Spring security實現許可權管理
阿新 • • 發佈:2018-12-31
1、配置檔案
1、POM.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>org.nercita</groupId> <artifactId>BCP</artifactId> <packaging>war</packaging> <version>0.0.1-SNAPSHOT</version> <name>BCP</name> <url>http://maven.apache.org</url> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <spring.version>4.0.5.RELEASE</spring.version> <spring.security.version>3.2.3.RELEASE</spring.security.version> <hibernate.version>4.3.5.Final</hibernate.version> </properties> <dependencies> <!-- junit --> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.11</version> <scope>test</scope> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>jstl</artifactId> <version>1.2</version> <scope>provided</scope> </dependency> <dependency> <groupId>javax.servlet.jsp</groupId> <artifactId>jsp-api</artifactId> <version>2.1</version> <scope>provided</scope> </dependency> <dependency> <groupId>org.glassfish</groupId> <artifactId>javax.annotation</artifactId> <version>3.0.1</version> </dependency> <dependency> <groupId>org.glassfish</groupId> <artifactId>javax.ejb</artifactId> <version>3.0.1</version> </dependency> <dependency> <groupId>org.jboss.weld</groupId> <artifactId>weld-osgi-bundle</artifactId> <version>1.0.1-SP3</version> <exclusions> <exclusion> <groupId>javassist</groupId> <artifactId>javassist</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.glassfish</groupId> <artifactId>javax.servlet</artifactId> <version>3.0.1</version> </dependency> <!-- spring4 --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aop</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context-support</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-beans</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-expression</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-orm</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-oxm</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aspects</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-tx</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <version>${spring.version}</version> </dependency> <!-- spring mvc --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>${spring.version}</version> </dependency> <!-- <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc-portlet</artifactId> <version>${spring.version}</version> </dependency> --> <!-- spring security --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>${spring.security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${spring.security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> <version>${spring.security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${spring.security.version}</version> </dependency> <!-- aspectj weaver.jar 這是SpringAOP所要用到的依賴包 --> <dependency> <groupId>org.aspectj</groupId> <artifactId>aspectjweaver</artifactId> <version>1.8.2</version> </dependency> <dependency> <groupId>org.aspectj</groupId> <artifactId>aspectjrt</artifactId> <version>1.8.2</version> </dependency> <!-- 資料庫驅動-mysql --> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.26</version> </dependency> <!-- 資料庫驅動-oracle --> <dependency> <groupId>com.oracle</groupId> <artifactId>ojdbc6</artifactId> <version>12.1.0.1</version> </dependency> <!-- 資料庫連線池 --> <dependency> <groupId>com.mchange</groupId> <artifactId>c3p0</artifactId> <version>0.9.5</version> </dependency> <!-- hibernate4 核心及依賴包 --> <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-core</artifactId> <version>${hibernate.version}</version> <exclusions> <exclusion> <groupId>org.javassist</groupId> <artifactId>javassist</artifactId> </exclusion> <exclusion> <artifactId>c3p0</artifactId> <groupId>c3p0</groupId> </exclusion> </exclusions> </dependency> <!-- 支援JPA規範的core門面 --> <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-entitymanager</artifactId> <version>${hibernate.version}</version> <exclusions> <exclusion> <groupId>org.javassist</groupId> <artifactId>javassist</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-ehcache</artifactId> <version>${hibernate.version}</version> </dependency> <!-- JPA註解的實現 --> <!-- <dependency> <groupId>org.hibernate.javax.persistence</groupId> <artifactId>hibernate-jpa-2.0-api</artifactId> <version>1.0.1.Final</version> </dependency> --> <dependency> <groupId>org.hibernate.javax.persistence</groupId> <artifactId>hibernate-jpa-2.1-api</artifactId> <version>1.0.0.Final</version> </dependency> <!-- 為了讓Hibernate使用代理模式,需要javassist --> <dependency> <groupId>org.javassist</groupId> <artifactId>javassist</artifactId> <version>3.18.1-GA</version> </dependency> <!-- antlr --> <dependency> <groupId>antlr</groupId> <artifactId>antlr</artifactId> <version>2.7.7</version> </dependency> <!-- dom4j --> <dependency> <groupId>dom4j</groupId> <artifactId>dom4j</artifactId> <version>1.6.1</version> </dependency> <!-- apache commons --> <dependency> <groupId>commons-dbcp</groupId> <artifactId>commons-dbcp</artifactId> <version>1.4</version> </dependency> <dependency> <groupId>commons-pool</groupId> <artifactId>commons-pool</artifactId> <version>1.4</version> </dependency> <dependency> <groupId>commons-collections</groupId> <artifactId>commons-collections</artifactId> <version>3.1</version> </dependency> <dependency> <groupId>javax.transaction</groupId> <artifactId>jta</artifactId> <version>1.1</version> </dependency> <dependency> <groupId>commons-lang</groupId> <artifactId>commons-lang</artifactId> <version>2.6</version> </dependency> <dependency> <groupId>commons-beanutils</groupId> <artifactId>commons-beanutils</artifactId> <version>1.9.0</version> </dependency> <!-- pinyin4j --> <dependency> <groupId>com.belerweb</groupId> <artifactId>pinyin4j</artifactId> <version>2.5.0</version> </dependency> <!-- 其他必選依賴包 --> <dependency> <groupId>cglib</groupId> <artifactId>cglib</artifactId> <version>3.1</version> </dependency> <dependency> <groupId>asm</groupId> <artifactId>asm</artifactId> <version>3.3.1</version> </dependency> <dependency> <groupId>aopalliance</groupId> <artifactId>aopalliance</artifactId> <version>1.0</version> </dependency> <!--ehcache快取 --> <dependency> <groupId>net.sf.ehcache</groupId> <artifactId>ehcache</artifactId> <version>2.8.3</version> </dependency> <!--其他元件 --> <dependency> <groupId>org.springframework.osgi</groupId> <artifactId>spring-osgi-annotation</artifactId> <version>1.2.1</version> </dependency> <dependency> <groupId>wsdl4j</groupId> <artifactId>wsdl4j</artifactId> <version>1.6.3</version> </dependency> <!----> <dependency> <groupId>org.apache</groupId> <artifactId>cxf</artifactId> <version>2.3.0</version> </dependency> <dependency> <groupId>org.sitemesh</groupId> <artifactId>sitemesh</artifactId> <version>3.0.0</version> </dependency> <dependency> <groupId>org.quartz-scheduler</groupId> <artifactId>quartz</artifactId> <version>2.1.7</version> <exclusions> <exclusion> <groupId>c3p0</groupId> <artifactId>c3p0</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>net.sf.dozer</groupId> <artifactId>dozer</artifactId> <version>5.2.0</version> </dependency> <dependency> <groupId>javax.validation</groupId> <artifactId>validation-api</artifactId> <version>1.1.0.Final</version> </dependency> <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-validator</artifactId> <version>4.3.0.Final</version> </dependency> <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>2.5.1</version> </dependency> <dependency> <groupId>com.fasterxml</groupId> <artifactId>classmate</artifactId> <version>1.1.0</version> </dependency> <dependency> <groupId>com.thoughtworks.xstream</groupId> <artifactId>xstream</artifactId> <version>1.4.7</version> </dependency> <dependency> <groupId>com.sun.mail</groupId> <artifactId>javax.mail</artifactId> <version>1.5.2</version> </dependency> <dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-core</artifactId> <version>2.3.12</version> <exclusions> <exclusion> <groupId>javassist</groupId> <artifactId>javassist</artifactId> </exclusion> </exclusions> </dependency> <dependency> <groupId>org.apache.struts</groupId> <artifactId>struts2-spring-plugin</artifactId> <version>2.3.12</version> </dependency> <dependency> <groupId>org.dbunit</groupId> <artifactId>dbunit</artifactId> <version>2.4.7</version> </dependency> <dependency> <groupId>org.easymock</groupId> <artifactId>easymock</artifactId> <version>3.2</version> </dependency> <dependency> <groupId>org.apache.ws.commons.schema</groupId> <artifactId>XmlSchema</artifactId> <version>1.4.7</version> </dependency> <!-- httpclient --> <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>4.2.1</version> </dependency> <!-- log4j 日誌--> <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.17</version> </dependency> <!-- slf4j-api 日誌介面 --> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> <version>1.7.7</version> </dependency> <!-- slf4j-log4j12 日誌介面橋接 --> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>1.7.7</version> </dependency> <!-- slf4j-nop 日誌 --> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-nop</artifactId> <version>1.7.7</version> </dependency> <!-- log4j2 日誌--> <dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-api</artifactId> <version>2.1</version> </dependency> <dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-core</artifactId> <version>2.1</version> </dependency> <!-- 檔案上傳 --> <dependency> <groupId>commons-fileupload</groupId> <artifactId>commons-fileupload</artifactId> <version>1.3.1</version> </dependency> <!-- fastJson json陣列有關的 --> <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> <version>1.2.1</version> </dependency> <!-- 使用 Jackson 把 Java物件轉換成 JSON字串 --> <dependency> <groupId>org.codehaus.jackson</groupId> <artifactId>jackson-mapper-asl</artifactId> <version>1.9.13</version> </dependency> <!-- poi --> <dependency> <groupId>org.apache.poi</groupId> <artifactId>poi</artifactId> <version>3.13</version> </dependency> <dependency> <groupId>org.apache.poi</groupId> <artifactId>poi-ooxml</artifactId> <version>3.13</version> </dependency> <!-- <dependency> <groupId>org.apache.poi</groupId> <artifactId>openxml4j</artifactId> <version>1.0-beta</version> </dependency> --> <!-- jxls --> <dependency> <groupId>net.sf.jxls</groupId> <artifactId>jxls-core</artifactId> <version>1.0.6</version> </dependency> <dependency> <groupId>net.sf.jxls</groupId> <artifactId>jxls-reader</artifactId> <version>1.0.6</version> </dependency> <!-- xmlpull xml to java --> <dependency> <groupId>xmlpull</groupId> <artifactId>xmlpull</artifactId> <version>1.1.3.4a</version> </dependency> <!-- 使用JSONObject,將接收到的結果轉成JSON格式 --> <dependency> <groupId>net.sf.json-lib</groupId> <artifactId>json-lib</artifactId> <version>2.4</version> <classifier>jdk15</classifier><!--指定jdk版本--> </dependency> <!-- net.sf.json-lib包依賴以下包:--> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version> </dependency> <dependency> <groupId>net.sf.ezmorph</groupId> <artifactId>ezmorph</artifactId> <version>1.0.6</version> </dependency> <dependency> <groupId>net.coobird</groupId> <artifactId>thumbnailator</artifactId> <version>0.4.7</version> </dependency> <!-- 雲通訊簡訊傳送API--> <dependency> <groupId>com.yuntongxun</groupId> <artifactId>ccp</artifactId> <version>2.6.3</version> </dependency> </dependencies> <build> <finalName>BCP</finalName> </build> </project>
2.web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <display-name>SSH-Application</display-name> <!--初始化引數--> <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/classes/applicationContext*.xml</param-value> </context-param> <context-param> <param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name> <param-value>message/message-info</param-value> </context-param> <!--Spring ContextLoaderListener --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- ETag過濾器,節省頻寬 --> <filter> <filter-name>etagFilter</filter-name> <filter-class>org.springframework.web.filter.ShallowEtagHeaderFilter</filter-class> </filter> <filter-mapping> <filter-name>etagFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!--UTF-8編碼 --> <filter> <filter-name>CharacterEncodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> <init-param> <param-name>forceEncoding</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>CharacterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- OpenSessionInViewFilter --> <filter> <filter-name>OpenSessionInViewFilter</filter-name> <filter-class>org.springframework.orm.hibernate4.support.OpenSessionInViewFilter</filter-class> <init-param> <param-name>singleSession</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>OpenSessionInViewFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 頁面裝配-sitemesh --> <filter> <filter-name>sitemesh</filter-name> <filter-class>org.sitemesh.config.ConfigurableSiteMeshFilter</filter-class> </filter> <filter-mapping> <filter-name>sitemesh</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 清理記憶體 --> <listener> <listener-class>org.springframework.web.util.IntrospectorCleanupListener</listener-class> </listener> <!-- WebService-CXF --> <servlet> <servlet-name>CXFServlet</servlet-name> <servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>CXFServlet</servlet-name> <url-pattern>/services/*</url-pattern> </servlet-mapping> <!-- spring-MVC --> <servlet> <servlet-name>springMVC</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:config/webmvc-config.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>springMVC</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <!-- session過期時長 --> <session-config> <session-timeout>60</session-timeout> </session-config> <!--預設首頁 --> <welcome-file-list> <welcome-file>/main.jsp</welcome-file> </welcome-file-list> <!-- 異常頁面 --> <error-page> <exception-type>java.lang.Throwable</exception-type> <location>/common/500.jsp</location> </error-page> <error-page> <error-code>500</error-code> <location>/common/500.jsp</location> </error-page> <error-page> <error-code>404</error-code> <location>/common/404.jsp</location> </error-page> <error-page> <error-code>403</error-code> <location>/common/403.jsp</location> </error-page> <!-- <servlet> <servlet-name>coreServlet</servlet-name> <servlet-class> org.nercita.bcp.wechat.servlet.CoreServlet </servlet-class> </servlet> <servlet-mapping> <servlet-name>coreServlet</servlet-name> <url-pattern>/wx.do</url-pattern> </servlet-mapping> --> </web-app>
3.application-security.xml
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd"> <!-- 配置不要過濾的圖片等靜態資源 --> <http pattern="/services*" security="none" /> <http pattern="/wx.do*" security="none" /> <http pattern="/api/**" security="none" /> <http pattern="/services/**" security="none" /> <http pattern="/common/**" security="none" /> <http pattern="/images/**" security="none" /> <http pattern="/styles/**" security="none" /> <http pattern="/js/**" security="none" /> <http pattern="/css/**" security="none" /> <http pattern="/htm/**" security="none" /> <http pattern="/main.jsp*" security="none" /> <http pattern="/login.jsp*" security="none" /> <http pattern="/install.jsp*" security="none" /> <http pattern="/system/springSecurity/init*" security="none" /> <http pattern="/system/user/registPage*" security="none" /> <http pattern="/system/user/regist*" security="none" /> <http pattern="/mr*" security="none" /> <http pattern="/system/user/mobile/regist*" security="none" /> <http pattern="/system/user/activate*" security="none" /> <http pattern="/system/user/checkImg*" security="none" /> <http pattern="/system/user/checkName*" security="none" /> <http pattern="/system/user/checkValidateCode*" security="none" /> <http pattern="/system/user/forgotPassword*" security="none" /> <http pattern="/system/user/resetRequest*" security="none" /> <http pattern="/system/user/resetPasswordPage*" security="none" /> <http pattern="/system/user/resetPassword*" security="none" /> <http pattern="/system/message/save*" security="none" /> <http pattern="/system/message/introduction" security="none" /> <http auto-config="true" create-session="always" access-denied-page="/common/403.jsp" use-expressions="true" disable-url-rewriting="true"> <!-- 配置登入頁面 --> <form-login login-page="/login.jsp" login-processing-url="/j_spring_security_check" authentication-failure-url="/login.jsp?error=true" default-target-url="/index" always-use-default-target="true" authentication-success-handler-ref="authenticationSuccess" authentication-failure-handler-ref="exceptionMappingAuthenticationFailureHandler"/> <!-- "記住我"功能,採用持久化策略(將使用者的登入資訊存放cookie --> <remember-me key="bcp" use-secure-cookie="true" /> <!-- 使用者退出的跳轉頁面 --> <!-- <logout invalidate-session="true" logout-url="/j_spring_security_logout" logout-success-url="/login.jsp"/> --> <logout invalidate-session="true" logout-url="/j_spring_security_logout" success-handler-ref="logoutSuccessHandler" /> <!-- 會話管理,設定最多登入異常,error-if-maximum-exceeded = false為第二次登入就會使前一個登入失效 --> <session-management invalid-session-url="/login.jsp?expired=true"> <concurrency-control max-sessions="1" error-if-maximum-exceeded="false" expired-url="/login.jsp?expired=true"/> </session-management> <!-- 新增自定義的過濾器 放在FILTER_SECURITY_INTERCEPTOR之前有效 --> <custom-filter ref="customFilterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR" /> <custom-filter ref="switchUserProcessingFilter" after="FILTER_SECURITY_INTERCEPTOR"/> <anonymous enabled="false" /> </http> <!-- 登陸成功跳轉 --> <beans:bean id="authenticationSuccess" class="org.nercita.bcp.system.service.CustomSavedRequestAwareAuthenticationSuccessHandler"> <beans:property name="defaultTargetUrl" value="/index"/> </beans:bean> <!-- 登出成功 --> <beans:bean id="logoutSuccessHandler" class="org.nercita.bcp.system.service.CustomLogoutSuccessHandler"> <beans:property name="defaultTargetUrl" value="/login.jsp"></beans:property> </beans:bean> <beans:bean id="customUserDetailsService" class="org.nercita.bcp.system.service.CustomUserDetailsService"/> <!-- 使用者登陸處理 --> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="customUserDetailsService"> <password-encoder hash="md5" base64="true" > <salt-source user-property="username"/> </password-encoder> </authentication-provider> </authentication-manager> <beans:bean id="exceptionMappingAuthenticationFailureHandler" class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler"> <beans:property name="exceptionMappings"> <beans:props> <beans:prop key="org.springframework.security.authentication.DisabledException">/login.jsp?role=false</beans:prop> <beans:prop key="org.springframework.security.authentication.BadCredentialsException">/login.jsp?error=true</beans:prop> <beans:prop key="org.springframework.security.authentication.LockedException">/login.jsp?locked=true</beans:prop> </beans:props> </beans:property> </beans:bean> <beans:bean id="switchUserProcessingFilter" class="org.springframework.security.web.authentication.switchuser.SwitchUserFilter"> <beans:property name="userDetailsService" ref="customUserDetailsService" /> <beans:property name="switchUserUrl" value="/j_spring_security_switch_user" /> <beans:property name="exitUserUrl" value="/j_spring_security_exit_user" /> <beans:property name="targetUrl" value="/index" /> </beans:bean> </beans:beans>
4. applicationContext.xml
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-4.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd">
<!-- 引入屬性檔案 -->
<context:property-placeholder location="classpath*:/application.properties" />
<context:spring-configured />
<!-- 註解bean及依賴注入 -->
<context:component-scan base-package="org.nercita.bcp">
<context:exclude-filter expression="org.springframework.stereotype.Controller" type="annotation" />
</context:component-scan>
<!-- 資料來源 -->
<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" >
<property name="driverClass" value="${db.driverClass}"/>
<property name="jdbcUrl" value="${db.url}"/>
<property name="user" value="${db.username}"/>
<property name="password" value="${db.password}"/>
</bean>
<!-- sessionFactory -->
<bean id="sessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource">
<ref bean="dataSource" />
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">${hibernate.dialect}</prop>
<prop key="hibernate.show_sql">${hibernate.show_sql}</prop>
<prop key="hibernate.format_sql">${hibernate.format_sql}</prop>
<prop key="hibernate.cache.use_second_level_cache">${hibernate.use_second_level_cache}</prop>
<prop key="hibernate.cache.use_query_cache">${hibernate.use_query_cache}</prop>
<prop key="hibernate.cache.region.factory_class">org.hibernate.cache.ehcache.EhCacheRegionFactory</prop>
<prop key="hibernate.hbm2ddl.auto">${hibernate.hbm2ddl}</prop>
</props>
</property>
<property name="packagesToScan">
<list>
<value>org.nercita.bcp.**.domain**</value>
</list>
</property>
</bean>
<!-- 事務管理器 -->
<bean id="transactionManager" class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory" />
</bean>
<!-- 開啟註解事務 -->
<tx:annotation-driven transaction-manager="transactionManager" />
<!-- 獲取spring上下文 的ApplicationContextAware的實現Bean -->
<bean class="org.nercita.core.utils.SpringContextHolder" lazy-init="false" />
</beans>
5.application.properties
#jdbc settings
#Mysql settings 3306
#db.url=jdbc:mysql://localhost:3306/bcp
#db.driverClass=com.mysql.jdbc.Driver
#db.username=root
#db.password=0729
#hibernate.dialect=org.hibernate.dialect.MySQLDialect
#hibernate settings
hibernate.show_sql=true
hibernate.format_sql=true
hibernate.use_second_level_cache=true
hibernate.use_query_cache=true
hibernate.hbm2ddl=update
6. springMVC-config.xml
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd">
<!-- 靜態資源 不攔截 -->
<mvc:resources location="/common/" mapping="/common/**"/>
<mvc:resources location="/images/" mapping="/images/**" />
<mvc:resources location="/js/" mapping="/js/**" />
<mvc:resources location="/css/" mapping="/css/**" />
<mvc:resources location="/styles/" mapping="/styles/**" />
<mvc:resources location="/htm/" mapping="/htm/**" />
<import resource="view-controller.xml" />
<context:annotation-config/>
<context:component-scan base-package="org.nercita.bcp" use-default-filters="false">
<context:include-filter expression="org.springframework.stereotype.Controller" type="annotation" />
</context:component-scan>
<bean id="handlerMapping" class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping"/>
<bean id="handlerAdapter" class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter">
<property name="messageConverters">
<list>
<bean class="org.nercita.core.web.springmvc.StringHttpMessageConverter" />
<ref bean="msgConverter"/>
</list>
</property>
<property name="webBindingInitializer">
<bean class="org.nercita.core.web.springmvc.CustomBindInitializer">
<!--
<property name="validator" ref="validator" />
<property name="conversionService" ref="conversionService" />
-->
</bean>
</property>
</bean>
<bean id="msgConverter" class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter">
<property name="supportedMediaTypes">
<list>
<value>text/html;charset=UTF-8</value>
<value>text/json;charset=UTF-8</value>
<value>application/json;charset=UTF-8</value>
</list>
</property>
</bean>
<!--
<bean id="validator" class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean"/>
<bean id="conversionService" class="org.springframework.format.support.FormattingConversionServiceFactoryBean"/>
-->
<bean class="org.springframework.web.servlet.view.ContentNegotiatingViewResolver">
<property name="ignoreAcceptHeader" value="true"/>
<property name="defaultContentType" value="text/html"/>
<property name="mediaTypes">
<map>
<entry key="json" value="application/json"/>
<entry key="xml" value="application/xml"/>
</map>
</property>
<property name="favorParameter" value="false"/>
<property name="viewResolvers">
<list>
<bean class="org.springframework.web.servlet.view.BeanNameViewResolver"/>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
<property name="prefix" value="/WEB-INF/views/"/>
<property name="suffix" value=".jsp"/>
</bean>
</list>
</property>
<property name="defaultViews">
<list>
<bean class="org.springframework.web.servlet.view.json.MappingJacksonJsonView"/>
<bean class="org.springframework.web.servlet.view.xml.MarshallingView">
<property name="marshaller">
<bean class="org.springframework.oxm.xstream.XStreamMarshaller"/>
</property>
</bean>
</list>
</property>
</bean>
<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="defaultErrorView" value="error" />
<property name="exceptionMappings">
<props>
<prop key=".DataAccessException">dataAccessFailure</prop>
<prop key=".NoSuchRequestHandlingMethodException">resourceNotFound</prop>
<prop key=".TypeMismatchException">resourceNotFound</prop>
<prop key=".lang.Exception">uncaughtException</prop>
</props>
</property>
</bean>
<!-- 檔案上傳-->
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="104857600"/>
<property name="maxInMemorySize" value="4096"/>
</bean>
<!-- 處理國際化資原始檔 -->
<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basename" value="message/message-info" />
<property name="useCodeAsDefaultMessage" value="true" />
</bean>
</beans>
2、實現程式碼
1、CustomAccessDecisionManager.java
package org.nercita.bcp.system.service;
import java.util.Collection;
import java.util.Iterator;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.stereotype.Service;
/**
* 該類為訪問決策器,決定某個使用者具有的角色,是否有足夠的許可權去訪問某個資源,實現使用者和訪問許可權的對應關。
* 這個類主要是處理使用者在訪問某個URL的時候,就會通過訪問該類的許可權與登入使用者所擁有的許可權做比較,
* 如果使用者擁有許可權,那就可以到訪問資源,如果沒有許可權,那不能訪問資源,還會拋一個異常。
* AccessdecisionManager在Spring security中是很重要的。
* 驗證部分簡略提過所有的Authentication實現需要儲存在一個GrantedAuthority物件陣列中。 這就是賦予給主體的許可權。
* GrantedAuthority物件通過AuthenticationManager 儲存到 Authentication物件裡,然後從AccessDecisionManager讀出來,進行授權判斷。
* Spring Security提供了一些攔截器,來控制對安全物件的訪問許可權,例如方法呼叫或web請求。
* 一個是否允許執行呼叫的預呼叫決定,是由AccessDecisionManager實現的。
* 這個 AccessDecisionManager被AbstractSecurityInterceptor呼叫, 用來作最終訪問控制的決定。
*
* 這個AccessDecisionManager介面包含三個方法:
* void decide(Authentication authentication, Object secureObject, List<ConfigAttributeDefinition> config);
* boolean supports(ConfigAttribute attribute); boolean supports(Class clazz);
* 第一個方法:AccessDecisionManager使用方法引數傳遞所有資訊,認證評估時進行決定。
* 如果訪問被拒絕,實現將丟擲一個AccessDeniedException異常。
* 第二個方法:在啟動的時候被 AbstractSecurityInterceptor呼叫,
* 來決定AccessDecisionManager 是否可以執行傳遞ConfigAttribute。
* 第三個方法:被安全攔截器實現呼叫, 安全攔截器將顯示的AccessDecisionManager支援安全物件的型別。
*/
@Service("customAccessDecisionManager")
public class CustomAccessDecisionManager implements AccessDecisionManager {
/**
* 該方法:需要比較許可權和許可權配置
* object引數是一個 URL, 同一個過濾器該url對應的許可權配置被傳遞過來.
* 檢視authentication是否存在許可權在configAttributes中
* 如果沒有匹配的許可權, 扔出一個拒絕訪問的異常
*/
@Override
public void decide(Authentication authentication, Object object,
Collection<ConfigAttribute> configAttributes)
throws AccessDeniedException, InsufficientAuthenticationException {
if (configAttributes==null){
return;
}
Iterator<ConfigAttribute> iter = configAttributes.iterator();
while(iter.hasNext()){
ConfigAttribute ca = iter.next();
String needRole = ((SecurityConfig) ca).getAttribute();
//gra 為使用者所被賦予的許可權,needRole為訪問相應的資源應具有的許可權
for (GrantedAuthority gra : authentication.getAuthorities()) {
if (needRole.trim().equals(gra.getAuthority().trim())) {
return;
}
}
}
throw new AccessDeniedException("Access Denied");
}
@Override
public boolean supports(ConfigAttribute attribute) {
return true;
}
@Override
public boolean supports(Class<?> clazz) {
return true;
}
}
2、CustomFilterInvocationSecurityMetadataSource.java
package org.nercita.bcp.system.service;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.annotation.PostConstruct;
import org.nercita.bcp.system.domain.Authority;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.stereotype.Service;
/**
* 該類是資源的訪問許可權的定義,實現資源和訪問許可權的對應關係
* 該類的主要作用是在Spring Security的整個過濾鏈啟動後,
* 在容器啟動的時候,程式就會進入到該類中的init()方法,init呼叫了loadResourceDefine()方法,
* 該方法的主要目的是將資料庫中的所有資源與許可權讀取到本地快取中儲存起來!
* 類中的resourceMap就是儲存的所有資源和許可權的集合,URL為Key,許可權作為Value!
*
* @author zhangwenchao
*
*/
@Service("customFilterInvocationSecurityMetadataSource")
public class CustomFilterInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
@Autowired
private AuthorityService authorityService;
//使用的是AntUrlPathMatcher這個path matcher來檢查URL是否與資源定義匹配
//private RequestMatcher urlMatcher = null;
//resourceMap就是儲存的所有資源和許可權的集合,URL為Key,許可權作為Value!
private static HashMap<String, Collection<ConfigAttribute>> resourceMap = null;
/**
*
* 自定義方法,這個類放入到Spring容器後,
* 指定init為初始化方法,從資料庫中讀取資源
*/
@PostConstruct
public void init() {
loadResourceDefine();
}
/**
*
* 程式啟動的時候就載入所有資源資訊
* 初始化資源與許可權的對映關係
*/
private void loadResourceDefine() {
// 在Web伺服器啟動時,提取系統中的所有許可權authority.name.
List<Authority> authorities = authorityService.findAll();
//應當是資源為key, 許可權為value。 資源通常為url, 許可權就是那些以ROLE_為字首的角色。 一個資源可以由多個許可權來訪問。
resourceMap = new HashMap<String, Collection<ConfigAttribute>>();
if(authorities!=null && authorities.size()>0 )
for (Authority auth : authorities) {
String authName = auth.getCode(); //獲取許可權的name 是以 ROLE_為字首的程式碼值
ConfigAttribute ca = new SecurityConfig(authName); //將ROLE_XXX 封裝成spring的許可權配置屬性
//根據許可權名獲取所有資源
String url = auth.getResourceUrl();
//判斷資原始檔和許可權的對應關係,如果已經存在相關的資源url,則要通過該url為key提取出許可權集合,將許可權增加到許可權集合中。
if (resourceMap.containsKey(url)) { //如果已存在url 加入許可權
Collection<ConfigAttribute> value = resourceMap.get(url);
value.add(ca);
resourceMap.put(url, value);
} else {//如果不存存在url 加入url和許可權
Collection<ConfigAttribute> atts = new ArrayList<ConfigAttribute>();
atts.add(ca);
resourceMap.put(url, atts);
}
}
}
/**
* 根據URL獲取該URL許可權的配置
*/
@Override
public Collection<ConfigAttribute> getAttributes(Object object)
throws IllegalArgumentException {
//object是一個URL ,為使用者請求URL
String url = ((FilterInvocation)object).getRequestUrl();
int firstQuestionMarkIndex = url.indexOf("?");
if (firstQuestionMarkIndex != -1) {
url = url.substring(0, firstQuestionMarkIndex);
}
Iterator<String> iter = resourceMap.keySet().iterator();
String matchUrl=null;//匹配url
//取到請求的URL後與上面取出來的資源做比較
while (iter.hasNext()) {
String resURL = iter.next();
// if(urlMatcher.pathMatchesUrl(resURL,url)){
if(url.startsWith(resURL)){
// return resourceMap.get(resURL); //返回許可權的集合
//初次匹配或當前匹配的url更長則更新匹配url
if(matchUrl==null||matchUrl.length()<resURL.length())
matchUrl=resURL;
}
}
if(matchUrl!=null){
//如果存在匹配的url則返回需具備的許可權
// System.out.println(matchUrl+"-------"+resourceMap.get(matchUrl));
return resourceMap.get(matchUrl);
}
// 當系統中沒配資源許可權url,使用者在訪問這個資源的情況下,返回null 表示放行 ,
// 如果當系統分配了資源url,但是這個使用者立屬的角色沒有則 提示使用者無權訪問這個頁面
return null;
}
/*
* @return
* @link org.springframework.security.access.SecurityMetadataSource#getAllConfigAttributes()
*/
@Override
public Collection<ConfigAttribute> getAllConfigAttributes() {
return null;
}
@Override
public boolean supports(Class<?> clazz) {
return true;
}
}
3、CustomFilterSecurityInterceptor.java
package org.nercita.bcp.system.service;
import java.io.IOException;
import javax.annotation.Resource;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.nercita.bcp.system.util.LogInfoService;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.access.intercept.InterceptorStatusToken;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.stereotype.Service;
@Service("customFilterSecurityInterceptor")
public class CustomFilterSecurityInterceptor extends
AbstractSecurityInterceptor implements Filter {
// 注入資源資料定義器
@Resource
@Qualifier("customFilterInvocationSecurityMetadataSource")
private FilterInvocationSecurityMetadataSource securityMetadataSource;
// 注入訪問決策器
@Resource
@Qualifier("customAccessDecisionManager")
@Override
public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager){
super.setAccessDecisionManager(accessDecisionManager);
}
// 注入認證管理器
@Resource
@Qualifier("authenticationManager")
@Override
public void setAuthenticationManager(AuthenticationManager newManager) {
super.setAuthenticationManager(newManager);
}
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest)request;
HttpServletResponse httpResponse = (HttpServletResponse)response;
// 使用者未登入情況下 通過在位址列輸入有效的url 訪問系統 可能造成系統出現問題,所以限制匿名使用者登入 自動跳轉到登入頁面
if(LogInfoService.getLoginUserName()==null){
httpResponse.sendRedirect(httpRequest.getContextPath()+"/login.jsp");
return;
}
FilterInvocation fi = new FilterInvocation(request, response, chain);
invoke(fi);
}
/**
*
* @param fi
* @throws ServletException
* @throws IOException
*/
private void invoke(FilterInvocation fi) throws IOException, ServletException {
// InterceptorStatusToken token = super.beforeInvocation(fi);
// try {
// fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
// } finally {
// super.afterInvocation(token, null);
// }
InterceptorStatusToken token = null;
try {
token = super.beforeInvocation(fi);
} catch (Exception e) {
// 使用者登入情況下 系統中存在使用者訪問的資源url和許可權,但是當前使用者的角色中沒有這個許可權 所以提示跳轉使用者無權訪問的頁面
if( e instanceof AccessDeniedException){
// HttpServletRequest httpRequest = fi.getRequest();
// HttpServletResponse httpResponse = fi.getResponse();
//
// String path = httpRequest.getContextPath();
// String basePath = httpRequest.getScheme()+"://"+httpRequest.getServerName()+":"+httpRequest.getServerPort()+path+"/";
// httpResponse.setStatus(HttpServletResponse.SC_NOT_ACCEPTABLE);
// RequestDispatcher dispatcher = httpRequest.getRequestDispatcher(basePath+"/common/403.jsp");
//
// dispatcher.forward(httpRequest, httpResponse);
// httpResponse.sendRedirect(basePath+"/common/403.jsp");
throw new AccessDeniedException("使用者無權訪問");
}
return;
}
try {
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
} finally {
super.afterInvocation(token, null);
}
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
@Override
public Class<? extends Object> getSecureObjectClass() {
return FilterInvocation.class;
}
@Override
public SecurityMetadataSource obtainSecurityMetadataSource() {
return this.securityMetadataSource;
}
@Override
public void destroy() {
}
public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() {
return securityMetadataSource;
}
public void setSecurityMetadataSource(
FilterInvocationSecurityMetadataSource securityMetadataSource) {
this.securityMetadataSource = securityMetadataSource;
}
}
3、核心處理類:CustomUserDetailsService.java
package org.nercita.bcp.system.service;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.Resource;
import org.nercita.bcp.system.dao.AuthorityDao;
import org.nercita.bcp.system.dao.UserDao;
import org.nercita.bcp.system.domain.Authority;
import org.nercita.bcp.system.domain.User;
import org.nercita.bcp.system.domain.reference.UserDetail;
import org.nercita.bcp.system.domain.reference.UserState;
import org.nercita.bcp.system.domain.reference.UserType;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
/**
* 該類是使用者資訊的定義和驗證
* 這個類主要是處理使用者登入資訊,在使用者輸入使用者名稱和密碼後,
* spring security會帶著使用者名稱呼叫類裡面的loadUserByUsername(usrename)方法,
* 通過使用者名稱查出使用者資訊,然後把資料庫中查出的使用者密碼和剛剛使用者輸入的儲存在session中的密碼做比較,然後判斷該使用者是否合法!
*
*/
@Service("customUserDetailsService")
public class CustomUserDetailsService implements UserDetailsService {
//使用者持久類
@Resource(name="userDao")
private UserDao userDao;
@Resource(name="authorityDao")
private AuthorityDao authorityDao;
@Override
public UserDetails loadUserByUsername(String userName)
throws UsernameNotFoundException, DataAccessException {
//根據登入名獲取登陸使用者
User user = userDao.findByName(userName);
if(null == user) {
throw new UsernameNotFoundException("使用者" + userName + "不存在");
}
//根據使用者的 型別獲取使用者許可權
if(user.getUserType() == UserType.SysAdmin){ //使用者型別為0, 表示是系統平臺管理員使用者
Collection<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();
List<Authority> authorities = authorityDao.findAll(); //獲取系統中所有許可權
for(Iterator<Authority> iter =authorities.iterator();iter.hasNext();){
auths.add(new SimpleGrantedAuthority(iter.next().getCode()));
}
//UserDetail userDetail = new UserDetail(userName, user.getPassword(), true, true, true, true, auths);
//修改為前臺系統,不能讓系統管理員登陸
UserDetail userDetail = new UserDetail(userName, user.getPassword(), false, true, true, true, auths);
userDetail.setUserGroupId(user.getUserGroup().getId());
userDetail.setRealName(user.getRealName());
userDetail.setUserType(user.getUserType());
return userDetail;
}else if(user.getUserType() == UserType.TeamAdmin){ //團隊管理員
//使用者是否可用
boolean enabled = user.getEnabled();
//獲取團隊管理員的所有許可權
Set<Authority> authorities = user.getAuthoritySet();
Collection<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();
for(Iterator<Authority> iter=authorities.iterator();iter.hasNext();){
auths.add(new SimpleGrantedAuthority(iter.next().getCode()));
}
//因為spring security包中的User也實現了UserDetails,所以也可以直接返回User
UserDetail userDetail =null;
if(UserState.Enable == user.getUserState()){
userDetail = new UserDetail(userName, user.getPassword(), enabled, true, true, true, auths);
}else{
userDetail = new UserDetail(userName, user.getPassword(), enabled, true, true, false, auths);
//throw new LockedException("使用者" + userName + "被鎖定");
}
userDetail.setUserGroupId(user.getUserGroup().getId());
userDetail.setTeamGroupId(user.getUserGroup().getId());
userDetail.setRealName(user.getRealName());
userDetail.setUserType(user.getUserType());
return userDetail;
}else{//團隊使用者
//使用者是否可用
boolean enabled = user.getEnabled();
Set<Authority> authorities = user.getAuthoritySet();
Collection<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();
for(Iterator<Authority> iter=authorities.iterator();iter.hasNext();){
auths.add(new SimpleGrantedAuthority(iter.next().getCode()));
}
//因為spring security包中的User也實現了UserDetails,所以也可以直接返回User
UserDetail userDetail =null;
if(user.getUserGroup().getTeamAdmin().getUserState()==UserState.Disable){//如果團隊管理員被禁用,其下屬團隊用也不能登入
userDetail = new UserDetail(userName, user.getPassword(), enabled, true, true, false, auths);
return userDetail;
}
if(UserState.Enable == user.getUserState()){
userDetail = new UserDetail(userName, user.getPassword(), enabled, true, true, true, auths);
}else{
userDetail = new UserDetail(userName, user.getPassword(), enabled, true, true, false, auths);
//throw new LockedException("使用者" + userName + "被鎖定");
}
userDetail.setUserGroupId(user.getUserGroup().getId());
userDetail.setTeamGroupId(user.getUserGroup().getTeamAdmin().getUserGroup().getId());
userDetail.setRealName(user.getRealName());
userDetail.setUserType(user.getUserType());
return userDetail;
}
}
}
4.附加類登入成功和退出成功處理
1、CustomSav