Spring Security入门三

spring-security.xml

spring-mvc.xml

TestSecurityController.java

package com.hgd.spring.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/test")
public class TestSecurityController {

	@PreAuthorize("hasAuthority('add')")
	@RequestMapping("/addData")
	public String addData(){
		return "add ok";
	}

	@PreAuthorize("hasAuthority('update')")
	@RequestMapping("/updateData")
	public String updateData(){
		return "update ok";
	}

	@PreAuthorize("hasAuthority('delete')")
	@RequestMapping("/delData")
	public String deleteData(){
		return "delete ok";
	}

	@PreAuthorize("hasAuthority('find')")
	@RequestMapping("/findData")
	public String findAll(){
		return "find ok";
	}
}

SecurityUserDetailsService.java

package com.hgd.spring.security;

import com.hgd.health.pojo.Permission;
import com.hgd.health.pojo.Role;
import com.hgd.health.pojo.User;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/**
 * @auther 黄国栋
 * @data 2020-07-09 16:13
 * @since
 */
public class SecurityUserDetailsService implements UserDetailsService {

    //注入加密对象
    @Autowired
    private BCryptPasswordEncoder passwordEncoder;

    private static Map userDb=new HashMap();

    static{
        //admin
        User userAdmin=new User();
        userAdmin.setUsername("admin");
        userAdmin.setPassword("123456");
        //用户权限和角色
        Role roleAdmin=new Role("系统管理员","ROLE_ADMIN");
        roleAdmin.getPermissions().add(new Permission("添加权限", "add"));
        roleAdmin.getPermissions().add(new Permission("删除权限", "delete"));
        roleAdmin.getPermissions().add(new Permission("修改权限", "update"));
        roleAdmin.getPermissions().add(new Permission("查询权限", "find"));
        userAdmin.getRoles().add(roleAdmin);
        userDb.put(userAdmin.getUsername(), userAdmin);

        //zhangsan
        User userZhangSan=new User();
        userZhangSan.setUsername("zhangsan");
        userZhangSan.setPassword("123456");
        //用户权限和角色
        Role roleZhangSan=new Role("数据分析员","ROLE_READER");
        roleZhangSan.getPermissions().add(new Permission("查询权限", "find"));
        userZhangSan.getRoles().add(roleZhangSan);
        userDb.put(userZhangSan.getUsername(), userZhangSan);

        //lisi
        User userLisi=new User();
        userLisi.setUsername("lisi");
        userLisi.setPassword("123456");
        //用户权限和角色
        Role roleLisi=new Role("运营管理员", "ROLE_OMS");
        roleLisi.getPermissions().add(new Permission("添加权限", "add"));
        roleLisi.getPermissions().add(new Permission("删除权限", "delete"));
        roleLisi.getPermissions().add(new Permission("更新权限", "update"));
        userLisi.getRoles().add(roleLisi);
        userDb.put(userLisi.getUsername(), userLisi);
    }

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        //根据用户名，从数据库读取数据
        User user = userDb.get(username);
        if (user == null) {
            return null;
        }
        //提取用户信息的角色与权限关键词信息
        //把用户角色与权限关键词为List列表
        List authorityList=new ArrayList<>();
        //通过当前用户，得到用户关联的每一个角色
        for (Role role:user.getRoles()) {
            //获取当前角色中的角色关键字存入到授权集合中
            authorityList.add(new SimpleGrantedAuthority(role.getKeyword()));
            //通过当前角色，得到角色关联的每一个权限
            for (Permission permission:role.getPermissions()) {
                //获取当前权限中的权限关键字存入到授权集合中
                authorityList.add(new SimpleGrantedAuthority(permission.getKeyword()));
            }
        }
        //构建UserDetails对象（使用Security框架自动的User类封装），封装用户名、密码（必须是加密 过的）及权限角色关键词列表
        String password = user.getPassword();
        String passwordByAuth=passwordEncoder.encode(password);
        UserDetails userDetails=new org.springframework.security.core.userdetails.User(user.getUsername(),passwordByAuth,authorityList);
        System.out.println("userDetails = " + userDetails);
        System.out.println("passwordByAuth = " + passwordByAuth);
        return userDetails;
    }

}

web.xml

  
  
    CharacterEncodingFilter
    org.springframework.web.filter.CharacterEncodingFilter
    
      encoding
      UTF-8
    
  
    
        springSecurityFilterChain
        org.springframework.web.filter.DelegatingFilterProxy
    
    
    CharacterEncodingFilter
    /*
  
    
        springSecurityFilterChain
        /*
    

    
  
    SpringMVC
    org.springframework.web.servlet.DispatcherServlet
    
      contextConfigLocation
      classpath:*.xml
    
    1
  
  
    SpringMVC
    *.do