数据背景治理(四)权限掌握
2019-11-18杂谈搜奇网39°c
A+ A-当我们在治理背景数据的时刻须要对治理者的身份举行认证和受权,在该项目中用到的平安认证效劳框架是Spring Security。
1.Spring Security的简朴入门
经由过程一个spring security的入门案例来相识运用该框架的基础步骤。
1.1运用IDEA新建一个webapp的maven工程,在pom.xml文件中引入spring security框架的相干坐标。
1 <?xml version="1.0" encoding="UTF-8"?> 2 3 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 4 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 5 <modelVersion>4.0.0</modelVersion> 6 7 <groupId>club.nipengfei</groupId> 8 <artifactId>spring_security_rumeng</artifactId> 9 <version>1.0-SNAPSHOT</version> 10 <packaging>war</packaging> 11 12 <name>spring_security_rumeng Maven Webapp</name> 13 <!-- FIXME change it to the project's website --> 14 <url>http://www.example.com</url> 15 16 <properties> 17 <spring.version>5.0.2.RELEASE</spring.version> 18 <spring.security.version>5.0.1.RELEASE</spring.security.version> 19 </properties> 20 21 <dependencies> 22 <dependency> 23 <groupId>org.springframework</groupId> 24 <artifactId>spring-core</artifactId> 25 <version>${spring.version}</version> 26 </dependency> 27 <dependency> 28 <groupId>org.springframework</groupId> 29 <artifactId>spring-web</artifactId> 30 <version>${spring.version}</version> 31 </dependency> 32 <dependency> 33 <groupId>org.springframework</groupId> 34 <artifactId>spring-webmvc</artifactId> 35 <version>${spring.version}</version> 36 </dependency> 37 <dependency> 38 <groupId>org.springframework</groupId> 39 <artifactId>spring-context-support</artifactId> 40 <version>${spring.version}</version> 41 </dependency> 42 <dependency> 43 <groupId>org.springframework</groupId> 44 <artifactId>spring-test</artifactId> 45 <version>${spring.version}</version> 46 </dependency> 47 <dependency> 48 <groupId>org.springframework</groupId> 49 <artifactId>spring-jdbc</artifactId> 50 <version>${spring.version}</version> 51 </dependency> 52 53 <dependency> 54 <groupId>org.springframework.security</groupId> 55 <artifactId>spring-security-web</artifactId> 56 <version>${spring.security.version}</version> 57 </dependency> 58 <dependency> 59 <groupId>org.springframework.security</groupId> 60 <artifactId>spring-security-config</artifactId> 61 <version>${spring.security.version}</version> 62 </dependency> 63 <dependency> 64 <groupId>javax.servlet</groupId> 65 <artifactId>javax.servlet-api</artifactId> 66 <version>3.1.0</version> 67 <scope>provided</scope> 68 </dependency> 69 </dependencies> 70 <build> 71 <plugins> 72 <!-- java编译插件 --> 73 <plugin> 74 <groupId>org.apache.maven.plugins</groupId> 75 <artifactId>maven-compiler-plugin</artifactId> 76 <version>3.2</version> 77 <configuration> 78 <source>1.8</source> 79 <target>1.8</target> 80 <encoding>UTF-8</encoding> 81 </configuration> 82 </plugin> 83 <plugin> 84 <groupId>org.apache.tomcat.maven</groupId> 85 <artifactId>tomcat7-maven-plugin</artifactId> 86 <configuration> 87 <!-- 指定端口 --> 88 <port>8090</port> 89 <!-- 请求途径 --> 90 <path>/</path> 91 </configuration> 92 </plugin> 93 </plugins> 94 </build> 95 </project>
1.2在web.xml中设置一个spring security的过滤器和引入spring security的中心设置文件。
1 <?xml version="1.0" encoding="UTF-8"?> 2 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 3 xmlns="http://java.sun.com/xml/ns/javaee" 4 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 5 version="2.5"> 6 <display-name>SpringSecurity314</display-name> 7 8 <context-param> 9 <param-name>contextConfigLocation</param-name> 10 <param-value>classpath:spring-security.xml</param-value> 11 </context-param> 12 <listener> 13 <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 14 </listener> 15 <filter> 16 <filter-name>springSecurityFilterChain</filter-name> 17 <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 18 </filter> 19 <filter-mapping> 20 <filter-name>springSecurityFilterChain</filter-name> 21 <url-pattern>/*</url-pattern> 22 </filter-mapping> 23 <welcome-file-list> 24 <welcome-file>index.html</welcome-file> 25 <welcome-file>index.htm</welcome-file> 26 <welcome-file>index.jsp</welcome-file> 27 <welcome-file>default.html</welcome-file> 28 <welcome-file>default.htm</welcome-file> 29 <welcome-file>default.jsp</welcome-file> 30 </welcome-file-list> 31 </web-app>
1.3在resource资本途径下新建一个该框架的中心设置文件spring-security.xml
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:security="http://www.springframework.org/schema/security" 4 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 5 xsi:schemaLocation="http://www.springframework.org/schema/beans 6 http://www.springframework.org/schema/beans/spring-beans.xsd 7 http://www.springframework.org/schema/security 8 http://www.springframework.org/schema/security/spring-security.xsd"> 9 <security:http auto-config="true" use-expressions="false"> 10 <!-- intercept-url定义一个过滤划定规矩 pattern示意对哪些url举行权限掌握,ccess属性示意在请求对应 11 的URL时须要什么权限, 12 默许设置时它应当是一个以逗号分开的角色列表,请求的用户只需具有个中的一个角色就可以胜利接见对应 13 的URL --> 14 <security:intercept-url pattern="/**" access="ROLE_USER" /> 15 <!-- auto-config设置后,不须要在设置下面信息 <security:form-login /> 定义登录表单信息 16 <security:http-basic 17 /> <security:logout /> --> 18 </security:http> 19 <security:authentication-manager> 20 <security:authentication-provider> 21 <security:user-service> 22 <security:user name="user" password="{noop}user" 23 authorities="ROLE_USER" /> 24 <security:user name="admin" password="{noop}admin" 25 authorities="ROLE_ADMIN" /> 26 </security:user-service> 27 </security:authentication-provider> 28 </security:authentication-manager> 29 </beans>
1.4入门案例总结
启动该入门案例发明直接跳转到了登录页面,然则我们并没有写有关登录的页面,这个页面是该框架自身本身的。
由于在中心设置文件中有<security:http auto-config="true" use-expressions="false">开启spring security的默许的设置,固然也可以自定义登录页面。
当我们随便输入一个用户名"npf"和暗码"1233"(设置文件中没有该用户名暗码)时会涌现以下提醒
当我们输入用户名"admin"暗码"admin"(设置文件中有该用户名暗码但该角色不符合请求)时会涌现以下提醒,该提醒示意权限不足。
当我们输入用户名"user"暗码"user"时可以平常接见到index.jsp页面
上述简朴入门案例存在显著不足之处,须要革新。
- 登录页面太大略须要自定义
- 登录的账号平常在数据库中而不是在设置文件中
2.spring security在数据背景治理中的运用
为了确保数据的平安,在治理数据过程当中须要对治理者的身份举行考证,而且让差别的治理者有差别的操纵权限。
2.1与入门案例相似,在pom.xml文件中引入响应坐标,并在web.xml中设置一个spring security的过滤器和引入spring security的中心设置文件。

1 <?xml version="1.0" encoding="UTF-8"?> 2 3 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 4 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 5 <modelVersion>4.0.0</modelVersion> 6 7 <groupId>club.nipengfei</groupId> 8 <artifactId>ssm5</artifactId> 9 <version>1.0-SNAPSHOT</version> 10 <packaging>war</packaging> 11 12 <name>ssm5 Maven Webapp</name> 13 <!-- FIXME change it to the project's website --> 14 <url>http://www.example.com</url> 15 16 <properties> 17 <spring.version>5.0.2.RELEASE</spring.version> 18 <slf4j.version>1.6.6</slf4j.version> 19 <log4j.version>1.2.12</log4j.version> 20 <mysql.version>5.1.6</mysql.version> 21 <mybatis.version>3.4.5</mybatis.version> 22 <spring.security.version>5.0.1.RELEASE</spring.security.version> 23 </properties> 24 <dependencies> 25 <!-- spring --> 26 <dependency> 27 <groupId>org.aspectj</groupId> 28 <artifactId>aspectjweaver</artifactId> 29 <version>1.6.8</version> 30 </dependency> 31 <dependency> 32 <groupId>org.springframework</groupId> 33 <artifactId>spring-aop</artifactId> 34 <version>${spring.version}</version> 35 </dependency> 36 <dependency> 37 <groupId>org.springframework</groupId> 38 <artifactId>spring-context</artifactId> 39 <version>${spring.version}</version> 40 </dependency> 41 <dependency> 42 <groupId>org.springframework</groupId> 43 <artifactId>spring-web</artifactId> 44 <version>${spring.version}</version> 45 </dependency> 46 <dependency> 47 <groupId>org.springframework</groupId> 48 <artifactId>spring-webmvc</artifactId> 49 <version>${spring.version}</version> 50 </dependency> 51 <dependency> 52 <groupId>org.springframework</groupId> 53 <artifactId>spring-test</artifactId> 54 <version>${spring.version}</version> 55 </dependency> 56 <dependency> 57 <groupId>org.springframework</groupId> 58 <artifactId>spring-tx</artifactId> 59 <version>${spring.version}</version> 60 </dependency> 61 <dependency> 62 <groupId>org.springframework</groupId> 63 <artifactId>spring-jdbc</artifactId> 64 <version>${spring.version}</version> 65 </dependency> 66 <dependency> 67 <groupId>junit</groupId> 68 <artifactId>junit</artifactId> 69 <version>4.12</version> 70 <scope>compile</scope> 71 </dependency> 72 <dependency> 73 <groupId>mysql</groupId> 74 <artifactId>mysql-connector-java</artifactId> 75 <version>${mysql.version}</version> 76 </dependency> 77 <dependency> 78 <groupId>javax.servlet</groupId> 79 <artifactId>servlet-api</artifactId> 80 <version>2.5</version> 81 <scope>provided</scope> 82 </dependency> 83 <dependency> 84 <groupId>javax.servlet.jsp</groupId> 85 <artifactId>jsp-api</artifactId> 86 <version>2.0</version> 87 <scope>provided</scope> 88 </dependency> 89 <dependency> 90 <groupId>jstl</groupId> 91 <artifactId>jstl</artifactId> 92 <version>1.2</version> 93 </dependency> 94 <!-- log start --> 95 <dependency> 96 <groupId>log4j</groupId> 97 <artifactId>log4j</artifactId> 98 <version>${log4j.version}</version> 99 </dependency> 100 <dependency> 101 <groupId>org.slf4j</groupId> 102 <artifactId>slf4j-api</artifactId> 103 <version>${slf4j.version}</version> 104 </dependency> 105 <dependency> 106 <groupId>org.slf4j</groupId> 107 <artifactId>slf4j-log4j12</artifactId> 108 <version>${slf4j.version}</version> 109 </dependency> 110 <!-- log end --> 111 <dependency> 112 <groupId>org.mybatis</groupId> 113 <artifactId>mybatis</artifactId> 114 <version>${mybatis.version}</version> 115 </dependency> 116 <dependency> 117 <groupId>org.mybatis</groupId> 118 <artifactId>mybatis-spring</artifactId> 119 <version>1.3.0</version> 120 </dependency> 121 <dependency> 122 <groupId>c3p0</groupId> 123 <artifactId>c3p0</artifactId> 124 <version>0.9.1.2</version> 125 <type>jar</type> 126 <scope>compile</scope> 127 </dependency> 128 <dependency> 129 <groupId>com.github.pagehelper</groupId> 130 <artifactId>pagehelper</artifactId> 131 <version>5.1.2</version> 132 </dependency> 133 <dependency> 134 <groupId>org.springframework.security</groupId> 135 <artifactId>spring-security-web</artifactId> 136 <version>${spring.security.version}</version> 137 </dependency> 138 <dependency> 139 <groupId>org.springframework.security</groupId> 140 <artifactId>spring-security-config</artifactId> 141 <version>${spring.security.version}</version> 142 </dependency> 143 <dependency> 144 <groupId>org.springframework.security</groupId> 145 <artifactId>spring-security-core</artifactId> 146 <version>${spring.security.version}</version> 147 </dependency> 148 <dependency> 149 <groupId>org.springframework.security</groupId> 150 <artifactId>spring-security-taglibs</artifactId> 151 <version>${spring.security.version}</version> 152 </dependency> 153 154 <dependency> 155 <groupId>mysql</groupId> 156 <artifactId>mysql-connector-java</artifactId> 157 <version>${mysql.version}</version> 158 </dependency> 159 160 <dependency> 161 <groupId>javax.annotation</groupId> 162 <artifactId>jsr250-api</artifactId> 163 <version>1.0</version> 164 </dependency> 165 166 </dependencies> 167 168 <build> 169 <finalName>ssm5</finalName> 170 <pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) --> 171 <plugins> 172 <plugin> 173 <artifactId>maven-clean-plugin</artifactId> 174 <version>3.1.0</version> 175 </plugin> 176 <!-- see http://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_war_packaging --> 177 <plugin> 178 <artifactId>maven-resources-plugin</artifactId> 179 <version>3.0.2</version> 180 </plugin> 181 <plugin> 182 <artifactId>maven-compiler-plugin</artifactId> 183 <version>3.8.0</version> 184 </plugin> 185 <plugin> 186 <artifactId>maven-surefire-plugin</artifactId> 187 <version>2.22.1</version> 188 </plugin> 189 <plugin> 190 <artifactId>maven-war-plugin</artifactId> 191 <version>3.2.2</version> 192 </plugin> 193 <plugin> 194 <artifactId>maven-install-plugin</artifactId> 195 <version>2.5.2</version> 196 </plugin> 197 <plugin> 198 <artifactId>maven-deploy-plugin</artifactId> 199 <version>2.8.2</version> 200 </plugin> 201 </plugins> 202 </pluginManagement> 203 </build> 204 </project>pom.xml

1 <?xml version="1.0" encoding="UTF-8"?> 2 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 3 xmlns="http://xmlns.jcp.org/xml/ns/javaee" 4 xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" 5 version="3.1"> 6 7 <display-name>Archetype Created web Application</display-name> 8 <!--设置监听器,默许只加载WEB-INF目录下的applicationContext.xml设置文件--> 9 <listener> 10 <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 11 </listener> 12 <!--设置设置文件途径--> 13 <context-param> 14 <param-name>contextConfigLocation</param-name> 15 <param-value>classpath*:applicationContext.xml,classpath*:spring-security.xml</param-value> 16 </context-param> 17 <!--设置前端掌握器--> 18 <servlet> 19 <servlet-name>dispatcherServlet</servlet-name> 20 <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 21 <!--加载springmvc.xml设置文件--> 22 <init-param> 23 <param-name>contextConfigLocation</param-name> 24 <param-value>classpath:springmvc.xml</param-value> 25 </init-param> 26 <!--启动效劳器,建立servlet--> 27 <load-on-startup>1</load-on-startup> 28 </servlet> 29 <servlet-mapping> 30 <servlet-name>dispatcherServlet</servlet-name> 31 <url-pattern>*.do</url-pattern> 32 </servlet-mapping> 33 34 <!--处置惩罚中文乱码过滤器--> 35 <filter> 36 <filter-name>characterEncodingFilter</filter-name> 37 <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 38 <init-param> 39 <param-name>encoding</param-name> 40 <param-value>UTF-8</param-value> 41 </init-param> 42 </filter> 43 <filter-mapping> 44 <filter-name>characterEncodingFilter</filter-name> 45 <url-pattern>/*</url-pattern> 46 </filter-mapping> 47 48 <!--spring security的过滤器--> 49 <filter> 50 <filter-name>springSecurityFilterChain</filter-name> 51 <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 52 </filter> 53 <filter-mapping> 54 <filter-name>springSecurityFilterChain</filter-name> 55 <url-pattern>/*</url-pattern> 56 </filter-mapping> 57 58 <welcome-file-list> 59 <welcome-file>index.html</welcome-file> 60 <welcome-file>index.htm</welcome-file> 61 <welcome-file>index.jsp</welcome-file> 62 <welcome-file>default.html</welcome-file> 63 <welcome-file>default.htm</welcome-file> 64 <welcome-file>default.jsp</welcome-file> 65 </welcome-file-list> 66 </web-app>web.xml
2.2设置spring security的中心设置文件
与入门案例比拟,这里设置了不阻拦的资本,自定义了登录页面,完成了退出操纵,将本来定义在设置页面中的登录用户名和暗码切换成在数据库中。
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:security="http://www.springframework.org/schema/security" 4 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 5 xsi:schemaLocation="http://www.springframework.org/schema/beans 6 http://www.springframework.org/schema/beans/spring-beans.xsd 7 http://www.springframework.org/schema/security 8 http://www.springframework.org/schema/security/spring-security.xsd"> 9 10 <!-- 设置不阻拦的资本 --> 11 <security:http pattern="/login.jsp" security="none"/> 12 <security:http pattern="/failer.jsp" security="none"/> 13 <security:http pattern="/css/**" security="none"/> 14 <security:http pattern="/img/**" security="none"/> 15 <security:http pattern="/plugins/**" security="none"/> 16 17 <!-- 18 设置详细的划定规矩 19 auto-config="true" 不必本身编写登录的页面,框架供应默许登录页面 20 use-expressions="false" 是不是运用SPEL表达式(没进修过) 21 --> 22 <security:http auto-config="true" use-expressions="true"> 23 <!-- 设置详细的阻拦的划定规矩 pattern="请求途径的划定规矩" access="接见体系的人,必须有ROLE_USER的角色" --> 24 <security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')"/> 25 26 <!-- 定义跳转的详细的页面 --> 27 <security:form-login 28 login-page="/login.jsp" 29 login-processing-url="/login.do" 30 default-target-url="/index.jsp" 31 authentication-failure-url="/failer.jsp" 32 authentication-success-forward-url="/pages/main.jsp" 33 /> 34 35 <!-- 封闭跨域请求 --> 36 <security:csrf disabled="true"/> 37 38 <!-- 退出 --> 39 <security:logout invalidate-session="true" logout-url="/logout.do" logout-success-url="/login.jsp" /> 40 41 </security:http> 42 43 <!-- 切换成数据库中的用户名和暗码 --> 44 <security:authentication-manager> 45 <security:authentication-provider user-service-ref="userService"> 46 <!-- 设置加密的体式格局 --> 47 <security:password-encoder ref="passwordEncoder"/> 48 </security:authentication-provider> 49 </security:authentication-manager> 50 51 <!-- 设置加密类 --> 52 <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/> 53 54 </beans>
2.3运用数据库完成用户登录流程
下面是运用数据库完成认证操纵的流程图
在Spring Security中假如想要运用数据举行认证操纵,有很多种操纵体式格局,这里我们引见运用UserDetails、UserDetailsService来完成操纵。
IUserService接口继续了UserDetailsService类,UserServiceImpl类完成了IUserService接口。
UserDetailsService 接口内有一个loadUserByUsername要领,返回的是UserDetails。
1 public interface UserDetailsService { 2 // ~ Methods 3 // ======================================================================================================== 4 5 /** 6 * Locates the user based on the username. In the actual implementation, the search 7 * may possibly be case sensitive, or case insensitive depending on how the 8 * implementation instance is configured. In this case, the <code>UserDetails</code> 9 * object that comes back may have a username that is of a different case than what 10 * was actually requested.. 11 * 12 * @param username the username identifying the user whose data is required. 13 * 14 * @return a fully populated user record (never <code>null</code>) 15 * 16 * @throws UsernameNotFoundException if the user could not be found or the user has no 17 * GrantedAuthority 18 */ 19 UserDetails loadUserByUsername(String username) throws UsernameNotFoundException; 20 }
依据spring-security的中心设置文件,须要将UserServiceImpl类命名为"userService",并完成loadUserByUsername要领。
loadUserByUsername要领依据用户名从数据库中查询用户信息UserInfo,并将UserInfo的用户名,暗码和角色信息作为User的组织参数。
1 package club.nipengfei.service.impl; 2 3 import club.nipengfei.dao.IUserDao; 4 import club.nipengfei.domain.Role; 5 import club.nipengfei.domain.UserInfo; 6 import club.nipengfei.service.IUserService; 7 import org.springframework.beans.factory.annotation.Autowired; 8 import org.springframework.security.core.authority.SimpleGrantedAuthority; 9 import org.springframework.security.core.userdetails.User; 10 import org.springframework.security.core.userdetails.UserDetails; 11 import org.springframework.security.core.userdetails.UsernameNotFoundException; 12 import org.springframework.stereotype.Service; 13 import org.springframework.transaction.annotation.Transactional; 14 15 import java.util.ArrayList; 16 import java.util.Collection; 17 import java.util.List; 18 19 @Service("userService") 20 @Transactional 21 public class UserServiceImpl implements IUserService { 22 23 @Autowired 24 private IUserDao userDao; 25 26 public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { 27 UserInfo userInfo = null; 28 try { 29 userInfo = userDao.findByUsername(username);31 } catch (Exception e) { 32 e.printStackTrace(); 33 } 34 // 处置惩罚本身的用户对象分装成UserDetails 35 // 该spring security的User完成了UserDetails 36 User user = new User(userInfo.getUsername(),userInfo.getPassword(),getAuthority(userInfo.getRoles()));38 return user; 39 } 40 41 public List<SimpleGrantedAuthority> getAuthority(List<Role> roles) { 42 List<SimpleGrantedAuthority> list = new ArrayList<SimpleGrantedAuthority>(); 43 for (Role role:roles){ 44 list.add(new SimpleGrantedAuthority("ROLE_"+role.getRoleName())); 45 } 46 return list; 47 } 48 }
接口UserDetails,封装了当前认证用户的信息,但由于是一个接口,我们可以对其完成,也可以运用spring security供应的UserDetails完成类User完成操纵
1 public interface UserDetails extends Serializable { 2 Collection<? extends GrantedAuthority> getAuthorities(); 3 String getPassword(); 4 String getUsername(); 5 boolean isAccountNonExpired(); 6 boolean isAccountNonLocked(); 7 boolean isCredentialsNonExpired(); 8 boolean isEnabled(); 9 }
1 public class User implements UserDetails, CredentialsContainer { 2 private String password; 3 private final String username; 4 private final Set<GrantedAuthority> authorities; 5 private final boolean accountNonExpired; //帐户是不是逾期 6 private final boolean accountNonLocked; //帐户是不是锁定 7 private final boolean credentialsNonExpired; //认证是不是逾期 8 private final boolean enabled; //帐户是不是可用 9 }
下面是依据用户名查询用户信息的IUserDao接口
1 package club.nipengfei.dao; 2 3 import club.nipengfei.domain.UserInfo; 4 import org.apache.ibatis.annotations.Many; 5 import org.apache.ibatis.annotations.Result; 6 import org.apache.ibatis.annotations.Results; 7 import org.apache.ibatis.annotations.Select; 8 9 public interface IUserDao { 10 11 @Select("select * from users where username=#{username}") 12 @Results({ 13 @Result(id = true,property = "id",column = "id"), 14 @Result(property = "username",column = "username"), 15 @Result(property = "email",column = "email"), 16 @Result(property = "password",column = "password"), 17 @Result(property = "phoneNum",column = "phoneNum"), 18 @Result(property = "status",column = "status"), 19 @Result(property = "roles",column = "id",javaType = java.util.List.class,many = @Many(select = "club.nipengfei.dao.IRoleDao.findRoleByUserId")) 20 }) 21 public UserInfo findByUsername(String username) throws Exception; 22 }
2.4运用spring security完成权限掌握(JSR-250注解)
差别的用户有差别的角色,依据角色运用户有差别的权限。在效劳器端我们可以经由过程Spring security供应的注解对要领来举行权限掌握。Spring Security在要领的权限掌握上支撑三种范例的注解,JSR-250注解、@Secured注解和支撑表达式的注解,这三种注解默许都是没有启用的,须要零丁经由过程global-method-security元素的对应属性举行启用
下面运用JSR-250注解完成权限掌握:
须要在security-security.xml中开启权限,而且在pom.xml引入坐标
<security:global-method-security jsr250-annotations="enabled"></security:global-method-security>
<dependency> <groupId>javax.annotation</groupId> <artifactId>jsr250-api</artifactId> <version>1.0</version> </dependency>
- @RolesAllowed示意接见对应要领时所应当具有的角色
- @PermitAll示意许可一切的角色举行接见,也就是说不举行权限掌握
- @DenyAll是和PermitAll相反的,示意无论什么角色都不能接见
示例:
@RolesAllowed({"USER", "ADMIN"}) 该要领只需具有"USER", "ADMIN"恣意一种权限就可以够接见。这里可以省略前缀ROLE_,现实的权限多是ROLE_ADMIN
2.5运用spring security完成权限掌握(@Secured注解)
与上面的相似,少一步pom.xml坐标引入,由于该注解是spring security自身供应的。