权限开发 spring security 3.0.7 序列2

最新推荐文章于 2023-05-23 10:14:41 发布
置顶 最新推荐文章于 2023-05-23 10:14:41 发布
阅读量3.1k 收藏
点赞数
分类专栏: spring security framework 框架
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/flash8627/article/details/9237741
版权

所需jar包



主要Java代码:

Java Bean:

SysAuthorities.java

package com.gwtjs.spring.security.entity;

import java.util.HashSet;
import java.util.Set;

/**
 */
public class SysAuthorities implements java.io.Serializable {

	private static final long serialVersionUID = -4801194007116415993L;
	private String authorityId;
	private String authorityName;
	private String authorityDesc;
	private Boolean enabled;
	private Boolean issys;
	private String module;
	private Set<SysRolesAuthorities> sysRolesAuthoritieses = new HashSet<SysRolesAuthorities>(0);
	private Set<SysAuthoritiesResources> sysAuthoritiesResources = new HashSet<SysAuthoritiesResources>(0);

	public SysAuthorities() {
	}

	public SysAuthorities(String authorityId) {
		this.authorityId = authorityId;
	}

	public SysAuthorities(String authorityId, String authorityName,
			String authorityDesc, Boolean enabled, Boolean issys, String module,
			Set<SysRolesAuthorities> sysRolesAuthoritieses, Set<SysAuthoritiesResources> sysAuthoritiesResources) {
		this.authorityId = authorityId;
		this.authorityName = authorityName;
		this.authorityDesc = authorityDesc;
		this.enabled = enabled;
		this.issys = issys;
		this.module = module;
		this.sysRolesAuthoritieses = sysRolesAuthoritieses;
		this.sysAuthoritiesResources = sysAuthoritiesResources;
	}

	public String getAuthorityId() {
		return this.authorityId;
	}

	public void setAuthorityId(String authorityId) {
		this.authorityId = authorityId;
	}

	public String getAuthorityName() {
		return this.authorityName;
	}

	public void setAuthorityName(String authorityName) {
		this.authorityName = authorityName;
	}

	public String getAuthorityDesc() {
		return this.authorityDesc;
	}

	public void setAuthorityDesc(String authorityDesc) {
		this.authorityDesc = authorityDesc;
	}

	public Boolean getEnabled() {
		return this.enabled;
	}

	public void setEnabled(Boolean enabled) {
		this.enabled = enabled;
	}

	public Boolean getIssys() {
		return this.issys;
	}

	public void setIssys(Boolean issys) {
		this.issys = issys;
	}
	
	public String getModule() {
		return this.module;
	}

	public void setModule(String module) {
		this.module = module;
	}

	public Set<SysRolesAuthorities> getSysRolesAuthoritieses() {
		return this.sysRolesAuthoritieses;
	}

	public void setSysRolesAuthoritieses(Set<SysRolesAuthorities> sysRolesAuthoritieses) {
		this.sysRolesAuthoritieses = sysRolesAuthoritieses;
	}

	public Set<SysAuthoritiesResources> getSysAuthoritiesResources() {
		return this.sysAuthoritiesResources;
	}

	public void setSysAuthoritiesResources(Set<SysAuthoritiesResources> sysAuthoritiesResources) {
		this.sysAuthoritiesResources = sysAuthoritiesResources;
	}

}


package  com.gwtjs.spring.security.entity;

public class SysAuthoritiesResources implements java.io.Serializable {

	private static final long serialVersionUID = 1898413584065943389L;
	private long id;
	private SysAuthorities sysAuthorities;
	private SysResources sysResources;
	private Boolean enabled;

	public SysAuthoritiesResources() {
	}

	public SysAuthoritiesResources(long id) {
		this.id = id;
	}

	public SysAuthoritiesResources(long id, SysAuthorities sysAuthorities,
			SysResources sysResources, Boolean enabled) {
		this.id = id;
		this.sysAuthorities = sysAuthorities;
		this.sysResources = sysResources;
		this.enabled = enabled;
	}

	public long getId() {
		return this.id;
	}

	public void setId(long id) {
		this.id = id;
	}

	public SysAuthorities getSysAuthorities() {
		return this.sysAuthorities;
	}

	public void setSysAuthorities(SysAuthorities sysAuthorities) {
		this.sysAuthorities = sysAuthorities;
	}

	public SysResources getSysResources() {
		return this.sysResources;
	}

	public void setSysResources(SysResources sysResources) {
		this.sysResources = sysResources;
	}

	public Boolean getEnabled() {
		return this.enabled;
	}

	public void setEnabled(Boolean enabled) {
		this.enabled = enabled;
	}

}


package com.gwtjs.spring.security.entity;

import java.util.HashSet;
import java.util.Set;

/**
 */
public class SysResources implements java.io.Serializable {

	/**
	 */
	private static final long serialVersionUID = 7846668305216709567L;
	private String resourceId;
	private String resourceName;
	private String resourceDesc;
	private String resourceType;
	private String resourceString;
	private Boolean priority;
	
	//是否可用,0为不可用,1为可用。
	private Integer enabled;
	
	//是否是超级。0为不超级,1为超级。
	private Integer issys;
	
	private String module;
	private Set<SysAuthoritiesResources> sysAuthoritiesResourceses = new HashSet<SysAuthoritiesResources>(0);

	public SysResources() {
	}

	public SysResources(String resourceId) {
		this.resourceId = resourceId;
	}

	public SysResources(String resourceId, String resourceName,
			String resourceDesc, String resourceType, String resourceString,
			Boolean priority, Integer enabled, Integer issys, String module,
			Set<SysAuthoritiesResources> sysAuthoritiesResourceses) {
		this.resourceId = resourceId;
		this.resourceName = resourceName;
		this.resourceDesc = resourceDesc;
		this.resourceType = resourceType;
		this.resourceString = resourceString;
		this.priority = priority;
		this.enabled = enabled;
		this.issys = issys;
		this.module = module;
		this.sysAuthoritiesResourceses = sysAuthoritiesResourceses;
	}

	public String getResourceId() {
		return this.resourceId;
	}

	public void setResourceId(String resourceId) {
		this.resourceId = resourceId;
	}

	public String getResourceName() {
		return this.resourceName;
	}

	public void setResourceName(String resourceName) {
		this.resourceName = resourceName;
	}

	public String getResourceDesc() {
		return this.resourceDesc;
	}

	public void setResourceDesc(String resourceDesc) {
		this.resourceDesc = resourceDesc;
	}

	public String getResourceType() {
		return this.resourceType;
	}

	public void setResourceType(String resourceType) {
		this.resourceType = resourceType;
	}

	public String getResourceString() {
		return this.resourceString;
	}

	public void setResourceString(String resourceString) {
		this.resourceString = resourceString;
	}

	public Boolean getPriority() {
		return this.priority;
	}

	public void setPriority(Boolean priority) {
		this.priority = priority;
	}

	public Integer getEnabled() {
		return this.enabled;
	}

	public void setEnabled(Integer enabled) {
		this.enabled = enabled;
	}

	public Integer getIssys() {
		return this.issys;
	}

	public void setIssys(Integer issys) {
		this.issys = issys;
	}
	
	public String getModule() {
		return this.module;
	}

	public void setModule(String module) {
		this.module = module;
	}

	public Set<SysAuthoritiesResources> getSysAuthoritiesResourceses() {
		return this.sysAuthoritiesResourceses;
	}

	public void setSysAuthoritiesResourceses(Set<SysAuthoritiesResources> sysAuthoritiesResourceses) {
		this.sysAuthoritiesResourceses = sysAuthoritiesResourceses;
	}

}


package com.gwtjs.spring.security.entity;


import java.util.HashSet;
import java.util.Set;

/**
 */
public class SysRoles implements java.io.Serializable {


	private static final long serialVersionUID = 8069033086159154327L;
	
	private String roleId;
	private String roleName;
	private String roleDesc;
	private Boolean enabled;
	private Boolean issys;
	
	//平台中的子系统
	private String module;
	
	//系统用户,这层可以省
	private Set<SysUsersRoles> sysUsersRoles = new HashSet<SysUsersRoles>(0);
	//系统权限
	private Set<SysRolesAuthorities> sysRolesAuthorities = new HashSet<SysRolesAuthorities>(0);

	public SysRoles() {
	}

	public SysRoles(String roleId) {
		this.roleId = roleId;
	}
	
	public SysRoles(String roleId, String roleName, String roleDesc) {
		this.roleId = roleId;
		this.roleName = roleName;
		this.roleDesc = roleDesc;
	}
	
	public SysRoles(String roleId, String roleName, String roleDesc,
			Boolean enabled, Boolean issys, String module) {
		this.roleId = roleId;
		this.roleName = roleName;
		this.roleDesc = roleDesc;
		this.enabled = enabled;
		this.issys = issys;
		this.module = module;
	}

	public SysRoles(String roleId, String roleName, String roleDesc,
			Boolean enabled, Boolean issys, String module, Set<SysUsersRoles> sysUsersRoles,
			Set<SysRolesAuthorities> sysRolesAuthorities) {
		this.roleId = roleId;
		this.roleName = roleName;
		this.roleDesc = roleDesc;
		this.enabled = enabled;
		this.issys = issys;
		this.module = module;
		this.sysUsersRoles = sysUsersRoles;
		this.sysRolesAuthorities = sysRolesAuthorities;
	}

	public String getRoleId() {
		return this.roleId;
	}

	public void setRoleId(String roleId) {
		this.roleId = roleId;
	}

	public String getRoleName() {
		return this.roleName;
	}

	public void setRoleName(String roleName) {
		this.roleName = roleName;
	}

	public String getRoleDesc() {
		return this.roleDesc;
	}

	public void setRoleDesc(String roleDesc) {
		this.roleDesc = roleDesc;
	}

	public Boolean getEnabled() {
		return this.enabled;
	}

	public void setEnabled(Boolean enabled) {
		this.enabled = enabled;
	}

	public Boolean getIssys() {
		return this.issys;
	}

	public void setIssys(Boolean issys) {
		this.issys = issys;
	}
	
	
	public String getModule() {
		return this.module;
	}

	public void setModule(String module) {
		this.module = module;
	}

	public Set<SysUsersRoles> getSysUsersRoles() {
		return this.sysUsersRoles;
	}

	public void setSysUsersRoles(Set<SysUsersRoles> sysUsersRoles) {
		this.sysUsersRoles = sysUsersRoles;
	}

	public Set<SysRolesAuthorities> getSysRolesAuthorities() {
		return this.sysRolesAuthorities;
	}
	public void setSysRolesAuthorities(Set<SysRolesAuthorities> sysRolesAuthorities) {
		this.sysRolesAuthorities = sysRolesAuthorities;
	}
	
	/*
	 * 若要把持久类的实例放入Set中(尤其表示多值关联时),或重用脱管实例,
	 * 就要重写该持久类的equals和hashCode。
	 * @see java.lang.Object#equals(java.lang.Object)
	 */
	public boolean equals( Object other ){
		
		if( this == other ) return true;
		
		if( !( other instanceof SysRoles ) ) return false;
		
		final SysRoles sysRoles = (SysRoles)other;
		
		if( !sysRoles.getRoleName().equals( getRoleName() ) ) return false;
		
		if( !sysRoles.getRoleDesc().equals( getRoleDesc())) return false;
		
		return true;
		
	}
	
	/*
	 * 重写hashCode()。
	 * @see java.lang.Object#hashCode()
	 */
	public int hashCode(){
		
		int result;
		
		result = getRoleName().hashCode();
		
		result = 29 * result + getRoleDesc().hashCode();
		
		return result;
	}
	
	public static void main(String[] args){
		
		SysRoles role1 = new SysRoles("1","lxb","ljh");
		SysRoles role2 = new SysRoles("1","lxb","ljh");
		
		/*
		 * 经过试验,当不重写equals和hashCode时显示为false;
		 * 重写时,显示为true。
		 * 这就是为什么重写equals和hashCode的原因,当你希望从hiberate中提取的对象实例中,
		 * 若是所有的字段的内容都相同时,就认为这两个对象实例是相同的,此时就需要重写equals和hashCode。
		 * 重写equals和hashCode意味着,混杂在不同上下文及Session中的两个实例对象有了确定的语义。
		 */
		System.out.println(role1.equals(role2));
		
		/*
		 * 经过试验,当不重写equals和hashCode时显示为false;
		 * 重写时,显示为true。
		 * 
		 */
		System.out.println(role1.hashCode() == role2.hashCode());
		
	}
	
}


package com.gwtjs.spring.security.entity;

public class SysRolesAuthorities implements java.io.Serializable {

	private static final long serialVersionUID = -1525218519228173258L;
	private long id;
	private SysAuthorities sysAuthorities;
	private SysRoles sysRoles;

//	private String roleId;

//	private String authorityId;
	
	private Boolean enabled;

	public SysRolesAuthorities() {
	}

	public SysRolesAuthorities(long id) {
		this.id = id;
	}

	public SysRolesAuthorities(long id, SysAuthorities sysAuthorities,
			SysRoles sysRoles, Boolean enabled) {
		this.id = id;
		this.sysAuthorities = sysAuthorities;
		this.sysRoles = sysRoles;
		this.enabled = enabled;
	}

	public long getId() {
		return this.id;
	}

	public void setId(long id) {
		this.id = id;
	}

	public SysAuthorities getSysAuthorities() {
		return this.sysAuthorities;
	}

	public void setSysAuthorities(SysAuthorities sysAuthorities) {
		this.sysAuthorities = sysAuthorities;
	}

	public SysRoles getSysRoles() {
		return this.sysRoles;
	}

	public void setSysRoles(SysRoles sysRoles) {
		this.sysRoles = sysRoles;
	}

	public Boolean getEnabled() {
		return this.enabled;
	}

	public void setEnabled(Boolean enabled) {
		this.enabled = enabled;
	}
	
//	public String getRoleId(){
//		return roleId;
//	}
//	
//	public void setRoleId( String roleId ){
//		this.roleId = roleId;
//	}
//	
//	public String getAuthorityId(){
//		return authorityId;
//	}
//	
//	public void setAuthorityId( String authorityId ){
//		this.authorityId = authorityId;
//	}

}


package com.gwtjs.spring.security.entity;

import java.io.Serializable;

public class SysUnit implements Serializable {

	private static final long serialVersionUID = -7923159128209952650L;

	private Long id;
	private String unitName;
	private String unitDesc;

	private Integer enabled;

	public Long getId() {
		return id;
	}

	public void setId(Long id) {
		this.id = id;
	}

	public String getUnitName() {
		return unitName;
	}

	public void setUnitName(String unitName) {
		this.unitName = unitName;
	}

	public String getUnitDesc() {
		return unitDesc;
	}

	public void setUnitDesc(String unitDesc) {
		this.unitDesc = unitDesc;
	}

	public Integer getEnabled() {
		return enabled;
	}

	public void setEnabled(Integer enabled) {
		this.enabled = enabled;
	}

}


package com.gwtjs.spring.security.entity;


import java.io.Serializable;
import java.util.Collection;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Set;
import java.util.SortedSet;
import java.util.TreeSet;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.util.Assert;

import com.gwtjs.spring.security.CustomUserDetails;

/**
 */
public class SysUsers implements CustomUserDetails,java.io.Serializable {

	/**
	 */
	private static final long serialVersionUID = 1259675211426094628L;

	//用户id
	private String userId;
	
	//用户账号 与 用户id相同,具有唯一性。
	private String userAccount;
	
	//中文用户名。
	private String userName;
	
	//密码原文 + 用户名作为盐值 的字串经过Md5加密后形成的密文。
	private String userPassword;
	
	//用户备注
	private String userDesc;
	
	//是否能用。
	private Boolean enabled;
	
	//是否是超级用户。
	private Boolean issys;
	
	//用户所在的单位。
	private String userDept;
	
	//用户的职位:比如主任、经理等。
	private String userDuty;
	
	//该用户所负责的子系统
	private String subSystem;
	
	//一个用户具有多个角色。
	private Set<SysUsersRoles> sysUsersRoleses = new HashSet<SysUsersRoles>(0);
	
	
	//实现了UserDetails之后的相关变量
    private  String password;
    private  String username;
    private  Set<GrantedAuthority> authorities;
    private  boolean accountNonExpired;
    private  boolean accountNonLocked;
    private  boolean credentialsNonExpired;

    
    public SysUsers(){
    	
    }
    
	public SysUsers(String userId, String userAccount, String userName,
			String userPassword, String userDesc, Boolean enabled,
			Boolean issys, String userDuty, String userDept, String subSystem, Set<SysUsersRoles> sysUsersRoleses,boolean accountNonExpired,
            boolean credentialsNonExpired, boolean accountNonLocked, Collection<GrantedAuthority> authorities) {

        if (((userAccount == null) || "".equals(userAccount)) || (userPassword == null)) {
            throw new IllegalArgumentException("Cannot pass null or empty values to constructor");
        }

        this.userId = userId;
        this.userAccount = userAccount;
        this.userName = userName;
        this.userPassword = userPassword;
        this.userDesc = userDesc;
        this.issys = issys;
        this.userDuty = userDuty;
        this.userDept = userDept;
        this.subSystem = subSystem;
        this.sysUsersRoleses = sysUsersRoleses;
        this.username = userAccount;
        this.password = userPassword;
        this.enabled = enabled;
        this.accountNonExpired = accountNonExpired;
        this.credentialsNonExpired = credentialsNonExpired;
        this.accountNonLocked = accountNonLocked;
        this.authorities = Collections.unmodifiableSet(sortAuthorities(authorities));
    }

	public String getUserId() {
		return this.userId;
	}

	public void setUserId(String userId) {
		this.userId = userId;
	}

	public String getUserAccount() {
		return this.userAccount;
	}

	public void setUserAccount(String userAccount) {
		this.userAccount = userAccount;
	}

	public String getUserName() {
		return this.userName;
	}

	public void setUserName(String userName) {
		this.userName = userName;
	}

	public String getUserPassword() {
		return this.userPassword;
	}

	public void setUserPassword(String userPassword) {
		this.userPassword = userPassword;
	}

	public String getUserDesc() {
		return this.userDesc;
	}

	public void setUserDesc(String userDesc) {
		this.userDesc = userDesc;
	}

	public boolean getEnabled() {
		return this.enabled;
	}

	public void setEnabled(Boolean enabled) {
		this.enabled = enabled;
	}

	public Boolean getIssys() {
		return this.issys;
	}

	public void setIssys(Boolean issys) {
		this.issys = issys;
	}
	
	public String getUserDept() {
		return this.userDept;
	}

	public void setUserDept(String userDept) {
		this.userDept = userDept;
	}
	
	public String getUserDuty() {
		return this.userDuty;
	}

	public void setUserDuty(String userDuty) {
		this.userDuty = userDuty;
	}	

	public String getSubSystem() {
		return this.subSystem;
	}

	public void setSubSystem(String subSystem) {
		this.subSystem = subSystem;
	}
	
	public Set<SysUsersRoles> getSysUsersRoleses() {
		return this.sysUsersRoleses;
	}

	public void setSysUsersRoleses(Set<SysUsersRoles> sysUsersRoleses) {
		this.sysUsersRoleses = sysUsersRoleses;
	}

    //~ Methods ========================================================================================================

    public boolean equals(Object rhs) {
        if (!(rhs instanceof SysUsers) || (rhs == null)) {
            return false;
        }

        SysUsers user = (SysUsers) rhs;

        //具有的权限。
        if (!authorities.equals(user.authorities)) {
            return false;
        }

        // 通过Spring Security构建一个用户时,用户名和密码不能为空。
        return (this.getPassword().equals(user.getPassword()) && this.getUsername().equals(user.getUsername())
                && (this.isAccountNonExpired() == user.isAccountNonExpired())
                && (this.isAccountNonLocked() == user.isAccountNonLocked())
                && (this.isCredentialsNonExpired() == user.isCredentialsNonExpired())
                && (this.isEnabled() == user.isEnabled()));
    }

    public Collection<GrantedAuthority> getAuthorities() {
        return authorities;
    }
    
    public void setAuthorities( Collection<GrantedAuthority> authorities ){
    	this.authorities = (Set<GrantedAuthority>) authorities;
    }

    public String getPassword() {
        return password;
    }

    public String getUsername() {
        return username;
    }
    

    public int hashCode() {
        int code = 9792;

      //若该用户不是登录人员,则可以允许没有authorities。
		if (null != getUsername() && null != getAuthorities()) {
			for (GrantedAuthority authority : getAuthorities()) {

				code = code * (authority.hashCode() % 7);
			}
		}

        if (this.getPassword() != null) {
            code = code * (this.getPassword().hashCode() % 7);
        }

        if (this.getUsername() != null) {
            code = code * (this.getUsername().hashCode() % 7);
        }

        if (this.isAccountNonExpired()) {
            code = code * -2;
        }

        if (this.isAccountNonLocked()) {
            code = code * -3;
        }

        if (this.isCredentialsNonExpired()) {
            code = code * -5;
        }

        if (this.isEnabled()) {
            code = code * -7;
        }

        return code;
    }

    public boolean isAccountNonExpired() {
        return accountNonExpired;
    }

    public boolean isAccountNonLocked() {
        return this.accountNonLocked;
    }

    public boolean isCredentialsNonExpired() {
        return credentialsNonExpired;
    }

    public boolean isEnabled() {
        return enabled;
    }

    private static SortedSet<GrantedAuthority> sortAuthorities(Collection<GrantedAuthority> authorities) {
        Assert.notNull(authorities, "Cannot pass a null GrantedAuthority collection");
        // Ensure array iteration order is predictable (as per UserDetails.getAuthorities() contract and SEC-717)
        SortedSet<GrantedAuthority> sortedAuthorities =
            new TreeSet<GrantedAuthority>(new AuthorityComparator());

        for (GrantedAuthority grantedAuthority : authorities) {
            Assert.notNull(grantedAuthority, "GrantedAuthority list cannot contain any null elements");
            sortedAuthorities.add(grantedAuthority);
        }

        return sortedAuthorities;
    }

    private static class AuthorityComparator implements Comparator<GrantedAuthority>, Serializable {
		private static final long serialVersionUID = 6173956575005152011L;

		public int compare(GrantedAuthority g1, GrantedAuthority g2) {
            // Neither should ever be null as each entry is checked before adding it to the set.
            // If the authority is null, it is a custom authority and should precede others.
            if (g2.getAuthority() == null) {
                return -1;
            }

            if (g1.getAuthority() == null) {
                return 1;
            }

            return g1.getAuthority().compareTo(g2.getAuthority());
        }
    }
	
	
    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append(super.toString()).append(": ");
        sb.append("Username: ").append(this.username).append("; ");
        sb.append("Password: [PROTECTED]; ");
        sb.append("UserAccount: ").append(this.userAccount).append("; ");
        sb.append("UserDept: ").append(this.userDept).append("; ");
        sb.append("UserDuty: ").append(this.userDuty).append("; ");
        sb.append("UserDesc: ").append(this.userDesc).append("; ");
        sb.append("UserSubSystem: ").append(this.subSystem).append("; ");
        sb.append("UserIsSys: ").append(this.issys).append("; ");
        sb.append("Enabled: ").append(this.enabled).append("; ");
        sb.append("AccountNonExpired: ").append(this.accountNonExpired).append("; ");
        sb.append("credentialsNonExpired: ").append(this.credentialsNonExpired).append("; ");
        sb.append("AccountNonLocked: ").append(this.accountNonLocked).append("; ");

        if ( null !=authorities  && !authorities.isEmpty()) {
            sb.append("Granted Authorities: ");

            boolean first = true;
            for (GrantedAuthority auth : authorities) {
                if (!first) {
                    sb.append(",");
                }
                first = false;

                sb.append(auth);
            }
        } else {
            sb.append("Not granted any authorities");
        }

        return sb.toString();
    }
    
    public static void main(String[] args){
    }

}


package com.gwtjs.spring.security.entity;

public class SysUsersRoles implements java.io.Serializable {

	private static final long serialVersionUID = 7198583470977284717L;
	private long id;
	private SysUsers sysUsers;
	private SysRoles sysRoles;
	private Boolean enabled;

	public SysUsersRoles() {
	}

	public SysUsersRoles(long id) {
		this.id = id;
	}

	public SysUsersRoles(long id, SysUsers sysUsers, SysRoles sysRoles,
			Boolean enabled) {
		this.id = id;
		this.sysUsers = sysUsers;
		this.sysRoles = sysRoles;
		this.enabled = enabled;
	}

	public long getId() {
		return this.id;
	}

	public void setId(long id) {
		this.id = id;
	}

	public SysUsers getSysUsers() {
		return this.sysUsers;
	}

	public void setSysUsers(SysUsers sysUsers) {
		this.sysUsers = sysUsers;
	}

	public SysRoles getSysRoles() {
		return this.sysRoles;
	}

	public void setSysRoles(SysRoles sysRoles) {
		this.sysRoles = sysRoles;
	}

	public Boolean getEnabled() {
		return this.enabled;
	}

	public void setEnabled(Boolean enabled) {
		this.enabled = enabled;
	}

}


<?xml version="1.0"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping >
    <class name="com.gwtjs.spring.security.entity.SysAuthorities" table="SYS_AUTHORITIES" >
        <id name="authorityId" type="string">
            <column name="AUTHORITY_ID" length="32" />
            <generator class="assigned" />
        </id>
        <property name="authorityName" type="string">
            <column name="AUTHORITY_NAME" length="40" />
        </property>
        <property name="authorityDesc" type="string">
            <column name="AUTHORITY_DESC" length="100" />
        </property>
        <property name="enabled" type="java.lang.Boolean">
            <column name="ENABLED" precision="1" scale="0" />
        </property>
        <property name="issys" type="java.lang.Boolean">
            <column name="ISSYS" precision="1" scale="0" />
        </property>
        <property name="module" type="string">
            <column name="MODULE" length="4" />
        </property>
        <set name="sysRolesAuthoritieses" inverse="true" cascade="all">
            <key>
                <column name="AUTHORITY_ID" length="32" />
            </key>
            <one-to-many class="com.gwtjs.spring.security.entity.SysRolesAuthorities" />
        </set>
        <set name="sysAuthoritiesResources" inverse="true" cascade="all">
            <key>
                <column name="AUTHORITY_ID" length="32" />
            </key>
            <one-to-many class="com.gwtjs.spring.security.entity.SysAuthoritiesResources" />
        </set>
    </class>
</hibernate-mapping>
<?xml version="1.0"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping >
    <class name="com.gwtjs.spring.security.entity.SysAuthoritiesResources" table="SYS_AUTHORITIES_RESOURCES" >
        <id name="id" type="long">
            <column name="ID" precision="13" scale="0" />
            <generator class="assigned" />
        </id>
        <many-to-one name="sysAuthorities" class="com.gwtjs.spring.security.entity.SysAuthorities" fetch="select">
            <column name="AUTHORITY_ID" length="32" />
        </many-to-one>
        <many-to-one name="sysResources" class="com.gwtjs.spring.security.entity.SysResources" fetch="select">
            <column name="RESOURCE_ID" length="32" />
        </many-to-one>
        <property name="enabled" type="java.lang.Boolean">
            <column name="ENABLED" precision="1" scale="0" />
        </property>
    </class>
</hibernate-mapping>
<?xml version="1.0"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping >
    <class name="com.gwtjs.spring.security.entity.SysResources" table="Sys_RESOURCES">
        <id name="resourceId" type="string">
            <column name="RESOURCE_ID" length="32" />
            <generator class="assigned" />
        </id>
        <property name="resourceName" type="string" unique="true">
            <column name="RESOURCE_NAME" length="100" />
        </property>
        <property name="resourceDesc" type="string">
            <column name="RESOURCE_DESC" length="100" />
        </property>
        <property name="resourceType" type="string">
            <column name="RESOURCE_TYPE" length="40" />
        </property>
        <property name="resourceString" type="string">
            <column name="RESOURCE_STRING" length="200" />
        </property>
        <property name="priority" type="java.lang.Boolean">
            <column name="PRIORITY" precision="1" scale="0" />
        </property>
        <property name="enabled" type="java.lang.Integer">
            <column name="ENABLED" precision="1" scale="0" />
        </property>
        <property name="issys" type="java.lang.Integer">
            <column name="ISSYS" precision="1" scale="0" />
        </property>
        <property name="module" type="string">
            <column name="MODULE" length="6" />
        </property>
        <set name="sysAuthoritiesResourceses" inverse="true" fetch="join" lazy="false">
            <key>
                <column name="RESOURCE_ID" length="32" />
            </key>
            <one-to-many class="com.gwtjs.spring.security.entity.SysAuthoritiesResources" />
        </set>
    </class>
</hibernate-mapping>


<?xml version="1.0"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping >
    <class name="com.gwtjs.spring.security.entity.SysRoles" table="SYS_ROLES">
        <id name="roleId" type="string">
            <column name="ROLE_ID" length="32" />
            <generator class="assigned" />
        </id>
        <property name="roleName" type="string" unique="true">
            <column name="ROLE_NAME" length="40" />
        </property>
        <property name="roleDesc" type="string">
            <column name="ROLE_DESC" length="100" />
        </property>
        <property name="enabled" type="java.lang.Boolean">
            <column name="ENABLED" precision="1" scale="0" />
        </property>
        <property name="issys" type="java.lang.Boolean">
            <column name="ISSYS" precision="1" scale="0" />
        </property>
        <property name="module" type="string">
            <column name="MODULE" length="32" />
        </property>
        <set name="sysUsersRoles" inverse="true" cascade="all"  fetch="join" lazy="false">
            <key>
                <column name="ROLE_ID" length="32" />
            </key>
            <one-to-many class="com.gwtjs.spring.security.entity.SysUsersRoles" />
        </set>
        <set name="sysRolesAuthorities" inverse="true" cascade="all" fetch="join" lazy="false">
            <key>
                <column name="ROLE_ID" length="32" />
            </key>
            <one-to-many class="com.gwtjs.spring.security.entity.SysRolesAuthorities" />
        </set>
    </class>
</hibernate-mapping>
<?xml version="1.0"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping >
    <class name="com.gwtjs.spring.security.entity.SysRolesAuthorities" table="SYS_ROLES_AUTHORITIES">
        <id name="id" type="long">
            <column name="ID" precision="13" scale="0" />
            <generator class="assigned" />
        </id>
        <many-to-one name="sysAuthorities" class="com.gwtjs.spring.security.entity.SysAuthorities" fetch="select" lazy="false">
            <column name="AUTHORITY_ID" length="32" />
        </many-to-one>
        <many-to-one name="sysRoles" class="com.gwtjs.spring.security.entity.SysRoles" fetch="select" lazy="false">
            <column name="ROLE_ID" length="32" />
        </many-to-one>
        <!--  
        <property name="authorityId" type="string">
            <column name="AUTHORITY_ID" length="32" />
        </property>
        <property name="roleId" type="string">
            <column name="ROLE_ID" length="32" />
        </property> -->
        <property name="enabled" type="java.lang.Boolean">
            <column name="ENABLED" precision="1" scale="0" />
        </property>
    </class>
</hibernate-mapping>


<?xml version="1.0"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping>
	<class name="com.gwtjs.spring.security.entity.SysUnit" table="SYS_Unit"
		>
		<id name="id" >
			<column name="UNIT_ID" length="32" />
			<generator class="assigned" />
		</id>
		<property name="unitName" type="string" unique="true">
			<column name="unit_Name" length="64" />
		</property>
		<property name="unitDesc" type="string" unique="true">
			<column name="unit_Desc" length="140" />
		</property>
		<property name="enabled" type="java.lang.Boolean">
			<column name="ENABLED" precision="1" scale="0" />
		</property>
	</class>
</hibernate-mapping>
<?xml version="1.0"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping>
	<class name="com.gwtjs.spring.security.entity.SysUsers" table="SYS_USERS"
		>
		<id name="userId" type="string">
			<column name="USER_ID" length="32" />
			<generator class="assigned" />
		</id>
		<property name="userAccount" type="string" unique="true">
			<column name="USER_ACCOUNT" length="30" />
		</property>
		<property name="userName" type="string" unique="true">
			<column name="USER_NAME" length="40" />
		</property>
		<property name="userPassword" type="string">
			<column name="USER_PASSWORD" length="100" />
		</property>
		<property name="userDesc" type="string">
			<column name="USER_DESC" length="100" />
		</property>
		<property name="userDuty" type="string">
			<column name="USER_DUTY" length="10" />
		</property>
		<property name="userDept" type="string">
			<column name="USER_DEPT" length="20" />
		</property>
		<property name="subSystem" type="string">
			<column name="SUB_SYSTEM" length="30" />
		</property>
		<property name="enabled" type="java.lang.Boolean">
			<column name="ENABLED" precision="1" scale="0" />
		</property>
		<property name="issys" type="java.lang.Boolean">
			<column name="ISSYS" precision="1" scale="0" />
		</property>
		<set name="sysUsersRoleses" inverse="true" cascade="all" lazy="false" fetch="join">
			<key>
				<column name="USER_ID" length="32" />
			</key>
			<one-to-many class="com.gwtjs.spring.security.entity.SysUsersRoles" />
		</set>
	</class>
</hibernate-mapping>


<?xml version="1.0"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<hibernate-mapping >
    <class name="com.gwtjs.spring.security.entity.SysUsersRoles" table="SYS_USERS_ROLES" >
        <id name="id" type="long">
            <column name="ID" precision="13" scale="0" />
            <generator class="assigned" />
        </id>
        <many-to-one name="sysUsers" class="com.gwtjs.spring.security.entity.SysUsers" fetch="join" lazy="false" >
            <column name="USER_ID" length="32" />
        </many-to-one>
        <many-to-one name="sysRoles" class="com.gwtjs.spring.security.entity.SysRoles" fetch="join" lazy="false" >
            <column name="ROLE_ID" length="32" />
        </many-to-one>
        <property name="enabled" type="java.lang.Boolean">
            <column name="ENABLED" precision="1" scale="0" />
        </property>
    </class>
</hibernate-mapping>



Dao Interface

package com.gwtjs.spring.security.dao.impl;

import java.util.HashMap;
import java.util.List;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hibernate.LockMode;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Repository;

import com.gwtjs.dao.impl.GenericDaoImpl;
import com.gwtjs.spring.security.dao.SysAuthoritiesDao;
import com.gwtjs.spring.security.dao.SysAuthoritiesResourcesDao;
import com.gwtjs.spring.security.dao.SysResourcesDao;
import com.gwtjs.spring.security.entity.SysAuthorities;
import com.gwtjs.spring.security.entity.SysAuthoritiesResources;
import com.gwtjs.spring.security.entity.SysResources;
import com.gwtjs.utils.Util;

/**
 * Home object for domain model class SysAuthorities.
 * @see com.gwtjs.spring.security.entity.SysAuthorities
 */
@Repository(value="sysAuthoritiesDao")
public class SysAuthoritiesDaoImpl extends GenericDaoImpl<SysAuthorities,String> implements SysAuthoritiesDao {

	private static final Log log = LogFactory.getLog(SysAuthoritiesDaoImpl.class);
	
	//资源dao
	@Autowired private SysResourcesDao sysResourcesDao;
	
	//权限和资源对应关系的dao
	@Autowired private SysAuthoritiesResourcesDao sysAuthoritiesResourcesDao;

	/*
	 * 将从页面返回的权限对象进行保存。
	 */
	public void persist(SysAuthorities transientInstance) {

		log.debug("权限 " + transientInstance.getAuthorityDesc() + " 持久化!");

		try {

			// 为写入的权限设置唯一id
			transientInstance.setAuthorityId(Util.getPkId() + "");
			
			String authorityName = transientInstance.getAuthorityName();

			// 当权限标识前缀不为"AUTH_"时,要添加该标识。
			if (authorityName.startsWith("AUTH")) {

				if (!authorityName.startsWith("AUTH_")) {
					authorityName = authorityName.substring(0, 4) + "_"
							+ authorityName.substring(4);
					transientInstance.setAuthorityName(authorityName);
				}

			} else {
				transientInstance.setAuthorityName("AUTH_" + authorityName);
			}

			// 持久化
			getSession().persist(transientInstance);

			log.debug("权限 " + transientInstance.getAuthorityDesc() + " 持久化成功!");

		} catch (RuntimeException re) {

			log.error("权限 " + transientInstance.getAuthorityDesc() + " 持久化失败!", re);
			throw re;

		}
	}

	/*
	 * 对权限实例进行更新。
	 */
	public void attachDirty(SysAuthorities instance) {

		log.debug("更新权限" + instance.getAuthorityName() + "!");

		try {

			getSession().saveOrUpdate(instance);
			
			log.debug("更新权限 " + instance.getAuthorityName() + "成功!");

		} catch (RuntimeException re) {

			log.error("更新权限 " + instance.getAuthorityName() + "失败!", re);
			throw re;

		}
	}

	public void attachClean(SysAuthorities instance) {
		log.debug("attaching clean SysAuthorities instance");
		try {
			lock(instance, LockMode.NONE);
			log.debug("attach successful");
		} catch (RuntimeException re) {
			log.error("attach failed", re);
			throw re;
		}
	}


	
	/**
	 * 根据权限id删除该权限,角色和权限,权限和资源的关系。
	 * 
	 * @author aGuang 2011-4-10 下午03:31:22
	 *@param authorityId
	 */
	public void delete(String authorityId) {
		log.debug("根据权限id删除该权限!权限id为 : " + authorityId);
		try {
			
			SysAuthorities authority = findById( authorityId );
			
			getSession().delete( authority );
		
			log.debug("权限id" + authorityId + "删除成功!");
		} catch (RuntimeException re) {
			log.error("权限id" + authorityId + "删除失败!", re);
			throw re;
		}
	}


	/**
	 * 通过id得以权限的实例。
	 *@author aGuang 2011-4-20 上午09:17:02
	 *@param id
	 *@return
	 */
	public SysAuthorities findById( String id ) {
		log.debug("通过id得到权限类的实例: " + id);
		try {
			
			SysAuthorities instance = (SysAuthorities) getSession().createQuery( "from SysAuthorities where authority_id='" + id + "'").uniqueResult();
			
			if (instance == null) {
				log.debug("该权限类不存在!");
			} else {
				log.debug("成功找到该权限类的实例!");
			}
			return instance;
		} catch (RuntimeException re) {
			log.error("查找权限类实例失败!", re);
			throw re;
		}
	}
	
	/**
	 * 根据平台中的子系统返回权限列表。
	 * 
	 * @author aGuang 2011-4-23 下午18:32:38
	 *@return
	 */
	@SuppressWarnings("unchecked")
	public List<SysAuthorities> findAuthoritiesLst(String xtmk) {
		try {
			List<SysAuthorities> results = getSession().createQuery("from SysAuthorities where module='" + xtmk + "'").list();

			return results;

		} catch (RuntimeException re) {

			throw re;
		}
	}
	
	/**
	 * 根据权限id,得到以资源id为键,"true"为值的Map。
	 * 
	 * @author aGuang 2011-4-23 下午18:15:21
	 *@param authorityId
	 *@return
	 */
	@SuppressWarnings("unchecked")
	public HashMap<String,String> getSelectedResourcesMap(String authorityId) {
		try {
		
			List<String> results = getSession().createSQLQuery("select a.resource_id " +
					"from Sys_Resources a, Sys_Authorities_Resources b " +
					"where a.resource_id = b.resource_id and b.Authority_id='"+
					authorityId +"' and a.enabled=1").list();

			HashMap<String,String> hashMap = new HashMap<String,String>(0);

			for (String resourcesId : results) {
				hashMap.put( resourcesId, "true" );
			}
			
			return hashMap;
		} catch (RuntimeException re) {

			throw re;
		}
	}

	/*
	 * 保存权限和资源之间一对多的关系。
	 */
	public boolean saveAuthorityAndReSource(String authorityId, String[] resourceskey) {

		SysAuthorities sysAuthorities = findById(authorityId);
		SysResources sysResources = null;
		SysAuthoritiesResources sysAuthoritiesResources;
		
		//在重新设置之前先删除之前所拥有的全部对应关系
		sysAuthoritiesResourcesDao.deleteOldAuthorityAndResourceRelative( authorityId );

		try {
			/*
			 * 将用户在前台通过checkbox选中的所有权限id提取出来。
			 * 在进行保存之前,首先要通过id提取该权限的实例,
			 * 为角色权限关联表sysRolesAuthorities的setSysAuthorities()提供数据。
			 * 最后通过hibernate的save()方法保存新建的sysRolesAuthorities实例。
			 */
			for (String resId : resourceskey) {
				
				sysResources = sysResourcesDao.findById( resId );
				
				/*
				 * 生成一个新的实例很重要,否则会报
				 * identifier of an instance of xxx  
				 * was altered from xxx to xxx"的异常。
				 */
				sysAuthoritiesResources = new SysAuthoritiesResources();
				sysAuthoritiesResources.setId( Util.getPkId() );
				sysAuthoritiesResources.setSysResources( sysResources );
				sysAuthoritiesResources.setSysAuthorities( sysAuthorities );
				sysAuthoritiesResources.setEnabled(true);

				getSession().save( sysAuthoritiesResources );

			}
			
		} catch (Exception ex) {
			ex.printStackTrace();
			return false;
		}

		return true;
	}
	
	
	/**
	 * 得到资源列表。
	 */
	@SuppressWarnings("unchecked")
	public List<SysResources> getResourcesList() {
		try {

			return getSession().createQuery("from SysResources where enabled=1").list();

		} catch (RuntimeException re) {

			throw re;
		}
	}
	
	/**
	 * 提取系统中的所有权限
	 * @return
	 */
	@SuppressWarnings("unchecked")
	public List<String> getSysAuthorities(){
		String sql = "select authority_name from sys_authorities";

		List<String> query = getSession().createSQLQuery(sql).list();
		return query;
	}
	
	/*//注入
	public void setSysResourcesDao( SysResourcesDao sysResourcesDao){
		this.sysResourcesDao = sysResourcesDao;
	}
	
	public SysResourcesDao getSysResourcesDao(){
		return sysResourcesDao;
	}
	
	public void setSysRolesAuthoritiesDao( SysRolesAuthoritiesDao sysRolesAuthoritiesDao){
		this.sysRolesAuthoritiesDao = sysRolesAuthoritiesDao;
	}
	
	public SysRolesAuthoritiesDao getSysRolesAuthoritiesDao(){
		return sysRolesAuthoritiesDao;
	}
	
	public SysAuthoritiesResourcesDao getSysAuthoritiesResourcesDao(){
		return sysAuthoritiesResourcesDao;
	}
	
	public void setSysAuthoritiesResourcesDao( SysAuthoritiesResourcesDao sysAuthoritiesResourcesDao){
		this.sysAuthoritiesResourcesDao = sysAuthoritiesResourcesDao;
	}*/


}


package com.gwtjs.spring.security.dao.impl;

import java.util.ArrayList;
import java.util.List;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hibernate.LockMode;
import org.hibernate.criterion.Example;
import org.springframework.stereotype.Repository;

import com.gwtjs.dao.impl.GenericDaoImpl;
import com.gwtjs.spring.security.dao.SysAuthoritiesResourcesDao;
import com.gwtjs.spring.security.entity.SysAuthoritiesResources;

/**
 * Home object for domain model class SysAuthoritiesResources.
 * @see com.gwtjs.spring.security.entity.SysAuthoritiesResources
 * @author Hibernate Tools
 */
@Repository(value="sysAuthoritiesResourcesDao")
public class SysAuthoritiesResourcesDaoImpl extends GenericDaoImpl<SysAuthoritiesResources,Long> implements SysAuthoritiesResourcesDao{

	private static final Log log = LogFactory
			.getLog(SysAuthoritiesResourcesDaoImpl.class);

	@SuppressWarnings("unchecked")
	public List<String> loadResource(String auth){
		return getSession()
		.createSQLQuery(
				"select b.resource_string "
						+ "from Sys_Authorities_Resources a, Sys_Resources b, "
						+ "Sys_authorities c where a.resource_id = b.resource_id "
						+ "and a.authority_id=c.authority_id and c.Authority_name='"
						+ auth + "'").list();
		
	}
	
	public void persist(SysAuthoritiesResources transientInstance) {
		log.debug("persisting SysAuthoritiesResources instance");
		try {
			getSession().persist(transientInstance);
			log.debug("persist successful");
		} catch (RuntimeException re) {
			log.error("persist failed", re);
			throw re;
		}
	}

	public void attachDirty(SysAuthoritiesResources instance) {
		log.debug("attaching dirty SysAuthoritiesResources instance");
		try {
			getSession().saveOrUpdate(instance);
			log.debug("attach successful");
		} catch (RuntimeException re) {
			log.error("attach failed", re);
			throw re;
		}
	}

	public void attachClean(SysAuthoritiesResources instance) {
		log.debug("attaching clean SysAuthoritiesResources instance");
		try {
			lock(instance, LockMode.NONE);
			log.debug("attach successful");
		} catch (RuntimeException re) {
			log.error("attach failed", re);
			throw re;
		}
	}

	public void delete(SysAuthoritiesResources persistentInstance) {
		log.debug("deleting SysAuthoritiesResources instance");
		try {
			getSession().delete(persistentInstance);
			log.debug("delete successful");
		} catch (RuntimeException re) {
			log.error("delete failed", re);
			throw re;
		}
	}

	public SysAuthoritiesResources merge(
			SysAuthoritiesResources detachedInstance) {
		log.debug("merging SysAuthoritiesResources instance");
		try {
			SysAuthoritiesResources result = (SysAuthoritiesResources) getSession().merge(detachedInstance);
			log.debug("merge successful");
			return result;
		} catch (RuntimeException re) {
			log.error("merge failed", re);
			throw re;
		}
	}

	public SysAuthoritiesResources findById(long id) {
		log.debug("getting SysAuthoritiesResources instance with id: " + id);
		try {
			SysAuthoritiesResources instance = (SysAuthoritiesResources) getSession()
					.get("com.gwtjs.spring.security.entity.SysAuthoritiesResources", id);
			if (instance == null) {
				log.debug("get successful, no instance found");
			} else {
				log.debug("get successful, instance found");
			}
			return instance;
		} catch (RuntimeException re) {
			log.error("get failed", re);
			throw re;
		}
	}
	
	/**
	 * 得到PubAuthoritiesResources的对象列表。
	 *@author aGuang 2011-3-23 下午02:33:05
	 *@return
	 */
	@SuppressWarnings("unchecked")
	public List<SysAuthoritiesResources> getAll(){
		
		List<SysAuthoritiesResources> auths = new ArrayList<SysAuthoritiesResources>();
		
		try{
			
			auths = getSession().createQuery("from SysAuthoritiesResources").list();
			return auths;
			
		}catch( RuntimeException re ){
			log.error("find by authorities failed.", re);
			throw re;
		}
		
	}
	
	
	
	/**
	 * 根据权限id删除权限与资源之间旧有的关联关系。
	 *@author aGuang 2011-4-23 上午10:14:29
	 *@param authorityId
	 */
	public void deleteOldAuthorityAndResourceRelative( String authorityId ){
		
		try{
			
			getSession().createSQLQuery("delete Sys_Authorities_Resources where authority_id='" + authorityId + "'");
			
			log.info("删除权限与资源之间的关联关系成功!");
			
		}catch(RuntimeException re){
			log.error("删除权限与资源之间的关联关系失败!");
			throw re;
		}
		
	}
	

	@SuppressWarnings("unchecked")
	public List<SysAuthoritiesResources> findByExample(SysAuthoritiesResources instance) {
		log.debug("finding SysAuthoritiesResources instance by example");
		try {
			List<SysAuthoritiesResources> results = getSession().createCriteria(
					"com.gwtjs.spring.security.entity.SysAuthoritiesResources").add(
					Example.create(instance)).list();
			log.debug("find by example successful, result size: "
					+ results.size());
			return results;
		} catch (RuntimeException re) {
			log.error("find by example failed", re);
			throw re;
		}
	}
}




核心的服务类Services

/*
 * @(#) MyAccessDecisionManager.java  2011-3-23 下午04:41:12
 *
 * Copyright 2011 by aGuang 
 */

package com.gwtjs.spring.security;

import java.util.Collection;
import java.util.Iterator;

import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/**
 *AccessdecisionManager在Spring security中是很重要的。
 *
 *在验证部分简略提过了,所有的Authentication实现需要保存在一个GrantedAuthority对象数组中。 
 *这就是赋予给主体的权限。 GrantedAuthority对象通过AuthenticationManager
 *保存到 Authentication对象里,然后从AccessDecisionManager读出来,进行授权判断。 
 *
 *Spring Security提供了一些拦截器,来控制对安全对象的访问权限,例如方法调用或web请求。 
 *一个是否允许执行调用的预调用决定,是由AccessDecisionManager实现的。 
 *这个 AccessDecisionManager 被AbstractSecurityInterceptor调用,
 *它用来作最终访问控制的决定。 这个AccessDecisionManager接口包含三个方法: 
 *
 void decide(Authentication authentication, Object secureObject,
    List<ConfigAttributeDefinition> config) throws AccessDeniedException;
 boolean supports(ConfigAttribute attribute);
 boolean supports(Class clazz);
 
  从第一个方法可以看出来,AccessDecisionManager使用方法参数传递所有信息,这好像在认证评估时进行决定。 
  特别是,在真实的安全方法期望调用的时候,传递安全Object启用那些参数。 
  比如,让我们假设安全对象是一个MethodInvocation。 
  很容易为任何Customer参数查询MethodInvocation,
  然后在AccessDecisionManager里实现一些有序的安全逻辑,来确认主体是否允许在那个客户上操作。 
  如果访问被拒绝,实现将抛出一个AccessDeniedException异常。

  这个 supports(ConfigAttribute) 方法在启动的时候被
  AbstractSecurityInterceptor调用,来决定AccessDecisionManager
  是否可以执行传递ConfigAttribute。 
  supports(Class)方法被安全拦截器实现调用,
  包含安全拦截器将显示的AccessDecisionManager支持安全对象的类型。
 */
public class CustomAccessDecisionManager implements AccessDecisionManager {
	
	public void decide( Authentication authentication, Object object, 
			Collection<ConfigAttribute> configAttributes) 
		throws AccessDeniedException, InsufficientAuthenticationException{
		
		if( configAttributes == null ) {
			return ;
		}
		
		Iterator<ConfigAttribute> ite = configAttributes.iterator();
		
		while( ite.hasNext()){
			
			ConfigAttribute ca = ite.next();
			String needRole = ((SecurityConfig)ca).getAttribute();
			
			//ga 为用户所被赋予的权限。 needRole 为访问相应的资源应该具有的权限。
			for( GrantedAuthority ga: authentication.getAuthorities()){
				
				if(needRole.trim().equals(ga.getAuthority().trim())){

					return;
				}
				
			}
			
		}
		
		throw new AccessDeniedException("");
		
	}
	
	public boolean supports( ConfigAttribute attribute ){
		
		return true;

	}
	
	public boolean supports(Class<?> clazz){
		return true;

	}
	

}
/*
 * @(#) MyFilterSecurityInterceptor.java  2011-3-23 上午07:53:03
 *
 * Copyright 2011 by aGuang 
 */

package com.gwtjs.spring.security;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.access.intercept.InterceptorStatusToken;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;

/**
 * 该过滤器的主要作用就是通过spring著名的IoC生成securityMetadataSource。
 * securityMetadataSource相当于本包中自定义的MyInvocationSecurityMetadataSourceService。
 * 该MyInvocationSecurityMetadataSourceService的作用提从数据库提取权限和资源,装配到HashMap中,
 * 供Spring Security使用,用于权限校验。
 * @author aGuang 11/3/29
 *
 */

public class CustomFilterSecurityInterceptor 
	extends AbstractSecurityInterceptor
	implements Filter{
	

	private FilterInvocationSecurityMetadataSource securityMetadataSource;
	
	public void doFilter( ServletRequest request, ServletResponse response, FilterChain chain)
	throws IOException, ServletException{
		
		FilterInvocation fi = new FilterInvocation( request, response, chain );
		invoke(fi);
		
	}
	
	public FilterInvocationSecurityMetadataSource getSecurityMetadataSource(){
		return this.securityMetadataSource;
	}
	
	public Class<? extends Object> getSecureObjectClass(){
		return FilterInvocation.class;
	}

	
	public void invoke( FilterInvocation fi ) throws IOException, ServletException{
		
		InterceptorStatusToken  token = super.beforeInvocation(fi);
		
		try{
			fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
		}finally{
			super.afterInvocation(token, null);
		}
		
	}
		
	
	@Override
	public SecurityMetadataSource obtainSecurityMetadataSource(){
		return this.securityMetadataSource;
	}
	
	
	public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource securityMetadataSource){
		this.securityMetadataSource = securityMetadataSource;
	}
	
	
	public void destroy(){
		
	}
	
	public void init( FilterConfig filterconfig ) throws ServletException{
		
	}
	
	
}
/*
 * @(#) MyInvocationSecurityMetadataSourceService.java  2011-3-23 下午02:58:29
 *
 * Copyright 2011 by aGuang 
 */

package com.gwtjs.spring.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.AntUrlPathMatcher;
import org.springframework.security.web.util.UrlMatcher;

import com.gwtjs.spring.security.dao.SysAuthoritiesDao;
import com.gwtjs.spring.security.dao.SysAuthoritiesResourcesDao;

/**
 * 最核心的地方,就是提供某个资源对应的权限定义,即getAttributes方法返回的结果。 此类在初始化时,应该取到所有资源及其对应角色的定义。
 */
//@Service
public class CustomInvocationSecurityMetadataSourceService implements
		FilterInvocationSecurityMetadataSource {
	
	@Autowired
	private SysAuthoritiesDao sysAuthoritiesDao;
	@Autowired()
	private SysAuthoritiesResourcesDao sysAuthoritiesResourcesDao;
	
	private UrlMatcher urlMatcher = new AntUrlPathMatcher();

	private static Map<String, Collection<ConfigAttribute>> resourceMap = null;

	public CustomInvocationSecurityMetadataSourceService() {
		loadResourceDefine();
	}

	private void loadResourceDefine() {
		ApplicationContext context = new ClassPathXmlApplicationContext("classpath:applicationContext.xml","applicationContext-service.xml");

		/*SessionFactory sessionFactory = (SessionFactory) context
				.getBean("sessionFactory");
		Session session = sessionFactory.openSession();*/

		sysAuthoritiesDao = (SysAuthoritiesDao) context.getBean("sysAuthoritiesDao");
		sysAuthoritiesResourcesDao = (SysAuthoritiesResourcesDao) context.getBean("sysAuthoritiesResourcesDao");
		System.out.println("-----------------get all system authorites--------------"+sysAuthoritiesDao);
		System.out.println("--------------get all system authorites resources-------------"+sysAuthoritiesResourcesDao);
		

		// 在Web服务器启动时,提取系统中的所有权限。
//		String sql = "select authority_name from sys_authorities";

		List<String> as = sysAuthoritiesDao.getSysAuthorities();

		/*
		 * 应当是资源为key, 权限为value。 资源通常为url, 权限就是那些以ROLE_为前缀的角色。 一个资源可以由多个权限来访问。
		 * aGuang
		 */
		resourceMap = new HashMap<String, Collection<ConfigAttribute>>();

		for (String auth : as) {
			ConfigAttribute ca = new SecurityConfig(auth);

			List<String> rs = sysAuthoritiesResourcesDao.loadResource(auth);

			for (String url : rs) {
				/*
				 * 判断资源文件和权限的对应关系,如果已经存在相关的资源url,则要通过该url为key提取出权限集合,将权限增加到权限集合中。
				 * aGuang
				 */
				if (resourceMap.containsKey(url)) {

					Collection<ConfigAttribute> value = resourceMap.get(url);
					value.add(ca);
					resourceMap.put(url, value);
				} else {
					Collection<ConfigAttribute> atts = new ArrayList<ConfigAttribute>();
					atts.add(ca);
					resourceMap.put(url, atts);
				}

			}

		}

	}

	@Override
	public Collection<ConfigAttribute> getAllConfigAttributes() {

		return null;
	}

	// 根据URL,找到相关的权限配置。
	@Override
	public Collection<ConfigAttribute> getAttributes(Object object)
			throws IllegalArgumentException {

		// object 是一个URL,被用户请求的url。
		String url = ((FilterInvocation) object).getRequestUrl();
		
        int firstQuestionMarkIndex = url.indexOf("?");

        if (firstQuestionMarkIndex != -1) {
            url = url.substring(0, firstQuestionMarkIndex);
        }

		Iterator<String> ite = resourceMap.keySet().iterator();

		while (ite.hasNext()) {
			String resURL = ite.next();
			
			if (urlMatcher.pathMatchesUrl(url, resURL)) {

				return resourceMap.get(resURL);
			}
		}

		return null;
	}

	@Override
	public boolean supports(Class<?> arg0) {

		return true;
	}

}
/*
 * @(#) CustomUserDetails.java  2011-4-13 下午01:44:14
 *
 * Copyright 2011 by aGuang 
 */

package com.gwtjs.spring.security;

import java.util.Set;

import org.springframework.security.core.userdetails.UserDetails;

import com.gwtjs.spring.security.entity.SysUsersRoles;

/**
 *实现了UserDetails,扩展几项信息,比如getSubSystem()方法等 aGuang 2012-09-25。
 */
public interface CustomUserDetails extends UserDetails {

	//用户id
	public String getUserId();

	//用户账户
	public String getUserAccount();

	//用户名
	public String getUserName();

	//用户密码
	public String getUserPassword();

	//用户描述或简介
	public String getUserDesc();

	//用户是否能用
	public boolean getEnabled();

	//是否超级用户
	public Boolean getIssys();
	
	//所属的单位
	public String getUserDept();

	//用户职位
	public String getUserDuty();

	//用户分管的子系统
	public String getSubSystem();
	
	//用户相对应的角色集
	public Set<SysUsersRoles> getSysUsersRoleses();

}
/*
 * @(#) MyUserDetailsService.java  2011-3-23 上午09:04:31
 *
 * Copyright 2011 by aGuang 
 */

package com.gwtjs.spring.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import com.gwtjs.spring.security.dao.SysUsersDao;
import com.gwtjs.spring.security.dao.impl.SysUsersDaoImpl;
import com.gwtjs.spring.security.entity.SysUsers;
import com.gwtjs.spring.security.entity.SysUsersRoles;

/**
 * 该类的主要作用是为Spring Security提供一个经过用户认证后的UserDetails。
 * 该UserDetails包括用户名、密码、是否可用、是否过期等信息。 aGuang 11/3/29
 */
//@Service(value="userDetailsManager")
public class CustomUserDetailsService implements UserDetailsService {

	@Autowired
	private SysUsersDao sysUsersDao;

	@Override
	public UserDetails loadUserByUsername(String username)
			throws UsernameNotFoundException, DataAccessException {

		Collection<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();

		if (null == sysUsersDao) {
			sysUsersDao = new SysUsersDaoImpl();
		}

		// 得到用户的权限
		auths = sysUsersDao.loadUserAuthoritiesByName(username);

		// 根据用户名取得一个SysUsers对象,以获取该用户的其他信息。
		SysUsers user = sysUsersDao.findByUserAccount(username);

		return new SysUsers(user.getUserId(), user.getUserAccount(),
				user.getUserName(), user.getUserPassword(), user.getUserDesc(),
				true, false, user.getUserDuty(), user.getUserDept(),
				user.getSubSystem(), new HashSet<SysUsersRoles>(0), true, true,
				true, auths);
	}

	public void setSysUsersDao(SysUsersDao sysUsersDao) {
		this.sysUsersDao = sysUsersDao;
	}

}



主要配置:

applicationContext-service.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
	xmlns:util="http://www.springframework.org/schema/util"
	xmlns:jee="http://www.springframework.org/schema/jee" 
	xmlns:aop="http://www.springframework.org/schema/aop"
	xmlns:tx="http://www.springframework.org/schema/tx" 
	xmlns:context="http://www.springframework.org/schema/context"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
   http://www.springframework.org/schema/aop 
   http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
   http://www.springframework.org/schema/tx
   http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
   http://www.springframework.org/schema/jee
   http://www.springframework.org/schema/jee/spring-jee-3.1.xsd
   http://www.springframework.org/schema/context
   http://www.springframework.org/schema/context/spring-context-3.1.xsd
   http://www.springframework.org/schema/util 
   http://www.springframework.org/schema/util/spring-util-3.1.xsd">

	<!-- 用户的密码加密或解密 -->
	<bean id="passwordEncoder"
		class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />

	<!-- 定义上下文返回的消息的国际化。(新版本) 11/3/23 -->
	<bean id="messageSource"
		class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
		<property name="basename"
			value="classpath:org/springframework/security/messages_zh_CN"/>
	</bean>

	<!--
		事件监听:实现了 ApplicationListener监听接口,
		包括AuthenticationCredentialsNotFoundEvent 事件,
		AuthorizationFailureEvent事件,AuthorizedEvent事件, PublicInvocationEvent事
		件。 -->
	<bean
		class="org.springframework.security.authentication.event.LoggerListener" />

	<!-- 用户详细信息管理:数据源、用户缓存(通过数据库管理用户、角色、权限、资源)。(新版本) 11/3/23  -->
	<bean id="userDetailsManager" class="com.gwtjs.spring.security.CustomUserDetailsService">
		<property name="sysUsersDao" ref="sysUsersDao" />
	</bean>
	
	<bean id="cacheManager"
		class="org.springframework.cache.CacheManager" />
		
	<!-- 启用用户的缓存功能 -->
	<bean id="userCache"
		class="org.springframework.security.core.userdetails.cache.EhCacheBasedUserCache">
		<property name="cache" ref="userEhCache" />
	</bean>
	
	<bean id="userEhCache" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
		<property name="cacheName" value="userCache" />
		<property name="cacheManager" ref="cacheManager" />
	</bean>
	

	<!-- 设置权限的前缀为AUTH_,而不是ROLE_。 -->
	<bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter">
    	<property name="rolePrefix" value="AUTH_"/>
    </bean>

	<!-- acl(access control list)缓存管理 -->
	<bean id="aclCache"
		class="org.springframework.security.acls.domain.EhCacheBasedAclCache">
		<constructor-arg ref="aclEhCache" />
	</bean>
	
	<bean id="aclEhCache" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
		<property name="cacheManager" ref="cacheManager" />
		<property name="cacheName" value="aclCache" />
	</bean>
	
</beans>



applicationContext-security.xml

<?xml version="1.0" encoding="UTF-8"?>

<b:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans 
	http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-3.0.xsd">


	<http auto-config="true" access-denied-page="/accessDenied.jsp">
		<!-- 不要过滤图片等静态资源 -->
		<intercept-url pattern="/**/*.jpg" filters="none" />
		<intercept-url pattern="/**/*.png" filters="none" />
		<intercept-url pattern="/**/*.gif" filters="none" />
		<intercept-url pattern="/**/*.css" filters="none" />
		<intercept-url pattern="/**/*.js" filters="none" />
		<!-- 登录页面和忘记密码页面不过滤  -->
		<intercept-url pattern="/login.jsp" filters="none" />
		<intercept-url pattern="/jsp/forgotpassword.jsp"
			filters="none" />  

		<form-login login-page="/login.jsp"
			authentication-failure-url="/login.jsp?error=true"
			default-target-url="/index.jsp" />

		<!-- "记住我"功能,采用持久化策略(将用户的登录信息存放在数据库表中) -->
		<remember-me data-source-ref="dataSource" />
		
		<!-- 检测失效的sessionId,超时时定位到另外一个URL -->
		<session-management invalid-session-url="/sessionTimeout.jsp" />
		
		<!-- 增加一个自定义的filter,放在FILTER_SECURITY_INTERCEPTOR之前,
		实现用户、角色、权限、资源的数据库管理。 11/3/23 -->
		<custom-filter ref="customFilter" before="FILTER_SECURITY_INTERCEPTOR"/> 
		
	</http>
	
	
	<!-- 一个自定义的filter,必须包含authenticationManager,
		accessDecisionManager,securityMetadataSource三个属性。 11/3/23  -->
	<b:bean id="customFilter" 
		class="com.gwtjs.spring.security.CustomFilterSecurityInterceptor">
		<b:property name="authenticationManager" 
			ref="authenticationManager"/>
		<b:property name="accessDecisionManager" 
			ref="customAccessDecisionManager"/>
		<b:property name="securityMetadataSource" 
			ref="customSecurityMetadataSource"/>
	</b:bean>
	

	<!-- 注意能够为authentication-manager 设置alias别名  -->
	<authentication-manager alias="authenticationManager">
		<authentication-provider user-service-ref="userDetailsManager">
			<password-encoder ref="passwordEncoder">
				<salt-source user-property="username" />
			</password-encoder>
		</authentication-provider>
	</authentication-manager>


	<!-- 访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源。11/3/23 -->
	<b:bean id="customAccessDecisionManager"
		class="com.gwtjs.spring.security.CustomAccessDecisionManager">
	</b:bean>  


	<!-- 资源源数据定义,将所有的资源和权限对应关系建立起来,即定义某一资源可以被哪些角色去访问。11/3/23 -->
	<b:bean id="customSecurityMetadataSource"
		class="com.gwtjs.spring.security.CustomInvocationSecurityMetadataSourceService">
	</b:bean> 

</b:beans>



下一篇:

使用Junit Test探究对象关系



flash8627
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
[spring security那点事儿]开发适用于自己系统的安全管理模块
quzishen的专栏
09-06 7736
<br />spring security2之后namespace方式使得在配置上大大降低了门槛,一个简单的基础<http auto-config='true'/>就可以搞定一个demo,如果你的系统接受那个单调而古板的ss默认的登录页面和英文的错误提示,那对于你而言,ss只是一个几句话的配置而已。<br />但是实际应用中,我们并不会有那么简单的场景,不管是从用户体验页面交互还是从系统架构,都几乎不太可能使用那个可怜巴巴的默认登陆页面。<br />一个 auto-config='true',ss默认加载了
spring-security3.0.7框架包介绍
lzhw1985的专栏
09-24 164
核心- spring-security-core.jar 包含核心的身份验证和访问contol类和接口,远程支持和API的基本配置。使用Spring Security的任何应用程序,它是必需的。 支持独立的应用程序,远程客户端的方法(服务层)的安全性和JDBC用户配置。包含顶层的包: org.springframework.security.core ...
java.lang.IllegalArgumentException: Cannot pass null or empty values to constructor at org.springf
romantic6666的博客
03-19 1479
我在做springsecurity和jwt结合的时候测试出现了问题,我想要测试创建token,就必须去builder springsecurity里面的User,但是在这里出现了问题。所以我在我的测试类中加上了password,密码随意。我们可以很清晰的发现他需要一个password。而我却缺失了password,所以抛出了异常。我们打一个断点,进到builder里面。结果自然是测试成功的。
Spring data mongodb @CreatedBy@LastModifiedBy@CreatedBy@LastModifiedBy SpringSecurityAuditorAware,只记...
weixin_30292843的博客
10-25 545
要在Spring data mongodb 中使用@CreatedBy@LastModifiedBy@CreatedBy@LastModifiedBy 这四个注解 必须实现SpringSecurityAuditorAware 官方代码 class SpringSecurityAuditorAware implements AuditorAware<User> { ...
SpringSecurity权限管理基本概念和整体架构介绍
写写平时的技术与感想
05-23 3303
Spring Security是⼀个功能强⼤、可⾼度定制的身份验证和访问控制框架。它是保护基于Spring的应⽤程序的事实标准。Spring Security是⼀个⾯向Java应⽤程序提供身份验证和安全性的框架。与所有Spring项⽬⼀样,Spring Security的真正威⼒在于它可以轻松地扩展以满⾜定制需求。是⼀个功能强⼤、可⾼度定制的身份验证和访问控制的框架。或者说⽤来实现系统中权限管理的框架。
spring-security-3.0.7.RELEASE.zip
10-14
Spring Security 3.0.7.RELEASE:深入解析与实战指南》 Spring Security是Java领域内广泛应用的一个安全框架,它为Web应用和企业级应用提供了全面的安全解决方案。本篇文章将详细探讨Spring Security 3.0.7....
spring3.0.7与cxf2.7.4整合jar包
03-24
提供的压缩包"spring3.0.7与cxf2.7.4整合jar包"正是为了简化这个过程,只包含整合所需的核心库,避免了下载大量不必要的依赖,对于初学者和快速原型开发来说非常实用。记得根据你的项目需求,将这些库添加到你的类...
spring-batch 3.0.7
05-24
这是一个java工程的demo,spring-batch 3.0.7所需的jar都在其中,需要自己建数据库,将两个sql文件运行(此步骤是必须的),然后直接run App.java即可。控制台会显示completed done,数据库的表中会有记录。
spring3.0.7帮助文档chm
10-10
spring 官方文档生成的chm文件 就是查看时总是报js错误 不知道怎么回事 但是不影响查看
cxf-2.7.3与spring3.0.7整合实例
06-03
**CXF 2.7.3 与 Spring 3.0.7 整合实例** 在企业级开发中,服务接口的实现与调用是非常重要的一环,Apache CXF 和 Spring 框架的结合提供了强大的支持。Apache CXF 是一个开源的、全面的Web服务框架,它允许开发者...
IllegalArgumentException: Cannot pass a null GrantedAuthority collection
JinYi_CSDN的博客
12-30 5915
查看报出的异常信息: java.lang.IllegalArgumentException: Cannot pass a null GrantedAuthority collection 即为:不能传递空的授予权限集合 protected void configure(AuthenticationManagerBuilder auth) throws Exception { ...
acegi security实践教程—访问系统中资源前必须登陆系统
dawuafang
04-30 212
问题: 处于安全角度,访问本系统时,是需要登陆才可以访问其下的资源。根据上篇博客的调试,我们发现,若其url在数据库中没有没有配置其角色,则是可以直接访问其url的。 那为了避免这种情况,我们如何改进自己的系统,进一步接近真实的企业开发呢? 概要: 这节我们将会讲到匿名权限securitycontext中随时都包含权限,而不是只有登录后才有。 进一步改进上一篇博客中自定义o...
SpringSecurity以及Oauth2(笔记)
weixin_46949627的博客
09-06 776
SpringSecurity以及Oauth2的基本使用
@ExceptionHandler不管用 spring security oauth2 自定义异常拦截InternalAuthenticationServiceException
热门推荐
老专家的博客
04-26 1万+
由于spring security的认证filter,使得认证异常不能通过DispatcherServlet,所以@ExceptionHandler处理不到 需要自定义 资源服务 异常处理过程 resources.authenticationEntryPoint 与 resources.accessDeniedHandler, 可以拦截并自定义处理 //AuthenticationEn...
Sprint Boot使用OAuth和JWT实现身份认证【二】
清雨小竹
02-28 1788
上一篇文章已经实现了自定义获取token方法和自定义过滤器,本篇文章对自定义类进行封装:文件结构:依赖:dependencies { compile('com.github.wenhao:jpa-spec:3.1.1') compile('io.springfox:springfox-swagger2:2.2.2') compile('io.springfox:sp...
spring boot security 没有合适的构造器
ajdxwz的博客
03-07 2060
bug 出现 在项目中使用spring security 进行用户登录验证,其中,出现了一个问题,久久不能解决 希望给遇到过同样的问题或者即将遇到这个问题的伙伴,一个参考 项目使用spring boot 和spring security进行开发,程序已经能正常运行,但是在打包项目时,会出现如下的编译错误。 项目打包时,遇到的错误,有时编译过,有时编译不过,反正各种不能编译 D5Utils...
authority解读
DearBaobo的博客
09-15 2453
$(’#XXX’).serialize(); 连载 .serialize() 方法创建以标准 URL 编码表示的文本字符串。它的操作对象是代表表单元素集合的 jQuery 对象。 result.map;map是STL的一个关联容器,它提供一对一(其中第一个可以称为关键字,每个关键字只能在map中出现一次,第二个可能称为该关键字的值)的数据处理能力 push() 方法可向数组的末尾添加一个或多个元...
SpringBoot+JWT+Spring Security实现登录鉴权
lsl520hah的博客
11-04 1344
1、配置pom文件,添加依赖 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency...
spring security oauth2 自定义异常拦截InternalAuthenticationServiceException
fuck487的博客
01-08 1万+
转:https://blog.csdn.net/c5113620/article/details/89576545 待完善
vue2安装router3.0.7指令
最新发布
07-12
要在Vue 2中安装Vue Router 3.0.7,您需要执行以下步骤: 1. 首先,确保您已经安装了Vue CLI。如果没有安装,请在命令行中运行以下命令进行安装: ``` npm install -g @vue/cli ``` 2. 创建一个新的Vue项目。在...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值