欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

Spring Security入门三

程序员文章站 2024-03-19 15:37:10
...

spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
        ">

    <!--配置spring security注解-->
    <security:global-method-security pre-post-annotations="enabled"/>

    <!--1.配置不需要授权访问的资源-->
    <security:http auto-config="true" pattern="/favicon.ioc"/>
    <security:http auto-config="true" pattern="/login.jsp"/>
    <security:http auto-config="true" pattern="/login-fail.jsp"/>
    <security:http auto-config="true" pattern="/auth-fail.jsp"/>

    <!--2.配置需要授权访问的资源和访问角色权限-->
    <security:http auto-config="true" use-expressions="true">

        <!--配置三种角色,都可以访问的资源-->
        <security:intercept-url pattern="/main.jsp" access="hasAnyRole('ROLE_ADMIN', 'ROLE_READER','ROLE_OMS')"/>
        <!--配置拥有ROLE_READER角色 ,可以访问的资源-->
        <security:intercept-url pattern="/pages/checkitem.html" access="hasRole('ROLE_READER')"/>
        <!--配置用于ROLE_OMS角色,可以访问的资源-->
        <security:intercept-url pattern="/pages/checkgroup.html" access="hasRole('ROLE_OMS')"/>
        <!--配置拥有对应权限, 可以访问的资源-->
        <security:intercept-url pattern="/test/addData.do" access="hasAuthority('add')"/>
        <security:intercept-url pattern="/test/updateData.do" access="hasAuthority('update')"/>
        <security:intercept-url pattern="/test/delData.do" access="hasAuthority('delete')"/>
        <security:intercept-url pattern="/test/findData.do" access="hasAuthority('find')"/>

        <!--自定义登陆配置-->
        <security:form-login
                login-page="/login.jsp"
                default-target-url="/main.jsp"
                login-processing-url="/login.do"
                authentication-failure-url="/login-fail.jsp"/>
        <!--授权失败跳转-->
        <security:access-denied-handler error-page="/auth-fail.jsp"/>
        <!--csrf:对应CsrfFilter过滤器 disabled:如果使用自定义登录页面需要关闭此项,否则登录操作会被禁用(403) -->
        <security:csrf disabled="true"/>
        <!--配置退出-->
        <security:logout
                logout-url="/logout.do"
                logout-success-url="/login.jsp"
                invalidate-session="true"/>
    </security:http>

    <!--3.配置认证授权管理器(认证管理者、认证提供者、认证对象-->
    <security:authentication-manager>
        <!--authentication-provider:认证提供者,执行具体的认证逻辑-->
        <security:authentication-provider user-service-ref="securityUserDetailsService">
            <!--配置秘密-->
            <security:password-encoder ref="passwordEncoder"/>
        </security:authentication-provider>
    </security:authentication-manager>

    <!--配置自定义授权服务对象-->
    <bean id="securityUserDetailsService" class="com.hgd.spring.security.SecurityUserDetailsService"/>

    <!--配置BCrypt密码加密对象-->
    <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>

</beans>

spring-mvc.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xsi:schemaLocation="
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
       http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">

    <!--扫描包-->
    <context:component-scan base-package="com.hgd.spring.security"/>

    <context:component-scan base-package="com.hgd.spring.controller"/>

    <!--开启springmvc注解-->
    <mvc:annotation-driven/>

</beans>

TestSecurityController.java

package com.hgd.spring.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/test")
public class TestSecurityController {

	@PreAuthorize("hasAuthority('add')")
	@RequestMapping("/addData")
	public String addData(){
		return "add ok";
	}

	@PreAuthorize("hasAuthority('update')")
	@RequestMapping("/updateData")
	public String updateData(){
		return "update ok";
	}

	@PreAuthorize("hasAuthority('delete')")
	@RequestMapping("/delData")
	public String deleteData(){
		return "delete ok";
	}

	@PreAuthorize("hasAuthority('find')")
	@RequestMapping("/findData")
	public String findAll(){
		return "find ok";
	}
}

SecurityUserDetailsService.java

package com.hgd.spring.security;

import com.hgd.health.pojo.Permission;
import com.hgd.health.pojo.Role;
import com.hgd.health.pojo.User;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/**
 * @auther 黄国栋
 * @data 2020-07-09 16:13
 * @since
 */
public class SecurityUserDetailsService implements UserDetailsService {

    //注入加密对象
    @Autowired
    private BCryptPasswordEncoder passwordEncoder;

    private static Map<String, User> userDb=new HashMap<String, User>();

    static{
        //admin
        User userAdmin=new User();
        userAdmin.setUsername("admin");
        userAdmin.setPassword("123456");
        //用户权限和角色
        Role roleAdmin=new Role("系统管理员","ROLE_ADMIN");
        roleAdmin.getPermissions().add(new Permission("添加权限", "add"));
        roleAdmin.getPermissions().add(new Permission("删除权限", "delete"));
        roleAdmin.getPermissions().add(new Permission("修改权限", "update"));
        roleAdmin.getPermissions().add(new Permission("查询权限", "find"));
        userAdmin.getRoles().add(roleAdmin);
        userDb.put(userAdmin.getUsername(), userAdmin);

        //zhangsan
        User userZhangSan=new User();
        userZhangSan.setUsername("zhangsan");
        userZhangSan.setPassword("123456");
        //用户权限和角色
        Role roleZhangSan=new Role("数据分析员","ROLE_READER");
        roleZhangSan.getPermissions().add(new Permission("查询权限", "find"));
        userZhangSan.getRoles().add(roleZhangSan);
        userDb.put(userZhangSan.getUsername(), userZhangSan);

        //lisi
        User userLisi=new User();
        userLisi.setUsername("lisi");
        userLisi.setPassword("123456");
        //用户权限和角色
        Role roleLisi=new Role("运营管理员", "ROLE_OMS");
        roleLisi.getPermissions().add(new Permission("添加权限", "add"));
        roleLisi.getPermissions().add(new Permission("删除权限", "delete"));
        roleLisi.getPermissions().add(new Permission("更新权限", "update"));
        userLisi.getRoles().add(roleLisi);
        userDb.put(userLisi.getUsername(), userLisi);
    }

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        //根据用户名,从数据库读取数据
        User user = userDb.get(username);
        if (user == null) {
            return null;
        }
        //提取用户信息的角色与权限关键词信息
        //把用户角色与权限关键词为List<GrantedAuthority>列表
        List<GrantedAuthority> authorityList=new ArrayList<>();
        //通过当前用户,得到用户关联的每一个角色
        for (Role role:user.getRoles()) {
            //获取当前角色中的角色关键字存入到授权集合中
            authorityList.add(new SimpleGrantedAuthority(role.getKeyword()));
            //通过当前角色,得到角色关联的每一个权限
            for (Permission permission:role.getPermissions()) {
                //获取当前权限中的权限关键字存入到授权集合中
                authorityList.add(new SimpleGrantedAuthority(permission.getKeyword()));
            }
        }
        //构建UserDetails对象(使用Security框架自动的User类封装),封装用户名、密码(必须是加密 过的)及权限角色关键词列表
        String password = user.getPassword();
        String passwordByAuth=passwordEncoder.encode(password);
        UserDetails userDetails=new org.springframework.security.core.userdetails.User(user.getUsername(),passwordByAuth,authorityList);
        System.out.println("userDetails = " + userDetails);
        System.out.println("passwordByAuth = " + passwordByAuth);
        return userDetails;
    }

}

web.xml

<!DOCTYPE web-app PUBLIC
 "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
 "http://java.sun.com/dtd/web-app_2_3.dtd" >

<web-app>

  <!--配置编码器-->
  <filter>
    <filter-name>CharacterEncodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
      <param-name>encoding</param-name>
      <param-value>UTF-8</param-value>
    </init-param>
  </filter>
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
    <filter-name>CharacterEncodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <!--springmvc前端控制器-->
  <servlet>
    <servlet-name>SpringMVC</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>classpath:*.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>SpringMVC</servlet-name>
    <url-pattern>*.do</url-pattern>
  </servlet-mapping>
  
</web-app>