使用SpringSecurity注意事项:
1.在设置权限时,权限限制应该设置在拦截设置之前
.antMatchers("/level1/**") //设置匹配/level1/**的地址
.hasRole("学徒") //要求具备“学徒”角色
.antMatchers("/level2/**")
.hasRole("大师")
.antMatchers("/level3/**")
.hasRole("宗师")
.anyRequest() //其实未设置的所有请求
.authenticated() //需要认证才可以访问
此外,权限和角色设置时,除了角色需要加上“ROLE_”,还需注意角色设置应该在权限设置之前:
.antMatchers("/level3/**")
.hasRole("大师") //角色设置
.antMatchers("/level3/**")
.hasAuthority("宗师") //权限设置
自定义USerDetailsSerVic类:
@Component
public class MyUserDetailService implements UserDetailsService {
@Autowired
private JdbcTemplate jdbcTemplate;
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
String Sql = "select id,loginacct,userpswd,username,email,createtime from t_admin where loginacct = ?";
Map<String, Object> stringObjectMap = jdbcTemplate.queryForMap(Sql, username);
String loginacct = stringObjectMap.get("loginacct").toString();
String userpswd = stringObjectMap.get("userpswd").toString();
List<GrantedAuthority> authorities = new ArrayList();
authorities.add(new SimpleGrantedAuthority("ROLE_学徒"));
authorities.add(new SimpleGrantedAuthority("宗师"));
User user = new User(loginacct, userpswd, authorities);
return user;
}
}