Spring Boot 集成spring security4
项目GitHub地址 :
https://github.com/FrameReserve/TrainingBoot
Spring Boot (三)集成spring security,标记地址:
https://github.com/FrameReserve/TrainingBoot/releases/tag/0.0.3
pom.xml
只列举 Spring Security配置,完整配置请查看Git项目地址
- <properties>
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
- <java.version>1.8</java.version>
- <!-- 依赖版本 -->
- <mybatis.version>3.4.1</mybatis.version>
- <mybatis.spring.version>1.3.0</mybatis.spring.version>
- <spring-security.version>4.1.0.RELEASE</spring-security.version>
- </properties>
- <!-- spring security -->
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-web</artifactId>
- <version>${spring-security.version}</version>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-config</artifactId>
- <version>${spring-security.version}</version>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-taglibs</artifactId>
- <version>${spring-security.version}</version>
- </dependency>
Spring Security 配置类:
src/main/java/com/training/core/security/WebSecurityConfig.java
- package com.training.core.security;
- import java.util.ArrayList;
- import java.util.List;
- import javax.annotation.Resource;
- import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
- import org.springframework.context.annotation.Bean;
- import org.springframework.context.annotation.Configuration;
- import org.springframework.security.access.AccessDecisionManager;
- import org.springframework.security.access.AccessDecisionVoter;
- import org.springframework.security.access.vote.AuthenticatedVoter;
- import org.springframework.security.access.vote.RoleVoter;
- import org.springframework.security.authentication.AuthenticationManager;
- import org.springframework.security.authentication.event.LoggerListener;
- import org.springframework.security.config.annotation.ObjectPostProcessor;
- import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
- import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
- import org.springframework.security.config.annotation.web.builders.HttpSecurity;
- import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
- import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
- import org.springframework.security.core.userdetails.UserDetailsService;
- import org.springframework.security.web.access.AccessDeniedHandler;
- import org.springframework.security.web.access.AccessDeniedHandlerImpl;
- import org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler;
- import org.springframework.security.web.access.expression.WebExpressionVoter;
- import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
- import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
- import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
- import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
- import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
- import com.training.sysmanager.service.AclResourcesService;
- import com.training.sysmanager.service.impl.AclResourcesServiceImpl;
- /**
- * Created by Athos on 2016-10-16.
- */
- @Configuration
- @EnableWebSecurity
- @EnableGlobalMethodSecurity(prePostEnabled = true)
- public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
- @Resource
- private UserDetailsService userDetailsService;
- @Resource
- private MySecurityMetadataSource mySecurityMetadataSource;
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.addFilterAfter(MyUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
- // 开启默认登录页面
- http.authorizeRequests().anyRequest().authenticated().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() {
- public <O extends FilterSecurityInterceptor> O postProcess(O fsi) {
- fsi.setSecurityMetadataSource(mySecurityMetadataSource);
- fsi.setAccessDecisionManager(accessDecisionManager());
- fsi.setAuthenticationManager(authenticationManagerBean());
- return fsi;
- }
- }).and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login.html")).and().logout().logoutSuccessUrl("/index.html").permitAll();
- // 自定义accessDecisionManager访问控制器,并开启表达式语言
- http.exceptionHandling().accessDeniedHandler(accessDeniedHandler()).and().authorizeRequests().anyRequest().authenticated().expressionHandler(webSecurityExpressionHandler());
- // 自定义登录页面
- http.csrf().disable();
- // 自定义注销
- // http.logout().logoutUrl("/logout").logoutSuccessUrl("/login")
- // .invalidateHttpSession(true);
- // session管理
- http.sessionManagement().maximumSessions(1);
- // RemeberMe
- // http.rememberMe().key("webmvc#FD637E6D9C0F1A5A67082AF56CE32485");
- }
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- // 自定义UserDetailsService
- auth.userDetailsService(userDetailsService);
- }
- @Bean
- UsernamePasswordAuthenticationFilter MyUsernamePasswordAuthenticationFilter() {
- UsernamePasswordAuthenticationFilter myUsernamePasswordAuthenticationFilter = new UsernamePasswordAuthenticationFilter();
- myUsernamePasswordAuthenticationFilter.setPostOnly(true);
- myUsernamePasswordAuthenticationFilter.setAuthenticationManager(authenticationManagerBean());
- myUsernamePasswordAuthenticationFilter.setUsernameParameter("name_key");
- myUsernamePasswordAuthenticationFilter.setPasswordParameter("pwd_key");
- myUsernamePasswordAuthenticationFilter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/login", "POST"));
- myUsernamePasswordAuthenticationFilter.setAuthenticationFailureHandler(simpleUrlAuthenticationFailureHandler());
- return myUsernamePasswordAuthenticationFilter;
- }
- @Bean
- AccessDeniedHandler accessDeniedHandler() {
- AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl();
- accessDeniedHandler.setErrorPage("/securityException/accessDenied");
- return accessDeniedHandler;
- }
- @Bean
- public LoggerListener loggerListener() {
- System.out.println("org.springframework.security.authentication.event.LoggerListener");
- return new LoggerListener();
- }
- @Bean
- public org.springframework.security.access.event.LoggerListener eventLoggerListener() {
- System.out.println("org.springframework.security.access.event.LoggerListener");
- return new org.springframework.security.access.event.LoggerListener();
- }
- /*
- *
- * 这里可以增加自定义的投票器
- */
- @Bean(name = "accessDecisionManager")
- public AccessDecisionManager accessDecisionManager() {
- List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList();
- decisionVoters.add(new RoleVoter());
- decisionVoters.add(new AuthenticatedVoter());
- decisionVoters.add(webExpressionVoter());// 启用表达式投票器
- MyAccessDecisionManager accessDecisionManager = new MyAccessDecisionManager(decisionVoters);
- return accessDecisionManager;
- }
- @Bean(name = "authenticationManager")
- @Override
- public AuthenticationManager authenticationManagerBean() {
- AuthenticationManager authenticationManager = null;
- try {
- authenticationManager = super.authenticationManagerBean();
- } catch (Exception e) {
- e.printStackTrace();
- }
- return authenticationManager;
- }
- @Bean(name = "failureHandler")
- public SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler() {
- return new SimpleUrlAuthenticationFailureHandler("/getLoginError");
- }
- @Bean(name = "aclResourcesService")
- @ConditionalOnMissingBean
- public AclResourcesService aclResourcesService() {
- return new AclResourcesServiceImpl();
- }
- /*
- * 表达式控制器
- */
- @Bean(name = "expressionHandler")
- public DefaultWebSecurityExpressionHandler webSecurityExpressionHandler() {
- DefaultWebSecurityExpressionHandler webSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
- return webSecurityExpressionHandler;
- }
- /*
- * 表达式投票器
- */
- @Bean(name = "expressionVoter")
- public WebExpressionVoter webExpressionVoter() {
- WebExpressionVoter webExpressionVoter = new WebExpressionVoter();
- webExpressionVoter.setExpressionHandler(webSecurityExpressionHandler());
- return webExpressionVoter;
- }
- }
-
Created by Athos on 2016-10-16.
*/
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {@Resource
private UserDetailsService userDetailsService;@Resource
private MySecurityMetadataSource mySecurityMetadataSource;@Override
protected void configure(HttpSecurity http) throws Exception {http.addFilterAfter(MyUsernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); // 开启默认登录页面 http.authorizeRequests().anyRequest().authenticated().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() { public <O extends FilterSecurityInterceptor> O postProcess(O fsi) { fsi.setSecurityMetadataSource(mySecurityMetadataSource); fsi.setAccessDecisionManager(accessDecisionManager()); fsi.setAuthenticationManager(authenticationManagerBean()); return fsi; } }).and().exceptionHandling().authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login.html")).and().logout().logoutSuccessUrl("/index.html").permitAll(); // 自定义accessDecisionManager访问控制器,并开启表达式语言 http.exceptionHandling().accessDeniedHandler(accessDeniedHandler()).and().authorizeRequests().anyRequest().authenticated().expressionHandler(webSecurityExpressionHandler()); // 自定义登录页面 http.csrf().disable(); // 自定义注销 // http.logout().logoutUrl("/logout").logoutSuccessUrl("/login") // .invalidateHttpSession(true); // session管理 http.sessionManagement().maximumSessions(1); // RemeberMe // http.rememberMe().key("webmvc#FD637E6D9C0F1A5A67082AF56CE32485");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 自定义UserDetailsService
auth.userDetailsService(userDetailsService);
}@Bean
UsernamePasswordAuthenticationFilter MyUsernamePasswordAuthenticationFilter() {
UsernamePasswordAuthenticationFilter myUsernamePasswordAuthenticationFilter = new UsernamePasswordAuthenticationFilter();
myUsernamePasswordAuthenticationFilter.setPostOnly(true);
myUsernamePasswordAuthenticationFilter.setAuthenticationManager(authenticationManagerBean());
myUsernamePasswordAuthenticationFilter.setUsernameParameter("name_key");
myUsernamePasswordAuthenticationFilter.setPasswordParameter("pwd_key");
myUsernamePasswordAuthenticationFilter.setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher("/login", "POST"));
myUsernamePasswordAuthenticationFilter.setAuthenticationFailureHandler(simpleUrlAuthenticationFailureHandler());
return myUsernamePasswordAuthenticationFilter;
}@Bean
AccessDeniedHandler accessDeniedHandler() {
AccessDeniedHandlerImpl accessDeniedHandler = new AccessDeniedHandlerImpl();
accessDeniedHandler.setErrorPage("/securityException/accessDenied");
return accessDeniedHandler;
}@Bean
public LoggerListener loggerListener() {
System.out.println("org.springframework.security.authentication.event.LoggerListener");
return new LoggerListener();
}@Bean
public org.springframework.security.access.event.LoggerListener eventLoggerListener() {
System.out.println("org.springframework.security.access.event.LoggerListener");
return new org.springframework.security.access.event.LoggerListener();
}/*
*- 这里可以增加自定义的投票器
*/
@Bean(name = "accessDecisionManager")
public AccessDecisionManager accessDecisionManager() {
List<AccessDecisionVoter<? extends Object>> decisionVoters = new ArrayList();
decisionVoters.add(new RoleVoter());
decisionVoters.add(new AuthenticatedVoter());
decisionVoters.add(webExpressionVoter());// 启用表达式投票器
MyAccessDecisionManager accessDecisionManager = new MyAccessDecisionManager(decisionVoters);
return accessDecisionManager;
}
@Bean(name = "authenticationManager")
@Override
public AuthenticationManager authenticationManagerBean() {
AuthenticationManager authenticationManager = null;
try {
authenticationManager = super.authenticationManagerBean();
} catch (Exception e) {
e.printStackTrace();
}
return authenticationManager;
}@Bean(name = "failureHandler")
public SimpleUrlAuthenticationFailureHandler simpleUrlAuthenticationFailureHandler() {
return new SimpleUrlAuthenticationFailureHandler("/getLoginError");
}@Bean(name = "aclResourcesService")
@ConditionalOnMissingBean
public AclResourcesService aclResourcesService() {
return new AclResourcesServiceImpl();
}/*
- 表达式控制器
*/
@Bean(name = "expressionHandler")
public DefaultWebSecurityExpressionHandler webSecurityExpressionHandler() {
DefaultWebSecurityExpressionHandler webSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
return webSecurityExpressionHandler;
}
/*
- 表达式投票器
*/
@Bean(name = "expressionVoter")
public WebExpressionVoter webExpressionVoter() {
WebExpressionVoter webExpressionVoter = new WebExpressionVoter();
webExpressionVoter.setExpressionHandler(webSecurityExpressionHandler());
return webExpressionVoter;
}
- 这里可以增加自定义的投票器
}
自定义 UserDetailsService 用户、角色、资源获取类:
src/main/java/com/training/core/security/UserDetailsServiceImpl.java
- package com.training.core.security;
- import java.util.ArrayList;
- import java.util.List;
- import javax.annotation.Resource;
- import org.springframework.security.core.GrantedAuthority;
- import org.springframework.security.core.authority.SimpleGrantedAuthority;
- import org.springframework.security.core.userdetails.User;
- import org.springframework.security.core.userdetails.UserDetails;
- import org.springframework.security.core.userdetails.UserDetailsService;
- import org.springframework.security.core.userdetails.UsernameNotFoundException;
- import org.springframework.stereotype.Service;
- import com.training.sysmanager.entity.AclResources;
- import com.training.sysmanager.entity.AclUser;
- import com.training.sysmanager.service.AclResourcesService;
- import com.training.sysmanager.service.AclRoleResourcesService;
- import com.training.sysmanager.service.AclUserService;
- /**
- * Created by Athos on 2016-10-16.
- */
- @Service("userDetailsService")
- public class UserDetailsServiceImpl implements UserDetailsService {
- @Resource
- private AclUserService aclUserService;
- @Resource
- private AclRoleResourcesService aclRoleResourcesService;
- @Resource
- private AclResourcesService aclResourcesService;
- /* (non-Javadoc)
- * @see org.springframework.security.core.userdetails.UserDetailsService#loadUserByUsername(java.lang.String)
- */
- @Override
- public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
- List<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();
- AclUser aclUser = aclUserService.findAclUserByName(username);
- String resourceIds = aclRoleResourcesService.selectResourceIdsByRoleIds(aclUser.getRoleIds());
- List<AclResources> aclResourcesList = aclResourcesService.selectAclResourcesByResourceIds(resourceIds);
- for (AclResources aclResources : aclResourcesList) {
- auths.add(new SimpleGrantedAuthority(aclResources.getAuthority().toUpperCase()));
- }
- // auths.addAll(aclResourcesList.stream().map(resources -> new SimpleGrantedAuthority(resources.getAuthority().toUpperCase())).collect(Collectors.toList()));
- return new User(aclUser.getUserName().toLowerCase(),aclUser.getUserPwd().toLowerCase(),true,true,true,true,auths);
- }
- }
-
Created by Athos on 2016-10-16.
*/
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {@Resource
private AclUserService aclUserService;
@Resource
private AclRoleResourcesService aclRoleResourcesService;
@Resource
private AclResourcesService aclResourcesService;/* (non-Javadoc)
- @see org.springframework.security.core.userdetails.UserDetailsService#loadUserByUsername(java.lang.String)
*/
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
List<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();
AclUser aclUser = aclUserService.findAclUserByName(username);
String resourceIds = aclRoleResourcesService.selectResourceIdsByRoleIds(aclUser.getRoleIds());
List<AclResources> aclResourcesList = aclResourcesService.selectAclResourcesByResourceIds(resourceIds);
for (AclResources aclResources : aclResourcesList) {
auths.add(new SimpleGrantedAuthority(aclResources.getAuthority().toUpperCase()));
}
// auths.addAll(aclResourcesList.stream().map(resources -> new SimpleGrantedAuthority(resources.getAuthority().toUpperCase())).collect(Collectors.toList()));
return new User(aclUser.getUserName().toLowerCase(),aclUser.getUserPwd().toLowerCase(),true,true,true,true,auths);
}
}
- @see org.springframework.security.core.userdetails.UserDetailsService#loadUserByUsername(java.lang.String)
自定义securityMetadataSource:
src/main/java/com/training/core/security/MySecurityMetadataSource.java
- package com.training.core.security;
- import java.util.ArrayList;
- import java.util.Collection;
- import java.util.HashMap;
- import java.util.Iterator;
- import java.util.List;
- import java.util.Map;
- import javax.servlet.http.HttpServletRequest;
- import org.springframework.security.access.ConfigAttribute;
- import org.springframework.security.access.SecurityConfig;
- import org.springframework.security.web.FilterInvocation;
- import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
- import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
- import org.springframework.security.web.util.matcher.RequestMatcher;
- import org.springframework.stereotype.Component;
- import com.training.sysmanager.entity.AclResources;
- import com.training.sysmanager.service.AclResourcesService;
- /**
- * Created by Athos on 2016-10-16.
- */
- @Component("mySecurityMetadataSource")
- public class MySecurityMetadataSource implements FilterInvocationSecurityMetadataSource {
- private static Map<String,Collection<ConfigAttribute>> aclResourceMap = null;
- private AclResourcesService aclResourcesService;
- /**
- * 构造方法
- */
- //1
- public MySecurityMetadataSource(AclResourcesService aclResourcesService){
- this.aclResourcesService=aclResourcesService;
- loadResourceDefine();
- }
- @Override
- public Collection<ConfigAttribute> getAttributes(Object object)throws IllegalArgumentException{
- HttpServletRequest request=((FilterInvocation)object).getRequest();
- Iterator<String> ite = aclResourceMap.keySet().iterator();
- while (ite.hasNext()){
- String resURL = ite.next();
- RequestMatcher requestMatcher = new AntPathRequestMatcher(resURL);
- if(requestMatcher.matches(request)){
- return aclResourceMap.get(resURL);
- }
- }
- return null;
- }
- //4
- @Override
- public Collection<ConfigAttribute> getAllConfigAttributes() {
- System.out.println("metadata : getAllConfigAttributes");
- return null;
- }
- //3
- @Override
- public boolean supports(Class<?> clazz) {
- System.out.println("metadata : supports");
- return true;
- }
- private void loadResourceDefine(){
- /**
- * 因为只有权限控制的资源才需要被拦截验证,所以只加载有权限控制的资源
- */
- List<AclResources> aclResourceses = aclResourcesService.selectAclResourcesTypeOfRequest();
- aclResourceMap = new HashMap<>();
- for (AclResources aclResources:aclResourceses){
- ConfigAttribute ca = new SecurityConfig(aclResources.getAuthority().toUpperCase());
- String url = aclResources.getUrl();
- if(aclResourceMap.containsKey(url)){
- Collection<ConfigAttribute> value = aclResourceMap.get(url);
- value.add(ca);
- aclResourceMap.put(url,value);
- }else {
- Collection<ConfigAttribute> atts = new ArrayList<ConfigAttribute>();
- atts.add(ca);
- aclResourceMap.put(url,atts);
- }
- }
- }
- }
-
Created by Athos on 2016-10-16.
*/
@Component("mySecurityMetadataSource")
public class MySecurityMetadataSource implements FilterInvocationSecurityMetadataSource {private static Map<String,Collection<ConfigAttribute>> aclResourceMap = null;
private AclResourcesService aclResourcesService;/**
- 构造方法
*/
//1
public MySecurityMetadataSource(AclResourcesService aclResourcesService){
this.aclResourcesService=aclResourcesService;
loadResourceDefine();
}
@Override
public Collection<ConfigAttribute> getAttributes(Object object)throws IllegalArgumentException{
HttpServletRequest request=((FilterInvocation)object).getRequest();
Iterator<String> ite = aclResourceMap.keySet().iterator();
while (ite.hasNext()){
String resURL = ite.next();
RequestMatcher requestMatcher = new AntPathRequestMatcher(resURL);
if(requestMatcher.matches(request)){
return aclResourceMap.get(resURL);
}
}
return null;
}
//4
@Override
public Collection<ConfigAttribute> getAllConfigAttributes() {
System.out.println("metadata : getAllConfigAttributes");
return null;
}
//3
@Override
public boolean supports(Class<?> clazz) {
System.out.println("metadata : supports");
return true;
}private void loadResourceDefine(){
/**
* 因为只有权限控制的资源才需要被拦截验证,所以只加载有权限控制的资源
*/
List<AclResources> aclResourceses = aclResourcesService.selectAclResourcesTypeOfRequest();
aclResourceMap = new HashMap<>();
for (AclResources aclResources:aclResourceses){
ConfigAttribute ca = new SecurityConfig(aclResources.getAuthority().toUpperCase());
String url = aclResources.getUrl();
if(aclResourceMap.containsKey(url)){
Collection<ConfigAttribute> value = aclResourceMap.get(url);
value.add(ca);
aclResourceMap.put(url,value);}else { Collection<ConfigAttribute> atts = new ArrayList<ConfigAttribute>(); atts.add(ca); aclResourceMap.put(url,atts); } }
}
}
- 构造方法
自定义AbstractAccessDecisionManager权限决策类,
src/main/java/com/training/core/security/MyAccessDecisionManager.java
- package com.training.core.security;
- import org.springframework.security.access.AccessDecisionVoter;
- import org.springframework.security.access.AccessDeniedException;
- import org.springframework.security.access.ConfigAttribute;
- import org.springframework.security.access.vote.AbstractAccessDecisionManager;
- import org.springframework.security.authentication.InsufficientAuthenticationException;
- import org.springframework.security.core.Authentication;
- import org.springframework.security.core.GrantedAuthority;
- import java.util.Collection;
- import java.util.Iterator;
- import java.util.List;
- /**
- * Created by Athos on 2016-10-16.
- */
- public class MyAccessDecisionManager extends AbstractAccessDecisionManager {
- protected MyAccessDecisionManager(List<AccessDecisionVoter<? extends Object>> decisionVoters) {
- super(decisionVoters);
- }
- @Override
- public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
- if(configAttributes==null){
- return;
- }
- Iterator<ConfigAttribute> ite = configAttributes.iterator();
- while(ite.hasNext()){
- ConfigAttribute ca = ite.next();
- String needRole = (ca).getAttribute();
- for (GrantedAuthority ga : authentication.getAuthorities()){
- if (needRole.equals(ga.getAuthority())){
- return;
- }
- }
- }
- throw new AccessDeniedException("没有权限,拒绝访问!");
- }
- @Override
- public boolean supports(ConfigAttribute attribute) {
- return false;
- }
- /**
- * Iterates through all <code>AccessDecisionVoter</code>s and ensures each can support
- * the presented class.
- * <p>
- * If one or more voters cannot support the presented class, <code>false</code> is
- * returned.
- *
- * @param clazz the type of secured object being presented
- * @return true if this type is supported
- */
- @Override
- public boolean supports(Class<?> clazz) {
- return true;
- }
- }
- Created by Athos on 2016-10-16.
*/
public class MyAccessDecisionManager extends AbstractAccessDecisionManager {
protected MyAccessDecisionManager(List<AccessDecisionVoter<? extends Object>> decisionVoters) {
super(decisionVoters);
}
@Override
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
if(configAttributes==null){
return;
}
Iterator<ConfigAttribute> ite = configAttributes.iterator();
while(ite.hasNext()){
ConfigAttribute ca = ite.next();
String needRole = (ca).getAttribute();
for (GrantedAuthority ga : authentication.getAuthorities()){
if (needRole.equals(ga.getAuthority())){
return;
}
}
}
throw new AccessDeniedException("没有权限,拒绝访问!");
}
@Override
public boolean supports(ConfigAttribute attribute) {
return false;
}
/**
* Iterates through all <code>AccessDecisionVoter</code>s and ensures each can support
* the presented class.
* <p>
* If one or more voters cannot support the presented class, <code>false</code> is
* returned.
*
* @param clazz the type of secured object being presented
* @return true if this type is supported
*/
@Override
public boolean supports(Class<?> clazz) {
return true;
}
}
用户、角色、资源(菜单)略。
详情请看GIT完成工程。
https://github.com/FrameReserve/TrainingBoot
</div>