基于RDBC简单设计了一下数据库,具体的SQL如下:
/*==============================================================*/
/* DBMS name: ORACLE Version 11g */
/* Created on: 2016/10/17 15:44:34 */
/*==============================================================*/
--alter table R_ROLE_AUTHORITY drop constraint FK_R_ROLE_A_REFERENCE_T_ROLE_I;
--alter table R_ROLE_AUTHORITY drop constraint FK_R_ROLE_A_REFERENCE_T_AUTHOR;
--alter table R_USER_ROLE drop constraint FK_R_USER_R_REFERENCE_T_USER_I;
--alter table R_USER_ROLE drop constraint FK_R_USER_R_REFERENCE_T_ROLE_I;
--drop table R_ROLE_AUTHORITY cascade constraints;
--drop table R_USER_ROLE cascade constraints;
--drop table T_AUTHORITY_INFO cascade constraints;
--drop table T_ROLE_INFO cascade constraints;
--drop table T_USER_INFO cascade constraints;
/*==============================================================*/
/* Table: R_ROLE_AUTHORITY */
/*==============================================================*/
create table R_ROLE_AUTHORITY
(
ID INTEGER not null,
AUTHORITYID INTEGER not null,
ROLEID INTEGER not null,
CREATETIME DATE not null,
UPDATETIME DATE not null,
constraint PK_R_ROLE_AUTHORITY primary key (ID)
);
comment on column R_ROLE_AUTHORITY.AUTHORITYID is
'�û����';
comment on column R_ROLE_AUTHORITY.ROLEID is
'��ɫ���';
/*==============================================================*/
/* Table: R_USER_ROLE */
/*==============================================================*/
create table R_USER_ROLE
(
ID INTEGER not null,
USERID INTEGER not null,
ROLEID INTEGER not null,
CREATETIME DATE not null,
UPDATETIME DATE not null,
constraint PK_R_USER_ROLE primary key (ID)
);
comment on column R_USER_ROLE.USERID is
'�û����';
comment on column R_USER_ROLE.ROLEID is
'��ɫ���';
/*==============================================================*/
/* Table: T_AUTHORITY_INFO */
/*==============================================================*/
create table T_AUTHORITY_INFO
(
ID INTEGER not null,
AUTHORITYNAME VARCHAR(50) not null,
COMM VARCHAR(200),
CREATETIME DATE not null,
UPDATETIME DATE not null,
constraint PK_T_AUTHORITY_INFO primary key (ID)
);
/*==============================================================*/
/* Table: T_ROLE_INFO */
/*==============================================================*/
create table T_ROLE_INFO
(
ID INTEGER not null,
ROLENAME VARCHAR2(30 CHAR) not null,
DESCRIBE VARCHAR2(60 CHAR) not null,
CREATETIME DATE not null,
UPDATETIME DATE not null,
constraint PK_T_ROLE_INFO primary key (ID)
);
comment on column T_ROLE_INFO.ID is
'���';
comment on column T_ROLE_INFO.ROLENAME is
'�û���';
comment on column T_ROLE_INFO.DESCRIBE is
'����';
comment on column T_ROLE_INFO.CREATETIME is
'����ʱ��';
comment on column T_ROLE_INFO.UPDATETIME is
'����ʱ��';
/*==============================================================*/
/* Table: T_USER_INFO */
/*==============================================================*/
create table T_USER_INFO
(
ID INTEGER not null,
USERNAME VARCHAR2(30 CHAR) not null,
TELEPHONE VARCHAR2(15 CHAR) not null,
CREATETIME DATE not null,
UPDATETIME DATE not null,
ISENABLE NUMBER(1) not null,
constraint PK_T_USER_INFO primary key (ID)
);
comment on column T_USER_INFO.ID is
'���';
comment on column T_USER_INFO.USERNAME is
'�û���';
comment on column T_USER_INFO.TELEPHONE is
'��ϵ�绰';
comment on column T_USER_INFO.CREATETIME is
'����ʱ��';
comment on column T_USER_INFO.UPDATETIME is
'����ʱ��';
comment on column T_USER_INFO.ISENABLE is
'�Ƿ�����,0����,1����';
ALTER TABLE T_USER_INFO
ADD ( PASSWORD VARCHAR2(256 CHAR) DEFAULT '' NOT NULL ) ;
COMMENT ON COLUMN T_USER_INFO.PASSWORD IS '�û���¼����';
alter table R_ROLE_AUTHORITY
add constraint FK_R_ROLE_A_REFERENCE_T_ROLE_I foreign key (ROLEID)
references T_ROLE_INFO (ID);
alter table R_ROLE_AUTHORITY
add constraint FK_R_ROLE_A_REFERENCE_T_AUTHOR foreign key (AUTHORITYID)
references T_AUTHORITY_INFO (ID);
alter table R_USER_ROLE
add constraint FK_R_USER_R_REFERENCE_T_USER_I foreign key (USERID)
references T_USER_INFO (ID);
alter table R_USER_ROLE
add constraint FK_R_USER_R_REFERENCE_T_ROLE_I foreign key (ROLEID)
references T_ROLE_INFO (ID);
--��������
CREATE SEQUENCE TUI_SEQ MINVALUE 1 NOMAXVALUE START WITH 1 INCREMENT BY 1 NOCACHE;
--����������
CREATE OR REPLACE TRIGGER TUI_TRI
BEFORE INSERT ON T_USER_INFO
FOR EACH ROW
BEGIN
SELECT
TUI_SEQ.nextval INTO :NEW.ID
FROM
DUAL;
END ;
--����Ȩ�ޱ�--END-----------------------------------------------------------------
--��������
CREATE SEQUENCE TRI_SEQ MINVALUE 1 NOMAXVALUE START WITH 1 INCREMENT BY 1 NOCACHE;
--����������
CREATE OR REPLACE TRIGGER TRI_TRI
BEFORE INSERT ON T_ROLE_INFO
FOR EACH ROW
BEGIN
SELECT
TRI_SEQ.nextval INTO :NEW.ID
FROM
DUAL;
END ;
--����Ȩ�ޱ�--END-----------------------------------------------------------------
--��������
CREATE SEQUENCE TAI_SEQ MINVALUE 1 NOMAXVALUE START WITH 1 INCREMENT BY 1 NOCACHE;
--����������
CREATE OR REPLACE TRIGGER TAI_TRI
BEFORE INSERT ON T_AUTHORITY_INFO
FOR EACH ROW
BEGIN
SELECT
TAI_SEQ.nextval INTO :NEW.ID
FROM
DUAL;
END ;
--����Ȩ�ޱ�--END-----------------------------------------------------------------
--��������
CREATE SEQUENCE RRA_SEQ MINVALUE 1 NOMAXVALUE START WITH 1 INCREMENT BY 1 NOCACHE;
--����������
CREATE OR REPLACE TRIGGER RRA_TRI
BEFORE INSERT ON R_ROLE_AUTHORITY
FOR EACH ROW
BEGIN
SELECT
RRA_SEQ.nextval INTO :NEW.ID
FROM
DUAL;
END ;
--����Ȩ�ޱ�--END-----------------------------------------------------------------
--��������
CREATE SEQUENCE RUR_SEQ MINVALUE 1 NOMAXVALUE START WITH 1 INCREMENT BY 1 NOCACHE;
--����������
CREATE OR REPLACE TRIGGER RUR_TRI
BEFORE INSERT ON R_USER_ROLE
FOR EACH ROW
BEGIN
SELECT
RUR_SEQ.nextval INTO :NEW.ID
FROM
DUAL;
END ;
--����Ȩ�ޱ�--END-----------------------------------------------------------------
ALTER TABLE T_ROLE_INFO ADD CONSTRAINT U_ROLENAME UNIQUE (ROLENAME);
ALTER TABLE T_USER_INFO ADD CONSTRAINT U_USERNAME UNIQUE (USERNAME);
ALTER TABLE R_ROLE_AUTHORITY ADD CONSTRAINT U_AUTH_ROLE UNIQUE (AUTHORITYID, ROLEID);
ALTER TABLE R_USER_ROLE ADD CONSTRAINT U_USER_ROLE UNIQUE (USERID, ROLEID);
ALTER TABLE T_AUTHORITY_INFO
ADD ( INTERCEPTURL VARCHAR2(200 CHAR) DEFAULT '' NOT NULL )
ADD ( ACCESSAUTH VARCHAR2(60 CHAR) DEFAULT 'IS_AUTHENTICATED_ANONYMOUSLY' NOT NULL ) ;
COMMENT ON COLUMN T_AUTHORITY_INFO.INTERCEPTURL IS '拦截URL';
COMMENT ON COLUMN T_AUTHORITY_INFO.ACCESSAUTH IS '访问权限';
上一篇博客满满的都是配置文件,这篇来些干货
package com.raze.security;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.access.intercept.InterceptorStatusToken;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
/**
* Copyright: Copyright (c) 2016 DJM
*
* @ClassName: MyUserDetailService.java
* @Description: 自定义过滤器
*
* @version: v1.0.0
* @author: DJM
* @date: 2016-09-18 下午15:25:17
*/
public class MyFilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
@Autowired
@Qualifier("mySecurityMetadataSource")
private FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource;
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
FilterInvocation fi = new FilterInvocation( request, response, chain );
invoke(fi);
}
@Override
public Class<?> getSecureObjectClass() {
return FilterInvocation.class;
}
public void invoke(FilterInvocation fi) throws IOException, ServletException {
InterceptorStatusToken token = super.beforeInvocation(fi);
try{
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
}finally{
super.afterInvocation(token, null);
}
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void destroy() {
}
@Override
public SecurityMetadataSource obtainSecurityMetadataSource() {
return this.filterInvocationSecurityMetadataSource;
}
}
package com.raze.security;
import java.util.Collection;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import com.raze.domain.UserInfo;
import com.raze.service.IUserService;
/**
* Copyright: Copyright (c) 2016 DJM
*
* @ClassName: MyUserDetailService.java
* @Description: 实现用户查询服务,用于用户验证信息
*
* @version: v1.0.0
* @author: DJM
* @date: 2016-09-18 下午15:25:17
*/
@Service
public class MyUserDetailsService implements UserDetailsService {
@Autowired
private IUserService userService;
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
UserInfo userDetailsImpl = userService.obtainUserInfoByUserName(username);
if(userDetailsImpl!=null){
Collection<? extends GrantedAuthority> collection = userService.obtainAuthorityCollentionByUserName(username);
userDetailsImpl.setCollection(collection);
}
return userDetailsImpl;
}
}
package com.raze.security;
import java.util.Collection;
import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Service;
/**
* Copyright: Copyright (c) 2016 DJM
*
* @ClassName: MyUserDetailService.java
* @Description: 自定义决策管理区,判断当前用户是否拥有访问该资源的权限
*
* @version: v1.0.0
* @author: DJM
* @date: 2016-09-18 下午15:25:17
*/
@Service
public class MyAccessDecisionManager implements AccessDecisionManager {
private static final Logger logger = LoggerFactory.getLogger(MyAccessDecisionManager.class);
@Override
public void decide(Authentication authentication, Object object,
Collection<ConfigAttribute> configAttributes)
throws AccessDeniedException, InsufficientAuthenticationException {
if(null==configAttributes){
return;
}
logger.info("The parameter of object {} is a URL.", object);
Iterator<ConfigAttribute> iterator = configAttributes.iterator();
while (iterator.hasNext()) {
ConfigAttribute configAttribute = iterator.next();
// 访问所请求资源所需要的权限
String needPermission = configAttribute.getAttribute();
logger.info("Access request resource requires permission {}.", needPermission);
// 用户所拥有的权限authentication
for (GrantedAuthority granted : authentication.getAuthorities()) {
if (needPermission.equals(granted.getAuthority())) {
return;
}
}
}
// 没有权限
throw new AccessDeniedException(" 没有权限访问! ");
}
@Override
public boolean supports(ConfigAttribute attribute) {
return true;
}
@Override
public boolean supports(Class<?> clazz) {
return true;
}
}
package com.raze.security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.stereotype.Service;
import com.raze.service.IUserService;
/**
* Copyright: Copyright (c) 2016 DJM
*
* @ClassName: MyUserDetailService.java
* @Description: 自定义资源源数据,将所有的资源和权限对应关系建立起来,即定义某一资源可以被哪些角色访问
*
* @version: v1.0.0
* @author: DJM
* @date: 2016-09-18 下午15:25:17
*/
@Service
public class MySecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
@Autowired
private IUserService userService;
/**
* 加载所有的资源以及与权限关联的权限
*/
public Map<String, Collection<ConfigAttribute>> initResourceDefine() {
// 存储所有的资源和权限的映射
Map<String, Collection<ConfigAttribute>> resourceMap = new HashMap<String, Collection<ConfigAttribute>>();
//存储所有资源
Collection<String> resourcesSet = new HashSet<String>();
//读取所有的资源以及与权限关联的权限
Collection<Map<String, Object>> allAuthority = userService.obtainAllAuthority();
//遍历,并将角色信息保存至allAttribute中
if(allAuthority!=null&&allAuthority.size()>0){
for (Map<String, Object> map : allAuthority) {
if(map.get("INTERCEPTURL")==null||map.get("INTERCEPTURL").toString().isEmpty()){
continue;
}
String interceptUrl = map.get("INTERCEPTURL").toString();
resourcesSet.add(interceptUrl);
}
}
if(resourcesSet!=null&&resourcesSet.size()>0){
for (String resource : resourcesSet) {
Collection<ConfigAttribute> roleCollection = new ArrayList<ConfigAttribute>();
if(allAuthority!=null&&allAuthority.size()>0){
for (Map<String, Object> map : allAuthority) {
if(map.get("INTERCEPTURL")==null||map.get("INTERCEPTURL").toString().isEmpty()){
continue;
}
String interceptUrl = map.get("INTERCEPTURL").toString();
if(resource.equalsIgnoreCase(interceptUrl)){
if(map.get("ROLENAME")==null||map.get("ROLENAME").toString().isEmpty()){
continue;
}
String roleName = map.get("ROLENAME").toString();
SecurityConfig attrConfig = new SecurityConfig(roleName);
roleCollection.add(attrConfig);
}
}
}
resourceMap.put(resource, roleCollection);
}
}
return resourceMap;
}
@Override
public Collection<ConfigAttribute> getAttributes(Object object)
throws IllegalArgumentException {
FilterInvocation filterInvocation = (FilterInvocation) object;
String url = filterInvocation.getRequestUrl();
return initResourceDefine().get(url);
}
@Override
public Collection<ConfigAttribute> getAllConfigAttributes() {
return null;
}
@Override
public boolean supports(Class<?> clazz) {
return true;
}
}