SpringSecurity为项目加入权限控制
2020-12-13 03:07
标签:用户 access mapping ant trace efault roc factor inf SpringSecurity为项目加入权限控制 标签:用户 access mapping ant trace efault roc factor inf 原文地址:https://www.cnblogs.com/mozq/p/11067653.html
1 xml version="1.0" encoding="UTF-8"?>
2 beans xmlns="http://www.springframework.org/schema/beans"
3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4 xmlns:security="http://www.springframework.org/schema/security"
5 xsi:schemaLocation="http://www.springframework.org/schema/beans
6 http://www.springframework.org/schema/beans/spring-beans.xsd
7 http://www.springframework.org/schema/security
8 http://www.springframework.org/schema/security/spring-security.xsd
9 ">
10
11
12 security:authentication-manager>
13
14 security:authentication-provider user-service-ref="userInfoService">
15
16
19
20
21
26 security:authentication-provider>
27 security:authentication-manager>
28
29
30 security:http security="none" pattern="/login.jsp"/>
31 security:http security="none" pattern="/failer.jsp"/>
32 security:http security="none" pattern="/css/**"/>
33 security:http security="none" pattern="/img/**"/>
34 security:http security="none" pattern="/plugins/**"/>
35
36
37 security:http auto-config="true" use-expressions="false">
38 security:intercept-url pattern="/**" access="ROLE_管理员"/>
39
40
41 security:form-login
42 login-page="/login.jsp" login-processing-url="/login"
43 username-parameter="user" password-parameter="password"
44 default-target-url="/index.jsp" authentication-failure-url="/failer.jsp"/>
45
46
47 security:logout logout-url="/logoutxx.do" invalidate-session="true" logout-success-url="/login.jsp">security:logout>
48
49
50 security:csrf disabled="true" />
51 security:http>
52 beans>
1 xml version="1.0" encoding="UTF-8"?>
2 web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4 xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
5 version="3.1">
6
7
8 listener>
9 listener-class>org.springframework.web.context.ContextLoaderListenerlistener-class>
10 listener>
11
12 context-param>
13 param-name>contextConfigLocationparam-name>
14 param-value>classpath:applicationContext.xml,classpath:spring-security.xmlparam-value>
15 context-param>
16
17
18 filter>
19 filter-name>springSecurityFilterChainfilter-name>
20 filter-class>org.springframework.web.filter.DelegatingFilterProxyfilter-class>
21 filter>
22 filter-mapping>
23 filter-name>springSecurityFilterChainfilter-name>
24 url-pattern>/*url-pattern>
25 filter-mapping>
26
27
28 servlet>
29 servlet-name>appservlet-name>
30 servlet-class>org.springframework.web.servlet.DispatcherServletservlet-class>
31 init-param>
32 param-name>contextConfigLocationparam-name>
33 param-value>classpath:spring-mvc.xmlparam-value>
34 init-param>
35 load-on-startup>1load-on-startup>
36 servlet>
37
38 servlet-mapping>
39 servlet-name>appservlet-name>
40 url-pattern>*.dourl-pattern>
41 servlet-mapping>
42
43
44
45 filter>
46 filter-name>CharacterEncodingFilterfilter-name>
47 filter-class>org.springframework.web.filter.CharacterEncodingFilterfilter-class>
48 init-param>
49 param-name>encodingparam-name>
50 param-value>UTF-8param-value>
51 init-param>
52 filter>
53 filter-mapping>
54 filter-name>CharacterEncodingFilterfilter-name>
55 url-pattern>/*url-pattern>
56 filter-mapping>
57
58 web-app>
1 package cn.itcast.ssm.service;
2
3 import org.springframework.security.core.userdetails.UserDetailsService;
4
5 public interface IUserInfoService extends UserDetailsService {
6
7 }
1 package cn.itcast.ssm.service.impl;
2
3 import cn.itcast.ssm.dao.IUserInfoDao;
4 import cn.itcast.ssm.domain.Role;
5 import cn.itcast.ssm.domain.UserInfo;
6 import cn.itcast.ssm.service.IUserInfoService;
7 import org.springframework.beans.factory.annotation.Autowired;
8 import org.springframework.security.core.GrantedAuthority;
9 import org.springframework.security.core.authority.SimpleGrantedAuthority;
10 import org.springframework.security.core.userdetails.User;
11 import org.springframework.security.core.userdetails.UserDetails;
12 import org.springframework.security.core.userdetails.UsernameNotFoundException;
13 import org.springframework.stereotype.Service;
14
15 import java.util.ArrayList;
16 import java.util.Collection;
17 import java.util.List;
18
19 @Service("userInfoService")
20 public class UserInfoServiceImpl implements IUserInfoService {
21
22 @Autowired
23 private IUserInfoDao userInfoDao;
24
25 @Override
26 public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
27 //根据用户用查询用户
28 UserInfo userInfo = null;
29 try {
30 userInfo = userInfoDao.findByUserName(username);
31 } catch (Exception e) {
32 e.printStackTrace();
33 }
34 //将查询出的用户转换为UserDetails
35 User user = null;
36 if(userInfo != null){
37 // user = new User(userInfo.getUsername(), "{noop}" + userInfo.getPassword(), getAuthorities(userInfo.getRoleList()));
38 user = new User(userInfo.getUsername(), "{noop}" + userInfo.getPassword(),
39 userInfo.getStatus() == 1 ? true : false, true, true, true,
40 getAuthorities(userInfo.getRoleList()));
41 }
42 return user;
43 }
44
45 private Collection
