<?xml version="1.0" encoding="UTF-8"?>

 <beans xmlns="http://www.springframework.org/schema/beans"

        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

        xmlns:security="http://www.springframework.org/schema/security"

        xsi:schemaLocation="http://www.springframework.org/schema/beans

                 http://www.springframework.org/schema/beans/spring-beans.xsd

                 http://www.springframework.org/schema/security

                 http://www.springframework.org/schema/security/spring-security.xsd

                ">

     <!--认证-->

     <security:authentication-manager>

         <!--数据库认证 user-service-ref配置实现了UserDetailsService接口的bean-->

         <security:authentication-provider user-service-ref="userInfoService">

             <!--加密方式-->

             <!-- 配置加密的方式

                 <security:password-encoder ref="passwordEncoder"/>

             -->

             <!--xml配置认证-->

             <!--

                 <security:user-service>

                     <security:user name="admin" password="{noop}admin" authorities="ROLE_ADMIN" />

                 </security:user-service>

             -->

         </security:authentication-provider>

     </security:authentication-manager>

     <!--配置不过滤的资源-->

     <security:http security="none" pattern="/login.jsp"/>

     <security:http security="none" pattern="/failer.jsp"/>

     <security:http security="none" pattern="/css/**"/>

     <security:http security="none" pattern="/img/**"/>

     <security:http security="none" pattern="/plugins/**"/>

     <!--授权-->

     <security:http auto-config="true" use-expressions="false">

         <security:intercept-url pattern="/**" access="ROLE_管理员"/>

         <!--自定义登录-->

         <security:form-login

                 login-page="/login.jsp" login-processing-url="/login"

                 username-parameter="user" password-parameter="password"

                 default-target-url="/index.jsp" authentication-failure-url="/failer.jsp"/>

         <!--注销-->

         <security:logout logout-url="/logoutxx.do" invalidate-session="true" logout-success-url="/login.jsp"></security:logout>

         <!--关闭跨站请求伪造-->

         <security:csrf disabled="true" />

     </security:http>

 </beans>

spring-security.xml

 <?xml version="1.0" encoding="UTF-8"?>

 <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"

          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

          xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"

          version="3.1">

     <!--spring容器监听器-->

     <listener>

         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

     </listener>

     <context-param>

         <param-name>contextConfigLocation</param-name>

         <param-value>classpath:applicationContext.xml,classpath:spring-security.xml</param-value>

     </context-param>

     <!--配置SpringSecurity的过滤器-->

     <filter>

         <filter-name>springSecurityFilterChain</filter-name>

         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

     </filter>

     <filter-mapping>

         <filter-name>springSecurityFilterChain</filter-name>

         <url-pattern>/*</url-pattern>

     </filter-mapping>

     <!--springmvc前端控制器-->

     <servlet>

         <servlet-name>app</servlet-name>

         <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

         <init-param>

             <param-name>contextConfigLocation</param-name>

             <param-value>classpath:spring-mvc.xml</param-value>

         </init-param>

         <load-on-startup>1</load-on-startup>

     </servlet>

     <servlet-mapping>

         <servlet-name>app</servlet-name>

         <url-pattern>*.do</url-pattern>

     </servlet-mapping>

     <!--编码过滤-->

     <filter>

         <filter-name>CharacterEncodingFilter</filter-name>

         <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>

         <init-param>

             <param-name>encoding</param-name>

             <param-value>UTF-8</param-value>

         </init-param>

     </filter>

     <filter-mapping>

         <filter-name>CharacterEncodingFilter</filter-name>

         <url-pattern>/*</url-pattern>

     </filter-mapping>

 </web-app>

web.xml

 package cn.itcast.ssm.service;

 import org.springframework.security.core.userdetails.UserDetailsService;

 public interface IUserInfoService extends UserDetailsService {

 }

IUserInfoService.java

 package cn.itcast.ssm.service.impl;

 import cn.itcast.ssm.dao.IUserInfoDao;

 import cn.itcast.ssm.domain.Role;

 import cn.itcast.ssm.domain.UserInfo;

 import cn.itcast.ssm.service.IUserInfoService;

 import org.springframework.beans.factory.annotation.Autowired;

 import org.springframework.security.core.GrantedAuthority;

 import org.springframework.security.core.authority.SimpleGrantedAuthority;

 import org.springframework.security.core.userdetails.User;

 import org.springframework.security.core.userdetails.UserDetails;

 import org.springframework.security.core.userdetails.UsernameNotFoundException;

 import org.springframework.stereotype.Service;

 import java.util.ArrayList;

 import java.util.Collection;

 import java.util.List;

 @Service("userInfoService")

 public class UserInfoServiceImpl implements IUserInfoService {

     @Autowired

     private IUserInfoDao userInfoDao;

     @Override

     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

         //根据用户用查询用户

         UserInfo userInfo = null;

         try {

             userInfo = userInfoDao.findByUserName(username);

         } catch (Exception e) {

             e.printStackTrace();

         }

         //将查询出的用户转换为UserDetails

         User user = null;

         if(userInfo != null){

 //            user = new User(userInfo.getUsername(), "{noop}" + userInfo.getPassword(), getAuthorities(userInfo.getRoleList()));

             user = new User(userInfo.getUsername(), "{noop}" + userInfo.getPassword(),

                     userInfo.getStatus() == 1 ? true : false, true, true, true,

                     getAuthorities(userInfo.getRoleList()));

         }

         return user;

     }

     private Collection<SimpleGrantedAuthority> getAuthorities(List<Role> roleList) {

         List<SimpleGrantedAuthority> authorities = new ArrayList<>();

         for (Role role : roleList) {

             SimpleGrantedAuthority auth = new SimpleGrantedAuthority("ROLE_" + role.getRoleName());

             authorities.add(auth);

         }

         return authorities;

     }

 }

UserInfoServiceImpl

SpringSecurity为项目加入权限控制的更多相关文章

  1. Vue 动态路由的实现以及 Springsecurity 按钮级别的权限控制

    思路: 动态路由实现:在导航守卫中判断用户是否有用户信息,通过调用接口,拿到后台根据用户角色生成的菜单树,格式化菜单树结构信息并递归生成层级路由表并使用Vuex保存,通过 router.addRout ...

  2. crm---本项目的权限控制模式

    一:url权限:  最底层的权限控制,,缺点在与没有预判的机制,造成客户体验下降.           前提: 为controller中的每一个方法(即资源)定义一个资源(Resource)名称,,该 ...

  3. 轻松上手SpringBoot+SpringSecurity+JWT实RESTfulAPI权限控制实战

    前言 我们知道在项目开发中,后台开发权限认证是非常重要的,springboot 中常用熟悉的权限认证框架有,shiro,还有就是springboot 全家桶的 security当然他们各有各的好处,但 ...

  4. lin-cms-dotnetcore.是如何方法级别的权限控制的?

    方法级别的权限控制(API级别) Lin的定位在于实现一整套 CMS的解决方案,它是一个设计方案,提供了不同的后端,不同的前端,而且也支持不同的数据库 目前官方团队维护 lin-cms-vue,lin ...

  5. 基于RBAC的权限控制浅析(结合Spring Security)

    嗯,昨天面试让讲我的项目,让我讲讲项目里权限控制那一块的,讲的很烂.所以整理一下. 按照面试官的提问流程来讲: 一.RBAC是个啥东西了? RBAC(Role-Based Access Control ...

  6. springmvc+spring+mybatis+maven项目集成shiro进行用户权限控制【转】

    项目结构:   1.maven项目的pom中引入shiro所需的jar包依赖关系 ? 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 ...

  7. SpringSecurity 3.2入门(7)自定义权限控制介绍

    总结Spring Security的使用方法有如下几种: 一种是全部利用配置文件,将用户.权限.资源(url)硬编码在xml文件中. 二种是用户和权限用数据库存储,而资源(url)和权限的对应关系硬编 ...

  8. 【SpringSecurity系列3】基于Spring Webflux集成SpringSecurity实现前后端分离无状态Rest API的权限控制

    源码传送门: https://github.com/ningzuoxin/zxning-springsecurity-demos/tree/master/02-springsecurity-state ...

  9. 【SpringSecurity系列1】基于SpringSecurity实现前后端分离无状态Rest API的权限控制

    源码传送门: https://github.com/ningzuoxin/zxning-springsecurity-demos/tree/master/01-springsecurity-state ...

随机推荐

  1. Android SDK和NDK

    NDK是用来给安卓手机开发软件用的,但是和SDK不同的是它用的是C语言,而SDK用的是Java语言.NDK开发的软件在安卓的环境里是直接运行的,一般只能在特定的CPU指令集的机器上运行,而且C语言可以 ...

  2. SpringBoot_Exception_02_Failed to execute goal org.springframework.boot:spring-boot-maven-plugin:1.5.6.RELEASE:run

    一.现象 上一个异常解决之后,出现了这个异常: [WARNING] The requested profile "pom.xml" could not be activated b ...

  3. Linux 查看并删除.svn目录

    1. find . -type d -name ".svn"|xargs rm -rf

  4. codeforces 651E E. Table Compression(贪心+并查集)

    题目链接: E. Table Compression time limit per test 4 seconds memory limit per test 256 megabytes input s ...

  5. MAC OS Sierra 10.12.6 下对固态硬盘SSD 开启TRIM功能

    这个是对于不是mac原装SSD的情况下才做的操作... 大家都知道,苹果店卖的SSD硬盘那怕就是一个256G的也要1000多人民币,而市场上的也就400-500左右人民币,整整少了一半还要多,可见JS ...

  6. CodeForces - 660F:Bear and Bowling 4(DP+斜率优化)

    Limak is an old brown bear. He often goes bowling with his friends. Today he feels really good and t ...

  7. java面试题04

    1.就你所熟悉的银行业务面说一下,越详细越好 银行经验:手机银行  网上银行经验  怎么支付  转账  了解基本业务 2.了解工作流的控制,审批流程以及帐务处理么? java中怎么实现工作流.审批流程 ...

  8. 物化视图基础概念、mview跨库迁移表

    概念:物化视图是一种特殊的物理表,“物化”(Materialized)视图是相对普通视图而言的.普通视图是虚拟表,应用的局限性大,任何对视图的查询,Oracle都实际上转换为视图SQL语句的查询.这样 ...

  9. CF 504 E —— Misha and LCP on Tree —— 树剖+后缀数组

    题目:http://codeforces.com/contest/504/problem/E 快速查询LCP,可以用后缀数组,但树上的字符串不是一个序列: 所以考虑转化成序列—— dfs 序! 普通的 ...

  10. 洛谷P3373线段树模板2

    题目:https://www.luogu.org/problemnew/show/P3373 带乘的线段树,更新时把加的标记也乘一下,然后取值时先乘后加. 代码如下: #include<iost ...