腳本之家服務(wù)器常用軟件

快捷導(dǎo)航

軟件下載

android MAC 驅(qū)動(dòng)下載字體下載 DLL

源碼下載

PHP ASP.NET ASP JSP

軟件編程

C# JAVA C 語(yǔ)言 Delphi Android

網(wǎng)絡(luò)編程

PHP ASP.NET ASP JavaScript

在線工具

CSS格式化 JS格式化 Html轉(zhuǎn)化為Js

數(shù)據(jù)庫(kù)

MYSQL MSSQL oracle DB2 MARIADB

CMS

PHPCMS DEDECMS 帝國(guó)CMS WordPress

常用工具

PHP開(kāi)發(fā)工具 python Photoshop 必備軟件

SpringSecurity實(shí)現(xiàn)動(dòng)態(tài)加載權(quán)限信息的方法

更新時(shí)間：2022年01月05日 14:50:44 作者：MMM_Demon

這篇文章主要介紹了SpringSecurity實(shí)現(xiàn)動(dòng)態(tài)加載權(quán)限信息,本文給大家介紹的非常詳細(xì)，對(duì)大家的學(xué)習(xí)或工作具有一定需要的朋友可以參考下

①數(shù)據(jù)庫(kù)中資源與角色對(duì)應(yīng)關(guān)系，以及角色和用戶對(duì)應(yīng)關(guān)系如下圖所示：

②實(shí)現(xiàn)FilterInvocationSecurityMetadataSource類

(1)List<Menu> menus = menuService.getMenusWithRoles();這個(gè)是你自己的資源對(duì)應(yīng)角色的查詢方法。

(2)重寫(xiě)的support方法都返回true

@Configuration
public class MyFilterInvocation implements FilterInvocationSecurityMetadataSource {
 
    @Autowired
    private MenuService menuService;
 
    AntPathMatcher antPathMatcher = new AntPathMatcher();
 
    @Override
    public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {
        String requestUrl = ((FilterInvocation) object).getRequestUrl();
        List<Menu> menus = menuService.getMenusWithRoles();
        //- 遍歷數(shù)據(jù)庫(kù)的url，看請(qǐng)求路徑是否與其匹配
        for (Menu menu : menus) {
            //- 如果請(qǐng)求路徑和數(shù)據(jù)庫(kù)的路徑匹配
            if (antPathMatcher.match(menu.getUrl(),requestUrl)){
                //- 訪問(wèn)該路徑需要的角色
                List<Role> roles = menu.getRoles();
                String[] strs = new String[roles.size()];
                for (int i = 0; i < roles.size(); i++) {
                    strs[i] = roles.get(i).getName();
                }
                return SecurityConfig.createList(strs);
            }
        }
        //- 如果請(qǐng)求路徑和數(shù)據(jù)庫(kù)的所有路徑都不匹配，說(shuō)明這個(gè)資源是登錄后即可訪問(wèn)的
        //- 用戶登錄即可訪問(wèn),相當(dāng)于在SecurityConfig中配置了.anyRequest().authenticated()
        return SecurityConfig.createList("ROLE_LOGIN");
    }
 
    @Override
    public Collection<ConfigAttribute> getAllConfigAttributes() {
        return null;
    }
 
    @Override
    public boolean supports(Class<?> clazz) {
        return true;
    }
}

③實(shí)現(xiàn)AccessDecisionManager類

重寫(xiě)的support方法都返回true

@Configuration
public class MyDecisionManager implements AccessDecisionManager {
 
 
    @Override
    public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
        for (ConfigAttribute configAttribute : configAttributes) {
            String needRole = configAttribute.getAttribute();
            if ("ROLE_LOGIN".equals(needRole)) {
                //- 用戶登錄即可訪問(wèn),相當(dāng)于在SecurityConfig中配置了.anyRequest().authenticated()
                if (authentication instanceof AnonymousAuthenticationToken) {
                    throw new AccessDeniedException("尚未登錄，請(qǐng)先登錄");
                } else {
                    return;
                }
            }
            
            Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
            //這里我寫(xiě)的是只要訪問(wèn)該資源的用戶具有`訪問(wèn)該資源所需要角色`的其中一個(gè)即可
            for (GrantedAuthority authority : authorities) {
                if (authority.getAuthority().equals(needRole)) {
                    return;
                }
            }
        }
        throw new AccessDeniedException("權(quán)限不足，請(qǐng)聯(lián)系管理員");
    }
 
    @Override
    public boolean supports(ConfigAttribute attribute) {
        return true;
    }
 
    @Override
    public boolean supports(Class<?> clazz) {
        return true;
    }
}

④到SecurityConfig配置類中完成相應(yīng)配置

    @Autowired
    private MyDecisionManager myDecisionManager;
    
    @Autowired
    private  MyFilterInvocation myFilterInvocation;
 
     @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
                    @Override
                    public <O extends FilterSecurityInterceptor> O postProcess(O object) {
                        object.setAccessDecisionManager(myDecisionManager);
                        object.setSecurityMetadataSource(myFilterInvocation);
                        return object;
                    }
                });
 
            http.exceptionHandling().accessDeniedHandler(myAccessDeniedHandler());
 
    }
 
 
    @Bean
    MyAccessDeniedHandler myAccessDeniedHandler(){
        return new MyAccessDeniedHandler();
    }

⑤可選，實(shí)現(xiàn)AccessDeniedHandler類

public class MyAccessDenied implements AccessDeniedHandler {
 
    @Override
    public void handle(HttpServletRequest req, HttpServletResponse resp, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        resp.setContentType("application/json;charset=utf-8");
        PrintWriter pw = resp.getWriter();
        pw.write(new ObjectMapper().writeValueAsString(RespBean.error("權(quán)限不夠，請(qǐng)聯(lián)系管理員")));
        pw.flush();
        pw.close();
    }
}

到此這篇關(guān)于SpringSecurity實(shí)現(xiàn)動(dòng)態(tài)加載權(quán)限信息的文章就介紹到這了,更多相關(guān)SpringSecurity動(dòng)態(tài)加載權(quán)限內(nèi)容請(qǐng)搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家！

您可能感興趣的文章: