权限管理的步骤
1.导包
2.web.xml中添加springsecurity的过滤器
3.springsecurity.xml(哪些请求要被拦截?)
4.IUserservice extend UserDetailsService
5.在页面使用
目录
导包
<spring.security.version>5.0.1.RELEASE</spring.security.version>//添加版本号
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.security.version}</version>
</dependency> //pom中导入
web.xml中添加springsecurity的过滤器
在spring-security.xml文件中进行配置
1.配置不拦截的资源
2.配置具体的拦截的规则 pattern=“请求路径的规则” access="访问系统的人,必须有ROLE_USER的角色
3.配置加密类
springsecurity.xml(哪些请求要被拦截?)
- 配置不拦截的资源
<security:http pattern="/login.jsp" security=“none”/>
<security:http pattern="/failer.jsp" security=“none”/>
<security:http pattern="/css/" security=“none”/>
<security:http pattern="/img/" security=“none”/>
<security:http pattern="/plugins/**" security=“none”/> - 配置具体的拦截的规则 pattern=“请求路径的规则” access=“访问系统的人,必须有ROLE_USER的角色”
<security:intercept-url pattern="/**" access=“hasAnyRole(‘ROLE_USER’,‘ROLE_ADMIN’)”/>
<security:form-login login-page="/login.jsp"
login-processing-url="/login.do"
default-target-url="/index.jsp"
authentication-failure-url="/failer.jsp"
authentication-success-forward-url="/pages/main.jsp"/>
IUserservice extend UserDetailsService
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserInfo userInfo=userInfoDao.findByUserName(username);
List<Role> roles=iRoleDao.findRoleByUserId(userInfo.getId())
User user=new User(userInfo.getUsername(),"{noop}"+userInfo.getPassword(),getAuthority(roles));
return user;
}
private Collection<? extends GrantedAuthority> getAuthority(List<Role> roles) {
List<SimpleGrantedAuthority> list=new ArrayList<>();
for(Role role:roles){
list.add(new SimpleGrantedAuthority("ROLE_"+role.getRolename()));
}
return list;
}
交给spring-security.xml使用
在页面使用
配置页面的权限显示
添加
<%@taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
设置用户名
<p><security:authentication property="principal.username"></security:authentication></p>
设置ADMIN才能查看管理的规则
<security:authorize access="hasRole('ADMIN')">
<a
href="${pageContext.request.contextPath}/user/findAll.do"> <i
class="fa fa-circle-o"></i> 用户管理
</a>
</security:authorize>