spring3.0 restful
6.applicationContext-security.xml配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config='true'>
<intercept-url pattern="/css/**" filters="none" />
<intercept-url pattern="/login*" filters="none" />
<intercept-url pattern="/userinfo/**" access="ROLE_USER" />
<logout logout-success-url="/login"/>
<form-login login-page="/login"
authentication-failure-url="/login?error=true"
default-target-url="/userinfo" />
<remember-me key="e37f4b31-0c45-11dd-bd0b-0800200c9a66" />
</http>
<authentication-manager>
<authentication-provider
user-service-ref="userDetailsService">
<!--
<user-service>
<user name="admin" password="111111"
authorities="ROLE_USER, ROLE_ADMIN" />
<user name="sns" password="123456"
authorities="ROLE_USER" />
</user-service>
-->
</authentication-provider>
</authentication-manager>
<beans:bean id="userDetailsService" class="com.huawei.portal.security.SpringUserDetailService"/>
</beans:beans>
对应的SpringUserDetailService类:
package com.huawei.portal.security;
import java.util.HashSet;
import java.util.Set;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.core.userdetails.User;
import com.huawei.portal.model.UserInfo;
public class SpringUserDetailService implements UserDetailsService {
public UserDetails loadUserByUsername(String userName)
throws UsernameNotFoundException, DataAccessException {
UserInfo users = new UserInfo();
users.setUsername(userName);
users.setPassword("123456");
if (!userName.equals("admin")) {
throw new UsernameNotFoundException("用户" + userName + " 不存在");
}
GrantedAuthority[] grantedAuths = obtainGrantedAuthorities(users);
// 无以下属性,暂时全部设为true.
boolean enabled = true;
boolean accountNonExpired = true;
boolean credentialsNonExpired = true;
boolean accountNonLocked = true;
return new User(users.getUsername(), users.getPassword(), enabled,
accountNonExpired, credentialsNonExpired, accountNonLocked,
grantedAuths);
}
/**
* 获得用户所有角色的权限.
*/
private GrantedAuthority[] obtainGrantedAuthorities(UserInfo user) {
Set<GrantedAuthority> authSet = new HashSet<GrantedAuthority>();
// for (Roles role : user.getRoles()) {
// for (Authorities authority : role.getAuthorities()) {
// authSet.add(new GrantedAuthorityImpl(authority.getName()));
// }
// }
authSet.add(new GrantedAuthorityImpl("ROLE_USER"));
return authSet.toArray(new GrantedAuthority[authSet.size()]);
}
}
头部界面:
head_demo.ftl:
<#setting number_format="#"/>
<#import "../pages/includes/spring.ftl" as spring/>
<html>
<head>
<base href='${request.scheme + "://" + request.serverName + ":" + request.serverPort + request.contextPath + "/"}'>
<title>Freemarker Decorator - ${title}</title>
<!--在表头通过sitemesh编译的头部文件引入文件或者连接,虽然有base href但还是要加工程名,在其他的地方就可以不要-->
<link href="${request.contextPath}/static/css/main.css" rel="stylesheet" type="text/css"/>
${head}
</head>
<body>
<div id="pageTitle"><center><h3>我们的Demo----<@spring.message code="entity.missing"/></h3> </center></div>
<hr/>
<br/>
${body}
<br/>
<hr/>
<center>
<div id="footer">
<h5>
帮助 | 关于我们 | 使用条款 | 开放平台
</h5>
<a href="spring/group">zeng_hongjun@vanceinfo.com</a>
</div>
</center>
</body>
</html>