role>() {
- public Role mapRow(ResultSet rs, int arg1) throws SQLException {
- Role role = new Role();
- role.setId(rs.getInt("id" ));
- role.setRole_name(rs.getString("role_name" ));
- role.setRole_enabled(rs.getInt("role_enabled" ));
- role.setRole_desc(rs.getString("role_desc" ));
- return role;
- }
- }, new Object[] { id });
- }
- }
5 spring security的配置如下:
Xml代码
- <? xml version = "1.0" encoding = "UTF-8" ?>
- < beans:beans xmlns = "http://www.springframework.org/schema/security"
- xmlns:beans = "http://www.springframework.org/schema/beans" xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation ="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.1.xsd">
- < global-method-security pre-post-annotations = "enabled" />
- <!--对登录页面不进行拦截,在页面后面加*表示,该页面后面可能会带一些参数 -->
- < http pattern = "/login.jsp*" security = "none" />
- < http pattern = "/common/**" security = "none" />
- < http pattern = "/js/**" security = "none" />
- <!-- 保护应用程序配置一些列的权限问题,当没有权限403返回页面为403.jsp -->
- < http auto-config = "true" access-denied-page = "/common/403.jsp" use-expressions = "true" >
- <!-- login-page: 指定登录页面,并指定默认的target访问地址index.jsp -->
- < form-login login-page = "/login.jsp" default-target-url = '/index.jsp' always-use-default-target = 'true' />
- <!-- 配置用户退出的默认返回页面 -->
- < logout logout-success-url = "/login.jsp" />
- <!-- 会话管理配置 ,设置最多登录一次,二次登录会让第一次登录失效,
- 则设置error-if-maximum-exceeded为false,要求第一次有效设置为true -->
- < session-management invalid-session-url = "/common/timeout.jsp" >
- < concurrency-control max-sessions = "1" error-if-maximum-exceeded = "false" />
- </ session-management >
- <!-- 将自己的过滤器加入到过滤器链中, 放在FILTER_SECURITY_INTERCEPTOR之前 -->
- < custom-filter ref = "customFilterSecurityInterceptor" before = "FILTER_SECURITY_INTERCEPTOR" />
- </ http >
- <!-- 配置自己的拦截器 -->
- < beans:bean id = "customFilterSecurityInterceptor"
- class = "com.spring.security.service.impl.CustomFilterSecurityInterceptorImpl" >
- < beans:property name = "authenticationManager" ref = "autheticationManager" />
- < beans:property name = "accessDecisionManager" ref = "customAccessDecisionManager" />
- <!-- resourceService在applicationContext.xml中定义 -->
- < beans:property name = "securityMetadataSource" ref = "customInvocationSecurityMetadataSource" />
- </ beans:bean >
- <!--配置认证管理器 -->
- < authentication-manager alias = "autheticationManager" >
- <!-- 使用自定义UserDetailsService -->
- < authentication-provider user-service-ref = "customUserDetailsService" >
- < password-encoder hash = "md5" />
- </ authentication-provider >
- </ authentication-manager >
- < beans:bean id = "webPrivilegeEvaluator" class = "org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator" >
- < beans:constructor-arg ref = "customFilterSecurityInterceptor" />
- </ beans:bean >
- <!-- Jcaptcha相关的配置 -->
- < beans:bean id = "captchaService" class = "com.octo.captcha.service.image.DefaultManageableImageCaptchaService" >
- < beans:property name = "captchaEngine" >
- < beans:bean class = "com.spring.security.jcaptcha.GMailEngine" />
- </ beans:property >
- <!-- 默认生成的图片180秒过期 , 可另行设置 -->
- < beans:property name = "minGuarantedStorageDelayInSeconds" value = "180" />
- </ beans:bean >
- </ beans:beans >
Xml代码
- <? xml version = "1.0" encoding = "UTF-8" ?>
- < web-app xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"
- xmlns = "http://java.sun.com/xml/ns/javaee" xmlns:web = "http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
- xsi:schemaLocation = "http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
- id = "WebApp_ID" version = "2.5" >
- < display-name > springSecurityIII </ display-name >
- < context-param >
- < param-name > log4jConfigLocation </ param-name >
- < param-value > classpath:log4j.xml </ param-value >
- </ context-param >
- < context-param >
- < param-name > log4jRefreshInterval </ param-name >
- < param-value > 60000 </ param-value >
- </ context-param >
- < context-param >
- < param-name > contextConfigLocation </ param-name >
- < param-value > classpath:applicationContext.xml </ param-value >
- </ context-param >
- < listener >
- < listener-class > org.springframework.web.util.Log4jConfigListener </ listener-class >
- </ listener >
- < listener >
- < listener-class > org.springframework.web.context.ContextLoaderListener </ listener-class >
- </ listener >
- < listener >
- < listener-class > org.springframework.web.util.IntrospectorCleanupListener </ listener-class >
- </ listener >
- < filter >
- < filter-name > CharacterEncodingFilter </ filter-name >
- < filter-class > org.springframework.web.filter.CharacterEncodingFilter </ filter-class >
- < init-param >
- < param-name > encoding </ param-name >
- < param-value > UTF-8 </ param-value >
- </ init-param >
- < init-param >
- < param-name > forceEncoding </ param-name >
- < param-value > true </ param-value >
- </ init-param >
- </ filter >
- < filter-mapping >
- < filter-name > CharacterEncodingFilter </ filter-name >
- < url-pattern > /* </ url-pattern >
- </ filter-mapping >
- < session-config >
- < session-timeout > 30 </ session-timeout >
- </ session-config >
- <!-- JCaptcha`s filter -->
- < filter >
- < filter-name > jcaptchaFilter </ filter-name >
- < filter-class > com.spring.security.jcaptcha.JCaptchaFilter </ filter-class >
- < init-param >
- < param-name > failureUrl </ param-name >
- < param-value > /login.jsp </ param-value >
- </ init-param >
- </ filter >
- <!-- jcaptcha图片生成URL. -->
- < filter-mapping >
- < filter-name > jcaptchaFilter </ filter-name >
- < url-pattern > /jcaptcha.jpg </ url-pattern >
- </ filter-mapping >
- <!-- jcaptcha登录表单处理URL. 必须放在springSecurityFilter的filter-mapping定义之前 -->
- < filter-mapping >
- < filter-name > jcaptchaFilter </ filter-name >
- < url-pattern > /j_spring_security_check </ url-pattern >
- </ filter-mapping >
- < filter >
- < filter-name > springSecurityFilterChain </ filter-name >
- < filter-class > org.springframework.web.filter.DelegatingFilterProxy </ filter-class >
- </ filter >
- < filter-mapping >
- < filter-name > springSecurityFilterChain </ filter-name >
- < url-pattern > /* </ url-pattern >
- </ filter-mapping >
- < listener >
- < listener-class > org.springframework.security.web.session.HttpSessionEventPublisher </ listener-class >
- </ listener >
- < welcome-file-list >
- < welcome-file > index.jsp </ welcome-file >
- </ welcome-file-list >
- </ web-app >
6、其他页面保持不变,进行访问页面如下:
admin用户点击admin页面
切换user用户登入页面进入
点击admin页面,用户访问被拒绝
总结: 这种方法虽然将用户、角色、资源存放到数据库中,但spring security 中<sec:authorize url> tag 的隐藏功能消失,这需要自己去定义类似标签去自行控制。
要想在真正在企业中做到很好的控制,其设计会更复杂,下面是基于RBAC设计的数据库
分享到:
发表评论
-
spring security进级篇 V 自定义标签控制显示
2012-11-29 08:23 1770上篇提到了,将用户,角色,组,权限存放到数据库中,会遇到UI上 ... -
spring security进级篇VI JCaptcha验证编码的使用
2012-11-28 13:10 2661在spring security中,可以结合jcaptcha进 ... -
spring security3进级篇II
2012-11-28 13:06 1788本篇文章用户和权限用数据库存储,而资源(url)和权限的对应采 ... -
spring-security3 进级篇I
2012-11-28 13:05 1964在上一篇入门中,简单介绍了spring security3的用 ... -
spring-security3 入门篇
2012-11-28 13:04 11761.下载spring security的最 ...
相关推荐
NULL 博文链接:https://gaojiewyh.iteye.com/blog/1501470
Spring Security是一个功能强大且高度可定制的身份验证和...这篇文章就是想通过一个小案例将Spring Security整合到SpringBoot中去。要实现的功能就是在认证服务器上登录,然后获取Token,再访问资源服务器中的资源。
第4章 SpringSecurity安全详细讲解及应用 第5章 RabbitMQ高级消息的讲解及应用 第6章 ElasticSearch详细讲解及应用 第7章 Eureka分布式服务器的搭建 。。。。。。。。。 第15章 SpringCloud项目实战 。。。。。。。...
着重介绍SpringBoot的与各大场景的整合使用,内容包括:缓存(整合Redis),消息中间件(整合RabbitMQ),检索(整合ElasticSearch),任务(异步任务,定时任务,邮件任务),安全(整合SpringSecurity),分布式...
SpringBoot + SpringCloud + SpringSecurity学习过程中的二进制汇总,沉淀记录下学习历程 1.知识点图谱 所有博文集中发布在个人博客网站: 大致规划的内容包括以下章节,希望能用半年到一年(严重超期)的时间完成....
着重介绍SpringBoot的与各大场景的整合使用,内容包括:缓存(整合Redis),消息中间件(整合RabbitMQ),检索(整合ElasticSearch),任务(异步任务,定时任务,邮件任务),安全(整合SpringSecurity),...
3.高级篇-单点登录,Groovy视频,性能优化,Maven,Mongodb,Redis,Spring Security,Spring 源码,JVM,微信,银行接口等 4.架构篇-Linux视频,Nginx视频,京东海量订单处理视频,大型电商分布式实践,架构实战等 ...
Spring Cloud包含了多个子项目(针对分布式系统中涉及的多个不同开源产品),比如:Spring Cloud Config、Spring Cloud Netflix、Spring Cloud0 CloudFoundry、Spring Cloud AWS、Spring Cloud Security、Spring ...
着重介绍SpringBoot的与各大场景的整合使用,内容包括:缓存(整合Redis),消息中间件(整合RabbitMQ),检索(整合ElasticSearch),任务(异步任务,定时任务,邮件任务),安全(整合SpringSecurity),分布式...
上载lombok大量简化了代码上一篇MyBatis Plus大量简化了SQL约会hutool工具包规范工具类♡minio分布式文件系统前一级完全脱离,前端代码可单独部署自定义Spring Security支持获取令牌账号密码:admin / admin版本
着重介绍SpringBoot的与各大场景的整合使用,内容包括:缓存(整合Redis),消息中间件(整合RabbitMQ),检索(整合ElasticSearch),任务(异步任务,定时任务,邮件任务),安全(整合SpringSecurity),...
做开发时,查了大量资料,发现一比较全面的资料,分享一下! WebService CXF学习——入门篇 1.CXF由来 2.HelloWorld 3.WSDL描述 WebService CXF学习——进阶篇 ... 3.WS-Security WebService CXF学习——JAXB剖析
│ Struts+Hibernate+Spring轻量级J2EE企业应用实战.pdf │ Struts中文手册.pdf │ Struts配置文件详解.txt │ 上海税友.txt │ 上海税友软件 面试题.doc │ 公司培训文档-混淆的基本概念.doc │ 基本算法.doc │ ...
如何在.NET中实现脚本引擎 (CodeDom篇) .NET的插件机制的简单实现 我对J2EE和.NET的一点理解 难分难舍的DSO(一) InternalsVisibleToAttribute,友元程序集访问属性 Essential .NET 读书笔记 [第一部分] ...
│ Struts+Hibernate+Spring轻量级J2EE企业应用实战.pdf │ Struts中文手册.pdf │ Struts配置文件详解.txt │ 上海税友.txt │ 上海税友软件 面试题.doc │ 公司培训文档-混淆的基本概念.doc │ 基本算法.doc │ ...
│ Struts+Hibernate+Spring轻量级J2EE企业应用实战.pdf │ Struts中文手册.pdf │ Struts配置文件详解.txt │ 上海税友.txt │ 上海税友软件 面试题.doc │ 公司培训文档-混淆的基本概念.doc │ 基本算法.doc │ ...
│ Struts+Hibernate+Spring轻量级J2EE企业应用实战.pdf │ Struts中文手册.pdf │ Struts配置文件详解.txt │ 上海税友.txt │ 上海税友软件 面试题.doc │ 公司培训文档-混淆的基本概念.doc │ 基本算法.doc │ ...
│ Struts+Hibernate+Spring轻量级J2EE企业应用实战.pdf │ Struts中文手册.pdf │ Struts配置文件详解.txt │ 上海税友.txt │ 上海税友软件 面试题.doc │ 公司培训文档-混淆的基本概念.doc │ 基本算法.doc │ ...