搭建Spring Security实现用户权限管理

一、导入Maven依赖

1. 打开pom.xml
2. 添加版本号

<spring.security.version>5.0.1.RELEASEspring.security.version>

   
   
   
   

   
   
   
   

3. 添加依赖

        <dependency>
            <groupId>org.springframework.securitygroupId>
            <artifactId>spring-security-webartifactId>
            <version>${spring.security.version}version>
        dependency>
        <dependency>
            <groupId>org.springframework.securitygroupId>
            <artifactId>spring-security-configartifactId>
            <version>${spring.security.version}version>
        dependency>
        <dependency>
            <groupId>org.springframework.securitygroupId>
            <artifactId>spring-security-coreartifactId>
            <version>${spring.security.version}version>
        dependency>
        <dependency>
            <groupId>org.springframework.securitygroupId>
            <artifactId>spring-security-taglibsartifactId>
            <version>${spring.security.version}version>
        dependency>

等待IDEA自动导入JAR包

二、添加spring-security.xml

1. 在resources文件夹中新建spring-security.xml文件
2. 向spring-security添加以下配置

3. 可以看到，在spring-security.xml中配置了两个角色ROLE_ADMIN和ROLE_USER
4. 可以看到，调用认证的Service名称为userSerice

三、在web.xml中配置Spring Security过滤器

1. 打开web.xml
2. 添加下列代码

    <filter>
        <filter-name>springSecurityFilterChainfilter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxyfilter-class>
    filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChainfilter-name>
        <url-pattern>/*url-pattern>
    filter-mapping>

四、在web.xml中配置spring-security.xml

1. 打开web.xml
2. 在节点的中添加classpath*:spring-security.xml，多个xml路径使用;连接

    <context-param>
        <param-name>contextConfigLocationparam-name>
        <param-value>classpath*:applicationContext.xml;classpath*:spring-security.xmlparam-value>
    context-param>
五、编写Service层

   
   
   
   


    
    
    
    
用IUseSerivce实现UserDetailsService接口，用UserSerivce实现IUserSerivce

    
    
    
    
使用@Service("userService")标注UserSerivce的名称，与spring-security.xml对应

    
    
    
    
在UserSerivce中实现public UserDetails loadUserByUsername(String s)方法，s为用户名

    
    
    
    
根据用户名调用DAO层，查询UserInfo和RoleInfo，获得用户信息和角色信息

    
    
    
    
该改写角色名称，获得List< SimpleGrantedAuthority >角色列表

    
    
    
    
将用户名、密码和角色列表填入User对象

    
    
    
    
示例代码

   
   
   
   
    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        UserInfo userInfo = userDao.getByUsername(s);
        User user = null;
        if (userInfo != null) {
            List<RoleInfo> roleInfos = roleDao.getByUserId(userInfo.getId());
            user = new User(userInfo.getUsername(), "{noop}" + userInfo.getPassword(), getAuthorities(roleInfos));
        }
        return user;
    }

五、编写Service层

1.用IUseSerivce实现UserDetailsService接口，用UserSerivce实现IUserSerivce
2.使用@Service(“userService”)标注UserSerivce的名称，与spring-security.xml对应
3.在UserSerivce中实现public UserDetails loadUserByUsername(String s)方法，s为用户名
4.根据用户名调用DAO层，查询UserInfo和RoleInfo，获得用户信息和角色信息
5.该改写角色名称，获得List< SimpleGrantedAuthority >角色列表
6.将用户名、密码和角色列表填入User对象

@Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        UserInfo userInfo = userDao.getByUsername(s);
        User user = null;
        if (userInfo != null) {
            List roleInfos = roleDao.getByUserId(userInfo.getId());
            user = new User(userInfo.getUsername(), "{noop}" + userInfo.getPassword(), getAuthorities(roleInfos));
        }
        return user;
    }

    private List getAuthorities(List roleInfos) {
        List list = new ArrayList<>();
        for (RoleInfo roleInfo : roleInfos) {
            list.add(new SimpleGrantedAuthority("ROLE_" + roleInfo.getRolename()));
        }
        return list;
    }

六、在JSP中使用Spring Securiry

1.使用显示用户名
2.使用判断角色类型，并进行条件显示