extrimlycold
- 浏览: 66736 次
- 性别:
- 来自: 武汉
-
文章分类
最新评论
-
xuehanxin:
楼主威武好东西
grails 文档 -
xuehanxin:
楼主乃神人也,崇拜中
ActiveMQ 与Spring结合示例 -
wkcgy:
楼主辛苦了!!
jeecms的自定义的伪静态的实现分析 -
a123456603:
有没有qq的联系一下
jeecms的自定义的伪静态的实现分析 -
ningzhisheng:
最近也在学习jeecms,谢谢分享!
jeecms的自定义的伪静态的实现分析
关于web中的权限管理,一直是很麻烦的事,有人说struts2提供的拦截器的功能可以轻松实现权限的控制,我这边实现了一下,发现不是很完美,例如,页面的访问就控制不了,但是网上也提供了解决的方案,可以用过虑器来控制页面,也就是struts2的拦截器控制action的权限,过虑器来控制页面访问权限,貌似不错,但是代价太高了,另一种方案是采用spring security,反正是SSH的项目,spring security的应用还是相对成熟一些,做了一个实现,发现不少问题,记录下来。
表结构:
采用传统的 用户,角色,权限(资源),角色权限,用户角色 的模式,本来都是多对多的,为了简便都改成一对多和多对一了。
User表 写道
User的mapping.
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<!--
Mapping file autogenerated by MyEclipse Persistence Tools
-->
<hibernate-mapping>
<class name="com.coc.model.User" table="user">
<meta attribute="implement-equals">true</meta>
<cache usage="read-write"/>
<id name="id" type="java.lang.Integer">
<column name="userid" />
<generator class="assigned" />
</id>
<property name="username" type="java.lang.String">
<column name="username" length="40" not-null="true" />
</property>
<property name="nickname" type="java.lang.String">
<column name="nickname" length="40" not-null="true" />
</property>
<property name="password" type="java.lang.String">
<column name="password" length="40" not-null="true" />
</property>
<property name="email" type="java.lang.String">
<column name="email" length="100" not-null="true" />
</property>
<!-- <property name="deptid" type="java.lang.Integer">
<column name="deptid" not-null="true" />
</property>
-->
<property name="mobilepin" type="java.lang.String">
<column name="mobilepin" length="50" not-null="true" />
</property>
<property name="islockout" type="java.lang.Integer">
<column name="islockout" not-null="true" />
</property>
<property name="dtcreate" type="java.util.Date">
<column name="dtcreate" length="19" not-null="true" />
</property>
<property name="failtry" type="java.lang.Integer">
<column name="failtry" not-null="true" />
</property>
<property name="picurl" type="java.lang.String">
<column name="picurl" not-null="true" />
</property>
<property name="sex" type="java.lang.Integer">
<column name="sex" not-null="true" />
</property>
<property name="zip" type="java.lang.String">
<column name="zip" length="20" not-null="true" />
</property>
<property name="age" type="java.lang.Integer">
<column name="age" not-null="true" />
</property>
<property name="birthday" type="java.util.Date">
<column name="birthday" length="19" not-null="true" />
</property>
<property name="ismarry" type="java.lang.Integer">
<column name="ismarry" not-null="true" />
</property>
<property name="address" type="java.lang.String">
<column name="address" not-null="true" />
</property>
<property name="identity" type="java.lang.String">
<column name="identity" length="20" not-null="true" />
</property>
<property name="description" type="java.lang.String">
<column name="description" length="65535" not-null="true" />
</property>
<property name="issuper" type="java.lang.Integer">
<column name="issuper" not-null="true" />
</property>
<set name="useroles" cascade="all" inverse="true">
<key>
<column name="userid"/>
</key>
<one-to-many class="com.coc.model.Userole"/>
</set>
<many-to-one name="department" column="deptid" class="com.coc.model.Department"/>
</class>
</hibernate-mapping>
User Pojo:
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails;
/**
* User entity.
*
* @author MyEclipse Persistence Tools
*/
public class User implements java.io.Serializable, UserDetails {
// Fields
/**
*
*/
private static final long serialVersionUID = 1L;
private Integer id;
private String username;
private String nickname;
private String password;
private String email;
private Integer deptid;
private String mobilepin;
private Integer islockout;
private Date dtcreate;
private Integer failtry;
private String picurl;
private Integer sex;
private String zip;
private Integer age;
private Date birthday;
private Integer ismarry;
private String address;
private String identity;
private String description;
private Integer issuper;
private Set <Userole> useroles =new HashSet<Userole>();
private Department department;
// Constructors
/** default constructor */
public User() {
}
// Property accessors
public String getUsername() {
return this.username;
}
public void setUsername(String username) {
this.username = username;
}
public String getNickname() {
return this.nickname;
}
public void setNickname(String nickname) {
this.nickname = nickname;
}
public String getPassword() {
return this.password;
}
public void setPassword(String password) {
this.password = password;
}
public String getEmail() {
return this.email;
}
public void setEmail(String email) {
this.email = email;
}
public Integer getDeptid() {
return this.deptid;
}
public void setDeptid(Integer deptid) {
this.deptid = deptid;
}
public String getMobilepin() {
return this.mobilepin;
}
public void setMobilepin(String mobilepin) {
this.mobilepin = mobilepin;
}
public Integer getIslockout() {
return this.islockout;
}
public void setIslockout(Integer islockout) {
this.islockout = islockout;
}
public Date getDtcreate() {
return this.dtcreate;
}
public void setDtcreate(Date dtcreate) {
this.dtcreate = dtcreate;
}
public Integer getFailtry() {
return this.failtry;
}
public void setFailtry(Integer failtry) {
this.failtry = failtry;
}
public String getPicurl() {
return this.picurl;
}
public void setPicurl(String picurl) {
this.picurl = picurl;
}
public Integer getSex() {
return this.sex;
}
public void setSex(Integer sex) {
this.sex = sex;
}
public String getZip() {
return this.zip;
}
public void setZip(String zip) {
this.zip = zip;
}
public Integer getAge() {
return this.age;
}
public void setAge(Integer age) {
this.age = age;
}
public Date getBirthday() {
return this.birthday;
}
public void setBirthday(Date birthday) {
this.birthday = birthday;
}
public Integer getIsmarry() {
return this.ismarry;
}
public void setIsmarry(Integer ismarry) {
this.ismarry = ismarry;
}
public String getAddress() {
return this.address;
}
public void setAddress(String address) {
this.address = address;
}
public String getIdentity() {
return this.identity;
}
public void setIdentity(String identity) {
this.identity = identity;
}
public String getDescription() {
return this.description;
}
public void setDescription(String description) {
this.description = description;
}
public Integer getIssuper() {
return this.issuper;
}
public void setIssuper(Integer issuper) {
this.issuper = issuper;
}
public Set<Userole> getUseroles() {
return useroles;
}
public void setUseroles(Set<Userole> useroles) {
this.useroles = useroles;
}
public GrantedAuthority[] getAuthorities() {
List<GrantedAuthorityImpl> authoritis =new ArrayList<GrantedAuthorityImpl>();
Iterator<Userole> iter =useroles.iterator();
while(iter.hasNext())
{
Userole userole =(Userole)iter.next();
authoritis.add(new GrantedAuthorityImpl(userole.getRole().getRolename()));
}
return authoritis.toArray(new GrantedAuthorityImpl[authoritis.size()]);
}
public boolean isAccountNonExpired() {
return true;
}
public boolean isAccountNonLocked() {
return true;
}
public boolean isCredentialsNonExpired() {
return true;
}
public boolean isEnabled() {
return true;
}
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public Department getDepartment() {
return department;
}
public void setDepartment(Department department) {
this.department = department;
}
}
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<!--
Mapping file autogenerated by MyEclipse Persistence Tools
-->
<hibernate-mapping>
<class name="com.coc.model.User" table="user">
<meta attribute="implement-equals">true</meta>
<cache usage="read-write"/>
<id name="id" type="java.lang.Integer">
<column name="userid" />
<generator class="assigned" />
</id>
<property name="username" type="java.lang.String">
<column name="username" length="40" not-null="true" />
</property>
<property name="nickname" type="java.lang.String">
<column name="nickname" length="40" not-null="true" />
</property>
<property name="password" type="java.lang.String">
<column name="password" length="40" not-null="true" />
</property>
<property name="email" type="java.lang.String">
<column name="email" length="100" not-null="true" />
</property>
<!-- <property name="deptid" type="java.lang.Integer">
<column name="deptid" not-null="true" />
</property>
-->
<property name="mobilepin" type="java.lang.String">
<column name="mobilepin" length="50" not-null="true" />
</property>
<property name="islockout" type="java.lang.Integer">
<column name="islockout" not-null="true" />
</property>
<property name="dtcreate" type="java.util.Date">
<column name="dtcreate" length="19" not-null="true" />
</property>
<property name="failtry" type="java.lang.Integer">
<column name="failtry" not-null="true" />
</property>
<property name="picurl" type="java.lang.String">
<column name="picurl" not-null="true" />
</property>
<property name="sex" type="java.lang.Integer">
<column name="sex" not-null="true" />
</property>
<property name="zip" type="java.lang.String">
<column name="zip" length="20" not-null="true" />
</property>
<property name="age" type="java.lang.Integer">
<column name="age" not-null="true" />
</property>
<property name="birthday" type="java.util.Date">
<column name="birthday" length="19" not-null="true" />
</property>
<property name="ismarry" type="java.lang.Integer">
<column name="ismarry" not-null="true" />
</property>
<property name="address" type="java.lang.String">
<column name="address" not-null="true" />
</property>
<property name="identity" type="java.lang.String">
<column name="identity" length="20" not-null="true" />
</property>
<property name="description" type="java.lang.String">
<column name="description" length="65535" not-null="true" />
</property>
<property name="issuper" type="java.lang.Integer">
<column name="issuper" not-null="true" />
</property>
<set name="useroles" cascade="all" inverse="true">
<key>
<column name="userid"/>
</key>
<one-to-many class="com.coc.model.Userole"/>
</set>
<many-to-one name="department" column="deptid" class="com.coc.model.Department"/>
</class>
</hibernate-mapping>
User Pojo:
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails;
/**
* User entity.
*
* @author MyEclipse Persistence Tools
*/
public class User implements java.io.Serializable, UserDetails {
// Fields
/**
*
*/
private static final long serialVersionUID = 1L;
private Integer id;
private String username;
private String nickname;
private String password;
private String email;
private Integer deptid;
private String mobilepin;
private Integer islockout;
private Date dtcreate;
private Integer failtry;
private String picurl;
private Integer sex;
private String zip;
private Integer age;
private Date birthday;
private Integer ismarry;
private String address;
private String identity;
private String description;
private Integer issuper;
private Set <Userole> useroles =new HashSet<Userole>();
private Department department;
// Constructors
/** default constructor */
public User() {
}
// Property accessors
public String getUsername() {
return this.username;
}
public void setUsername(String username) {
this.username = username;
}
public String getNickname() {
return this.nickname;
}
public void setNickname(String nickname) {
this.nickname = nickname;
}
public String getPassword() {
return this.password;
}
public void setPassword(String password) {
this.password = password;
}
public String getEmail() {
return this.email;
}
public void setEmail(String email) {
this.email = email;
}
public Integer getDeptid() {
return this.deptid;
}
public void setDeptid(Integer deptid) {
this.deptid = deptid;
}
public String getMobilepin() {
return this.mobilepin;
}
public void setMobilepin(String mobilepin) {
this.mobilepin = mobilepin;
}
public Integer getIslockout() {
return this.islockout;
}
public void setIslockout(Integer islockout) {
this.islockout = islockout;
}
public Date getDtcreate() {
return this.dtcreate;
}
public void setDtcreate(Date dtcreate) {
this.dtcreate = dtcreate;
}
public Integer getFailtry() {
return this.failtry;
}
public void setFailtry(Integer failtry) {
this.failtry = failtry;
}
public String getPicurl() {
return this.picurl;
}
public void setPicurl(String picurl) {
this.picurl = picurl;
}
public Integer getSex() {
return this.sex;
}
public void setSex(Integer sex) {
this.sex = sex;
}
public String getZip() {
return this.zip;
}
public void setZip(String zip) {
this.zip = zip;
}
public Integer getAge() {
return this.age;
}
public void setAge(Integer age) {
this.age = age;
}
public Date getBirthday() {
return this.birthday;
}
public void setBirthday(Date birthday) {
this.birthday = birthday;
}
public Integer getIsmarry() {
return this.ismarry;
}
public void setIsmarry(Integer ismarry) {
this.ismarry = ismarry;
}
public String getAddress() {
return this.address;
}
public void setAddress(String address) {
this.address = address;
}
public String getIdentity() {
return this.identity;
}
public void setIdentity(String identity) {
this.identity = identity;
}
public String getDescription() {
return this.description;
}
public void setDescription(String description) {
this.description = description;
}
public Integer getIssuper() {
return this.issuper;
}
public void setIssuper(Integer issuper) {
this.issuper = issuper;
}
public Set<Userole> getUseroles() {
return useroles;
}
public void setUseroles(Set<Userole> useroles) {
this.useroles = useroles;
}
public GrantedAuthority[] getAuthorities() {
List<GrantedAuthorityImpl> authoritis =new ArrayList<GrantedAuthorityImpl>();
Iterator<Userole> iter =useroles.iterator();
while(iter.hasNext())
{
Userole userole =(Userole)iter.next();
authoritis.add(new GrantedAuthorityImpl(userole.getRole().getRolename()));
}
return authoritis.toArray(new GrantedAuthorityImpl[authoritis.size()]);
}
public boolean isAccountNonExpired() {
return true;
}
public boolean isAccountNonLocked() {
return true;
}
public boolean isCredentialsNonExpired() {
return true;
}
public boolean isEnabled() {
return true;
}
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public Department getDepartment() {
return department;
}
public void setDepartment(Department department) {
this.department = department;
}
}
Userole表:
Userole表的mapping&pojo 写道
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<!--
Mapping file autogenerated by MyEclipse Persistence Tools
-->
<hibernate-mapping>
<class name="com.coc.model.Userole" table="userole" >
<meta attribute="implement-equals">true</meta>
<cache usage="read-write"/>
<id name="id" type="java.lang.Integer">
<column name="id" />
<generator class="assigned" />
</id>
<!--
<property name="userid" type="java.lang.Integer">
<column name="userid" not-null="true" />
</property>
<property name="roleid" type="java.lang.Integer">
<column name="roleid" not-null="true" />
</property>
-->
<many-to-one name="user" column="userid" class="com.coc.model.User" not-null="true"/>
<many-to-one name="role" column="roleid" class="com.coc.model.Role" not-null="true"/>
</class>
</hibernate-mapping>
Userole的pojo
public class Userole implements java.io.Serializable {
// Fields
private Integer id;
private Integer userid;
private Integer roleid;
private Role role;
private User user;
// Constructors
/** default constructor */
public Userole() {
}
// Property accessors
public Integer getId() {
return this.id;
}
public void setId(Integer id) {
this.id = id;
}
public Integer getUserid() {
return this.userid;
}
public void setUserid(Integer userid) {
this.userid = userid;
}
public Integer getRoleid() {
return this.roleid;
}
public void setRoleid(Integer roleid) {
this.roleid = roleid;
}
public Role getRole() {
return role;
}
public void setRole(Role role) {
this.role = role;
}
public User getUser() {
return user;
}
public void setUser(User user) {
this.user = user;
}
}
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<!--
Mapping file autogenerated by MyEclipse Persistence Tools
-->
<hibernate-mapping>
<class name="com.coc.model.Userole" table="userole" >
<meta attribute="implement-equals">true</meta>
<cache usage="read-write"/>
<id name="id" type="java.lang.Integer">
<column name="id" />
<generator class="assigned" />
</id>
<!--
<property name="userid" type="java.lang.Integer">
<column name="userid" not-null="true" />
</property>
<property name="roleid" type="java.lang.Integer">
<column name="roleid" not-null="true" />
</property>
-->
<many-to-one name="user" column="userid" class="com.coc.model.User" not-null="true"/>
<many-to-one name="role" column="roleid" class="com.coc.model.Role" not-null="true"/>
</class>
</hibernate-mapping>
Userole的pojo
public class Userole implements java.io.Serializable {
// Fields
private Integer id;
private Integer userid;
private Integer roleid;
private Role role;
private User user;
// Constructors
/** default constructor */
public Userole() {
}
// Property accessors
public Integer getId() {
return this.id;
}
public void setId(Integer id) {
this.id = id;
}
public Integer getUserid() {
return this.userid;
}
public void setUserid(Integer userid) {
this.userid = userid;
}
public Integer getRoleid() {
return this.roleid;
}
public void setRoleid(Integer roleid) {
this.roleid = roleid;
}
public Role getRole() {
return role;
}
public void setRole(Role role) {
this.role = role;
}
public User getUser() {
return user;
}
public void setUser(User user) {
this.user = user;
}
}
Role 表的mapping&pojo
Role表的mapping
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<!--
Mapping file autogenerated by MyEclipse Persistence Tools
-->
<hibernate-mapping>
<class name="com.coc.model.Role" table="role">
<meta attribute="implement-equals">true</meta>
<cache usage="read-write"/>
<id name="roleid" type="java.lang.Integer">
<column name="roleid" />
<generator class="assigned" />
</id>
<property name="rolename" type="java.lang.String">
<column name="rolename" length="50" not-null="true" />
</property>
<property name="issysrole" type="java.lang.Integer">
<column name="issysrole" not-null="true" />
</property>
<property name="islockout" type="java.lang.Integer">
<column name="islockout" not-null="true" />
</property>
<property name="description" type="java.lang.String">
<column name="description" not-null="true" />
</property>
<set name="useroles" cascade="all" inverse="true">
<key>
<column name="roleid"/>
</key>
<one-to-many class="com.coc.model.Userole"/>
</set>
<set name="rolePermissions" cascade="all" inverse="true">
<key>
<column name="roleid"/>
</key>
<one-to-many class="com.coc.model.Rolepermission"/>
</set>
</class>
</hibernate-mapping>
Role表的pojo
public class Role implements java.io.Serializable {
// Fields
private Integer roleid;
private String rolename;
private Integer issysrole;
private Integer islockout;
private String description;
private Set<Userole> useroles =new HashSet<Userole>();
private Set<Rolepermission> rolePermissions =new HashSet<Rolepermission>();
// Constructors
/** default constructor */
public Role() {
}
// Property accessors
public Integer getRoleid() {
return this.roleid;
}
public void setRoleid(Integer roleid) {
this.roleid = roleid;
}
public String getRolename() {
return this.rolename;
}
public void setRolename(String rolename) {
this.rolename = rolename;
}
public Integer getIssysrole() {
return this.issysrole;
}
public void setIssysrole(Integer issysrole) {
this.issysrole = issysrole;
}
public Integer getIslockout() {
return this.islockout;
}
public void setIslockout(Integer islockout) {
this.islockout = islockout;
}
public String getDescription() {
return this.description;
}
public void setDescription(String description) {
this.description = description;
}
public void setUseroles(HashSet<Userole> useroles) {
this.useroles = useroles;
}
public void setRolePermissions(HashSet<Rolepermission> rolePermissions) {
this.rolePermissions = rolePermissions;
}
public Set<Userole> getUseroles() {
return useroles;
}
public void setUseroles(Set<Userole> useroles) {
this.useroles = useroles;
}
public Set<Rolepermission> getRolePermissions() {
return rolePermissions;
}
public void setRolePermissions(Set<Rolepermission> rolePermissions) {
this.rolePermissions = rolePermissions;
}
}
Permission表的mapping及pojo
Permission 表的mapping
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<!--
Mapping file autogenerated by MyEclipse Persistence Tools
-->
<hibernate-mapping>
<class name="com.coc.model.Permission" table="permission">
<meta attribute="implement-equals">true</meta>
<cache usage="read-write"/>
<id name="permitid" type="java.lang.Integer">
<column name="permitid" />
<generator class="assigned" />
</id>
<property name="permitname" type="java.lang.String">
<column name="permitname" length="50" not-null="true" />
</property>
<property name="module" type="java.lang.String">
<column name="module" length="100" not-null="true" />
</property>
<property name="action" type="java.lang.String">
<column name="action" length="100" not-null="true" />
</property>
<property name="permitvalue" type="java.lang.String">
<column name="permitvalue" not-null="true" />
</property>
<property name="parentid" type="java.lang.Integer">
<column name="parentid" not-null="true" />
</property>
<property name="type" type="java.lang.Integer">
<column name="type" not-null="true" />
</property>
<property name="description" type="java.lang.String">
<column name="description" not-null="true" />
</property>
<set name="rolePermissions" cascade="all" inverse="true">
<key>
<column name="permitid"/>
</key>
<one-to-many class="com.coc.model.Rolepermission"/>
</set>
</class>
</hibernate-mapping>
Permission 表的pojo
public class Permission implements java.io.Serializable {
// Fields
/**
*
*/
private static final long serialVersionUID = 1L;
private Integer permitid;
private String permitname;
private String module;
private String action;
private String permitvalue;
private Integer parentid;
private Integer type;
private String description;
private Set<Rolepermission> rolePermissions =new HashSet<Rolepermission>();
// Constructors
/** default constructor */
public Permission() {
}
// Property accessors
public Integer getPermitid() {
return this.permitid;
}
public void setPermitid(Integer permitid) {
this.permitid = permitid;
}
public String getPermitname() {
return this.permitname;
}
public void setPermitname(String permitname) {
this.permitname = permitname;
}
public String getModule() {
return this.module;
}
public void setModule(String module) {
this.module = module;
}
public String getAction() {
return this.action;
}
public void setAction(String action) {
this.action = action;
}
public String getPermitvalue() {
return this.permitvalue;
}
public void setPermitvalue(String permitvalue) {
this.permitvalue = permitvalue;
}
public Integer getParentid() {
return this.parentid;
}
public void setParentid(Integer parentid) {
this.parentid = parentid;
}
public Integer getType() {
return this.type;
}
public void setType(Integer type) {
this.type = type;
}
public String getDescription() {
return this.description;
}
public void setDescription(String description) {
this.description = description;
}
public Set<Rolepermission> getRolePermissions() {
return rolePermissions;
}
public void setRolePermissions(Set<Rolepermission> rolePermissions) {
this.rolePermissions = rolePermissions;
}
}
最后是RolePermission的
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">
<!--
Mapping file autogenerated by MyEclipse Persistence Tools
-->
<hibernate-mapping>
<class name="com.coc.model.Rolepermission" table="rolepermission">
<meta attribute="implement-equals">true</meta>
<cache usage="read-write"/>
<id name="id" type="java.lang.Integer">
<column name="id" />
<generator class="assigned" />
</id>
<!--
<property name="roleid" type="java.lang.Integer">
<column name="roleid" not-null="true" />
</property>
<property name="permitid" type="java.lang.Integer">
<column name="permitid" not-null="true" />
</property>
-->
<many-to-one name="role" column="roleid" class="com.coc.model.Role" not-null="true" />
<many-to-one name="permission" column="permitid" class="com.coc.model.Permission" not-null="true"/>
</class>
</hibernate-mapping>
public class Rolepermission implements java.io.Serializable {
// Fields
private Integer id;
private Integer roleid;
private Integer permitid;
private Role role;
private Permission permission;
// Constructors
/** default constructor */
public Rolepermission() {
}
// Property accessors
public Integer getId() {
return this.id;
}
public void setId(Integer id) {
this.id = id;
}
public Integer getRoleid() {
return this.roleid;
}
public void setRoleid(Integer roleid) {
this.roleid = roleid;
}
public Integer getPermitid() {
return this.permitid;
}
public void setPermitid(Integer permitid) {
this.permitid = permitid;
}
public Role getRole() {
return role;
}
public void setRole(Role role) {
this.role = role;
}
public Permission getPermission() {
return permission;
}
public void setPermission(Permission permission) {
this.permission = permission;
}
}
以上代码没得什么特别的,除了User实现了UserDetails的接口外,没有什么,可以看到这个接口是spring security提供的,其实现的具体方法是getAuthorities()通俗地说也就是把这个user所有角色的角色名提取出来.
另外在User的service的实现层也实现了spring security的一个接口,代码如下.
import java.util.List;
import org.springframework.dao.DataAccessException;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;
import com.coc.hibernate.dao.UserDao;
import com.coc.model.User;
import com.coc.service.UserManager;
public class UserManagerImpl implements UserManager,UserDetailsService {
private UserDao userDao;
public User getUserByName(String userName) {
return userDao.findUserByName(userName);
}
public UserDao getUserDao() {
return userDao;
}
public void setUserDao(UserDao userDao) {
this.userDao = userDao;
}
public UserDetails loadUserByUsername(String userName)
throws UsernameNotFoundException, DataAccessException {
User user = this.getUserByName(userName);
if(user==null)
{
throw new UsernameNotFoundException("User not found!");
}
return user;
}
public List<User> findAllUser(int start, int limit, String sortName,String order) {
return userDao.findAllUser(start, limit,sortName,order);
}
public Object getPageCount() {
return userDao.getPageCount();
}
public User loadUserById(Integer userId) {
return userDao.loadUserById(userId);
}
public void updateUser(User user)
{
userDao.saveorupdate(user);
}
}
到此为止,可以看出spring security通过实现这两个接口,拥有了用户及其角色的信息。
接下来要实现一个interceptor,spring security通过这个interceptor来判断用户的各个角色是否拥有相应的权限,如果有则放行,如果没有就拦截了,具体代码如下.
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletContext;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttributeEditor;
import org.springframework.security.intercept.web.FilterInvocation;
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
import org.springframework.security.util.AntUrlPathMatcher;
import org.springframework.security.util.RegexUrlPathMatcher;
import org.springframework.security.util.UrlMatcher;
import org.springframework.web.context.support.WebApplicationContextUtils;
import com.coc.model.Permission;
import com.coc.model.Rolepermission;
import com.coc.service.PermissionManager;
public class SecureResourceFilterInvocationDefinitionSource implements
FilterInvocationDefinitionSource, InitializingBean {
private UrlMatcher urlMatcher;
private boolean useAntPath = true;
private boolean lowercaseComparisons = true;
private PermissionManager permissionManager;
/**
* @param useAntPath
* the useAntPath to set
*/
public void setUseAntPath(boolean useAntPath) {
this.useAntPath = useAntPath;
}
/**
* @param lowercaseComparisons
*/
public void setLowercaseComparisons(boolean lowercaseComparisons) {
this.lowercaseComparisons = lowercaseComparisons;
}
/*
* (non-Javadoc)
*
* @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
*/
public void afterPropertiesSet() throws Exception {
//System.out.println("=========afterPropertiesSet()==========");
// default url matcher will be RegexUrlPathMatcher
this.urlMatcher = new RegexUrlPathMatcher();
if (useAntPath) { // change the implementation if required
this.urlMatcher = new AntUrlPathMatcher();
}
// Only change from the defaults if the attribute has been set
if ("true".equals(lowercaseComparisons)) {
if (!this.useAntPath) {
((RegexUrlPathMatcher) this.urlMatcher)
.setRequiresLowerCaseUrl(true);
}
} else if ("false".equals(lowercaseComparisons)) {
if (this.useAntPath) {
((AntUrlPathMatcher) this.urlMatcher)
.setRequiresLowerCaseUrl(false);
}
}
}
/*
* (non-Javadoc)
*
* @see org.springframework.security.intercept.ObjectDefinitionSource#getAttributes(java.lang.Object)
*/
public ConfigAttributeDefinition getAttributes(Object filter)
throws IllegalArgumentException {
//System.out.println("=========getAttributes==========");
FilterInvocation filterInvocation = (FilterInvocation) filter;
String requestURI = filterInvocation.getRequestUrl();
requestURI=StringUtils.removeStart(requestURI, "/");
Map<String, String> urlAuthorities = this
.getUrlAuthorities(filterInvocation);
String grantedAuthorities = null;
for (Iterator<Map.Entry<String, String>> iter = urlAuthorities
.entrySet().iterator(); iter.hasNext();) {
Map.Entry<String, String> entry = iter.next();
String url = entry.getKey();
//System.out.println("============url key is "+url+"=================\n");
//System.out.println("============requestURI is "+requestURI+"=================\n");
if (urlMatcher.pathMatchesUrl(url, requestURI)) {
grantedAuthorities = entry.getValue();
System.out.println("============\n match url is "+url+"\n requestURI is +"+requestURI+"\n=================grantedAuthorities is "+grantedAuthorities+"\n");
break;
}
}
if (grantedAuthorities != null) {
ConfigAttributeEditor configAttrEditor = new ConfigAttributeEditor();
configAttrEditor.setAsText(grantedAuthorities);
return (ConfigAttributeDefinition) configAttrEditor.getValue();
}
return null;
}
/*
* (non-Javadoc)
*
* @see org.springframework.security.intercept.ObjectDefinitionSource#getConfigAttributeDefinitions()
*/
@SuppressWarnings("unchecked")
public Collection getConfigAttributeDefinitions() {
return null;
}
/*
* (non-Javadoc)
*
* @see org.springframework.security.intercept.ObjectDefinitionSource#supports(java.lang.Class)
*/
@SuppressWarnings("unchecked")
public boolean supports(Class clazz) {
return true;
}
/**
*
* @param filterInvocation
* @return
*/
@SuppressWarnings("unchecked")
private Map<String, String> getUrlAuthorities(
FilterInvocation filterInvocation) {
System.out.println("=========getUrlAuthorities==========");
ServletContext servletContext = filterInvocation.getHttpRequest()
.getSession().getServletContext();
permissionManager=(PermissionManager)WebApplicationContextUtils.getWebApplicationContext(servletContext).getBean("permissionManager");
List<Permission> permissionList=permissionManager.loadUrlAuthorities();
Map<String, String> urlAuthorities =new HashMap<String, String>();
for(int i=0;i<permissionList.size();i++)
{
Permission permission=(Permission)permissionList.get(i);
Set rolePermission =permission.getRolePermissions();
Iterator iter=rolePermission.iterator();
List roleName =new ArrayList();
while(iter.hasNext())
{
Rolepermission rp =(Rolepermission)iter.next();
roleName.add(rp.getRole().getRolename());
}
//System.out.println("url value "+permission.getPermitvalue()+"\nrolenames "+StringUtils.join(roleName,","));
urlAuthorities.put(permission.getPermitvalue(), StringUtils.join(roleName,","));
}
return urlAuthorities;
// return (Map<String, String>) servletContext
// .getAttribute("urlAuthorities");
}
public PermissionManager getPermissionManager() {
return permissionManager;
}
public void setPermissionManager(PermissionManager permissionManager) {
this.permissionManager = permissionManager;
}
}
这里再将这些代码在spring scurity的配置文件中声明一下,就可以用了.
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
<beans:bean id="loggerListener"
class="org.springframework.security.event.authentication.LoggerListener" />
<http access-denied-page="/403.jsp">
<intercept-url pattern="/static/**" filters="none" />
<intercept-url pattern="/template/**" filters="none" />
<intercept-url pattern="/images/**" filters="none" />
<intercept-url pattern="/css/**" filters="none" />
<intercept-url pattern="/js/**" filters="none" />
<intercept-url pattern="/dwr/**" filters="none" />
<intercept-url pattern="/uploads/**" filters="none" />
<intercept-url pattern="/" filters="none" />
<intercept-url pattern="/login.jsp" filters="none" />
<form-login login-page="/login.jsp" authentication-failure-url="/login.action" default-target-url="/login.action" />
<logout logout-success-url="/login.jsp"/>
<http-basic />
</http>
<authentication-manager alias="authenticationManager"/>
<authentication-provider user-service-ref="userManager">
<!-- <password-encoder hash="md5"/>-->
</authentication-provider>
<beans:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
<beans:property name="allowIfAllAbstainDecisions" value="false"/>
<beans:property name="decisionVoters">
<beans:list>
<beans:bean class="org.springframework.security.vote.RoleVoter"/>
<beans:bean class="org.springframework.security.vote.AuthenticatedVoter"/>
</beans:list>
</beans:property>
</beans:bean>
<beans:bean id="resourceSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="accessDecisionManager" ref="accessDecisionManager"/>
<beans:property name="objectDefinitionSource" ref="secureResourceFilterInvocationDefinitionSource" />
<beans:property name="observeOncePerRequest" value="false" />
<custom-filter after="LAST" />
</beans:bean>
<beans:bean id="secureResourceFilterInvocationDefinitionSource" class="com.coc.security.interceptor.SecureResourceFilterInvocationDefinitionSource" />
<!-- internationalization-->
<beans:bean id="messageSource"
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<beans:property name="basename" value="classpath:/messages"/>
</beans:bean>
<beans:bean id="localeResolver" class="org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver"/>
</beans:beans>
http的定义中定义了不需要过滤的一些资源,当用户无权访问时将转到403.jsp的页面,其中如果用户成功登陆,我这里将其转至一个login.action,做一些后续的处理,而没有直接转入一个成功页面,其中<authentication-provider user-service-ref="userManager"> 的userManager就是我们user的service层.因为实现了spring security的接口所以声明,另外还有SecureResourceFilterInvocationDefinitionSource的声明,这样,程序可以运行并做出权限的判断。
说明一下,数据库中没有指派给任何Role的资源视为是都可以访问的资源,一旦指明了Role,就要通过权限来访问了.
不知如何解决的问题:
1)登陆时用户名不能为中文,这个问题困扰了很久,没得解决,不知为什么!因为登陆交给了spring scurity,所以不知如何查,不知哪位高手解决过这个问题。
2)由于SecureResourceFilterInvocationDefinitionSource 这个interceptor要进行Role名与资源权限的判断以此来验证用户是否具有权限,有人提出在系统启动时将资源权限一次性load进来,但是如果有更新,不是要重启系统来重新载入!不知有没有更好的办法,我的里面是每次都取,这个显然的没有效率的.
分享到:
发表评论
相关推荐
Spring Security 实践指南 Spring Security 是一个基于 Java 的安全框架,旨在提供身份验证、授权和访问控制等功能。下面是 Spring Security 的主要知识点: 一、身份验证(Authentication) 身份验证是指对用户...
Spring Security是一个功能强大、高度定制的安全框架,它专门用于为基于Spring的应用程序提供安全性解决方案。Spring Security架构的设计初衷是为了解决认证和授权的需求,确保应用程序的安全性。它提供了全面的安全...
Spring Security 是一个强大的安全框架,主要用于Java应用的安全管理,它为Web应用和企业级应用提供了全面的安全服务。这个框架能够处理认证、授权以及各种安全相关的功能,帮助开发者构建安全、可扩展的应用。以下...
SpringSecurity是Java领域中一款强大的安全框架,主要用于Web应用程序的安全管理。它提供了全面的身份验证、授权、会话管理以及安全相关的功能,可以帮助开发者构建安全的Web应用。在本笔记中,我们将深入探讨Spring...
Spring Security 是一个强大的安全框架,用于为Java应用提供身份验证和授权服务。在这个完整的项目实例中,我们将深入探讨Spring Security的核心概念以及如何将其应用于实际的Web应用程序开发。 首先,我们从用户、...
在压缩包文件`spring_gateway_security_webflux`中,可能包含了示例代码或配置文件,用于演示如何在Spring Cloud Gateway中集成Spring Security,实现统一登录认证鉴权。这些资源可以帮助开发者更快地理解和实践上述...
在"springsecurity学习笔记"中,你可能会涉及以下主题: - Spring Security的基本配置,包括web安全配置和全局安全配置。 - 如何自定义认证和授权流程,比如实现自定义的AuthenticationProvider和...
SpringBoot+SpringSecurity处理Ajax登录请求问题 SpringBoot+SpringSecurity处理Ajax登录请求问题是SpringBoot开发中的一個常见问题,本文将详细介绍如何使用SpringBoot+SpringSecurity处理Ajax登录请求问题。 ...
Spring Security 是一个强大的安全框架,用于为Java应用提供全面的安全管理解决方案。它是Spring生态系统的组成部分,专注于身份验证、授权和访问控制。Spring Security的核心特性包括: 1. **身份验证...
SpringSecurity是Java开发中用于构建安全Web应用的框架,它提供了强大的身份验证、授权和访问控制功能。在本文中,我们将深入探讨SpringSecurity的核心概念、关键组件以及如何配置和使用这个框架。 首先,Spring...
Spring Security是Spring生态体系中的一个核心组件,主要负责应用程序的安全性,包括认证和授权。它为Web应用提供了全面的保护,防止未经授权的访问和操作。在版本2.5时,Spring Security已经是一个成熟且功能丰富的...
### Spring Security 3.0.1 中文版知识点解析 #### 一、Spring Security 3.0.1 概览 ##### 1.1 Spring Security 是什么? Spring Security 是一个强大的、高度可定制的身份验证和访问控制框架。它提供了许多功能...
Spring Security是一个功能强大且高度可定制的身份验证和授权框架,专门用于保护Java应用程序的安全性。它构建在Spring Framework基础之上,提供了全面的安全解决方案,包括身份验证、授权、攻击防护等功能。 Spring...
视频详细讲解,需要的小伙伴自行网盘下载,链接见附件,永久有效。 首先,SSM环境中我们通过xml配置的...Springsecurity在两种不同的开发模式中使用,有经典的独立web后台管理系统,也有时下最流行的前后端分离场景。
Spring Security 是一个强大的和高度可定制的身份验证和访问控制框架,用于Java应用程序。在这个场景中,我们关注的是如何使用Spring Security实现登录验证以及在登录过程中传递参数,特别是记录并返回用户登录前的...
Spring Security 是一个功能强大且高度可定制的身份验证和访问控制框架,它是安全领域中Spring生态系统的一部分。Spring Security旨在为Java应用程序提供一个全面的安全解决方案,尤其适用于企业级应用场景。它主要...
### Spring Security 概述与应用实践 #### 一、引言 在当今互联网时代,网络安全问题日益凸显,尤其是Web应用程序的安全性受到了前所未有的关注。为了应对这些挑战,Spring Security 应运而生,成为了一个非常重要...
Spring Security 是一个强大的和高度可定制的身份验证和访问控制框架,用于Java应用程序。它提供了全面的安全解决方案,包括用户认证、权限授权、会话管理、CSRF防护以及基于HTTP的访问控制。在这个例子中,我们将...
SpringSecurity是Java领域中一款强大的安全框架,专为Spring和Spring Boot应用设计,提供全面的安全管理解决方案。在SpringBoot Web开发中,SpringSecurity扮演着核心角色,负责处理身份验证、授权以及访问控制等...
Spring Security 是一个强大的安全框架,用于为Java应用提供安全控制。在传统的权限管理中,权限配置通常硬编码在应用程序中,这使得权限调整变得困难,每次变动都需要重新部署应用。然而,通过动态授权,我们可以将...