Spring Boot 集成spring security4
项目GitHub地址 :
https://github.com/FrameReserve/TrainingBoot
Spring Boot (三)集成spring security,标记地址:
https://github.com/FrameReserve/TrainingBoot/releases/tag/0.0.3
pom.xml
只列举 Spring Security配置,完整配置请查看Git项目地址
- <properties>
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
- <java.version>1.8</java.version>
- <!-- 依赖版本 -->
- <mybatis.version>3.4.1</mybatis.version>
- <mybatis.spring.version>1.3.0</mybatis.spring.version>
- <spring-security.version>4.1.0.RELEASE</spring-security.version>
- </properties>
- <!-- spring security -->
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-web</artifactId>
- <version>${spring-security.version}</version>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-config</artifactId>
- <version>${spring-security.version}</version>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-taglibs</artifactId>
- <version>${spring-security.version}</version>
- </dependency>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
<!-- 依赖版本 -->
<mybatis.version>3.4.1</mybatis.version>
<mybatis.spring.version>1.3.0</mybatis.spring.version><spring-security.version>4.1.0.RELEASE</spring-security.version>
</properties>
<!-- spring security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring-security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring-security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring-security.version}</version>
</dependency>
Spring Security 配置类:
src/main/java/com/training/core/security/WebSecurityConfig.java
- package com.training.core.security;
- import java.util.ArrayList;
- import java.util.List;
- import javax.annotation.Resource;
- import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.security.access.AccessDecisionManager;
- import org.springframework.security.access.AccessDecisionVoter;
- import org.springframework.security.access.vote.AuthenticatedVoter;
- import org.springframework.security.access.vote.RoleVoter;
- import org.springframework.security.authentication.AuthenticationManager;
- import org.springframework.security.authentication.event.LoggerListener;
- import org.springframework.security.config.annotation.ObjectPostProcessor;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.core.userdetails.UserDetailsService;
- import org.springframework.security.web.access.AccessDeniedHandler;
- import org.springframework.security.web.access.AccessDeniedHandlerImpl;
- import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
- import org.springframework.security.web.access.expression.WebExpressionVoter;
- import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
- import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
- import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
- import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
- import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
- import com.training.sysmanager.service.AclResourcesService;
- import com.training.sysmanager.service.impl.AclResourcesServiceImpl;
- /**
- * Created by Athos on 2016-10-16.
- */
- @Configuration
- @EnableWebSecurity
- @EnableGlobalMethodSecurity(prePostEnabled = true)
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- @Resource
- private UserDetailsService userDetailsService;
- @Resource
- private MySecurityMetadataSource mySecurityMetadataSource;
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.addFilterAfter(MyUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
- // 开启默认登录页面
- http.authorizeRequests().anyRequest().authenticated().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
- public <O extends FilterSecurityInterceptor> O postProcess(O fsi) {
- fsi.setSecurityMetadataSource(mySecurityMetadataSource);
- fsi.setAccessDecisionManager(accessDecisionManager());
- fsi.setAuthenticationManager(authenticationManagerBean());
- return fsi;
- }
- }).and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login.html")).and().logout().logoutSuccessUrl("/index.html").permitAll();
- // 自定义accessDecisionManager访问控制器,并开启表达式语言
- http.exceptionHandling().accessDeniedHandler(accessDeniedHandler()).and().authorizeRequests().anyRequest().authenticated().expressionHandler(webSecurityExpressionHandler());
- // 自定义登录页面
- http.csrf().disable();
- // 自定义注销
- // http.logout().logoutUrl("/logout").logoutSuccessUrl("/login")
- // .invalidateHttpSession(true);
- // session管理
- http.sessionManagement().maximumSessions(1);
- // RemeberMe
- // http.rememberMe().key("webmvc#FD637E6D9C0F1A5A67082AF56CE32485");
- }
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- // 自定义UserDetailsService
- auth.userDetailsService(userDetailsService);
- }
- @Bean
- UsernamePasswordAuthenticationFilter MyUsernamePasswordAuthenticationFilter() {
- UsernamePasswordAuthenticationFilter myUsernamePasswordAuthenticationFilter = new UsernamePasswordAuthenticationFilter();
- myUsernamePasswordAuthenticationFilter.setPostOnly(true);
- myUsernamePasswordAuthenticationFilter.setAuthenticationManager(authenticationManagerBean());
- myUsernamePasswordAuthenticationFilter.setUsernameParameter("name_key");
- myUsernamePasswordAuthenticationFilter.setPasswordParameter("pwd_key");
- myUsernamePasswordAuthenticationFilter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/login", "POST"));
- myUsernamePasswordAuthenticationFilter.setAuthenticationFailureHandler(simpleUrlAuthenticationFailureHandler());
- return myUsernamePasswordAuthenticationFilter;
- }
- @Bean
- AccessDeniedHandler accessDeniedHandler() {
- AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl();
- accessDeniedHandler.setErrorPage("/securityException/accessDenied");
- return accessDeniedHandler;
- }
- @Bean
- public LoggerListener loggerListener() {
- System.out.println("org.springframework.security.authentication.event.LoggerListener");
- return new LoggerListener();
- }
- @Bean
- public org.springframework.security.access.event.LoggerListener eventLoggerListener() {
- System.out.println("org.springframework.security.access.event.LoggerListener");
- return new org.springframework.security.access.event.LoggerListener();
- }
- /*
- *
- * 这里可以增加自定义的投票器
- */
- @Bean(name = "accessDecisionManager")
- public AccessDecisionManager accessDecisionManager() {
- List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList();
- decisionVoters.add(new RoleVoter());
- decisionVoters.add(new AuthenticatedVoter());
- decisionVoters.add(webExpressionVoter());// 启用表达式投票器
- MyAccessDecisionManager accessDecisionManager = new MyAccessDecisionManager(decisionVoters);
- return accessDecisionManager;
- }
- @Bean(name = "authenticationManager")
- @Override
- public AuthenticationManager authenticationManagerBean() {
- AuthenticationManager authenticationManager = null;
- try {
- authenticationManager = super.authenticationManagerBean();
- } catch (Exception e) {
- e.printStackTrace();
- }
- return authenticationManager;
- }
- @Bean(name = "failureHandler")
- public SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler() {
- return new SimpleUrlAuthenticationFailureHandler("/getLoginError");
- }
- @Bean(name = "aclResourcesService")
- @ConditionalOnMissingBean
- public AclResourcesService aclResourcesService() {
- return new AclResourcesServiceImpl();
- }
- /*
- * 表达式控制器
- */
- @Bean(name = "expressionHandler")
- public DefaultWebSecurityExpressionHandler webSecurityExpressionHandler() {
- DefaultWebSecurityExpressionHandler webSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
- return webSecurityExpressionHandler;
- }
- /*
- * 表达式投票器
- */
- @Bean(name = "expressionVoter")
- public WebExpressionVoter webExpressionVoter() {
- WebExpressionVoter webExpressionVoter = new WebExpressionVoter();
- webExpressionVoter.setExpressionHandler(webSecurityExpressionHandler());
- return webExpressionVoter;
- }
- }
package com.training.core.security; import java.util.ArrayList;
import java.util.List; import javax.annotation.Resource; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.vote.AuthenticatedVoter;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.event.LoggerListener;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
import org.springframework.security.web.access.expression.WebExpressionVoter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher; import com.training.sysmanager.service.AclResourcesService;
import com.training.sysmanager.service.impl.AclResourcesServiceImpl; /**
- Created by Athos on 2016-10-16.
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Resource
private UserDetailsService userDetailsService; @Resource
private MySecurityMetadataSource mySecurityMetadataSource; @Override
protected void configure(HttpSecurity http) throws Exception {http.addFilterAfter(MyUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
// 开启默认登录页面
http.authorizeRequests().anyRequest().authenticated().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
public <O extends FilterSecurityInterceptor> O postProcess(O fsi) {
fsi.setSecurityMetadataSource(mySecurityMetadataSource);
fsi.setAccessDecisionManager(accessDecisionManager());
fsi.setAuthenticationManager(authenticationManagerBean());
return fsi;
}
}).and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login.html")).and().logout().logoutSuccessUrl("/index.html").permitAll();
// 自定义accessDecisionManager访问控制器,并开启表达式语言
http.exceptionHandling().accessDeniedHandler(accessDeniedHandler()).and().authorizeRequests().anyRequest().authenticated().expressionHandler(webSecurityExpressionHandler()); // 自定义登录页面
http.csrf().disable(); // 自定义注销
// http.logout().logoutUrl("/logout").logoutSuccessUrl("/login")
// .invalidateHttpSession(true); // session管理
http.sessionManagement().maximumSessions(1); // RemeberMe
// http.rememberMe().key("webmvc#FD637E6D9C0F1A5A67082AF56CE32485");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 自定义UserDetailsService
auth.userDetailsService(userDetailsService);
}@Bean
UsernamePasswordAuthenticationFilter MyUsernamePasswordAuthenticationFilter() {
UsernamePasswordAuthenticationFilter myUsernamePasswordAuthenticationFilter = new UsernamePasswordAuthenticationFilter();
myUsernamePasswordAuthenticationFilter.setPostOnly(true);
myUsernamePasswordAuthenticationFilter.setAuthenticationManager(authenticationManagerBean());
myUsernamePasswordAuthenticationFilter.setUsernameParameter("name_key");
myUsernamePasswordAuthenticationFilter.setPasswordParameter("pwd_key");
myUsernamePasswordAuthenticationFilter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/login", "POST"));
myUsernamePasswordAuthenticationFilter.setAuthenticationFailureHandler(simpleUrlAuthenticationFailureHandler());
return myUsernamePasswordAuthenticationFilter;
}@Bean
AccessDeniedHandler accessDeniedHandler() {
AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl();
accessDeniedHandler.setErrorPage("/securityException/accessDenied");
return accessDeniedHandler;
}@Bean
public LoggerListener loggerListener() {
System.out.println("org.springframework.security.authentication.event.LoggerListener");
return new LoggerListener();
}@Bean
public org.springframework.security.access.event.LoggerListener eventLoggerListener() {
System.out.println("org.springframework.security.access.event.LoggerListener");
return new org.springframework.security.access.event.LoggerListener();
}/*
- 这里可以增加自定义的投票器
*/
@Bean(name = "accessDecisionManager")
public AccessDecisionManager accessDecisionManager() {
List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList();
decisionVoters.add(new RoleVoter());
decisionVoters.add(new AuthenticatedVoter());
decisionVoters.add(webExpressionVoter());// 启用表达式投票器
MyAccessDecisionManager accessDecisionManager = new MyAccessDecisionManager(decisionVoters);
return accessDecisionManager;
}
@Bean(name = "authenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() {
AuthenticationManager authenticationManager = null;
try {
authenticationManager = super.authenticationManagerBean();
} catch (Exception e) {
e.printStackTrace();
}
return authenticationManager;
}@Bean(name = "failureHandler")
public SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler() {
return new SimpleUrlAuthenticationFailureHandler("/getLoginError");
}@Bean(name = "aclResourcesService")
@ConditionalOnMissingBean
public AclResourcesService aclResourcesService() {
return new AclResourcesServiceImpl();
}/*
- 表达式控制器
*/
@Bean(name = "expressionHandler")
public DefaultWebSecurityExpressionHandler webSecurityExpressionHandler() {
DefaultWebSecurityExpressionHandler webSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
return webSecurityExpressionHandler;
}
/*
- 表达式投票器
*/
@Bean(name = "expressionVoter")
public WebExpressionVoter webExpressionVoter() {
WebExpressionVoter webExpressionVoter = new WebExpressionVoter();
webExpressionVoter.setExpressionHandler(webSecurityExpressionHandler());
return webExpressionVoter;
}
- 这里可以增加自定义的投票器
}
自定义 UserDetailsService 用户、角色、资源获取类:
src/main/java/com/training/core/security/UserDetailsServiceImpl.java
- package com.training.core.security;
- import java.util.ArrayList;
- import java.util.List;
- import javax.annotation.Resource;
- import org.springframework.security.core.GrantedAuthority;
- import org.springframework.security.core.authority.SimpleGrantedAuthority;
- import org.springframework.security.core.userdetails.User;
- import org.springframework.security.core.userdetails.UserDetails;
- import org.springframework.security.core.userdetails.UserDetailsService;
- import org.springframework.security.core.userdetails.UsernameNotFoundException;
- import org.springframework.stereotype.Service;
- import com.training.sysmanager.entity.AclResources;
- import com.training.sysmanager.entity.AclUser;
- import com.training.sysmanager.service.AclResourcesService;
- import com.training.sysmanager.service.AclRoleResourcesService;
- import com.training.sysmanager.service.AclUserService;
- /**
- * Created by Athos on 2016-10-16.
- */
- @Service("userDetailsService")
- public class UserDetailsServiceImpl implements UserDetailsService {
- @Resource
- private AclUserService aclUserService;
- @Resource
- private AclRoleResourcesService aclRoleResourcesService;
- @Resource
- private AclResourcesService aclResourcesService;
- /* (non-Javadoc)
- * @see org.springframework.security.core.userdetails.UserDetailsService#loadUserByUsername(java.lang.String)
- */
- @Override
- public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
- List<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();
- AclUser aclUser = aclUserService.findAclUserByName(username);
- String resourceIds = aclRoleResourcesService.selectResourceIdsByRoleIds(aclUser.getRoleIds());
- List<AclResources> aclResourcesList = aclResourcesService.selectAclResourcesByResourceIds(resourceIds);
- for (AclResources aclResources : aclResourcesList) {
- auths.add(new SimpleGrantedAuthority(aclResources.getAuthority().toUpperCase()));
- }
- // auths.addAll(aclResourcesList.stream().map(resources -> new SimpleGrantedAuthority(resources.getAuthority().toUpperCase())).collect(Collectors.toList()));
- return new User(aclUser.getUserName().toLowerCase(),aclUser.getUserPwd().toLowerCase(),true,true,true,true,auths);
- }
- }
package com.training.core.security; import java.util.ArrayList;
import java.util.List; import javax.annotation.Resource; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service; import com.training.sysmanager.entity.AclResources;
import com.training.sysmanager.entity.AclUser;
import com.training.sysmanager.service.AclResourcesService;
import com.training.sysmanager.service.AclRoleResourcesService;
import com.training.sysmanager.service.AclUserService; /**
- Created by Athos on 2016-10-16.
*/
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService { @Resource
private AclUserService aclUserService;
@Resource
private AclRoleResourcesService aclRoleResourcesService;
@Resource
private AclResourcesService aclResourcesService; /* (non-Javadoc)- @see org.springframework.security.core.userdetails.UserDetailsService#loadUserByUsername(java.lang.String)
*/
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
List<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();
AclUser aclUser = aclUserService.findAclUserByName(username);
String resourceIds = aclRoleResourcesService.selectResourceIdsByRoleIds(aclUser.getRoleIds());
List<AclResources> aclResourcesList = aclResourcesService.selectAclResourcesByResourceIds(resourceIds);
for (AclResources aclResources : aclResourcesList) {
auths.add(new SimpleGrantedAuthority(aclResources.getAuthority().toUpperCase()));
}
// auths.addAll(aclResourcesList.stream().map(resources -> new SimpleGrantedAuthority(resources.getAuthority().toUpperCase())).collect(Collectors.toList()));
return new User(aclUser.getUserName().toLowerCase(),aclUser.getUserPwd().toLowerCase(),true,true,true,true,auths);
}
}
- @see org.springframework.security.core.userdetails.UserDetailsService#loadUserByUsername(java.lang.String)
自定义securityMetadataSource:
src/main/java/com/training/core/security/MySecurityMetadataSource.java
- package com.training.core.security;
- import java.util.ArrayList;
- import java.util.Collection;
- import java.util.HashMap;
- import java.util.Iterator;
- import java.util.List;
- import java.util.Map;
- import javax.servlet.http.HttpServletRequest;
- import org.springframework.security.access.ConfigAttribute;
- import org.springframework.security.access.SecurityConfig;
- import org.springframework.security.web.FilterInvocation;
- import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
- import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
- import org.springframework.security.web.util.matcher.RequestMatcher;
- import org.springframework.stereotype.Component;
- import com.training.sysmanager.entity.AclResources;
- import com.training.sysmanager.service.AclResourcesService;
- /**
- * Created by Athos on 2016-10-16.
- */
- @Component("mySecurityMetadataSource")
- public class MySecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
- private static Map<String,Collection<ConfigAttribute>> aclResourceMap = null;
- private AclResourcesService aclResourcesService;
- /**
- * 构造方法
- */
- //1
- public MySecurityMetadataSource(AclResourcesService aclResourcesService){
- this.aclResourcesService=aclResourcesService;
- loadResourceDefine();
- }
- @Override
- public Collection<ConfigAttribute> getAttributes(Object object)throws IllegalArgumentException{
- HttpServletRequest request=((FilterInvocation)object).getRequest();
- Iterator<String> ite = aclResourceMap.keySet().iterator();
- while (ite.hasNext()){
- String resURL = ite.next();
- RequestMatcher requestMatcher = new AntPathRequestMatcher(resURL);
- if(requestMatcher.matches(request)){
- return aclResourceMap.get(resURL);
- }
- }
- return null;
- }
- //4
- @Override
- public Collection<ConfigAttribute> getAllConfigAttributes() {
- System.out.println("metadata : getAllConfigAttributes");
- return null;
- }
- //3
- @Override
- public boolean supports(Class<?> clazz) {
- System.out.println("metadata : supports");
- return true;
- }
- private void loadResourceDefine(){
- /**
- * 因为只有权限控制的资源才需要被拦截验证,所以只加载有权限控制的资源
- */
- List<AclResources> aclResourceses = aclResourcesService.selectAclResourcesTypeOfRequest();
- aclResourceMap = new HashMap<>();
- for (AclResources aclResources:aclResourceses){
- ConfigAttribute ca = new SecurityConfig(aclResources.getAuthority().toUpperCase());
- String url = aclResources.getUrl();
- if(aclResourceMap.containsKey(url)){
- Collection<ConfigAttribute> value = aclResourceMap.get(url);
- value.add(ca);
- aclResourceMap.put(url,value);
- }else {
- Collection<ConfigAttribute> atts = new ArrayList<ConfigAttribute>();
- atts.add(ca);
- aclResourceMap.put(url,atts);
- }
- }
- }
- }
package com.training.core.security; import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map; import javax.servlet.http.HttpServletRequest; import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.stereotype.Component; import com.training.sysmanager.entity.AclResources;
import com.training.sysmanager.service.AclResourcesService; /**
- Created by Athos on 2016-10-16.
*/
@Component("mySecurityMetadataSource")
public class MySecurityMetadataSource implements FilterInvocationSecurityMetadataSource { private static Map<String,Collection<ConfigAttribute>> aclResourceMap = null;
private AclResourcesService aclResourcesService; /**- 构造方法
*/
//1
public MySecurityMetadataSource(AclResourcesService aclResourcesService){
this.aclResourcesService=aclResourcesService;
loadResourceDefine();
}
public Collection<ConfigAttribute> getAttributes(Object object)throws IllegalArgumentException{
HttpServletRequest request=((FilterInvocation)object).getRequest();
Iterator<String> ite = aclResourceMap.keySet().iterator();
while (ite.hasNext()){
String resURL = ite.next();
RequestMatcher requestMatcher = new AntPathRequestMatcher(resURL);
if(requestMatcher.matches(request)){
return aclResourceMap.get(resURL);
}
}
return null;
}
//4
@Override
public Collection<ConfigAttribute> getAllConfigAttributes() {
System.out.println("metadata : getAllConfigAttributes");
return null;
}
//3
@Override
public boolean supports(Class<?> clazz) {
System.out.println("metadata : supports");
return true;
} private void loadResourceDefine(){
/**
* 因为只有权限控制的资源才需要被拦截验证,所以只加载有权限控制的资源
*/
List<AclResources> aclResourceses = aclResourcesService.selectAclResourcesTypeOfRequest();
aclResourceMap = new HashMap<>();
for (AclResources aclResources:aclResourceses){
ConfigAttribute ca = new SecurityConfig(aclResources.getAuthority().toUpperCase());
String url = aclResources.getUrl();
if(aclResourceMap.containsKey(url)){
Collection<ConfigAttribute> value = aclResourceMap.get(url);
value.add(ca);
aclResourceMap.put(url,value);}else {
Collection<ConfigAttribute> atts = new ArrayList<ConfigAttribute>();
atts.add(ca);
aclResourceMap.put(url,atts);
}
}
}
}
- 构造方法
自定义AbstractAccessDecisionManager权限决策类,
src/main/java/com/training/core/security/MyAccessDecisionManager.java
- package com.training.core.security;
- import org.springframework.security.access.AccessDecisionVoter;
- import org.springframework.security.access.AccessDeniedException;
- import org.springframework.security.access.ConfigAttribute;
- import org.springframework.security.access.vote.AbstractAccessDecisionManager;
- import org.springframework.security.authentication.InsufficientAuthenticationException;
- import org.springframework.security.core.Authentication;
- import org.springframework.security.core.GrantedAuthority;
- import java.util.Collection;
- import java.util.Iterator;
- import java.util.List;
- /**
- * Created by Athos on 2016-10-16.
- */
- public class MyAccessDecisionManager extends AbstractAccessDecisionManager {
- protected MyAccessDecisionManager(List<AccessDecisionVoter<? extends Object>> decisionVoters) {
- super(decisionVoters);
- }
- @Override
- public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
- if(configAttributes==null){
- return;
- }
- Iterator<ConfigAttribute> ite = configAttributes.iterator();
- while(ite.hasNext()){
- ConfigAttribute ca = ite.next();
- String needRole = (ca).getAttribute();
- for (GrantedAuthority ga : authentication.getAuthorities()){
- if (needRole.equals(ga.getAuthority())){
- return;
- }
- }
- }
- throw new AccessDeniedException("没有权限,拒绝访问!");
- }
- @Override
- public boolean supports(ConfigAttribute attribute) {
- return false;
- }
- /**
- * Iterates through all <code>AccessDecisionVoter</code>s and ensures each can support
- * the presented class.
- * <p>
- * If one or more voters cannot support the presented class, <code>false</code> is
- * returned.
- *
- * @param clazz the type of secured object being presented
- * @return true if this type is supported
- */
- @Override
- public boolean supports(Class<?> clazz) {
- return true;
- }
- }
package com.training.core.security; import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.vote.AbstractAccessDecisionManager;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority; import java.util.Collection;
import java.util.Iterator;
import java.util.List; /**
- Created by Athos on 2016-10-16.
*/
protected MyAccessDecisionManager(List<AccessDecisionVoter<? extends Object>> decisionVoters) {
super(decisionVoters);
}
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
if(configAttributes==null){
return;
}
Iterator<ConfigAttribute> ite = configAttributes.iterator();
while(ite.hasNext()){
ConfigAttribute ca = ite.next();
String needRole = (ca).getAttribute();
for (GrantedAuthority ga : authentication.getAuthorities()){
if (needRole.equals(ga.getAuthority())){
return;
}
}
}
throw new AccessDeniedException("没有权限,拒绝访问!");
}
@Override
public boolean supports(ConfigAttribute attribute) {
return false;
}
/**
* Iterates through all <code>AccessDecisionVoter</code>s and ensures each can support
* the presented class.
* <p>
* If one or more voters cannot support the presented class, <code>false</code> is
* returned.
*
* @param clazz the type of secured object being presented
* @return true if this type is supported
*/
@Override
public boolean supports(Class<?> clazz) {
return true;
}
}
用户、角色、资源(菜单)略。
详情请看GIT完成工程。
https://github.com/FrameReserve/TrainingBoot
</div>
Spring Boot 集成spring security4的更多相关文章
- Spring Boot集成Spring Data Reids和Spring Session实现Session共享
首先,需要先集成Redis的支持,参考:http://www.cnblogs.com/EasonJim/p/7805665.html Spring Boot集成Spring Data Redis+Sp ...
- SpringBoot系列:Spring Boot集成Spring Cache,使用EhCache
前面的章节,讲解了Spring Boot集成Spring Cache,Spring Cache已经完成了多种Cache的实现,包括EhCache.RedisCache.ConcurrentMapCac ...
- SpringBoot系列:Spring Boot集成Spring Cache,使用RedisCache
前面的章节,讲解了Spring Boot集成Spring Cache,Spring Cache已经完成了多种Cache的实现,包括EhCache.RedisCache.ConcurrentMapCac ...
- Spring Boot 集成 Spring Security 实现权限认证模块
作者:王帅@CodeSheep 写在前面 关于 Spring Security Web系统的认证和权限模块也算是一个系统的基础设施了,几乎任何的互联网服务都会涉及到这方面的要求.在Java EE领 ...
- Spring boot集成spring session实现session共享
最近使用spring boot开发一个系统,nginx做负载均衡分发请求到多个tomcat,此时访问页面会把请求分发到不同的服务器,session是存在服务器端,如果首次访问被分发到A服务器,那么se ...
- Spring boot 集成Spring Security
依赖jar <dependency> <groupId>org.springframework.cloud</groupId> <artifactId> ...
- SpringBoot系列:Spring Boot集成Spring Cache
一.关于Spring Cache 缓存在现在的应用中越来越重要, Spring从3.1开始定义了org.springframework.cache.Cache和org.springframework. ...
- Spring Boot 集成 Spring Security
1.添加依赖 <dependency> <groupId>org.springframework.boot</groupId> <artifactId> ...
- Spring Boot 集成 Spring Security 入门案例教程
前言 本文作为入门级的DEMO,完全按照官网实例演示: 项目目录结构 Maven 依赖 <parent> <groupId>org.springframework.boot&l ...
随机推荐
- docker配置国内镜像
1. 配置 root@ros-OptiPlex-3050:~# cat /etc/docker/daemon.json { "graph": "/mnt/docke ...
- com.alibaba.dubbo.remoting.RemotingException: Failed to bind NettyServer on /192.168.1.13:20881, cause: Failed to bind to: /0.0.0.0:20881
抛出的异常如上,解决方案是:根据异常信息确定是端口被占用,排查项目是否启动之后没有关闭,在windows命令行中运行如下命令:netstat -ano 检查端口占用的情况,根据pid在任务管理器中杀死 ...
- iOS上架问题解决
dns问题 http://iphone.91.com/tutorial/syjc/140509/21686339.html 网络问题 手机4g开wifi,上传提交多次 时间问题 东八区下午6点上架成功 ...
- 关于java中实现在oracle数据库中实现对中文首字母进行排序的解决方案
首先介绍Oracle 9i新增加的一个系统自带的排序函数 1.按首字母排序 在oracle9i中新增了按照拼音.部首.笔画排序功能.设置NLS_SORT值 SCHINESE_RADICAL_M ...
- 给我说说你能想到几种分布式session实现
附录: https://mp.weixin.qq.com/s/8Hh4j0CjfF5S8zM29JZl2w # 面试官心理分析 面试官问了你一堆 dubbo 是怎么玩儿的,你会玩儿 dubbo 就可以 ...
- 二分查找 && 三分查找
LeetCode34. Find First and Last Position of Element in Sorted Array 题意:找出指定元素出现的范围,Ologn 思路:两次二分 cla ...
- Vue之父子组件的通信
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8&quo ...
- ueditor中FileUtils.getTempDirectory()找不到
2014-6-27 14:22:25 org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() fo ...
- hihoCoder-1109-堆优化的Prim
优先队列是由堆组成的,所以当我们使用优先队列对Prim进行优化时,就把这种优化叫做堆优化. 它的算法核心思想就是每次向后找边,每个pair存的都是下一个点,以及边权.我们对于已经走过的点就避开,这样就 ...
- nginx 部署ssl证书之后访问用火狐出现SSL_ERROR_RX_RECORD_TOO_LONG此错误,用Google出现ERR_SSL_PROTOCOL_ERROR错误
server { listen ; server_name xxx.com; ssl_certificate ssl/xxx.pem; ssl_certificate_key ssl/xxx.key; ...