spring security 做权限管理的步骤

dig0830 2008-07-29 10:44:30

给个spring security 做权限管理的步骤

以前没有接触过security,看了springsecurtiy的文档也不知道该怎么实现

哪位高手给个

...全文

1448 5 打赏收藏转发到动态举报

写回复

用AI写文章

5 条回复

切换为时间正序

请发表友善的回复…

发表回复

xiaofancn 2011-04-23

打赏
举报

http://xiaofancn.iteye.com/blogs/1013473

abstains 2008-10-30

打赏
举报

本人不才·略说两句·
首先在配置一个spring-security.xml配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">


<http auto-config="true">


<intercept-url pattern="/demo/dept.do*" access="ROLE_RETRIEVE_DEPT" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

<form-login login-page="/login.do" default-target-url="/main.do" authentication-failure-url="/login.do?error=true" />
</http>



<authentication-provider user-service-ref="userDetailsService">

<password-encoder hash="plaintext" />
</authentication-provider>


<beans:bean id="userDetailsService" class="demo.security.manager.UserDetailServiceImpl" >
<beans:property name="userManager" ref="userManager" />

</beans:bean>

</beans:beans>

下面就是UserDetailServiceImpl实现类如何实现了

public class UserDetailServiceImpl implements UserDetailsService {

private UserManager userManager;

/**
* 通过用户名加载用户信息.
* <p>
*/
public UserDetails loadUserByUsername(String userName)
throws UsernameNotFoundException, DataAccessException {
User user = userManager.getUserByLoginName(userName);
if (user == null)
throw new UsernameNotFoundException(userName + " 不存在");

// 获得用户对应权限列表
List<Authority> authList = userManager.getAuthsByUserId(user.getUserId());

// 封装为Acegi需要的对象
List<GrantedAuthority> authsList = new ArrayList<GrantedAuthority>();
for (Authority auth : authList) {
authsList.add(new GrantedAuthorityImpl(auth.getAuthCode()));
}

// 目前在mini-web的User类中没有enabled, accountNonExpired,credentialsNonExpired,
// accountNonLocked等属性
// 暂时全部设为true,在需要时才添加这些属性.
org.springframework.security.userdetails.User userDetail = new org.springframework.security.userdetails.User(
user.getUserName(), user.getPassword(), true, true, true, true,
authsList.toArray(new GrantedAuthority[authsList.size()]));

return userDetail;
}

@Required
public void setUserManager(UserManager userManager) {
this.userManager = userManager;
}
}

以上就是简单的security过滤·更简单的方法就是不用实现userDetailsService接口·但是我是现在了userDetailsService接口，我的模块遍的灵活了一些，<建议尝试自己实现userDetailsService接口>
写的有点匆忙·如果有不明白的·我还会陆续解答。