ssm下的spring-security登录权限与角色记录

最新推荐文章于 2024-06-21 15:05:38 发布

大罗法咒

最新推荐文章于 2024-06-21 15:05:38 发布

阅读量1.4k

点赞数

分类专栏：问题记录集

本文链接：https://blog.csdn.net/qq_26917447/article/details/84067159

版权

问题记录集专栏收录该内容

12 篇文章 0 订阅

订阅专栏

配置文件记录

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
             http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

	<http security="none" pattern="/fonts/**" />
	<http security="none" pattern="/favicon.ico" />
	<http security="none" pattern="/**/*.js" />
	<http security="none" pattern="/**/*.css" />
	<http security="none" pattern="/**/*.jpg" />
	<http security="none" pattern="/**/*.gif" />
	<http security="none" pattern="/**/*.png" />
	<!-- 无需登录就可以访问首页和登录页 -->
	<!-- <http security="none" pattern="/views/index.jsp"/> <http security="none" 
		pattern="/views/login.jsp"/> -->

	<!-- todo access-decision-manager-ref='accessDecisionManager' -->
	<http auto-config="true" access-decision-manager-ref='accessDecisionManager'
		use-expressions="false" security-context-repository-ref="securityContextRepository">
		<headers>
			<frame-options policy="SAMEORIGIN"/>
		</headers>
		<form-login login-page="/login.html" default-target-url="/"
			authentication-success-handler-ref="authenticationSuccessHandler"
			authentication-failure-handler-ref="authenticationFailureHandler" />
		<intercept-url pattern="/login.html" access="IS_AUTHENTICATED_ANONYMOUSLY" />
		<intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
		<!--<intercept-url pattern="/views/user/**" access="hasRole('ROLE_USER')" 
			/> -->
		<!--IS_AUTHENTICATED_FULLY表示admin下的所有页面，登录后才能访问 <intercept-url pattern="*.html*" 
			access="IS_AUTHENTICATED_FULLY" /> <intercept-url pattern="/miner/manager/*.do*" 
			access="ROLE_ADMIN" /> -->
		<access-denied-handler error-page="/views/accessDenied.html"/>
		<logout success-handler-ref="logoutSuccessHandler" />
		<csrf disabled="true" />
		<!-- todo -->
		<!-- <remember-me key="lemon"/> -->
		<!-- <custom-filter ref="autoLoginFilter" after="SECURITY_CONTEXT_FILTER" 
			/> -->
		<!-- <custom-filter ref="captchaFilter" before="FORM_LOGIN_FILTER" /> <custom-filter 
			ref="switchUserFilter" position="SWITCH_USER_FILTER" /> -->
	</http>

	<authentication-manager>
		<authentication-provider user-service-ref="userDetailsService">
			<!-- <password-encoder hash="md5"> <salt-source ref="saltSource"></salt-source> 
				</password-encoder> -->
		</authentication-provider>
	</authentication-manager>

	<!-- 校验权限和角色是否匹配 -->
	<!-- <global-method-security proxy-target-class="true" access-decision-manager-ref="accessDecisionManager" 
		secured-annotations="enabled"/> -->




<bean id="accessDecisionManager"
		class="org.springframework.security.access.vote.AffirmativeBased">
		<constructor-arg name="decisionVoters">
			<list>
				<ref bean="authenticatedVoter" />
				<ref bean="roleVoter" />
				<!-- <ref bean="webExpressionVoter" /> -->

			</list>
		</constructor-arg>
		<property name="messageSource" ref="messageSource"></property>
	</bean>

	<bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter" > 
 		<property name="rolePrefix" value=""></property>//此处可以自定义access=""里的内容格式
		</bean>

	<bean id="authenticatedVoter"
		class="org.springframework.security.access.vote.AuthenticatedVoter" />

	<!-- <bean id="webExpressionVoter" class="org.springframework.security.web.access.expression.WebExpressionVoter" 
		/> -->

	<!-- 认证 -->
<!-- 	<bean id="authenticationProvider" -->
<!-- 		class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> -->
<!-- 		<property name="userDetailsService" ref="userDetailsService" /> -->
<!-- 		<property name="passwordEncoder" ref="passwordEncoder" /> -->
<!-- 		<property name="saltSource" ref="saltSource" /> -->
<!-- 	</bean> -->

<!-- 盐值设置 -->
	<!-- <bean id="saltSource"
		class="org.springframework.security.authentication.dao.SystemWideSaltSource">
		<property name="systemWideSalt" value="ebm1spmbt5galyngk" />
	</bean> -->

	<!-- 为认证获取用户信息 -->
	<bean id="userDetailsService"
		class="com.security.impl.UserDetailsServiceImpl">
		<!-- <property name="userAuthConnector" ref="userAuthConnector"/> <property 
			name="accountCredentialConnector" ref="accountCredentialConnector"/> -->
		<!-- <property name="debug" value="${security.autologin.enabled}"/> -->
	</bean>


	<!-- 获取当前登录用户的工具 -->
	<bean id="currentUserHolder"
		class="com.security.impl.SpringSecurityCurrentUserHolderImpl" />


	<!-- 日志 -->
	<bean
		class="org.springframework.security.authentication.event.LoggerListener" />
	<bean class="org.springframework.security.access.event.LoggerListener" />


	<!-- 实现用户权限修改后，不用重新登录就刷新权限 -->
	<bean id="securityContextRepository"
		class="com.security.CachedSecurityContextRepository">
		<property name="debug" value="${security.autologin.enabled}" />
	</bean>

	<!-- 认证成功后 -->
	<bean id="authenticationSuccessHandler"
		class="com.security.api.AuthenticationSuccessHandler" >
		<property name="defaultTargetUrl" value="/" ></property>
	</bean>
	
	<!-- 认证失败-->
	<bean id="authenticationFailureHandler"
		class="com.security.api.AuthenticationFailureHandler">
		<property name="defaultFailureUrl" value="/views/login.jsp" />
	</bean>


	<!-- 注销成功以后发送LogoutEvent -->
	<bean id="logoutSuccessHandler"
		class="com.security.impl.LogoutSuccessHandlerImpl" />

	<!-- 把spring security的event转化成LoginEvent和LogoutEvent -->
	<bean class="com.security.api.SpringSecurityListener" />

	<!-- 提供从session中直接获取UserAuthDTO -->
	<bean id="internalUserAuthConnector"
		class="com.security.impl.InternalUserAuthConnectorImpl" />
</beans:beans>