spring security 3 简单例子(自定义权限)

最新推荐文章于 2024-06-03 08:18:14 发布
最新推荐文章于 2024-06-03 08:18:14 发布
阅读量1.1k 收藏
点赞数 7
分类专栏: Spring
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/mn960mn/article/details/30867037
版权

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns="http://java.sun.com/xml/ns/javaee"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
	id="WebApp_ID" version="3.0">

	<display-name>spring3</display-name>

	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>classpath:applicationContext-*.xml</param-value>
	</context-param>

	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>

	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/jd/*</url-pattern>
	</filter-mapping>
 	
	<servlet>
		<servlet-name>market</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>

	<servlet-mapping>
		<servlet-name>market</servlet-name>
		<url-pattern>/jd/*</url-pattern>
	</servlet-mapping>

</web-app>

market-servlet.xml 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:mvc="http://www.springframework.org/schema/mvc"
	xsi:schemaLocation="
        http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context.xsd">

	 <context:annotation-config />
	 <mvc:annotation-driven />  
	
	<context:component-scan base-package="cn.cloud.controller"></context:component-scan>

	<bean id="viewResolver"
		class="org.springframework.web.servlet.view.InternalResourceViewResolver">
		<property name="viewClass"
			value="org.springframework.web.servlet.view.JstlView" />
		<property name="prefix" value="/page" />
		<property name="suffix" value="" />
	</bean>

</beans>

applicationContext-security.xml 

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans 
						http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
                        http://www.springframework.org/schema/security 
                        http://www.springframework.org/schema/security/spring-security-3.2.xsd">

	<http pattern="/jd/auth/*" security="none"></http>

	<http access-denied-page="/jd/auth/denied" use-expressions="true">

		<form-login login-page="/jd/auth/login" default-target-url="/jd/bbs/show"
			login-processing-url="/jd/j_spring_security_check"
			authentication-failure-url="/jd/auth/login?msg=error" />

		<custom-filter before="FILTER_SECURITY_INTERCEPTOR" ref="filterInvocationInterceptor" />
	</http>
	
	<b:bean id="cloudAccessDecisionManager" class="cn.cloud.service.auth.CloudAccessDecisionManager"></b:bean>
	<b:bean id="securityMetadataSource" class="cn.cloud.service.auth.CloudSecurityMetadataSource" />

	<b:bean id="filterInvocationInterceptor" class="cn.cloud.service.auth.CloudSecurityFilter">
		<b:property name="authenticationManager" ref="authenticationManager" />
		<b:property name="accessDecisionManager" ref="cloudAccessDecisionManager" />
		<b:property name="securityMetadataSource" ref="securityMetadataSource" />
	</b:bean>
	
	
	<b:bean id="cloudUserDetailsService" class="cn.cloud.service.auth.CloudUserDetailsService"></b:bean>

	<authentication-manager alias="authenticationManager">
		<authentication-provider user-service-ref="cloudUserDetailsService"></authentication-provider>
	</authentication-manager>
	
</b:beans>

DemoController.java 

package cn.cloud.controller;

import javax.servlet.http.HttpServletRequest;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

@Controller
public class DemoController 
{
	@RequestMapping(value="/auth/login")
	public String login(HttpServletRequest request)
	{
		return "/auth/login.jsp";
	}
	
	@RequestMapping(value="/auth/logout", produces="text/html;charset=UTF-8")
	@ResponseBody()
	public String logout()
	{
		return "<h1>this is auth.logout</h1>";
	}
	
	@RequestMapping(value="/auth/denied", produces="text/html;charset=UTF-8")
	@ResponseBody()
	public String denied()
	{
		return "<h1 style='color:red;'>no right</h1>";
	}
	
	@RequestMapping("/admin/list")
	@ResponseBody()
	public String index(HttpServletRequest request)
	{
		request.getSession().setAttribute("user", "admin");
		return "<h1>this is admin.list</h1>";
	}
	
	@RequestMapping("/admin/access")
	@ResponseBody()
	public String access(HttpServletRequest request)
	{
		String user = (String)request.getSession().getAttribute("user");
		return "<h1>this is admin.acccess<br />login user is "+user+"</h1>";
	}
	
	@RequestMapping("/hr/job")
	@ResponseBody()
	public String job()
	{
		return "<h1>this is hr.job</h1>";
	}
	
	@RequestMapping("/hr/employ")
	@ResponseBody()
	public String employ()
	{
		return "<h1>this is hr.employ</h1>";
	}
	
	@RequestMapping(value="/bbs/show", produces="text/html;charset=UTF-8")
	@ResponseBody()
	public String bbs(HttpServletRequest request)
	{
		return "<h1>this is bbs.show</h1>";
	}
	
	@RequestMapping(value="/blog/show", produces="text/html;charset=UTF-8")
	@ResponseBody()
	public String blog()
	{
		return "<h1>this is list.blog</h1>";
	}
}

CloudUserDetails.java 

package cn.cloud.bean.auth;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

public class CloudUserDetails implements UserDetails 
{
	private static final long serialVersionUID = 1L;
	
	private String username;
	
	public CloudUserDetails(String username)
	{
		this.username = username;
	}
	public Collection<? extends GrantedAuthority> getAuthorities() 
	{
		return UserRole.getRoles(username);
	}
	public String getPassword()
	{
		return username;
	}
	public String getUsername()
	{
		return username;
	}
	public boolean isAccountNonExpired() 
	{
		return true;
	}
	public boolean isAccountNonLocked() 
	{
		return true;
	}
	public boolean isCredentialsNonExpired() 
	{
		return true;
	}
	public boolean isEnabled() 
	{
		return true;
	}
	public boolean equals(Object obj)
	{
		CloudUserDetails other = (CloudUserDetails)obj;
		
		return this.getUsername().equals(other.getUsername());
	}
}
class UserRole
{
	private static Map<String, Collection<SimpleGrantedAuthority>> map = new HashMap<>();
	
	static
	{
		map.put("user", new ArrayList<SimpleGrantedAuthority>());
		map.put("hr", new ArrayList<SimpleGrantedAuthority>());
		map.put("boss", new ArrayList<SimpleGrantedAuthority>());
		
		map.get("user").add(new SimpleGrantedAuthority("ROLE_USER"));
		
		map.get("hr").add(new SimpleGrantedAuthority("ROLE_HR"));
		map.get("hr").add(new SimpleGrantedAuthority("ROLE_USER"));
		
		map.get("boss").add(new SimpleGrantedAuthority("ROLE_USER"));
		map.get("boss").add(new SimpleGrantedAuthority("ROLE_HR"));
		map.get("boss").add(new SimpleGrantedAuthority("ROLE_BOSS"));
	}
	
	private UserRole(){}
	
	public static Collection<SimpleGrantedAuthority> getRoles(String username)
	{
		return map.get(username);
	}
}

CloudUserDetails.java 

package cn.cloud.bean.auth;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

public class CloudUserDetails implements UserDetails 
{
	private static final long serialVersionUID = 1L;
	
	private String username;
	
	public CloudUserDetails(String username)
	{
		this.username = username;
	}
	public Collection<? extends GrantedAuthority> getAuthorities() 
	{
		return UserRole.getRoles(username);
	}
	public String getPassword()
	{
		return username;
	}
	public String getUsername()
	{
		return username;
	}
	public boolean isAccountNonExpired() 
	{
		return true;
	}
	public boolean isAccountNonLocked() 
	{
		return true;
	}
	public boolean isCredentialsNonExpired() 
	{
		return true;
	}
	public boolean isEnabled() 
	{
		return true;
	}
	public boolean equals(Object obj)
	{
		CloudUserDetails other = (CloudUserDetails)obj;
		
		return this.getUsername().equals(other.getUsername());
	}
}
class UserRole
{
	private static Map<String, Collection<SimpleGrantedAuthority>> map = new HashMap<>();
	
	static
	{
		map.put("user", new ArrayList<SimpleGrantedAuthority>());
		map.put("hr", new ArrayList<SimpleGrantedAuthority>());
		map.put("boss", new ArrayList<SimpleGrantedAuthority>());
		
		map.get("user").add(new SimpleGrantedAuthority("ROLE_USER"));
		
		map.get("hr").add(new SimpleGrantedAuthority("ROLE_HR"));
		map.get("hr").add(new SimpleGrantedAuthority("ROLE_USER"));
		
		map.get("boss").add(new SimpleGrantedAuthority("ROLE_USER"));
		map.get("boss").add(new SimpleGrantedAuthority("ROLE_HR"));
		map.get("boss").add(new SimpleGrantedAuthority("ROLE_BOSS"));
	}
	
	private UserRole(){}
	
	public static Collection<SimpleGrantedAuthority> getRoles(String username)
	{
		return map.get(username);
	}
}

CloudAccessDecisionManager.java 

package cn.cloud.service.auth;

import java.util.Collection;

import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

public class CloudAccessDecisionManager implements AccessDecisionManager
{
	public void decide(Authentication authentication, Object object,Collection<ConfigAttribute> configAttributes)
	throws AccessDeniedException, InsufficientAuthenticationException
	{
		Collection<? extends GrantedAuthority> auths = authentication.getAuthorities();
		
		for(ConfigAttribute role : configAttributes)
		{
			for(GrantedAuthority sga : auths)
			{
				if(role.getAttribute().equals(sga.getAuthority()))
				{
					return;
				}
			}
		}
		
		throw new AccessDeniedException("Access Denied !");
	}
	public boolean supports(ConfigAttribute attribute)
	{
		return true;
	}
	public boolean supports(Class<?> clazz) 
	{
		return true;
	}
}

CloudSecurityFilter.java 

package cn.cloud.service.auth;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.access.intercept.InterceptorStatusToken;
import org.springframework.security.web.FilterInvocation;

public class CloudSecurityFilter extends AbstractSecurityInterceptor implements Filter
{
	private SecurityMetadataSource securityMetadataSource;

	public void destroy() 
	{
		
	}
	public void doFilter(ServletRequest req, ServletResponse resp,FilterChain chain) throws IOException, ServletException 
	{
		FilterInvocation fi = new FilterInvocation(req, resp, chain);  
		
		InterceptorStatusToken token = super.beforeInvocation(fi);
		
		try
		{  
            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());  
        } 
		finally
		{  
            super.afterInvocation(token, null);  
        }  
	}
	public void init(FilterConfig chain) throws ServletException 
	{
		
	}
	public Class<?> getSecureObjectClass() 
	{
		return FilterInvocation.class; 
	}
	public SecurityMetadataSource obtainSecurityMetadataSource()
	{
		return securityMetadataSource;
	}
	public SecurityMetadataSource getSecurityMetadataSource()
	{
		return securityMetadataSource;
	}
	public void setSecurityMetadataSource(SecurityMetadataSource securityMetadataSource)
	{
		this.securityMetadataSource = securityMetadataSource;
	}
}

CloudSecurityMetadataSource.java 

package cn.cloud.service.auth;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.web.FilterInvocation;

public class CloudSecurityMetadataSource implements SecurityMetadataSource
{
	public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException 
	{
		if(object != null)
		{
			FilterInvocation fi = (FilterInvocation)object;
			String url = fi.getRequestUrl();
			return UrlRole.getAttributes(url);
		}
		return null;
	}
	public Collection<ConfigAttribute> getAllConfigAttributes() 
	{
		return null;
	}
	public boolean supports(Class<?> clazz)
	{
		return true;
	}
}

class UrlRole
{	
	private static Map<String, Collection<ConfigAttribute>> map = new HashMap<>();
	
	static
	{
		map.put("/bbs/", new ArrayList<ConfigAttribute>());
		map.put("/blog/", new ArrayList<ConfigAttribute>());
		map.put("/hr/", new ArrayList<ConfigAttribute>());
		map.put("/admin/", new ArrayList<ConfigAttribute>());
		
		map.get("/bbs/").add(new Role("ROLE_USER"));
		map.get("/bbs/").add(new Role("ROLE_HR"));
		map.get("/bbs/").add(new Role("ROLE_BOSS"));
		
		map.get("/blog/").add(new Role("ROLE_USER"));
		map.get("/blog/").add(new Role("ROLE_HR"));
		map.get("/blog/").add(new Role("ROLE_BOSS"));
		
		map.get("/hr/").add(new Role("ROLE_HR"));
		map.get("/hr/").add(new Role("ROLE_BOSS"));
		
		map.get("/admin/").add(new Role("ROLE_BOSS"));
		
	}
	private UrlRole(){}
	private static String getRealUrl(String url)
	{
		String regex = "/\\w+\\/";
		url = url.replace("/jd", "");
		
		Pattern p = Pattern.compile(regex);
		
		Matcher ma = p.matcher(url);
		
		if(ma.find())
		{
			return ma.group();
		}
		
		return url;
	}
	
	public static Collection<ConfigAttribute> getAttributes(String url)
	{
		return map.get(getRealUrl(url));
	}
}

class Role implements ConfigAttribute
{
	private static final long serialVersionUID = 1L;
	private String role;
	public Role(String role)
	{
		this.role = role;
	}
	public String getAttribute() 
	{
		return role;
	}
	public String toString()
	{
		return "[role="+role+"]";
	}
}

CloudUserDetailsService.java 

package cn.cloud.service.auth;

import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import cn.cloud.bean.auth.CloudUserDetails;

public class CloudUserDetailsService implements UserDetailsService
{
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException
	{
		return new CloudUserDetails(username);
	}
}


西夏一品堂
关注
  • 7
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
如何在 Spring Security自定义权限表达式
YYniannian的博客
07-12 655
在 SpEL 表达式中,如果上来就直接写要执行的方法名,那么就说明这个方法是 RootObject 对象中的方法,如果要执行其他对象的方法,那么还需要写上对象的名字
Spring Security实战例子
09-08
在本实战例子中,我们将探讨如何通过Spring Security实现权限认证。 **项目结构与Maven** 本实战资源包含四个小项目,每个项目都基于Maven构建。Maven是一个项目管理和综合工具,能够帮助开发者管理项目依赖、构建...
spring security 3.X 入门例子
taozpwater的专栏
09-25 1209
1、简介        今天新建了一个spring security demo,但是出现了很多错误,现将 spring security 3.X 的使用记录下,以避免再次出现错误。       1)spring security 你可以到spring官方下载到、解压出来里面有war的例子的,获得spring security的所需的jar文件.       2)然后我们就是新建一个appli
springSecurity三个入门示例
qq_35140272的博客
08-27 2539
spring-boot用spring-sercurity很简单,只需要在maven引入相关依赖就好. <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> &l...
springboot(31)- 安全管理(4)- 动态权限
一角残叶的博客
07-28 357
1 角色继承 1.1
java实体类的写法_Java实体书写规范
weixin_36359110的博客
02-25 596
1 **2 *用户角色表3 */4 public class BaseUserRole implementsSerializable {5 private static final long serialVersionUID = 1L;67 /**8 * 用户角色ID9 */10 privateString userRoleId;1112 /**13 * 用户ID14 */15 privateSt...
Spring security后台使用自定义注解进行权限控制
a_c_c_a的专栏
11-25 4682
最近在使用spring security进行编码,在实际使用的过程中,遇到的问题记录一下。 背景:在一个项目中,我使用spring security进行权限控制。不仅前台控制页面和按钮的显示,还在后台对没有权限的请求进行过滤。因为每个需要进行权限控制的后台请求,都需要写相同的代码,如果一个两个还好,写多了就开始想能不能减少代码量。 先看看没有使用自定义注解的时候是怎么在后台进行权限控制的 ...
Spring Boot | Spring Security ( SpringBoot安全管理 )、Spring Security中 的 “自定义用户认证“
m0_70720417的博客
04-29 1341
目录 : Spring Boot 安全管理 : 一、Spring Security 介绍 二、Spring Security 快速入门 2.1 基础环境搭建 : ① 创建Spring Boot 项目 ② 创建 html资源文件 ③ 编写Web控制层 2.2 开启安全管理效果测试 : ④ 添加 spring-boot-starter-security 启动器 ⑤ 项目启动测试 三、"MVC Security" 安全配置介绍 四、自定义 "用户认证" ......
springsecurity自定义角色权限授权
明平姚的博客
02-16 1197
springsecurity自定义角色权限授权
SpringSecurity(六)【自定义认证案例】
Vinjcent
11-02 1042
创建一个spring-security-03模块导入依赖 配置文件 编写实体类User、Role User Role 编写mapper、service、xml文件(这里只写接口,看接口实现方法) UserMapper RoleMapper 自定义 UserDetailsService 实现 UserDetailsService,作为数据源进行身份认证 UserDetailsService 配置类 WebMvcConfigurer、WebSecurityCon
Spring (34)如何在Spring Security中配置自定义用户服务
最新发布
qq_43012298的博客
06-03 483
一旦你实现了自定义的,下一步是在Spring Security配置中注册它,以便Spring Security在进行认证时使用你的服务。// 使用BCrypt密码编码器 return new BCryptPasswordEncoder();} }// 使用BCrypt密码编码器 return new BCryptPasswordEncoder();} }
Spring security用户URL权限FilterSecurityInterceptor使用解析
08-25
Spring Security框架中,`FilterSecurityInterceptor`是一个关键组件,用于控制用户对应用程序不同URL的访问权限。这个拦截器在用户发起HTTP请求时介入,基于预定义的安全策略判断用户是否被授权访问请求的资源。...
springSecurity3简单例子
05-18
在本示例中,我们将探讨如何使用Spring Security 3构建一个简单的登录系统,并通过SQL实现用户身份验证,以及利用AOP(面向切面编程)进行权限配置。 首先,我们需要在项目中引入Spring Security的依赖。Spring ...
Spring Security单项目权限设计过程解析
08-25
在这个例子中,`loadUserByUsername` 方法会被 Spring Security 调用,根据登录名查找并返回相应的 `SecurityUser` 实例。 总的来说,Spring Security 单项目权限设计涉及以下几个步骤: 1. 配置 Spring Security,...
spring-Security简单例子
05-22
这个"spring-Security简单例子"旨在展示如何在项目中配置和使用Spring Security进行用户登录和访问权限控制的基本操作。下面将详细阐述Spring Security的核心概念、配置步骤以及实现原理。 1. **核心概念** - **...
SpringBoot优化内嵌的Tomcat
热门推荐
走马行酒醴,驱车布鱼肉
05-03 4万+
SpringBoot测试版本 org.springframework.boot spring-boot-starter-parent 1.3.3.RELEASE org.springframework.boot spring-boot-starter-web SpringBoot默认使用的是Tomcat作为
Spring @Conditional注解的使用
走马行酒醴,驱车布鱼肉
04-19 2万+
Spring Boot的强大之处在于使用了Spring 4框架的新特性:@Conditional注释,此注释使得只有在特定条件满足时才启用一些配置。 下面来介绍如何使用Condition 首先写一个类 package com.test.spring; import org.springframework.context.annotation.Condition; import
SpringBoot动态创建Bean
走马行酒醴,驱车布鱼肉
05-09 1万+
SpringBoot测试版本:1.3.4.RELEASE 参考代码如下: package com.spring.configuration; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.support.BeanDefiniti
Spring Boot WebSocket整合及nginx配置
走马行酒醴,驱车布鱼肉
08-11 1万+
一:Spring Boot WebSocket整合 创建一个maven项目,加入如下依赖 org.springframework.boot spring-boot-dependencies 1.4.0.RELEASE import pom org.springframework.boot spring-boot-star
Spring Security 3.0 教程:权限配置与实现
此外,还提供了多个示例程序,如Tutorial示例、Contacts、LDAP、CAS和Pre-Authentication例子,帮助读者深入理解Spring Security的工作原理。教程最后提到了Spring Security社区,包括任务跟踪、参与方式以及获取更...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值