- 本文章摘编、转载需要注明来源 http://write.blog.csdn.net/postedit/8575062
spring security3中的权限管理虽然有文件可配置,但是很多时候我们是需要数据库的支持,下面我演示下如何配置自定义权限管理,这个时候需要重新实现下面的类,
该文章适合对spring security3 有一定理解的人员
AccessDecisionManager是验证资源跟角色之间的关系,由于我个人不太喜欢用标签化,因为感觉灵活性不够好,所以我统一是用bean方式,至于用bean来描述是需要对security的
过滤链流程和各个属性依赖关系比较熟悉的了解才可以配置成功,这样灵活性大大加强
-
-
-
-
-
-
-
- public class AccessDecisionManagerImpl implements AccessDecisionManager {
-
- public void decide(Authentication authentication, Object object,
- Collection attributes)
- throws AccessDeniedException, InsufficientAuthenticationException {
- if (null == attributes)
- return;
- for (ConfigAttribute attribute : attributes) {
- String needRole = ((SecurityConfig) attribute).getAttribute();
-
- for (GrantedAuthority grantedAuthority : authentication
- .getAuthorities()) {
- if (needRole.equals(grantedAuthority.getAuthority()))
- return;
- }
- }
- throw new AccessDeniedException("权限不足!");
- }
-
- public boolean supports(ConfigAttribute attribute) {
- return true;
- }
-
- public boolean supports(Class> clazz) {
- return true;
- }
- }
SecurityMetadataSource是角色跟资源加载器,项目启动的时候会先执行资源跟角色关联加载提供给security以便认证
FilterSecurityInterceptor是资源访问第一个需要经过的过滤器,这个类我们还是不需要重写了,直接使用spring security提供的比较
具体路径org.springframework.security.web.access.intercept.FilterSecurityInterceptor
UserDetailsService这个类security的form表单登录处理
-
-
-
-
-
-
-
- public class UserDetailsServiceImpl implements UserDetailsService {
-
- private UserService userService;
- private RoleService roleService;
-
- public UserService getUserService() {
- return userService;
- }
-
- @Resource
- public void setUserService(UserService userService) {
- this.userService = userService;
- }
-
- public RoleService getRoleService() {
- return roleService;
- }
-
- @Resource
- public void setRoleService(RoleService roleService) {
- this.roleService = roleService;
- }
-
- public UserDetails loadUserByUsername(String username)
- throws UsernameNotFoundException {
-
-
- List users = this.userService.findByUserName(username);
-
- if (null == users || users.isEmpty())
- throw new UsernameNotFoundException("用户/密码错误,请重新输入!");
-
- User user = users.get(0);
- List roles = this.roleService.findByUserId(user.getId());
- if (null == roles || roles.isEmpty())
- throw new UsernameNotFoundException("权限不足!");
-
- Collection gaRoles = new ArrayList();
- for (Role role : roles) {
- gaRoles.add(new SimpleGrantedAuthority(role.getName()));
- }
- user.setAuthorities(gaRoles);
- return user;
- }
-
- }
三个类都准备好了现在去配置xml文件,先声明三个类的bean
-
- "userDetailsService"
- class="com.shadow.security.service.UserDetailsServiceImpl" />
-
-
- "accessDecisionManager"
- class="com.shadow.security.service.AccessDecisionManagerImpl" />
-
-
- "securityMetadataSource"
- class="com.shadow.security.service.SecurityMetadataSourceExtendImpl">
- "matcher" value="ant" />
-
然后配置filterSecurityInterceptor,我们不再用security提供的实现类,而是使用我们刚刚写的实现类
-
- "filterSecurityInterceptor"
- class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
- "authenticationManager"
- ref="authenticationManager" />
- "accessDecisionManager"
- ref="accessDecisionManager" />
- "securityMetadataSource"
- ref="securityMetadataSource" />
-
至于authenticationManager的注入如下(rememberMeAuthenticationProvider可不注入,这个东西是记住密码功能需要用到的玩意)
-
- "authenticationManager"
- class="org.springframework.security.authentication.ProviderManager">
- "providers">
-
-
["daoAuthenticationProvider"] />
-
["rememberMeAuthenticationProvider"] />
-
-
-
-
-
- "daoAuthenticationProvider"
- class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
- "hideUserNotFoundExceptions" value="false"/>
- "userDetailsService" ref="userDetailsService" />
- "passwordEncoder" ref="passwordEncoder" />
- "saltSource" ref="saltSource" />
-
-
-
- "passwordEncoder"
- class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
-
-
- "saltSource"
- class="org.springframework.security.authentication.dao.ReflectionSaltSource">
- "userPropertyToUse" value="username" />
-
然后配置我们的过滤链
-
- "securityFilterChainProxy"
- class="org.springframework.security.web.FilterChainProxy">
-
-
- "/services/**"
- filters="none" />
- "/test*" filters="none" />
- "/**"
- filters="concurrentSessionFilter,securityContextPersistenceFilter,logoutFilter,usernamePasswordAuthenticationFilter,rememberMeAuthenticationFilter,sessionManagementFilter,anonymousAuthFilter,exceptionTranslationFilter,filterSecurityInterceptor" />
-
-
-