67,550
社区成员
发帖
与我相关
我的任务
分享一个spring_security的问题,解决了几天了!找高手解决。
资源认证器
自定义的一个拦截器
获得用户和权限
把资源查询出来
package com.onionbbs.security;
import java.util.Collection;
import java.util.Iterator;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
public class GamersAccessDecisionManager implements AccessDecisionManager {
public void decide(Authentication authentication, Object object,
Collection<ConfigAttribute> configAttributes)
throws AccessDeniedException, InsufficientAuthenticationException {
if(configAttributes == null){
return ;
}
System.out.println("Object:"+object.toString());
Iterator<ConfigAttribute> ite=configAttributes.iterator();
while(ite.hasNext()){
ConfigAttribute ca=ite.next();
//怎么这里输出这个是ROLE_ANONYMOUS
System.out.println(authentication.getAuthorities());
String needRole=((SecurityConfig)ca).getAttribute();
for(GrantedAuthority ga:authentication.getAuthorities()){
if(needRole.equals(ga.getAuthority())){
return;
}
}
}
throw new AccessDeniedException("no right");
}
public boolean supports(ConfigAttribute attribute){
return true;
}
public boolean supports(Class<?> clazz) {
return true;
}
}
自定义的一个拦截器
package com.onionbbs.security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.AntUrlPathMatcher;
import org.springframework.security.web.util.UrlMatcher;
import com.OnionEntertainment.Security.Service.SecurityResourceServiceImp;
import com.onionbbs.model.Resources;
import com.onionbbs.model.Role;
public class InvocationSecurityMetadataSource
implements FilterInvocationSecurityMetadataSource {
private UrlMatcher urlMatcher = new AntUrlPathMatcher();;
private static Map<String, Collection<ConfigAttribute>> resourceMap = null;
private SecurityResourceServiceImp securityResourceService;
public void setSecurityResourceService(
SecurityResourceServiceImp securityResourceService) {
this.securityResourceService = securityResourceService;
}
public void loadResourceDefine() {
resourceMap = new HashMap<String, Collection<ConfigAttribute>>();
for(Resources item:securityResourceService.getAllResources()){
resourceMap.put(item.getUrl(), listRoleToCollection(item.getRole()));
}
}
public Collection<ConfigAttribute> listRoleToCollection(Set<Role> set){
List<ConfigAttribute> list=new ArrayList<ConfigAttribute>();
for(Role role:set){
System.out.println("=================================="+role.getName()+"==============");
list.add(new SecurityConfig(role.getName()));
}
return list;
}
public Collection<ConfigAttribute> getAttributes(Object object)
throws IllegalArgumentException {
String url = ((FilterInvocation)object).getRequestUrl();
Iterator<String> ite = resourceMap.keySet().iterator();
while (ite.hasNext()) {
String resURL = ite.next();
if (urlMatcher.pathMatchesUrl(url, resURL)) {
return resourceMap.get(resURL);
}
}
return null;
}
public boolean supports(Class<?> clazz) {
return true;
}
public Collection<ConfigAttribute> getAllConfigAttributes() {
return null;
}
}
获得用户和权限
package com.onionbbs.security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import com.OnionEntertainment.Security.Service.SecurityUserServiceImp;
import com.onionbbs.model.Role;
import com.onionbbs.model.UserTable;
public class UserDetailService implements UserDetailsService{
private SecurityUserServiceImp securityUserService;
public void setSecurityUserService(SecurityUserServiceImp securityUserService) {
this.securityUserService = securityUserService;
}
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
List<UserTable> usertable=securityUserService.getuser(username);
UserTable usertab=new UserTable();
usertab.setId(usertable.get(0).getId());
usertab.setNickname(usertable.get(0).getNickname());
usertab.setUsername(username);
usertab.setEnabled(usertable.get(0).getEnabled());
usertab.setRoles(usertable.get(0).getRoles());
User user = new User(username,
"robin", true, true, true, true, listRoleToCollection(usertable.get(0).getRoles()));
return user;
}
public Collection<GrantedAuthority> listRoleToCollection(Set<Role> set){
List<GrantedAuthority> list=new ArrayList<GrantedAuthority>();
for(Role role:set){
System.out.println(role.getName());
list.add(new GrantedAuthorityImpl(role.getName()));
}
return list;
}
}
把资源查询出来
package com.onionbbs.security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.AntUrlPathMatcher;
import org.springframework.security.web.util.UrlMatcher;
import com.OnionEntertainment.Security.Service.SecurityResourceServiceImp;
import com.onionbbs.model.Resources;
import com.onionbbs.model.Role;
public class InvocationSecurityMetadataSource
implements FilterInvocationSecurityMetadataSource {
private UrlMatcher urlMatcher = new AntUrlPathMatcher();;
private static Map<String, Collection<ConfigAttribute>> resourceMap = null;
private SecurityResourceServiceImp securityResourceService;
public void setSecurityResourceService(
SecurityResourceServiceImp securityResourceService) {
this.securityResourceService = securityResourceService;
}
public void loadResourceDefine() {
resourceMap = new HashMap<String, Collection<ConfigAttribute>>();
for(Resources item:securityResourceService.getAllResources()){
resourceMap.put(item.getUrl(), listRoleToCollection(item.getRole()));
}
}
public Collection<ConfigAttribute> listRoleToCollection(Set<Role> set){
List<ConfigAttribute> list=new ArrayList<ConfigAttribute>();
for(Role role:set){
System.out.println("=================================="+role.getName()+"==============");
list.add(new SecurityConfig(role.getName()));
}
return list;
}
public Collection<ConfigAttribute> getAttributes(Object object)
throws IllegalArgumentException {
String url = ((FilterInvocation)object).getRequestUrl();
Iterator<String> ite = resourceMap.keySet().iterator();
while (ite.hasNext()) {
String resURL = ite.next();
if (urlMatcher.pathMatchesUrl(url, resURL)) {
return resourceMap.get(resURL);
}
}
return null;
}
public boolean supports(Class<?> clazz) {
return true;
}
public Collection<ConfigAttribute> getAllConfigAttributes() {
return null;
}
}
...全文
请发表友善的回复…
发表回复
chaohua20 2011-01-10
- 打赏
- 举报
上面GamersAccessDecisionManager 查询输出是ROLE_ANONYMOUS一直登陆不了,我的数据库里面是role_user在这里怎么变成了ROLE_ANONYMOUS了?
在自定义的拦截器里面我输出了role.getName()是==================================ROLE_USER==============
高手们能详细说说吗?我真的搞不懂了,初弄security出了好多问题了。只能发30分的帖子。全部分送上。
在自定义的拦截器里面我输出了role.getName()是==================================ROLE_USER==============
高手们能详细说说吗?我真的搞不懂了,初弄security出了好多问题了。只能发30分的帖子。全部分送上。
chaohua20 2011-01-10
- 打赏
- 举报
确切的说是我一打开/index.jsp就会出现这个东西[ROLE_ANONYMOUS]这个是我自己输出的
这个在资源认证器里面
//怎么这里输出这个是ROLE_ANONYMOUS
System.out.println(authentication.getAuthorities());
这个在资源认证器里面
chaohua20 2011-01-10
- 打赏
- 举报
恩我第一次登陆就出现这个东西
chaohua20 2011-01-10
- 打赏
- 举报
解决了是这里密码传错了 User user = new User(username,
"robin", true, true, true, true, listRoleToCollection(usertable.get(0).getRoles()));
"robin", true, true, true, true, listRoleToCollection(usertable.get(0).getRoles()));
一洽客服系统 2011-01-10
- 打赏
- 举报
WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS 你又登陆吗?
chaohua20 2011-01-10
- 打赏
- 举报
Level: DEBUG
Time: 2011-01-10 00:59:39,281
Method: org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:191)
Message: Secure object: FilterInvocation: URL: /index.jsp; Attributes: [ROLE_USER]
Level: DEBUG
Time: 2011-01-10 00:59:39,281
Method: org.springframework.security.access.intercept.AbstractSecurityInterceptor.authenticateIfRequired(AbstractSecurityInterceptor.java:292)
Message: Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
Object:FilterInvocation: URL: /index.jsp
[ROLE_ANONYMOUS]
验证的时候出的信息
Time: 2011-01-10 00:59:39,281
Method: org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:191)
Message: Secure object: FilterInvocation: URL: /index.jsp; Attributes: [ROLE_USER]
Level: DEBUG
Time: 2011-01-10 00:59:39,281
Method: org.springframework.security.access.intercept.AbstractSecurityInterceptor.authenticateIfRequired(AbstractSecurityInterceptor.java:292)
Message: Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
Object:FilterInvocation: URL: /index.jsp
[ROLE_ANONYMOUS]
验证的时候出的信息
