4、SecurityUserDto 类
package com.honzh.biz.database.entity.security; import java.util.Collection; import java.util.List; import org.springframework.security.core.GrantedAuthority; @SuppressWarnings("rawtypes") public class SecurityUserDto extends SecurityUser { private static final long serialVersionUID = -2841646575237530938L; private Integer id; private String rolename; private List resources; public SecurityUserDto() { } public SecurityUserDto(String username, String password, Integer id, boolean enabled, Collection<GrantedAuthority> authorities, List resources) { super(username, password, enabled, authorities); this.id = id; this.setResources(resources); } /** * @return the rolename */ public String getRolename() { return rolename; } /** * @param rolename * the rolename to set */ public void setRolename(String rolename) { this.rolename = rolename; } public Integer getId() { return this.id; } public void setId(Integer id) { this.id = id; } public List getResources() { return resources; } public void setResources(List resources) { this.resources = resources; } }
稍作介绍:
限于篇幅,我删掉了一些属性。
关键内容是rolename、resources、Collection<GrantedAuthority> authorities。
5、用户登陆
<security:authentication-manager alias="authenticationManager"> <security:authentication-provider user-service-ref="customUserDetailsService"> <security:password-encoder hash="md5" /> </security:authentication-provider> </security:authentication-manager>
稍作解释:
以上xml内容片段来自于applicationContext-security.xml,使用过springsecurity的朋友对该文件都不会陌生。
用户登陆时,springsecurity机制会将用户名和密码传递到指定的customUserDetailsService服务对象。
然后我们来看看customUserDetailsService服务对象:
package com.honzh.spring.service.security.impl; import java.util.HashSet; import java.util.List; import java.util.Set; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.GrantedAuthorityImpl; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; import com.honzh.biz.database.entity.UserRole; import com.honzh.biz.database.entity.security.SecurityUserDto; import com.honzh.biz.database.mapper.ResourceMapper; import com.honzh.biz.database.mapper.SecurityUserSpecMapper; import com.honzh.biz.database.mapper.UserRoleMapper; import com.honzh.spring.service.security.CustomUserDetailsService; @Service("customUserDetailsService") public class CustomUserDetailsServiceImpl implements CustomUserDetailsService { @Autowired private SecurityUserSpecMapper securityUserSpecMapper; @Autowired private UserRoleMapper userRoleMapper; @Autowired private ResourceMapper resourceMapper; @SuppressWarnings("rawtypes") public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException { SecurityUserDto user = this.securityUserSpecMapper.selectByUsername(userName); UserRole userRole = this.userRoleMapper.selectByUserid(user.getId()); List resources = this.resourceMapper.selectResources(user.getUsername(), userRole.getRoleId1()); Set<GrantedAuthority> auths = new HashSet<GrantedAuthority>(); auths.add(new GrantedAuthorityImpl(user.getRolename().replaceAll("\\*\\d{1,}\\*", ""))); return new SecurityUserDto(user.getUsername(), user.getPassword(), user.getId(), auths, resources); } }
稍作解释:
关于如何获得权限resource,以及SecurityUserDto 对象就不多做介绍了。
通过loadUserByUsername方法,就把role、resource等信息全部封装到SecurityContextHolder.getContext().getAuthentication()权限对象中了。
6、权限配置
关于权限配置的相关内容也不做介绍了,因为数据表不一致,大家伙用的方法也不一致,如果以后需要的话,再另做介绍。
这里就只看看页面上如何配置权限,仅供参考。
为“新建代理”创建指定的newAgentPage权限,其父菜单为整个代理列表页面。
7、为角色分配权限
代码实现上也不多做介绍了。
代理角色不具有“新建代理”的权限。
8、为用户分配角色
代码实现上不多做介绍了。
为我弟弟王三分配了代理(proxy)的角色。
到此就算是全部结束了,后续如果有朋友需要权限分配的介绍,再做说明。