SSM项目整合SpringSecurity

SpringSecurity和Shiro的区别:

简单来说,Shiro使用比较简单,但SpringSecurity的功能更加强大。Springsecurity是属于Spring家族的,与Spring框架整合的比较贴切,充分利用了Spring框架的一些特性,IOC,AOP等。

SSM项目整合SpringSecurity框架:

1,导入springsecurity环境

在health_parent父工程的pom.xml中导入Spring Security的maven坐标

 1 <dependency>
 2   <groupId>org.springframework.security</groupId>
 3   <artifactId>spring-security-web</artifactId>
 4   <version>${spring.security.version}</version>
 5 </dependency>
 6 <dependency>
 7   <groupId>org.springframework.security</groupId>
 8   <artifactId>spring-security-config</artifactId>
 9   <version>${spring.security.version}</version>
10 </dependency>

在health_web工程的web.xml文件中配置用于整合Spring Security框架的过滤器DelegatingFilterProxy

 1 <!--委派过滤器,用于整合其他框架-->
 2 <filter>
 3   <!--整合spring security时,此过滤器的名称固定springSecurityFilterChain-->
 4   <filter-name>springSecurityFilterChain</filter-name>
 5   <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
 6 </filter>
 7 <filter-mapping>
 8   <filter-name>springSecurityFilterChain</filter-name>
 9   <url-pattern>/*</url-pattern>
10 </filter-mapping>

2, 实现认证和授权

在health_web工程中按照Spring Security框架要求提供SpringSecurityUserService,并且实现UserDetailsService接口。

 1 package cn.ftf.service;
 2 
 3 import cn.ftf.pojo.Permission;
 4 import cn.ftf.pojo.Role;
 5 import cn.ftf.pojo.User;
 6 import com.alibaba.dubbo.config.annotation.Reference;
 7 import org.springframework.security.core.GrantedAuthority;
 8 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 9 import org.springframework.security.core.userdetails.UserDetails;
10 import org.springframework.security.core.userdetails.UserDetailsService;
11 import org.springframework.security.core.userdetails.UsernameNotFoundException;
12 import org.springframework.stereotype.Component;
13 
14 import java.util.ArrayList;
15 import java.util.List;
16 import java.util.Set;
17 
18 @Component
19 public class SpringSecurityUserService implements UserDetailsService {
20     //通过dubbo通过网络来远程调用服务提供方
21     @Reference
22     private UserService userService;
23     @Override
24     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
25         User user=userService.findByUsername(username);
26         if(user==null){
27             return null;
28         }
29         List<GrantedAuthority> list=new ArrayList<>();
30 
31         //动态为当前用户授权
32         Set<Role> roles=user.getRoles();
33         if(!roles.isEmpty()){
34             for(Role role:roles){
35                 list.add(new SimpleGrantedAuthority(role.getKeyword()));
36                 Set<Permission> permissions=role.getPermissions();
37                 if(!permissions.isEmpty()) {
38                     for (Permission permission : permissions) {
39                         list.add(new SimpleGrantedAuthority(permission.getKeyword()));
40                     }
41                 }
42             }
43         }
44 
45         org.springframework.security.core.userdetails.User securityUser=new org.springframework.security.core.userdetails.User(username,user.getPassword(),list);
46         return securityUser;
47     }
48 }

Service层和Dao层就不再展示,具体为根据user对象获取其权限标识。

 

posted @ 2020-05-01 15:45  codeFlyer  阅读(1782)  评论(0编辑  收藏  举报