spring-security3.2.5实现中国式安全管理(转)
Java代码 
- privilesByUsernameQuery= select authority from user_authorities where username = ?
- allUrlAuthoritiesQuery=SELECT authority_id , url FROM Url_Authorities
Java代码
- /**
- *
- */
- package com.sivalabs.springapp.config;
- import java.util.List;
- import javax.annotation.Resource;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.core.env.Environment;
- import org.springframework.jdbc.core.JdbcTemplate;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- //import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.builders.WebSecurity;
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.util.StringUtils;
- import com.sivalabs.springapp.entities.UrlAuthority;
- import com.sivalabs.springapp.repositories.UserRepository;
- /**
- * @author tony
- *
- */
- @Configuration
- @EnableWebSecurity(debug = true)
- // @EnableGlobalMethodSecurity(prePostEnabled = true)
- // @ImportResource("classpath:applicationContext-security.xml")
- public class SecurityConfig extends WebSecurityConfigurerAdapter {
- @Autowired
- JdbcTemplate jdbcTemplate ;
- @Autowired
- private Environment env;
- @Bean
- CustomUserDetailsService customUserDetailsService() {
- //==================application.properties文件中配置2个SQL=============
- //privilesByUsernameQuery= select authority from user_authorities where username = ?
- //allUrlAuthoritiesQuery=SELECT authority_id , url FROM Url_Authorities
- String privilesByUsernameQuery = env.getProperty("privilesByUsernameQuery");
- String allUrlAuthoritiesQuery = env.getProperty("allUrlAuthoritiesQuery");
- CustomUserDetailsService customUserDetailsService = new CustomUserDetailsService();
- customUserDetailsService.setJdbcTemplate(jdbcTemplate);
- customUserDetailsService.setEnableGroups(false);
- //根据登录ID,查登录用户的所有权限
- if(StringUtils.hasLength(privilesByUsernameQuery))
- customUserDetailsService.setAuthoritiesByUsernameQuery(privilesByUsernameQuery);
- //所有URL与权限的对应关系
- if(StringUtils.hasLength(privilesByUsernameQuery))
- customUserDetailsService.setAllUrlAuthoritiesQuery(allUrlAuthoritiesQuery);
- return customUserDetailsService;
- }
- @Resource(name = "userRepository")
- private UserRepository userRepository;
- @Override
- protected void configure(AuthenticationManagerBuilder registry)
- throws Exception {
- /*
- * registry .inMemoryAuthentication() .withUser("siva") // #1
- * .password("siva") .roles("USER") .and() .withUser("admin") // #2
- * .password("admin") .roles("ADMIN","USER");
- */
- // registry.jdbcAuthentication().dataSource(dataSource);
- registry.userDetailsService(customUserDetailsService());
- }
- @Override
- public void configure(WebSecurity web) throws Exception {
- web.ignoring().antMatchers("/resources/**"); // #3web
- }
- // AntPathRequestMatcher --> AntPathRequestMatcher --->AntPathMatcher
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- //1.登录注册等URL不要身份验证
- http.csrf().disable().authorizeRequests()
- .antMatchers("/login", "/login/form**", "/register", "/logout")
- .permitAll() // #4
- .antMatchers("/admin", "/admin/**").hasRole("ADMIN"); // #6
- //2. 从数据库中读取所有需要权限控制的URL资源,注意当新增URL控制时,需要重启服务
- List<UrlAuthority> urlAuthorities = customUserDetailsService().loadUrlAuthorities();
- for (UrlAuthority urlAuthority : urlAuthorities) {
- http.authorizeRequests().antMatchers(urlAuthority.getUrl()).hasAuthority(String.valueOf(urlAuthority.getId()));
- }
- //3. 除1,2两个步骤验证之外的URL资源,只要身份认证即可访问
- http.authorizeRequests().anyRequest().authenticated() // 7
- .and().formLogin() // #8
- .loginPage("/login/form") // #9
- .loginProcessingUrl("/login").defaultSuccessUrl("/welcome") // #defaultSuccessUrl
- .failureUrl("/login/form?error").permitAll(); // #5
- }
- }
Java代码
- /**
- *
- */
- package com.sivalabs.springapp.config;
- import java.sql.ResultSet;
- import java.sql.SQLException;
- import java.util.List;
- import org.springframework.jdbc.core.RowMapper;
- import org.springframework.security.core.GrantedAuthority;
- import org.springframework.security.core.authority.SimpleGrantedAuthority;
- import org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl;
- import com.sivalabs.springapp.entities.UrlAuthority;
- /**
- * @author tony
- *
- */
- public class CustomUserDetailsService extends JdbcDaoImpl{
- private String allUrlAuthoritiesQuery ;
- /**
- * 从数据库中读取所有需要权限控制的URL资源,注意当新增URL控制时,需要重启服务
- */
- public List<UrlAuthority> loadUrlAuthorities( ) {
- return getJdbcTemplate().query(allUrlAuthoritiesQuery, new RowMapper<UrlAuthority>() {
- public UrlAuthority mapRow(ResultSet rs, int rowNum) throws SQLException {
- return new UrlAuthority (rs.getInt(1),rs.getString(2));
- }
- });
- }
- /**
- * 从数据库中读取用户权限
- * Loads authorities by executing the SQL from <tt>authoritiesByUsernameQuery</tt>.
- * @return a list of GrantedAuthority objects for the user
- */
- protected List<GrantedAuthority> loadUserAuthorities(String username) {
- return getJdbcTemplate().query(super.getAuthoritiesByUsernameQuery(), new String[] {username}, new RowMapper<GrantedAuthority>() {
- public GrantedAuthority mapRow(ResultSet rs, int rowNum) throws SQLException {
- String roleName = rs.getString(1);
- return new SimpleGrantedAuthority(roleName);
- }
- });
- }
- public void setAllUrlAuthoritiesQuery(String allUrlAuthoritiesQuery) {
- this.allUrlAuthoritiesQuery = allUrlAuthoritiesQuery;
- }
- }
spring-security-oauth2 http://www.mvnrepository.com/artifact/org.springframework.security.oauth/spring-security-oauth2
Maven Repository: org.springframework.session » spring-session http://www.mvnrepository.com/artifact/org.springframework.session/spring-session