接着上一篇讲的,接下来讲权限
先建立数据库idea,然后表中有role,user_role,user
这是pom.xml中导入架包
<spring.security.version>5.0.1.RELEASE</spring.security.version>
这是版本号一定导入
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.security.version}</version>
</dependency>
在web中加入如下代码,过滤器的作用
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
使得IUserService 继承UserDetailsService
这时UserService 会出现爆红,需要加方法
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
UserInfo userInfo = userDao.findByUserName(username);
List<Role> roles = roleDao.findRoleByUserId(userInfo.getId());
userInfo.setRoles(roles);
User user = new User(userInfo.getUsername(),"{noop}"+userInfo.getPassword(),getAuthority(roles));
return user;
}
private Collection<? extends GrantedAuthority> getAuthority(List<Role> roles)
{
List<SimpleGrantedAuthority> list=new ArrayList<>();
for(Role role: roles)
{
list.add(new SimpleGrantedAuthority("ROLE_"+role.getRoleName()));
}
return list;
}
在bean中新增类Role,有属性 id,roleName,roleDesc,并且加上get,set,
和toString方法。
public String toString() {
return "Role{" +
"id=" + id +
", roleName='" + roleName + '\'' +
", roleDesc='" + roleDesc + '\'' +
'}';
}
在dao里边加入接口IRoleDao
import java.util.List;
public interface IRoleDao {
List<Role> findRoleByUserId(int userId);
}
生成rolemapper.xml里面的内容是
<mapper namespace="com.zhongruan.dao.IRoleDao" >
<select id="findRoleByUserId" parameterType="int" resultType="com.zhongruan.bean.Role">
select *from role where id in(select roleId from users_role where userId=#{userId})
</select>
</mapper>
在aside里加入代码
<p>
<security:authentication property="principal.username"></security:authentication>
</p>
<ul class="treeview-menu">
<li id="system-setting">
<security:authorize access="hasRole('ADMIN')">
在head里边加入
<%@taglib prefix="security" uri="http://www.springframework.org/security/tags"%>
最后的界面就是这样,小伙伴学会了吗?