用户管理系统 权限

主要涉及到用户管理系统的权限问题。

用过滤器来实现：

UserInfoController.java

@RequestMapping("login.do")
public ModelAndView login(UserInfo userInfo, HttpServletRequest request){
    ModelAndView mv=new ModelAndView();
    if(userInfo.getUsername()==null){
        mv.setViewName("../index");
    }else{
        boolean flag=userInfoService.login(userInfo);
        if(flag){
            mv.setViewName("main");
            request.getSession().setAttribute("userinfo",userInfo);
        }
        else{
            mv.setViewName("../failer");
        }
    }
    return mv;
}

LoginFilter.java

package test.filter;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

public class LoginFilter implements Filter{

    @Override
    public void init(FilterConfig filterConfig) throws ServletException {

    }

    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request=(HttpServletRequest)servletRequest;
        HttpServletResponse response=(HttpServletResponse)servletResponse;
        HttpSession session=request.getSession();
        if(session.getAttribute("userinfo")==null && request.getRequestURI().indexOf("/user/login.do")==-1){
            response.sendRedirect(request.getContextPath()+"/user/login.do");
        }else{
            filterChain.doFilter(request,response);
        }
    }

    @Override
    public void destroy() {

    }
}

web.xml

  loginFilter
  test.filter.LoginFilter


  loginFilter
  *.do

框架实现

先将前面代码删除，然后用springsecurity框架实现：

1. 认证：判断用户名密码是否正确
2. 授权：看某个角色是否有权利执行某些操作

导架包：导入spring-security.xml，将下列信息拷贝到pom.xml：

5.0.1.RELEASE


......

    org.springframework.security
    spring-security-web
    ${spring.security.version}


    org.springframework.security
    spring-security-config
    ${spring.security.version}


    org.springframework.security
    spring-security-core
    ${spring.security.version}


    org.springframework.security
    spring-security-taglibs
    ${spring.security.version}

web.xml

  springSecurityFilterChain
  org.springframework.web.filter.DelegatingFilterProxy

  
    springSecurityFilterChain
    /*
  

创建表

Role.java

package test.bean;

public class Role {
    private int id;
    private String rolename;
    private String roleDesc;

    public int getId() {
        return id;
    }

    public void setId(int id) {
        this.id = id;
    }

    public String getRolename() {
        return rolename;
    }

    public void setRolename(String rolename) {
        this.rolename = rolename;
    }

    public String getRoleDesc() {
        return roleDesc;
    }

    public void setRoleDesc(String roleDesc) {
        this.roleDesc = roleDesc;
    }

    @Override
    public String toString() {
        return "Role{" +
            "id=" + id +
            ", rolename='" + rolename + '\'' +
            ", roleDesc='" + roleDesc + '\'' +
            '}';
    } 
}

IRoleDao.java

package test.dao;

import test.bean.Role;

import java.util.List;

public interface IRoleDao {
    List findRoleByUserId(int id);
}

UserInfoServiceImpl.java

package test.service.impl;

import com.github.pagehelper.PageHelper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import test.bean.UserInfo;
import test.bean.Role;
import test.dao.IUserInfoDao;
import test.dao.IRoleDao;
import test.service.IUserInfoService;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

@Service("userInfoService")
public class UserInfoServiceImpl implements IUserInfoService {

    @Autowired
    private IUserInfoDao userInfoDao;

    @Autowired
    private IRoleDao roleDao;

    @Override
    public List findAll(int page,int size) {
        PageHelper.startPage(page,size);
        return userInfoDao.findAll();
    }

    @Override
    public boolean login(UserInfo userInfo) {
        UserInfo user=userInfoDao.login(userInfo);
        if(user!=null){
            return true;
        }
        else
            return false;
    }

    @Override
    public void update(UserInfo userInfo) {
        userInfoDao.update(userInfo);
    }

    @Override
    public void add(UserInfo userInfo) {
        userInfoDao.add(userInfo);
    }

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        UserInfo userInfo=userInfoDao.findByUserName(username);
        List roles=roleDao.findRoleByUserId(userinfo.getId());
        userInfo.setRoles(roles);
        User user=new User(userInfo.getUsername(),"{noop}"+userInfo.getPassword(),getAuthority(roles));
        return user;
    }

    private Collection getAuthority(List roles) {
        List list=new ArrayList<>();
        for(Role role:roles){
            list.add(new SimpleGrantedAuthority("ROLE_"+role.getRolename()));
        }
        return list;
    }
}

RoleMapper.xml

    
          select * from role where id in (select roleid from user_role where userid=#{userid})