基于spring security3的权限 应用

最新推荐文章于 2024-09-14 18:46:05 发布
最新推荐文章于 2024-09-14 18:46:05 发布
阅读量125 收藏
点赞数
文章标签: java 数据库 测试
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/iteye_8024/article/details/82326301
版权
1.创建mavn项目,导入一些必须的包:
pom.xml 
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>com.ymq</groupId>
	<artifactId>map</artifactId>
	<packaging>war</packaging>
	<version>0.0.1-SNAPSHOT</version>
	<name>map Maven Webapp</name>
	<url>http://maven.apache.org</url>
	<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
		<hibernate-annotations.version>3.4.0.GA</hibernate-annotations.version>
		<hibernate-c3p0.version>3.3.2.GA</hibernate-c3p0.version>
		<hibernate-validator.version>4.0.2.GA</hibernate-validator.version>
		<hibernate.show_sql>true</hibernate.show_sql>
		<m.jdbc.url>jdbc:mysql://172.19.4.157/wxps</m.jdbc.url>
		<m.jdbc.username>root</m.jdbc.username>
		<m.jdbc.password>admin</m.jdbc.password>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
	</properties>
	<dependencies>
		<dependency>
			<groupId>org.slf4j</groupId>
			<artifactId>slf4j-log4j12</artifactId>
			<version>1.6.1</version>
		</dependency>
		<dependency>
			<groupId>opensymphony</groupId>
			<artifactId>sitemesh</artifactId>
			<version>2.4.1</version>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-orm</artifactId>
			<version>3.0.5.RELEASE</version>
		</dependency>

		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-taglibs</artifactId>
			<version>3.0.5.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-config</artifactId>
			<version>3.0.5.RELEASE</version>
		</dependency>

		<dependency>
        	<groupId>mysql</groupId>
        	<artifactId>mysql-connector-java</artifactId>
        	<version>5.0.5</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-webmvc</artifactId>
			<version>3.0.5.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-test</artifactId>
			<version>3.0.5.RELEASE</version>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>commons-lang</groupId>
			<artifactId>commons-lang</artifactId>
			<version>2.5</version>
		</dependency>
		<dependency>
			<groupId>commons-io</groupId>
			<artifactId>commons-io</artifactId>
			<version>1.4</version>
		</dependency>
		<dependency>
			<groupId>commons-fileupload</groupId>
			<artifactId>commons-fileupload</artifactId>
			<version>1.2.2</version>
		</dependency>
		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>servlet-api</artifactId>
			<version>2.5</version>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>jstl</artifactId>
			<version>1.2</version>
			<type>jar</type>
			<scope>compile</scope>
		</dependency>
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-annotations</artifactId>
			<version>${hibernate-annotations.version}</version>
		</dependency>
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-c3p0</artifactId>
			<version>${hibernate-c3p0.version}</version>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>org.javassist</groupId>
			<artifactId>javassist</artifactId>
			<version>3.14.0-GA</version>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-proxool</artifactId>
			<version>3.3.2.GA</version>
			<scope>runtime</scope>
		</dependency>
	</dependencies>
	<build>
		<finalName>map</finalName>
		<plugins>
			<plugin>
				<groupId>org.codehaus.mojo</groupId>
				<artifactId>tomcat-maven-plugin</artifactId>
				<version>1.1</version>
				<configuration>
					<path>/</path>
					<port>8088</port>
					<warSourceDirectory>src/main/webapp</warSourceDirectory>
					<tomcatWebXml>webapp/WEB-INF/web.xml</tomcatWebXml>
				</configuration>
			</plugin>
		</plugins>
	</build>
</project>

2.编写web.xml 
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee   
                         http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>classpath:spring-*.xml</param-value>
	</context-param>

	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>

	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<filter>
		<filter-name>characterEncodingFilter</filter-name>
		<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
		<init-param>
			<param-name>encoding</param-name>
			<param-value>utf8</param-value>
		</init-param>
		<init-param>
			<param-name>forceEncoding</param-name>
			<param-value>true</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>characterEncodingFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.png</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.gif</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.jpg</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.js</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.css</url-pattern>
	</servlet-mapping>
	<servlet>
		<servlet-name>dispatcher</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<init-param>
			<param-name>contextConfigLocation</param-name>
			<param-value>classpath:spring-dispatcher.xml</param-value>
		</init-param>
		<load-on-startup>2</load-on-startup>
	</servlet>

	<servlet-mapping>
		<servlet-name>dispatcher</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping>

	<filter>
		<filter-name>sitemesh</filter-name>
		<filter-class>com.opensymphony.sitemesh.webapp.SiteMeshFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>sitemesh</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<context-param>
		<param-name>log4jConfigLocation</param-name>
		<param-value>classpath:log4j.properties</param-value>
	</context-param>
	<welcome-file-list>
		<welcome-file>login.jsp</welcome-file>
	</welcome-file-list>
</web-app>


3.编写spring-security.xml 
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
     xmlns:beans="http://www.springframework.org/schema/beans"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/security
            http://www.springframework.org/schema/security/spring-security-3.0.xsd">


   <http auto-config="true" use-expressions="true">
   		<custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
   		<intercept-url pattern="/login" filters="none"/>  
   		<form-login login-page="/login"
	   		authentication-failure-url="/login?auth-failure=true" 
	   		default-target-url="/index"/>
	   	<logout logout-success-url="/login?logout-success=true"/>
	   	<access-denied-handler error-page="/WEB-INF/jsp/error/403"/>

   </http>

   <beans:bean id="myFilter" class="security.MyFilterSecurityInterceptor">
   		<!-- 用户拥有的权限 -->
   		<beans:property name="authenticationManager" ref="myAuthenticationManager"/>
   		<!-- 用户是否拥有所请求资源的权限 -->
   		<beans:property name="accessDecisionManager" ref="myAccessDecisionManager"/>
   		<!-- 资源与权限对应关系 -->
   		<beans:property name="securityMetadataSource" ref="mySecurityMetadataSource"></beans:property>
   </beans:bean>
   <!-- 配置userDetailsService 来指定用户和权限: -->
   <authentication-manager alias="myAuthenticationManager">
   		<authentication-provider user-service-ref="userDetailsService"/>
   </authentication-manager>
   <beans:bean id="userDetailsService" class="security.MyUserDetailsService"/>       
   <beans:bean id="myAccessDecisionManager" class="security.MyAccessDecisionManager"/>
   <beans:bean id="mySecurityMetadataSource" class="security.MySecurityMetadataSource" init-method="initResourceMap"/>
</beans:beans>

4.编写spring-despatcher 
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
	xmlns:p="http://www.springframework.org/schema/p"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:mvc="http://www.springframework.org/schema/mvc"
	xsi:schemaLocation="http://www.springframework.org/schema/beans  http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
	http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">


	<context:component-scan base-package="dispatcher"/>
	<!-- 显示层采用JSTL -->
	<bean id="viewResolver"
		class="org.springframework.web.servlet.view.InternalResourceViewResolver">
		<property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
		<property name="prefix" value="/WEB-INF/jsp/" />
		<property name="suffix" value=".jsp" />
	</bean>

	<bean id="multipartResolver"
		class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
		<property name="maxUploadSize" value="30000000" />
	</bean>

    <bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
        <property name="basename" value="classpath:messages"/>
        <property name="defaultEncoding" value="utf-8"/>
    </bean>

</beans>


5.编写datasource配置文件 

<?xml version="1.0" encoding="utf-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:p="http://www.springframework.org/schema/p" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:util="http://www.springframework.org/schema/util" xmlns:jee="http://www.springframework.org/schema/jee"
	xmlns:lang="http://www.springframework.org/schema/lang" xmlns:jms="http://www.springframework.org/schema/jms"
	xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop"
	xmlns:context="http://www.springframework.org/schema/context"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
                           http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.0.xsd
                           http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang-3.0.xsd
                           http://www.springframework.org/schema/jms http://www.springframework.org/schema/jms/spring-jms-3.0.xsd
                           http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
                           http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">


   <context:property-placeholder location="classpath:/resource.properties" />
   <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close">
   		<property name="driverClass" value="${jdbc.driverClassName}"/>
   		<property name="jdbcUrl" value="${jdbc.url}"/>
   		<property name="user" value="${jdbc.username}"/>
   		<property name="password" value="${jdbc.password}"/>
   		<property name="idleConnectionTestPeriod" value="120"/>
  	</bean>
  	<bean id="sessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
  		<property name="dataSource" ref="dataSource"/>
  		<property name="schemaUpdate" value="${hibernate.schemaUpdate}"/>
  		<property name="packagesToScan" value="${hibernate.packageScan}"/>
		<property name="hibernateProperties">
			<value>
				hibernate.dialect ${hibernate.dialect}
				hibernate.show_sql ${hibernate.show_sql}
			</value>
		</property>
	</bean>
</beans>


5.编写resource.properties 
#datasource
jdbc.driverClassName		org.gjt.mm.mysql.Driver
jdbc.url					jdbc:mysql://172.19.4.157/ss
jdbc.username				root
jdbc.password				admin

#hibernate
hibernate.dialect             org.hibernate.dialect.MySQL5InnoDBDialect
hibernate.show_sql            true
hibernate.schemaUpdate        true
hibernate.packageScan		  entity

6.编写spring applicationContext.xml 
<?xml version="1.0" encoding="utf-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:p="http://www.springframework.org/schema/p"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:util="http://www.springframework.org/schema/util"
	xmlns:jee="http://www.springframework.org/schema/jee"
	xmlns:lang="http://www.springframework.org/schema/lang"
	xmlns:jms="http://www.springframework.org/schema/jms"
	xmlns:tx="http://www.springframework.org/schema/tx"
	xmlns:aop="http://www.springframework.org/schema/aop"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:task="http://www.springframework.org/schema/task"
	xmlns:mvc="http://www.springframework.org/schema/mvc"
	xsi:schemaLocation="http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang-3.0.xsd
		http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.0.xsd
		http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
		http://www.springframework.org/schema/jms http://www.springframework.org/schema/jms/spring-jms-3.0.xsd
		http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.0.xsd
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
		http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">

		<import resource="spring-datasource.xml"/>

		<context:component-scan base-package="*" />

		<bean id="transactionManager" 
			class="org.springframework.orm.hibernate3.HibernateTransactionManager"
			p:sessionFactory-ref="sessionFactory" 
		/>
</beans>


7.实现spring security3 AccessDecisionManager,AbstractSecurityInterceptor,FilterInvocationSecurityMetadataSource,UserDetailsService和UserDetails类 


/**
 * 
 */
package security;

import java.util.Collection;
import java.util.Iterator;

import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/**
 * @author administrator
 *
 */
public class MyAccessDecisionManager implements AccessDecisionManager{


	public void decide(Authentication authentication, Object object,
			Collection<ConfigAttribute> configAttributes)
			throws AccessDeniedException, InsufficientAuthenticationException {
		if(configAttributes == null){
	          return ;
	      }
	      System.out.println(object.toString()); //objectis a URL.
	      Iterator<ConfigAttribute>ite=configAttributes.iterator();
	      while(ite.hasNext()){
	          ConfigAttribute ca=ite.next();
	          String needRole=((SecurityConfig)ca).getAttribute();
	          for(GrantedAuthority ga:authentication.getAuthorities()){
	              if(needRole.equals(ga.getAuthority())){ //ga isuser's role.
	                  return;
	              }
	          }
	      }
	      throw new AccessDeniedException("");
	}


	public boolean supports(ConfigAttribute attribute) {
		return true;
	}


	public boolean supports(Class<?> clazz) {
		return true;
	}

}
/**
 * 
 */
package security;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.access.intercept.InterceptorStatusToken;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;

/**
 * @author administrator
 *
 */
public class MyFilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter{


	private FilterInvocationSecurityMetadataSource securityMetadataSource;

	public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() {
		return securityMetadataSource;
	}

	public void setSecurityMetadataSource(
			FilterInvocationSecurityMetadataSource securityMetadataSource) {
		this.securityMetadataSource = securityMetadataSource;
	}


	public void init(FilterConfig filterConfig) throws ServletException {
		// TODO Auto-generated method stub
		System.out.println(filterConfig);
	}


	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		FilterInvocation fi = new FilterInvocation(request,response,chain);
		InterceptorStatusToken token = super.beforeInvocation(fi);
		try{
			fi.getChain().doFilter(request, response);
		}finally{
			super.afterInvocation(token, null);
		}

	}


	public void destroy() {
		// TODO Auto-generated method stub

	}


	@Override
	public Class<? extends Object> getSecureObjectClass() {
		// TODO Auto-generated method stub
		return FilterInvocation.class;
	}


	@Override
	public SecurityMetadataSource obtainSecurityMetadataSource() {
		return this.securityMetadataSource;
	}


}
/**
 * 
 */
package security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.AntUrlPathMatcher;
import org.springframework.security.web.util.UrlMatcher;
import org.springframework.stereotype.Service;

import service.SecurityService;
import entity.Role;
import entity.Url;

/**
 * @author administrator
 *
 */
@Service
public class MySecurityMetadataSource implements FilterInvocationSecurityMetadataSource{

	@Autowired
	private SecurityService securityService;

	public static Map<String, Collection<ConfigAttribute>> resourceMap = null;  
	private UrlMatcher urlMatcher = new AntUrlPathMatcher();;

	public void initResourceMap(){
		resourceMap = new HashMap<String,Collection<ConfigAttribute>>();
		List<Url> urls = securityService.listUrls();
		for(Url url:urls){
			Collection<ConfigAttribute> configAttributes = new ArrayList<ConfigAttribute>();
			for(Role r:url.getRoles()){
				configAttributes.add(new SecurityConfig(r.getName()));
			}
			resourceMap.put(url.getUrl(), configAttributes);
		}

	}

	public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
		String url = ((FilterInvocation)object).getRequestUrl();
		Iterator<String> ite =resourceMap.keySet().iterator();
		while (ite.hasNext()) {
			String resURL = ite.next();
			if (urlMatcher.pathMatchesUrl(url, resURL)) {
				return resourceMap.get(resURL);
			}
		}
		return null;
	}


	public Collection<ConfigAttribute> getAllConfigAttributes() {
		return null;
	}


	public boolean supports(Class<?> clazz) {
		return true;
	}

}
package security;

import java.util.ArrayList;
import java.util.Collection;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import dao.UserDao;
import entity.Role;
import entity.User;

@Service
public class MyUserDetailsService implements UserDetailsService {

	@Autowired
	private UserDao userDao;

	public UserDetails loadUserByUsername(String username)
			throws UsernameNotFoundException, DataAccessException {

		User u = userDao.listByName(username);
		UserDetailsImpl userDetails = null;
		if(u!=null){
			Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
			for(Role r:u.getRoles()){
				authorities.add(new GrantedAuthorityImpl(r.getName()));
			}
			userDetails = new UserDetailsImpl(u);
			userDetails.setAuthorities(authorities);
		}
		return userDetails;
	}

}
package security;

import java.util.Collection;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import entity.User;

public class UserDetailsImpl extends User implements UserDetails{

	private Collection<GrantedAuthority> authorities;
	private static final long serialVersionUID = 1L;
	private boolean accountNonExpired;
	private boolean accountNonLocked;
	private boolean credentialsNonExpired;
	private boolean enabled;
	public void setEnabled(boolean enabled) {
		this.enabled = enabled;
	}

	public UserDetailsImpl(User u){
		this.accountNonExpired = true;
		this.accountNonLocked = true;
		this.credentialsNonExpired = true;
		this.setEnabled(true);
		this.setPassword(u.getPassword());
		this.setUsername(u.getUsername());
		//this.setAuthorities(u.getAuthorities());
		this.setRemark(u.getRemark());
	}

	public void setAccountNonExpired(boolean accountNonExpired) {
		this.accountNonExpired = accountNonExpired;
	}

	public void setAccountNonLocked(boolean accountNonLocked) {
		this.accountNonLocked = accountNonLocked;
	}

	public void setCredentialsNonExpired(boolean credentialsNonExpired) {
		this.credentialsNonExpired = credentialsNonExpired;
	}

	public Collection<GrantedAuthority> getAuthorities() {
		return this.authorities;
	}

	public void setAuthorities(Collection<GrantedAuthority> authorities) {
		this.authorities = authorities;
	}


	public boolean isAccountNonExpired() {
		return this.accountNonExpired;
	}

	public boolean isAccountNonLocked() {
		return this.accountNonLocked;
	}

	public boolean isCredentialsNonExpired() {
		return this.credentialsNonExpired;
	}


	public boolean isEnabled() {
		return this.enabled;
	}


}



不想详解!
iteye_8024
关注
Spring Security配置权限应用限制
冲出仁川,走出马德里,故事还会再继续
02-21 1058
Spring Security配置权限应用限制1、匹配器说明2、使用匹配器方法选择端点2.1 控制器类的定义2.2 配置类的定义2.3 测试2.4 补充:让所有经过身份验证的用户都可以访问其他请求3、三种匹配器3.1 使用MVC匹配器选择用于授权的请求3.1.1 为其配置授权的4个端点的定义3.1.2 UserDetailsService定义3.1.3 用于第一个场景/a的授权配置3.1.4 调用测试3.1.5 其他配置3.2 使用Ant匹配器选择用于授权的请求3.2.1 控制器类种/hello端点的定义
spring security原理和机制 | Spring Boot 35
学Java,找哪吒
06-25 5万+
一、SpringSecurity 框架简介 Spring 是非常流行和成功的 Java 应用开发框架,Spring Security 正是 Spring 家族中的 成员。Spring Security 基于 Spring 框架,提供了一套 Web 应用安全性的完整解决方 案。 正如你可能知道的关于安全方面的两个主要区域是“认证”和“授权”(或者访问控 制),一般来说,Web 应用的安全性包括用户认证(Authentication)和用户授权 (Authorization)两个部分,这两点也是 Spring
实现基于Spring Security权限管理系统
技术研究中心
07-06 1500
通过有效的权限管理,可以确保应用程序的安全性,防止未经授权的用户访问敏感数据。Spring Security是一个强大且灵活的安全框架,能够帮助我们轻松实现复杂的权限管理系统。Spring SecuritySpring框架的一个子项目,提供了全面的安全服务,包括身份验证和授权。本文详细介绍了如何使用Spring Security实现一个基于角色和权限权限管理系统。从依赖配置、数据库设计、用户认证与授权,到安全配置和前端页面展示,全面覆盖了一个完整权限管理系统的实现步骤。实现简单的控制器来处理请求。
Spring Security 详解
热门推荐
qq_22075913的博客
06-06 11万+
Spring SecuritySpring家族中的一个安全管理框架。相比与另外一个安全框架Shiro,它提供了更丰富的功能,社区资源也比Shiro丰富。一般来说中大型的项目都是使用SpringSecurity来做安全框架。小项目有Shiro的比较多,因为相比与SpringSecurity,Shiro的上手更加的简单。​ 一般Web应用的需要进行认证和授权。​ 而认证和授权也是SpringSecurity作为安全框架的核心功能。视频地址:​ 我们先要搭建一个简单的SpringBoot工程① 设置父工
如何利用SpringSecurity进行认证与授权
qq_63218110的博客
02-14 4810
本篇博客主要介绍SpringSecurity框架的学习,主要包含快速入门,以及认证、授权等方面的介绍,还涉及一些简单的自定义授权校验方法。
SpringSecurity
Java 技术专栏,从入门到精通,熟悉企业级开发
04-20 1万+
一般来说,Web 应用的安全性包括用户认证(Authentication)和用户授权 (Authorization)两个部分,这两点也是 Spring Security 重要核心功能。(1)用户认证指的是:验证某个用户是否为系统中的合法主体,也就是说用户能否访问 该系统。用户认证一般要求用户提供用户和密码。系统通过校验用户和密码来完成认 证过程。通俗点说就是系统认为用户是否能登录。(2)用户授权指的是验证某个用户是否有权限执行某个操作。在一个系统中,不同用户 所具有的权限是不同的。
SpringSecurity - 基于 Servlet 的应用程序
铠の魂博客
07-18 594
SpringSecurity 学习指南大全Spring Security 使用标准的 Servlet Filter(过滤器) 来与 Servlet 容器进行集成。也就是说它可以与运行在 Servlet 容器中的任何应用程序一起工作。更具体地说,您可以在基于 Servlet 的应用程序中不使用 Spring 来整合 Spring Security。本节将介绍如何在 SpringBoot 中快速使用 SpringSecurity。 除了 Web 其它可以按需引入即可。 编写 Hello 接口和 SpringB
互联网分布式应用SpringSecurity
m0_52514893的博客
01-02 1401
前面介绍的注解的权限管理可以控制用户是否具有这个操作的权限,但是当用户具有了这个权限后进入到具体的操作页面,这时我们还有进行更细粒度的控制,这时注解的方式就不太适用了,这时我们可以通过标签来处里。它提供了完善的认证机制和方法级的授权功能。Spring的初始化操作和SpringSecurity有关系的操作是,会加载介绍SpringSecurity的配置文件,将相关的数据添加到Spring容器中。前面的案例我们的账号信息是直接写在配置文件中的,这显然是不太好的,我们来介绍小如何实现和数据库中的信息进行认证。
基于Spring Boot 3 + Spring Security6 + JWT + Redis实现登录、token身份认证
程序员雅痞的博客
03-28 7618
基于Spring Boot3实现Spring Security6 + JWT + Redis实现登录、token身份认证。
基于 Spring Security URL 级别的安全访问控制
FireFox1997
07-03 352
URL 级别的安全访问控制是指根据用户的角色或权限来限制对特定 URL 或 URL 模式的访问。这种方式可以确保只有被授权的用户才能访问某些敏感的资源或执行特定的操作。首先,需要创建一个类来扩展并重写其方法来配置安全规则。
基于 Spring Boot 3Spring Security 6Vue.js 3 的前后端分离式论坛系统
04-03
Spring Security 是一个全面的安全框架,用于保护基于Spring应用Spring Security 6 可能包括改进的身份验证和授权机制、支持最新的OAuth2标准以及增强的加密和安全配置选项。在这个论坛系统中,它扮演着核心角色...
如何基于spring security实现在线用户统计
08-19
Spring Security 是一个基于Spring Framework的安全框架,它提供了一个灵活、可扩展、可配置的安全解决方案。Spring Security 提供了许多功能,包括身份验证、授权、加密、会话管理等。 在线用户统计的重要性 在线...
springboot springsecurity动态权限控制
09-18
在这个“springboot springsecurity动态权限控制”的主题中,我们将深入探讨如何在Spring Boot项目中集成Spring Security,实现动态权限控制,让菜单权限的管理更加灵活和高效。 首先,我们需要理解Spring Security...
Spring Security基于JWT实现SSO单点登录详解
08-25
Spring Security 基于 JWT 实现 SSO 单点登录详解 基于 Spring Security 框架和 JWT(JSON Web Token)技术,可以实现 SSO(Single Sign-On)单点登录系统。SSO 是一种常见的身份验证机制,允许用户使用同一个...
Spring security认证授权
11-30
它提供了全面的安全解决方案,包括用户认证、权限授权、会话管理、CSRF防护以及基于HTTP的访问控制。在这个例子中,我们将深入探讨如何使用Spring Security进行认证和授权,并结合数据库操作进行动态配置。 首先,...
Java-网络
最新发布
2301_81543552的博客
09-14 720
Java中的网络编程主要涉及使用Socket类进行网络通信,以及理解各种网络协议。以下是一些关键概念和示例代码,帮助您入门。
自动生成不重复的订单id
ClaireCheney的博客
09-13 305
【代码】自动生成不重复的订单id。
【学习笔记】手写 Tomcat 三
LearnTech_123的博客
09-12 1164
响应动态资源不需要写文件了,只需要写功能的称即可。比如登录功能,可以定义称为 doLogin
Java项目: 基于SpringBoot+mybatis+maven课程答疑系统(含源码+数据库+毕业论文)
weixin_43860634的博客
09-14 767
Java项目: 基于SpringBoot+mybatis+maven课程答疑系统(含源码+数据库+毕业论文)
Spring Security 3 应用安全配置详解
Spring Security 3.x版本是其最新迭代,它提供了广泛的安全特性,包括用户认证(Authentication)和权限授权(Authorization)。 1. 认证(Authentication) 认证过程旨在确认用户的身份,确保用户是他们声称的...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值