权限管理系统 Spring-authority

是由 spring+springmvc+hibernate+spring-security +easyui +boostrap 写的一个框架集合，目前实现了一个基础的权限管理系统，权限是基于细粒度的过滤，对于初学权限设计的人来说也算是个最简洁的权限实现，基于它来做项目，它只是做了一些绝大部分项目都应该做的一些基础功能。

1参考资料 

http://blog.csdn.net/k10509806/article/details/6369131

http://www.cnblogs.com/wenxiu/archive/2011/01/22/1942084.html

http://ootabc.iteye.com/blog/688213

http://wenku.baidu.com/view/abf23846336c1eb91a375d83.html

http://www.cnblogs.com/zhangliang0115/archive/2012/04/02/2429584.html

http://aokunsang.iteye.com/blog/1638558

2.数据库建表

采用基于角色-资源-用户-权限管理设计。

      2.1.权限表    sys_authorities

       

    2.2.权限资源表    sys_authorities_resources

     

   2.3.菜单表    sys_menus

      

   2.4.资源表   sys_resources

    

   2.4.角色菜单表   sys_role_menu

   2.5 角色表   sys_roles

     

  2.5 角色权限表    sys_roles_anthorities

  

 2.6  用户表   sys_users

   

2.6  用户角色表   sys_users_roles：

3.梳理资料，整理思路

3.1.Spring Security3.1的2种常见方式

 1.  用户信息和权限存储于数据库，而资源和权限的对应采用硬编码配置。

2.  细分角色和权限，并将角色、用户、资源、权限均都存储于数据库中。并且自定义过滤器，代替原来的FilterSecurityInterceptor过滤 器；并分别实现AccessDecisionManager、UserDetailsService和 InvocationSecurityMetadataSourceService，并在配置文件中进行相应配置。

 

4.代码整理

 

接下来开始着手代码编写，不管是两种实现方式中的哪种方式，个人感觉都需要把加载用户信息放在一个类里面管理，直观方便，结构清晰，不要用在配置文件直接写sql语句。

4.1.资源和权限对应写在配置文件中

      1、     web.xml配置

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73

<? xml  version = "1.0"  encoding = "UTF-8" ?> < web-app  version = "3.0"  xmlns = "http://java.sun.com/xml/ns/javaee"      xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"      xsi:schemaLocation="http://java.sun.com/xml/ns/javaee       http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">      < display-name ></ display-name >        < context-param >          < param-name >log4jConfigLocation</ param-name >          < param-value >/WEB-INF/log4j.properties</ param-value >      </ context-param >      < context-param >          < param-name >log4jRefreshInterval</ param-name >          < param-value >600000</ param-value >      </ context-param >      < context-param >          < param-name >webAppRootKey</ param-name >          < param-value >webPath</ param-value >      </ context-param >      < listener >          < listener-class >org.springframework.web.util.Log4jConfigListener</ listener-class >      </ listener >      < filter >          < filter-name >encodingFilter</ filter-name >          < filter-class >org.springframework.web.filter.CharacterEncodingFilter</ filter-class >          < init-param >              < param-name >encoding</ param-name >              < param-value >UTF-8</ param-value >          </ init-param >          < init-param >              < param-name >forceEncoding</ param-name >              < param-value >true</ param-value >          </ init-param >      </ filter >      < filter >          < filter-name >springSecurityFilterChain</ filter-name >          < filter-class >org.springframework.web.filter.DelegatingFilterProxy</ filter-class >      </ filter >      < filter-mapping >          < filter-name >springSecurityFilterChain</ filter-name >          < url-pattern >/*</ url-pattern >      </ filter-mapping >      < filter-mapping >          < filter-name >encodingFilter</ filter-name >          < url-pattern >/*</ url-pattern >      </ filter-mapping >          < listener >          < listener-class >org.springframework.web.context.ContextLoaderListener</ listener-class >      </ listener >            < context-param >          < param-name >contextConfigLocation</ param-name >          < param-value >classpath*:applicationContext.xml</ param-value >      </ context-param >      < servlet >          < servlet-name >dispatcher</ servlet-name >          < servlet-class >org.springframework.web.servlet.DispatcherServlet</ servlet-class >          < load-on-startup >1</ load-on-startup >      </ servlet >      < servlet-mapping >          < servlet-name >dispatcher</ servlet-name >          < url-pattern >/</ url-pattern >      </ servlet-mapping >        < welcome-file-list >          < welcome-file >/WEB-INF/jsp/common/login.jsp</ welcome-file >      </ welcome-file-list >      < session-config >          < session-timeout >60</ session-timeout >      </ session-config > </ web-app >

Xml代码  
  2、  application-security.xml文件的配置。application-servlet.xml配置不懂的参考spring MVC搭建全程。

Java代码  收藏代码

 

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65

<? xml  version = "1.0"  encoding = "UTF-8" ?> < beans  xmlns = "http://www.springframework.org/schema/beans"         xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"         xmlns:security = "http://www.springframework.org/schema/security"         xmlns:beans = "http://www.springframework.org/schema/beans"         xsi:schemaLocation="http://www.springframework.org/schema/beans         http://www.springframework.org/schema/beans/spring-beans.xsd         http://www.springframework.org/schema/security         http://www.springframework.org/schema/security/spring-security.xsd">                        < security:http  security = "none"  pattern = "/public/**" />      < security:http  security = "none"  pattern = "/login*" />      < security:http  security = "none"  pattern = "/maxSessionError*" />      < security:http  security = "none"  pattern = "/forbidden*" />      < security:http  use-expressions = "true" >          < security:intercept-url  pattern = "/**"  access = "isAuthenticated()" />          < security:form-login  login-page = "/login"                               default-target-url = "/home"                               authentication-failure-url = "/login"                               authentication-success-handler-ref = "loginSuccessHandler"          />          < security:logout   invalidate-session = "true"   delete-cookies = "true"  success-handler-ref = "logoutSuccessHandler"  />          < security:access-denied-handler  error-page = "/forbidden" />          < security:session-management  session-fixation-protection = "newSession"  >              < security:concurrency-control  max-sessions = "1"  error-if-maximum-exceeded = "false"   expired-url = "/maxSessionError"  />          </ security:session-management >                    < security:custom-filter  ref = "myFilter"  before = "FILTER_SECURITY_INTERCEPTOR"  />      </ security:http >        <!--用户权限管理-->      < security:authentication-manager  alias = "authenticationManager"   >          < security:authentication-provider  user-service-ref = "userInfoProvider"  >              < security:password-encoder  hash = "md5"  base64 = "true" />          </ security:authentication-provider >      </ security:authentication-manager >          <!--过滤器-->      < beans:bean  id = "myFilter"  class = "com.authority.filter.MyFilterSecurityInterceptor" >          < beans:property  name = "authenticationManager"  ref = "authenticationManager" />          < beans:property  name = "accessDecisionManager"   ref = "myAccessDesisionmanager" />          < beans:property  name = "securityMetadataSource"  ref = "mySecurityMetadataSource" />      </ beans:bean >            <!--访问决策-->      < bean  id = "myAccessDesisionmanager"  class = "com.authority.filter.MyAccessDesisionmanager"  />            <!--用户信息Provider-->      < bean  id = "userInfoProvider"  class = "com.authority.service.impl.UserInfoServiceImpl"  />            <!--登陆成功-->      < bean  id = "loginSuccessHandler"  class = "com.authority.handler.MyLoginSuccessHandler"  />      <!--退出登录-->      < bean  id = "logoutSuccessHandler"  class = "com.authority.handler.MyLogoutSuccessHandler"  />        <!--系统资源管理-->      < bean  id = "mySecurityMetadataSource"  class = "com.authority.filter.MySecurityMetadataSource"  >      </ bean >            <!--登陆失败-->      < bean  id = "loginFailHandler"  class = "com.authority.handler.MyLoginFailHandler" />   </ beans >

1.系统实现了基于URL的权限管理，页面操作控制到按钮级别，根据权限配置进行显示，并在拦截器再次认证，只有分配权限后才能进行操作

页面效果图：

 

 

 

源码分享：

   http://git.oschina.net/gz-tony/spring-authority/