`
从百草园到三味书屋
  • 浏览: 52284 次
  • 性别: Icon_minigender_1
  • 来自: 杭州
社区版块
存档分类
最新评论

基于spring security3的权限 应用

 
阅读更多
1.创建mavn项目,导入一些必须的包:
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>com.ymq</groupId>
	<artifactId>map</artifactId>
	<packaging>war</packaging>
	<version>0.0.1-SNAPSHOT</version>
	<name>map Maven Webapp</name>
	<url>http://maven.apache.org</url>
	<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
		<hibernate-annotations.version>3.4.0.GA</hibernate-annotations.version>
		<hibernate-c3p0.version>3.3.2.GA</hibernate-c3p0.version>
		<hibernate-validator.version>4.0.2.GA</hibernate-validator.version>
		<hibernate.show_sql>true</hibernate.show_sql>
		<m.jdbc.url>jdbc:mysql://172.19.4.157/wxps</m.jdbc.url>
		<m.jdbc.username>root</m.jdbc.username>
		<m.jdbc.password>admin</m.jdbc.password>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
	</properties>
	<dependencies>
		<dependency>
			<groupId>org.slf4j</groupId>
			<artifactId>slf4j-log4j12</artifactId>
			<version>1.6.1</version>
		</dependency>
		<dependency>
			<groupId>opensymphony</groupId>
			<artifactId>sitemesh</artifactId>
			<version>2.4.1</version>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-orm</artifactId>
			<version>3.0.5.RELEASE</version>
		</dependency>
		
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-taglibs</artifactId>
			<version>3.0.5.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-config</artifactId>
			<version>3.0.5.RELEASE</version>
		</dependency>
		
		<dependency>
        	<groupId>mysql</groupId>
        	<artifactId>mysql-connector-java</artifactId>
        	<version>5.0.5</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-webmvc</artifactId>
			<version>3.0.5.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-test</artifactId>
			<version>3.0.5.RELEASE</version>
			<scope>test</scope>
		</dependency>
		<dependency>
			<groupId>commons-lang</groupId>
			<artifactId>commons-lang</artifactId>
			<version>2.5</version>
		</dependency>
		<dependency>
			<groupId>commons-io</groupId>
			<artifactId>commons-io</artifactId>
			<version>1.4</version>
		</dependency>
		<dependency>
			<groupId>commons-fileupload</groupId>
			<artifactId>commons-fileupload</artifactId>
			<version>1.2.2</version>
		</dependency>
		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>servlet-api</artifactId>
			<version>2.5</version>
			<scope>provided</scope>
		</dependency>
		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>jstl</artifactId>
			<version>1.2</version>
			<type>jar</type>
			<scope>compile</scope>
		</dependency>
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-annotations</artifactId>
			<version>${hibernate-annotations.version}</version>
		</dependency>
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-c3p0</artifactId>
			<version>${hibernate-c3p0.version}</version>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>org.javassist</groupId>
			<artifactId>javassist</artifactId>
			<version>3.14.0-GA</version>
			<scope>runtime</scope>
		</dependency>
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-proxool</artifactId>
			<version>3.3.2.GA</version>
			<scope>runtime</scope>
		</dependency>
	</dependencies>
	<build>
		<finalName>map</finalName>
		<plugins>
			<plugin>
				<groupId>org.codehaus.mojo</groupId>
				<artifactId>tomcat-maven-plugin</artifactId>
				<version>1.1</version>
				<configuration>
					<path>/</path>
					<port>8088</port>
					<warSourceDirectory>src/main/webapp</warSourceDirectory>
					<tomcatWebXml>webapp/WEB-INF/web.xml</tomcatWebXml>
				</configuration>
			</plugin>
		</plugins>
	</build>
</project>

2.编写web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee   
                         http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>classpath:spring-*.xml</param-value>
	</context-param>

	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>

	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<filter>
		<filter-name>characterEncodingFilter</filter-name>
		<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
		<init-param>
			<param-name>encoding</param-name>
			<param-value>utf8</param-value>
		</init-param>
		<init-param>
			<param-name>forceEncoding</param-name>
			<param-value>true</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>characterEncodingFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.png</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.gif</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.jpg</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.js</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.css</url-pattern>
	</servlet-mapping>
	<servlet>
		<servlet-name>dispatcher</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<init-param>
			<param-name>contextConfigLocation</param-name>
			<param-value>classpath:spring-dispatcher.xml</param-value>
		</init-param>
		<load-on-startup>2</load-on-startup>
	</servlet>

	<servlet-mapping>
		<servlet-name>dispatcher</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping>

	<filter>
		<filter-name>sitemesh</filter-name>
		<filter-class>com.opensymphony.sitemesh.webapp.SiteMeshFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>sitemesh</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<context-param>
		<param-name>log4jConfigLocation</param-name>
		<param-value>classpath:log4j.properties</param-value>
	</context-param>
	<welcome-file-list>
		<welcome-file>login.jsp</welcome-file>
	</welcome-file-list>
</web-app>


3.编写spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
     xmlns:beans="http://www.springframework.org/schema/beans"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/security
            http://www.springframework.org/schema/security/spring-security-3.0.xsd">

  
   <http auto-config="true" use-expressions="true">
   		<custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
   		<intercept-url pattern="/login" filters="none"/>  
   		<form-login login-page="/login"
	   		authentication-failure-url="/login?auth-failure=true" 
	   		default-target-url="/index"/>
	   	<logout logout-success-url="/login?logout-success=true"/>
	   	<access-denied-handler error-page="/WEB-INF/jsp/error/403"/>
	   	
   </http>
   
   <beans:bean id="myFilter" class="security.MyFilterSecurityInterceptor">
   		<!-- 用户拥有的权限 -->
   		<beans:property name="authenticationManager" ref="myAuthenticationManager"/>
   		<!-- 用户是否拥有所请求资源的权限 -->
   		<beans:property name="accessDecisionManager" ref="myAccessDecisionManager"/>
   		<!-- 资源与权限对应关系 -->
   		<beans:property name="securityMetadataSource" ref="mySecurityMetadataSource"></beans:property>
   </beans:bean>
   <!-- 配置userDetailsService 来指定用户和权限: -->
   <authentication-manager alias="myAuthenticationManager">
   		<authentication-provider user-service-ref="userDetailsService"/>
   </authentication-manager>
   <beans:bean id="userDetailsService" class="security.MyUserDetailsService"/>       
   <beans:bean id="myAccessDecisionManager" class="security.MyAccessDecisionManager"/>
   <beans:bean id="mySecurityMetadataSource" class="security.MySecurityMetadataSource" init-method="initResourceMap"/>
</beans:beans>

4.编写spring-despatcher
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
	xmlns:p="http://www.springframework.org/schema/p"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:mvc="http://www.springframework.org/schema/mvc"
	xsi:schemaLocation="http://www.springframework.org/schema/beans  http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
	http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
	
	
	<context:component-scan base-package="dispatcher"/>
	<!-- 显示层采用JSTL -->
	<bean id="viewResolver"
		class="org.springframework.web.servlet.view.InternalResourceViewResolver">
		<property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
		<property name="prefix" value="/WEB-INF/jsp/" />
		<property name="suffix" value=".jsp" />
	</bean>

	<bean id="multipartResolver"
		class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
		<property name="maxUploadSize" value="30000000" />
	</bean>
	
    <bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
        <property name="basename" value="classpath:messages"/>
        <property name="defaultEncoding" value="utf-8"/>
    </bean>

</beans>


5.编写datasource配置文件

<?xml version="1.0" encoding="utf-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:p="http://www.springframework.org/schema/p" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:util="http://www.springframework.org/schema/util" xmlns:jee="http://www.springframework.org/schema/jee"
	xmlns:lang="http://www.springframework.org/schema/lang" xmlns:jms="http://www.springframework.org/schema/jms"
	xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop"
	xmlns:context="http://www.springframework.org/schema/context"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
                           http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.0.xsd
                           http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang-3.0.xsd
                           http://www.springframework.org/schema/jms http://www.springframework.org/schema/jms/spring-jms-3.0.xsd
                           http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
                           http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">

  
   <context:property-placeholder location="classpath:/resource.properties" />
   <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close">
   		<property name="driverClass" value="${jdbc.driverClassName}"/>
   		<property name="jdbcUrl" value="${jdbc.url}"/>
   		<property name="user" value="${jdbc.username}"/>
   		<property name="password" value="${jdbc.password}"/>
   		<property name="idleConnectionTestPeriod" value="120"/>
  	</bean>
  	<bean id="sessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
  		<property name="dataSource" ref="dataSource"/>
  		<property name="schemaUpdate" value="${hibernate.schemaUpdate}"/>
  		<property name="packagesToScan" value="${hibernate.packageScan}"/>
		<property name="hibernateProperties">
			<value>
				hibernate.dialect ${hibernate.dialect}
				hibernate.show_sql ${hibernate.show_sql}
			</value>
		</property>
	</bean>
</beans> 


5.编写resource.properties
#datasource
jdbc.driverClassName		org.gjt.mm.mysql.Driver
jdbc.url					jdbc:mysql://172.19.4.157/ss
jdbc.username				root
jdbc.password				admin

#hibernate
hibernate.dialect             org.hibernate.dialect.MySQL5InnoDBDialect
hibernate.show_sql            true
hibernate.schemaUpdate        true
hibernate.packageScan		  entity

6.编写spring applicationContext.xml
<?xml version="1.0" encoding="utf-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:p="http://www.springframework.org/schema/p"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:util="http://www.springframework.org/schema/util"
	xmlns:jee="http://www.springframework.org/schema/jee"
	xmlns:lang="http://www.springframework.org/schema/lang"
	xmlns:jms="http://www.springframework.org/schema/jms"
	xmlns:tx="http://www.springframework.org/schema/tx"
	xmlns:aop="http://www.springframework.org/schema/aop"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:task="http://www.springframework.org/schema/task"
	xmlns:mvc="http://www.springframework.org/schema/mvc"
	xsi:schemaLocation="http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang-3.0.xsd
		http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.0.xsd
		http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
		http://www.springframework.org/schema/jms http://www.springframework.org/schema/jms/spring-jms-3.0.xsd
		http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.0.xsd
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
		http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">

		<import resource="spring-datasource.xml"/>
		
		<context:component-scan base-package="*" />
		
		<bean id="transactionManager" 
			class="org.springframework.orm.hibernate3.HibernateTransactionManager"
			p:sessionFactory-ref="sessionFactory" 
		/>
</beans>


7.实现spring security3 AccessDecisionManager,AbstractSecurityInterceptor,FilterInvocationSecurityMetadataSource,UserDetailsService和UserDetails类

/**
 * 
 */
package security;

import java.util.Collection;
import java.util.Iterator;

import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/**
 * @author administrator
 *
 */
public class MyAccessDecisionManager implements AccessDecisionManager{


	public void decide(Authentication authentication, Object object,
			Collection<ConfigAttribute> configAttributes)
			throws AccessDeniedException, InsufficientAuthenticationException {
		if(configAttributes == null){
	          return ;
	      }
	      System.out.println(object.toString()); //objectis a URL.
	      Iterator<ConfigAttribute>ite=configAttributes.iterator();
	      while(ite.hasNext()){
	          ConfigAttribute ca=ite.next();
	          String needRole=((SecurityConfig)ca).getAttribute();
	          for(GrantedAuthority ga:authentication.getAuthorities()){
	              if(needRole.equals(ga.getAuthority())){ //ga isuser's role.
	                  return;
	              }
	          }
	      }
	      throw new AccessDeniedException("");
	}


	public boolean supports(ConfigAttribute attribute) {
		return true;
	}


	public boolean supports(Class<?> clazz) {
		return true;
	}

}
/**
 * 
 */
package security;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.access.intercept.InterceptorStatusToken;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;

/**
 * @author administrator
 *
 */
public class MyFilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter{


	private FilterInvocationSecurityMetadataSource securityMetadataSource;
	
	public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() {
		return securityMetadataSource;
	}

	public void setSecurityMetadataSource(
			FilterInvocationSecurityMetadataSource securityMetadataSource) {
		this.securityMetadataSource = securityMetadataSource;
	}

	
	public void init(FilterConfig filterConfig) throws ServletException {
		// TODO Auto-generated method stub
		System.out.println(filterConfig);
	}

	
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
		FilterInvocation fi = new FilterInvocation(request,response,chain);
		InterceptorStatusToken token = super.beforeInvocation(fi);
		try{
			fi.getChain().doFilter(request, response);
		}finally{
			super.afterInvocation(token, null);
		}
		
	}

	
	public void destroy() {
		// TODO Auto-generated method stub
		
	}

	
	@Override
	public Class<? extends Object> getSecureObjectClass() {
		// TODO Auto-generated method stub
		return FilterInvocation.class;
	}

	
	@Override
	public SecurityMetadataSource obtainSecurityMetadataSource() {
		return this.securityMetadataSource;
	}



}
/**
 * 
 */
package security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.AntUrlPathMatcher;
import org.springframework.security.web.util.UrlMatcher;
import org.springframework.stereotype.Service;

import service.SecurityService;
import entity.Role;
import entity.Url;

/**
 * @author administrator
 *
 */
@Service
public class MySecurityMetadataSource implements FilterInvocationSecurityMetadataSource{

	@Autowired
	private SecurityService securityService;
	
	public static Map<String, Collection<ConfigAttribute>> resourceMap = null;  
	private UrlMatcher urlMatcher = new AntUrlPathMatcher();;

	public void initResourceMap(){
		resourceMap = new HashMap<String,Collection<ConfigAttribute>>();
		List<Url> urls = securityService.listUrls();
		for(Url url:urls){
			Collection<ConfigAttribute> configAttributes = new ArrayList<ConfigAttribute>();
			for(Role r:url.getRoles()){
				configAttributes.add(new SecurityConfig(r.getName()));
			}
			resourceMap.put(url.getUrl(), configAttributes);
		}
		
	}

	public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
		String url = ((FilterInvocation)object).getRequestUrl();
		Iterator<String> ite =resourceMap.keySet().iterator();
		while (ite.hasNext()) {
			String resURL = ite.next();
			if (urlMatcher.pathMatchesUrl(url, resURL)) {
				return resourceMap.get(resURL);
			}
		}
		return null;
	}


	public Collection<ConfigAttribute> getAllConfigAttributes() {
		return null;
	}


	public boolean supports(Class<?> clazz) {
		return true;
	}

}
package security;

import java.util.ArrayList;
import java.util.Collection;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import dao.UserDao;
import entity.Role;
import entity.User;

@Service
public class MyUserDetailsService implements UserDetailsService {

	@Autowired
	private UserDao userDao;
	
	public UserDetails loadUserByUsername(String username)
			throws UsernameNotFoundException, DataAccessException {
		
		User u = userDao.listByName(username);
		UserDetailsImpl userDetails = null;
		if(u!=null){
			Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
			for(Role r:u.getRoles()){
				authorities.add(new GrantedAuthorityImpl(r.getName()));
			}
			userDetails = new UserDetailsImpl(u);
			userDetails.setAuthorities(authorities);
		}
		return userDetails;
	}

}
package security;

import java.util.Collection;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import entity.User;

public class UserDetailsImpl extends User implements UserDetails{

	private Collection<GrantedAuthority> authorities;
	private static final long serialVersionUID = 1L;
	private boolean accountNonExpired;
	private boolean accountNonLocked;
	private boolean credentialsNonExpired;
	private boolean enabled;
	public void setEnabled(boolean enabled) {
		this.enabled = enabled;
	}

	public UserDetailsImpl(User u){
		this.accountNonExpired = true;
		this.accountNonLocked = true;
		this.credentialsNonExpired = true;
		this.setEnabled(true);
		this.setPassword(u.getPassword());
		this.setUsername(u.getUsername());
		//this.setAuthorities(u.getAuthorities());
		this.setRemark(u.getRemark());
	}
	
	public void setAccountNonExpired(boolean accountNonExpired) {
		this.accountNonExpired = accountNonExpired;
	}

	public void setAccountNonLocked(boolean accountNonLocked) {
		this.accountNonLocked = accountNonLocked;
	}

	public void setCredentialsNonExpired(boolean credentialsNonExpired) {
		this.credentialsNonExpired = credentialsNonExpired;
	}

	public Collection<GrantedAuthority> getAuthorities() {
		return this.authorities;
	}

	public void setAuthorities(Collection<GrantedAuthority> authorities) {
		this.authorities = authorities;
	}

	
	public boolean isAccountNonExpired() {
		return this.accountNonExpired;
	}

	public boolean isAccountNonLocked() {
		return this.accountNonLocked;
	}

	public boolean isCredentialsNonExpired() {
		return this.credentialsNonExpired;
	}


	public boolean isEnabled() {
		return this.enabled;
	}


}



不想详解!
分享到:
评论

相关推荐

    Spring security认证授权

    它提供了全面的安全解决方案,包括用户认证、权限授权、会话管理、CSRF防护以及基于HTTP的访问控制。在这个例子中,我们将深入探讨如何使用Spring Security进行认证和授权,并结合数据库操作进行动态配置。 首先,...

    springboot springsecurity动态权限控制

    在这个“springboot springsecurity动态权限控制”的主题中,我们将深入探讨如何在Spring Boot项目中集成Spring Security,实现动态权限控制,让菜单权限的管理更加灵活和高效。 首先,我们需要理解Spring Security...

    基于 Spring Boot 3Spring Security 6Vue.js 3 的前后端分离式论坛系统

    Spring Security 是一个全面的安全框架,用于保护基于Spring的应用。Spring Security 6 可能包括改进的身份验证和授权机制、支持最新的OAuth2标准以及增强的加密和安全配置选项。在这个论坛系统中,它扮演着核心角色...

    (源码)基于Spring Security框架的安全认证与授权系统.zip

    # 基于Spring Security框架的安全认证与授权系统 ## 项目简介 本项目是一个基于Spring Security框架的安全认证与授权系统,旨在提供一个可复用的脚手架,帮助开发者快速实现认证授权机制。项目支持常见的认证、...

    Spring Security in Action

    Spring Security 是一个基于 Java 的安全框架,旨在提供身份验证、授权和访问控制等功能。下面是 Spring Security 的主要知识点: 一、身份验证(Authentication) 身份验证是指对用户身份的验证,以确保用户的...

    Spring Security 资料合集

    这三份资料——"实战Spring Security 3.x.pdf"、"Spring Security 3.pdf" 和 "Spring Security使用手册.pdf" 将深入探讨这些概念,并提供实践指导,帮助读者掌握如何在实际项目中应用Spring Security。通过学习这些...

    spring security3 中文版本

    ### Spring Security 3.0.1 中文版知识点解析...通过上述知识点的介绍,我们了解了 Spring Security 的核心概念、配置方式以及一些高级特性,这有助于开发者更好地利用 Spring Security 为应用程序构建强大的安全防护。

    spring Security3中文教程,经典的

    ### Spring Security3中文教程知识点概览 #### 一、安全核心概念与起步 Spring Security是Spring框架中的一个重要组成部分,主要用于为Web应用提供安全防护。它不仅提供了强大的认证和授权功能,还支持各种加密...

    SpringSecurity.pdf

    Spring Security是一个功能强大、高度定制的安全框架,它专门用于为基于Spring的应用程序提供安全性解决方案。Spring Security架构的设计初衷是为了解决认证和授权的需求,确保应用程序的安全性。它提供了全面的安全...

    Spring Security3 Demo

    在"SpringSecurity2Demo"这个项目中,我们可以预期看到以下组成部分: 1. **配置文件**: `spring-security.xml`,这是Spring Security的核心配置文件,包含了过滤器链的配置、用户认证源、授权规则等。 2. **控制...

    基于spring security + oauth2 + jwt ,可优雅集成第三方登录.zip

    本项目以"基于spring security + oauth2 + jwt,可优雅集成第三方登录"为主题,旨在提供一个能够无缝整合第三方登录系统的解决方案。 Spring Security是一个强大的安全框架,它为Java和Java EE应用程序提供了全面的...

    Spring Security 把授权信息写入数据库

    Spring Security是一个强大的安全管理框架,用于处理Java应用程序的安全需求,包括认证和授权。在从Acegi安全框架转换到Spring Security 2.0时,一个重要的变化就是如何将授权信息存储从XML配置文件迁移到数据库。这...

    SpringSecurity笔记,编程不良人笔记

    SpringSecurity支持基于角色的访问控制(RBAC)和其他授权模型。 - **Access Decision Manager**: 决策管理器用于处理授权决策,根据用户的角色和请求资源的权限进行判断。 - **UserDetailsService**: 这是一个...

    spring security 3 源代码 不包含书,pets应用

    Spring Security 是一个强大的Java安全框架,用于保护基于Spring的应用程序。它提供了全面的身份验证、授权和访问控制功能,使得开发者可以轻松地实现安全控制。在Spring Security 3版本中,这个框架已经相当成熟,...

    spring security 3 demos

    通过对这些示例代码的学习和实践,开发者可以深入理解Spring Security 3的核心概念,并将其应用于实际项目中,确保应用程序的安全性。记得查看附带的使用文档,这将有助于理解和配置每个示例。同时,配合jar包,你...

    Spring Security-3中文官方文档(及教程)

    10. **自定义**:Spring Security的灵活性允许开发者根据需求创建自定义策略和组件,如自定义权限表达式、自定义认证和授权逻辑。 教程文档则可能深入到实践操作,包括如何配置Spring Security、创建第一个安全应用...

    Spring Security3中文文档

    Spring Security3是Spring框架中的一个模块,它提供了全面的安全服务,旨在为Web和非Web应用程序提供访问控制、认证、授权等功能。Spring Security3通过其强大的配置能力和丰富的特性,帮助开发者构建安全的应用程序...

    Spring Security 3 中文 chm

    Spring Security 是一个强大的Java安全框架,用于保护基于Spring的应用程序。在Spring Security 3版本中,这个框架提供了全面的身份验证、授权和访问控制机制,帮助开发者构建安全的Web应用程序。本资源包含Spring ...

    springSecurity3例子

    在Spring Security 3版本中,这个框架进一步完善了其特性和性能,使其成为开发者构建安全应用的首选工具。下面将详细探讨Spring Security 3中的关键知识点。 1. **核心组件**: - **Filter Chain**: Spring ...

Global site tag (gtag.js) - Google Analytics