Spring Security -实现platform的安全权限管理(1)

Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。它提供了一组可以在Spring应用上下文中配置的Bean，充分利用了Spring IoC，DI（控制反转Inversion of Control ,DI:Dependency Injection 依赖注入）和AOP（面向切面编程）功能，为应用系统提供声明式的安全访问控制功能，减少了为企业系统安全控制编写大量重复代码的工作。

下面是为了解决platform的安全权限的maven工程结构图






platform-security  配置、逻辑包

platform-security-commons security工具包

第一步:引入依赖jar

<properties>
<spring.security.version>4.0.1.RELEASE</spring.security.version>
</properties>

<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
</dependencies>

第二步：编写platform-security-commons包下的工具类代码

自定义的安全认证用户对象SecurityUserInfo,该类需要实现Spring security的UserDetails接口实现方法

/**
* 公用的安全认证用户对象
*
* @author xiaowen
*
*/
public class SecurityUserInfo implements UserDetails {

/**
*
*/
private static final long serialVersionUID = -1070271194524834536L;
// id
private String id;
// 用户名
private String username;
// 密码
private String password;
// 拥有权限集合
private Collection<SecurityGrantedAuthority> authorities;
// 账户是否过期
private boolean AccountNonExpired;
// 账户是被锁定
private boolean AccountNonLocked;
// 密码是否过期
private boolean CredentialsNonExpired;
// 是否可用
private boolean Enabled;
// 是否超级管理员
private Boolean superAdmin;

// 数据权限
private List<OrganizationInfo> orgs;
// 包含角色
private Set<SystemRole> rolesInfo;
// 功能菜单权限
private List<SystemMenu> functionMenus;
// 隶属人员
private SystemPerson person;

@Override
public Collection<SecurityGrantedAuthority> getAuthorities() {
return this.authorities;
}

@Override
public String getPassword() {
return this.password;
}

@Override
public String getUsername() {
return this.username;
}

@Override
public boolean isAccountNonExpired() {
return this.AccountNonExpired;
}

@Override
public boolean isAccountNonLocked() {
return this.AccountNonLocked;
}

@Override
public boolean isCredentialsNonExpired() {
return this.CredentialsNonExpired;
}

@Override
public boolean isEnabled() {
return this.Enabled;
}

public void setUsername(String username) {
this.username = username;
}

public void setPassword(String password) {
this.password = password;
}

public void setAuthorities(Collection<SecurityGrantedAuthority> authorities) {
this.authorities = authorities;
}

public void setAccountNonExpired(boolean accountNonExpired) {
AccountNonExpired = accountNonExpired;
}

public void setAccountNonLocked(boolean accountNonLocked) {
AccountNonLocked = accountNonLocked;
}

public void setCredentialsNonExpired(boolean credentialsNonExpired) {
CredentialsNonExpired = credentialsNonExpired;
}

public void setEnabled(boolean enabled) {
Enabled = enabled;
}

public String getId() {
return id;
}

public void setId(String id) {
this.id = id;
}

public Boolean getSuperAdmin() {
return superAdmin;
}

public void setSuperAdmin(Boolean superAdmin) {
this.superAdmin = superAdmin;
}

public List<OrganizationInfo> getOrgs() {
return orgs;
}

public void setOrgs(List<OrganizationInfo> orgs) {
this.orgs = orgs;
}

public Set<SystemRole> getRolesInfo() {
return rolesInfo;
}

public void setRolesInfo(Set<SystemRole> rolesInfo) {
this.rolesInfo = rolesInfo;
}

public List<SystemMenu> getFunctionMenus() {
return functionMenus;
}

public void setFunctionMenus(List<SystemMenu> functionMenus) {
this.functionMenus = functionMenus;
}

public SystemPerson getPerson() {
return person;
}

public void setPerson(SystemPerson person) {
this.person = person;
}

}

自定义SecurityGrantedAuthority 

package com.bjhy.platform.core;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.util.Assert;

public class SecurityGrantedAuthority implements GrantedAuthority{

private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;

private String role;

public SecurityGrantedAuthority(String role) {
Assert.hasText(role, "A granted authority textual representation is required");
this.role = role;
}

public SecurityGrantedAuthority() {

}

public String getAuthority() {
return role;
}

public boolean equals(Object obj) {
if (this == obj) {
return true;
}

if (obj instanceof SecurityGrantedAuthority) {
return role.equals(((SecurityGrantedAuthority) obj).role);
}

return false;
}

public int hashCode() {
return this.role.hashCode();
}

public String toString() {
return this.role;
}

}

自定义构建用户的工具类SecurityUserUtil

public class SecurityUserUtil {

//构建security用户
public static SecurityUserInfo buildSecurityUser(SystemUser user, String appClientId,
OrganizationService organizationProvider, SystemRoleService systemRoleProvider,
SystemMenuService systemMenuProvider, SystemPersonService systemPersonProvider) {
SecurityUserInfo securityUserInfo = new SecurityUserInfo();
securityUserInfo.setId(user.getId());
securityUserInfo.setUsername(user.getUserName());
securityUserInfo.setPassword(user.getUserPassword());
securityUserInfo.setEnabled(user.getEnabled());
securityUserInfo.setCredentialsNonExpired(!user.getCredentialsExpired());
securityUserInfo.setAccountNonLocked(!user.getAccountLocked());
securityUserInfo.setAccountNonExpired(!user.getAccountExpired());
securityUserInfo.setSuperAdmin(user.getSuperAdmin());
//设置数据权限
securityUserInfo.setOrgs(organizationProvider.getOrgByUserId(user.getId(), user.getSuperAdmin()));
//设置所属角色
securityUserInfo.setRolesInfo(systemRoleProvider.findByUserId(user.getId(), user.getSuperAdmin()));
//设置功能菜单权限
securityUserInfo.setFunctionMenus(systemMenuProvider.findFunctionMenusByUserAndApp(user.getId(), user.getSuperAdmin(), appClientId));
//设置spring security权限
Set<SystemMenu> permMenus = systemMenuProvider.findPermsByUserAndApp(user.getId(), user.getSuperAdmin(), appClientId);
Collection<SecurityGrantedAuthority> authorities = new ArrayList<SecurityGrantedAuthority>();
for (SystemMenu systemMenu : permMenus) {
authorities.add(new SecurityGrantedAuthority(systemMenu.getMenuValue()));
}
securityUserInfo.setAuthorities(authorities);
//设置隶属人员
if(!StringUtils.isEmpty(user.getPersonId())){
SystemPerson person = systemPersonProvider.findSystemPersonById(user.getPersonId());
securityUserInfo.setPerson(person);
}
return securityUserInfo;
}

自定义系统中获取用户的工具类UserDetailsUtil

package com.bjhy.platform.util;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;

import com.bjhy.platform.commons.i18n.MessageUtil;
import com.bjhy.platform.domain.SecurityUserInfo;

public class UserDetailsUtil {
public static String getCurrentUserName() {
if(getCurrentUser() != null){
return getCurrentUser().getUsername();
}
return null;
}

public static String getCurrentUserId() {
return getCurrentUser().getId().toString();
}

public static SecurityUserInfo getCurrentUser() {
SecurityContext context = SecurityContextHolder.getContext();
Authentication authentication = context.getAuthentication();
if (authentication == null) {
return null;
}
Object principal = authentication.getPrincipal();
if (principal instanceof UserDetails) {
return (SecurityUserInfo)principal;
}else{
throw new RuntimeException(
MessageUtil.getMessage("UserDetailsService.typeError"));
}
}

public static boolean hasPerm(String permCode) {
String[]permCodes=permCode.split(",");
for (String item : permCodes) {
boolean result = getCurrentUser().getAuthorities().contains(new SimpleGrantedAuthority(item.trim().toUpperCase()));
if(result){
return true;
}
}
return false;
}
}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~未完待续~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~