我们接着上一篇博客SSM+springSecurity实现简单认证、自定义登录页面,成功与失败返回json数据、控制访问权限等功能来实现springSecurity与数据库连接实现动态角色权限控制
1. 创建项目
这个参考我的第一篇[SSM搭建springSecurity环境],然后我们在此基础上进行改造,最终项目结构如下:(https://blog.csdn.net/SnowDujc/article/details/104772935)
- 修改pom文件,增加相关倚赖
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis</artifactId>
<version>3.4.4</version>
</dependency>
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis-spring</artifactId>
<version>1.3.0</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.1.7</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.41</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.10</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
</dependency>
- 对springSecurity.xml进行修改:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd">
<!-- security:http :spring过滤器链配置可以配置如下:
1)需要拦截什么资源
2)什么资源什么角色权限
3)定义认证方式:HttpBasic、Fromlogin(*)
4)定义登录页面,定义登录请求地址,定义错误处理方式
-->
<security:http>
<!-- pattern: 需要拦截的资源
access:拦截方式
isFullyAuthenticated()该资源需要认证才可以访问
isAnonymous:匿名用户(未登录)才可以访问,已经登录的无法访问
permitAll:所有用户(不管是否登录)都可以访问
hasRole:拥有什么角色才可以访问
-->
<security:intercept-url pattern="/user/login" access="permitAll()"/>
<security:intercept-url pattern="/user/index" access="permitAll()"/>
<security:intercept-url pattern="/user/list" access="hasRole('ROLE_LIST')"/>
<security:intercept-url pattern="/user/update" access="hasRole('ROLE_UPDATE')"/>
<security:intercept-url pattern="/user/add" access="hasRole('ROLE_ADD')"/>
<security:intercept-url pattern="/user/delete" access="hasRole('ROLE_DELETE')"/>
<security:intercept-url pattern="/**" access="isFullyAuthenticated()"/>
<!-- 使用form-login的方式进行登录认证 -->
<security:form-login login-page="/user/login" authentication-success-