设置授权,即设置当前登录用户权限
1.在User
类用添加属性
private List<Role> roles;
2.在UserDetailsService
实现类中获取权限
@Service
public class UserServiceImpl implements UserDetailsService {
@Resource
private UserDao userDao;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user=userDao.loadUserByUsername(username);
if(user==null){
throw new UsernameNotFoundException("用户名不存在");
}
user.setRoles(userDao.getUserRolesById(user.getId()));//获取当前登录用户拥有的权限
return user;
}
}
3.实现User
类中UserDetails
接口的getAuthorities()
方法
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
List<SimpleGrantedAuthority> authorities=new ArrayList<>(roles.size());
for (Role role : roles) {
authorities.add(new SimpleGrantedAuthority(role.getName()));
}
return authorities;
}
4.SecurityConfig中配置身份验证管理器
@Autowired
private UserServiceImpl userService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userService);
}