通过使用Spring Security来实现权限的管理
1、建立一个UserDetails接口、UserDetails作用是于封装当前进行认证的用户信息。
public interface UserDetails extends Serializable {
Collection<? extends GrantedAuthority> getAuthorities(); String getPassword();
String getUsername();
boolean isAccountNonExpired(); boolean isAccountNonLocked(); boolean isCredentialsNonExpired(); boolean isEnabled();
}
<!-- User类中的代码-->`
public class User implements UserDetails, CredentialsContainer {
private String password; private final String username;
private final Set<GrantedAuthority> authorities; private final boolean accountNonExpired; //帐户是否过期 private final boolean accountNonLocked; //帐户是否锁定
private final boolean credentialsNonExpired; //认证是否过期
private final boolean enabled; //帐户是否可用
}
2、导入Spring Security的jar包、.配置过滤器。
pom.xml
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.security.version}</version>
</dependency>
web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3、新建spring-security.xml文件:在web.xml中添加classpath
<!-- 配置加载类路径的配置文件 -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:applicationContext.xml,classpath*:spring-security.xml</param-value>
</context-param>
4、 添加页面和userservice extend UserDetailsService
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//定义一个用户实体类
UserInfo userInfo = null;
//根据用户名从数据库获取用户信息
userInfo = userDao.getUserInfoByName(username);
//根据用户id从数据库获取用户的持有的角色信息
List<Role> roles = roleDao.getByUserId(userInfo.getId());
userInfo.setRoles(roles);
//创建一个框架定义的User对象,并把用户名和密码和权限信息作为构造函数的参数传进去
User user = new User(username, "{noop}" + userInfo.getPassword(), getAuthority(userInfo.getRoles()));
return user;
}
private List<SimpleGrantedAuthority> getAuthority(List<Role> roles) {
//创建一个存框架定义的角色列表的list
List<SimpleGrantedAuthority> list = new ArrayList<>();
//遍历数据库中取出的角色列表,并将之转化为框架认可的角色列表
for (Role role : roles) {
list.add(new SimpleGrantedAuthority("ROLE_" + role.getRoleName()));
}
return list;
}
}
5、最后通过设置页面端标签控制权限,需要先导入<%@taglib uri=“http://www.springframework.org/security/tags” prefix=“security”%>