发现spring的配置是各种各样,刚才又发现了一个配置的方法,如下把sql写在配置文件里,但是我感觉这样不好,但也是个方式。
spring配置文件中定义 <authentication-provider> <jdbc-user-service data-source-ref="dataSource" users-by-username-query="select username,password,enabled from t_account where username=?" authorities-by-username-query="select r.descn from t_account_role ar join t_account a on ar.a_id=a.id join t_role r on ar.r_id=r.id where a.username=?"/> </authentication-provider> users-by-username-query:根据用户名查找用户 authorities-by-username-query:根据用户名查找这个用户所有的角色名,将用户访问的URL地址和 查询结果与<intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" />标签进行匹配。 匹配成功就允许访问,否则就返回到提示页面。
注意:users-by-username-query指定的查询,必须至少按顺序返回3列,列名必须是username,password,enabled authorities-by-username-query指定的查询,必须至少按顺序返回2列,第一列列名必须是username 第2列必须是权限的名字,与<intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" />中的 access匹配。 不能使用select *
下面把url资源放在数据库里,这样配置文件就不会暴露那么多的信息,并且便于管理
import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Set; import java.util.Map.Entry;
import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.SecurityConfig; import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
public class URLService implements FilterInvocationSecurityMetadataSource {
private UrlPathMatcher urlMatcher = new AntUrlPathMatcher();
private Map<String, Collection<ConfigAttribute>> map = null;
/** 自定义初始化方法,在spring启动的时候去数据库读取信息 */
public void init() {
this.map = new HashMap<String, Collection<ConfigAttribute>>();
for (Reource reource : URLDao.getAllReource()) {
map.put(recource.getUrl(), listToCollection(recource.getRoles()));
}
}
/** 把List<Role>转化为Collection<ConfigAttribute> */
public Collection<ConfigAttribute> listToCollection(List<Role> roles) {
Collection<ConfigAttribute> list = new ArrayList<ConfigAttribute>();
for (Role role : roles) {
list.add(new SecurityConfig(role.getRoleName()));
}
return list;
}
/**
* 得到所有的权限结合
*/
public Collection<ConfigAttribute> getAllConfigAttributes() {
Set<ConfigAttribute> set = new HashSet<ConfigAttribute>();
for (Entry<String, Collection<ConfigAttribute>> entry : this.map
.entrySet()) {
set.addAll(entry.getValue());
}
return set;
}
/**
* 根据请求的url来得到相应的权限集合
*/
public Collection<ConfigAttribute> getAttributes(Object object)
throws IllegalArgumentException {
FilterInvocation fi=(FilterInvocation)object;
String url=fi.getRequestUrl();
for(String dbUrl:this.map.keySet()){
if(urlMatcher.pathMatchesUrl(url,dbUrl)){
Collection<ConfigAttribute> returnCollection=map.get(dbUrl);
return returnCollection;
}
}
return null;
}
public boolean supports(Class<?> clazz) {
return true;
}
}
applicationContext。xml中这样配置
<!-- 配置自己的过滤器 -->
<beans:bean id="urlFilter" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="accessDecisionManager">
<beans:bean class="org.springframework.security.access.vote.AffirmativeBased">
<beans:property name="decisionVoters">
<beans:list>
<beans:bean class="org.springframework.security.access.vote.RoleVoter"></beans:bean>
</beans:list>
</beans:property>
</beans:bean>
</beans:property>
<beans:property name="securityMetadataSource" ref="URLService"/>
</beans:bean>
<beans:bean id="URLService" class="URLService"/>
将自己的过滤器配置到FILTER_SECURITY_INTERCEPTOR之前
<http access-denied-page="/error.jsp" auto-config="true" use-expressions="true">
<form-login login-page="/login.jsp" always-use-default-target="true" authentication-failure-url="/login.jsp?login_error=1" default-target-url="/servlet/LoginServlet" /> <custom-filter ref="urlFilter" before="FILTER_SECURITY_INTERCEPTOR"/> <http-basic /> <!-- 防止重复登录(web。xml中需配置过滤器) --> <session-management invalid-session-url="/sessionOuttime.jsp"> <!-- 只能有一个登录,第二个将会替代第一个 --> <concurrency-control max-sessions="1"/> <!-- 防止第二次登录 <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>--> </session-management> </http>
时间有限就这样先!
扫一扫
536
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
