Spring Security -实现platform的安全权限管理(1)
2016-11-25 10:20
731 查看
Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。它提供了一组可以在Spring应用上下文中配置的Bean,充分利用了Spring IoC,DI(控制反转Inversion of Control ,DI:Dependency Injection 依赖注入)和AOP(面向切面编程)功能,为应用系统提供声明式的安全访问控制功能,减少了为企业系统安全控制编写大量重复代码的工作。
下面是为了解决platform的安全权限的maven工程结构图
platform-security 配置、逻辑包
platform-security-commons security工具包
第一步:引入依赖jar
自定义的安全认证用户对象SecurityUserInfo,该类需要实现Spring security的UserDetails接口实现方法
下面是为了解决platform的安全权限的maven工程结构图
platform-security 配置、逻辑包
platform-security-commons security工具包
第一步:引入依赖jar
<properties> <spring.security.version>4.0.1.RELEASE</spring.security.version> </properties> <dependencies> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> <version>${spring.security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${spring.security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${spring.security.version}</version> </dependency> </dependencies>第二步:编写platform-security-commons包下的工具类代码
自定义的安全认证用户对象SecurityUserInfo,该类需要实现Spring security的UserDetails接口实现方法
/** * 公用的安全认证用户对象 * * @author xiaowen * */ public class SecurityUserInfo implements UserDetails { /** * */ private static final long serialVersionUID = -1070271194524834536L; // id private String id; // 用户名 private String username; // 密码 private String password; // 拥有权限集合 private Collection<SecurityGrantedAuthority> authorities; // 账户是否过期 private boolean AccountNonExpired; // 账户是被锁定 private boolean AccountNonLocked; // 密码是否过期 private boolean CredentialsNonExpired; // 是否可用 private boolean Enabled; // 是否超级管理员 private Boolean superAdmin; // 数据权限 private List<OrganizationInfo> orgs; // 包含角色 private Set<SystemRole> rolesInfo; // 功能菜单权限 private List<SystemMenu> functionMenus; // 隶属人员 private SystemPerson person; @Override public Collection<SecurityGrantedAuthority> getAuthorities() { return this.authorities; } @Override public String getPassword() { return this.password; } @Override public String getUsername() { return this.username; } @Override public boolean isAccountNonExpired() { return this.AccountNonExpired; } @Override public boolean isAccountNonLocked() { return this.AccountNonLocked; } @Override public boolean isCredentialsNonExpired() { return this.CredentialsNonExpired; } @Override public boolean isEnabled() { return this.Enabled; } public void setUsername(String username) { this.username = username; } public void setPassword(String password) { this.password = password; } public void setAuthorities(Collection<SecurityGrantedAuthority> authorities) { this.authorities = authorities; } public void setAccountNonExpired(boolean accountNonExpired) { AccountNonExpired = accountNonExpired; } public void setAccountNonLocked(boolean accountNonLocked) { AccountNonLocked = accountNonLocked; } public void setCredentialsNonExpired(boolean credentialsNonExpired) { CredentialsNonExpired = credentialsNonExpired; } public void setEnabled(boolean enabled) { Enabled = enabled; } public String getId() { return id; } public void setId(String id) { this.id = id; } public Boolean getSuperAdmin() { return superAdmin; } public void setSuperAdmin(Boolean superAdmin) { this.superAdmin = superAdmin; } public List<OrganizationInfo> getOrgs() { return orgs; } public void setOrgs(List<OrganizationInfo> orgs) { this.orgs = orgs; } public Set<SystemRole> getRolesInfo() { return rolesInfo; } public void setRolesInfo(Set<SystemRole> rolesInfo) { this.rolesInfo = rolesInfo; } public List<SystemMenu> getFunctionMenus() { return functionMenus; } public void setFunctionMenus(List<SystemMenu> functionMenus) { this.functionMenus = functionMenus; } public SystemPerson getPerson() { return person; } public void setPerson(SystemPerson person) { this.person = person; } }自定义SecurityGrantedAuthority
package com.bjhy.platform.core; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.SpringSecurityCoreVersion; import org.springframework.util.Assert; public class SecurityGrantedAuthority implements GrantedAuthority{ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; private String role; public SecurityGrantedAuthority(String role) { Assert.hasText(role, "A granted authority textual representation is required"); this.role = role; } public SecurityGrantedAuthority() { } public String getAuthority() { return role; } public boolean equals(Object obj) { if (this == obj) { return true; } if (obj instanceof SecurityGrantedAuthority) { return role.equals(((SecurityGrantedAuthority) obj).role); } return false; } public int hashCode() { return this.role.hashCode(); } public String toString() { return this.role; } }自定义构建用户的工具类SecurityUserUtil
public class SecurityUserUtil { //构建security用户 public static SecurityUserInfo buildSecurityUser(SystemUser user, String appClientId, OrganizationService organizationProvider, SystemRoleService systemRoleProvider, SystemMenuService systemMenuProvider, SystemPersonService systemPersonProvider) { SecurityUserInfo securityUserInfo = new SecurityUserInfo(); securityUserInfo.setId(user.getId()); securityUserInfo.setUsername(user.getUserName()); securityUserInfo.setPassword(user.getUserPassword()); securityUserInfo.setEnabled(user.getEnabled()); securityUserInfo.setCredentialsNonExpired(!user.getCredentialsExpired()); securityUserInfo.setAccountNonLocked(!user.getAccountLocked()); securityUserInfo.setAccountNonExpired(!user.getAccountExpired()); securityUserInfo.setSuperAdmin(user.getSuperAdmin()); //设置数据权限 securityUserInfo.setOrgs(organizationProvider.getOrgByUserId(user.getId(), user.getSuperAdmin())); //设置所属角色 securityUserInfo.setRolesInfo(systemRoleProvider.findByUserId(user.getId(), user.getSuperAdmin())); //设置功能菜单权限 securityUserInfo.setFunctionMenus(systemMenuProvider.findFunctionMenusByUserAndApp(user.getId(), user.getSuperAdmin(), appClientId)); //设置spring security权限 Set<SystemMenu> permMenus = systemMenuProvider.findPermsByUserAndApp(user.getId(), user.getSuperAdmin(), appClientId); Collection<SecurityGrantedAuthority> authorities = new ArrayList<SecurityGrantedAuthority>(); for (SystemMenu systemMenu : permMenus) { authorities.add(new SecurityGrantedAuthority(systemMenu.getMenuValue())); } securityUserInfo.setAuthorities(authorities); //设置隶属人员 if(!StringUtils.isEmpty(user.getPersonId())){ SystemPerson person = systemPersonProvider.findSystemPersonById(user.getPersonId()); securityUserInfo.setPerson(person); } return securityUserInfo; }自定义系统中获取用户的工具类UserDetailsUtil
package com.bjhy.platform.util; import org.springframework.security.core.Authentication; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.UserDetails; import com.bjhy.platform.commons.i18n.MessageUtil; import com.bjhy.platform.domain.SecurityUserInfo; public class UserDetailsUtil { public static String getCurrentUserName() { if(getCurrentUser() != null){ return getCurrentUser().getUsername(); } return null; } public static String getCurrentUserId() { return getCurrentUser().getId().toString(); } public static SecurityUserInfo getCurrentUser() { SecurityContext context = SecurityContextHolder.getContext(); Authentication authentication = context.getAuthentication(); if (authentication == null) { return null; } Object principal = authentication.getPrincipal(); if (principal instanceof UserDetails) { return (SecurityUserInfo)principal; }else{ throw new RuntimeException( MessageUtil.getMessage("UserDetailsService.typeError")); } } public static boolean hasPerm(String permCode) { String[]permCodes=permCode.split(","); for (String item : permCodes) { boolean result = getCurrentUser().getAuthorities().contains(new SimpleGrantedAuthority(item.trim().toUpperCase())); if(result){ return true; } } return false; } }~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~未完待续~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
相关文章推荐
- 使用Spring Security实现权限管理
- Spring Security 安全权限管理手册(0.0.6更新)
- 使用Spring Security实现权限管理
- Spring安全权限管理(Spring Security)
- Spring security实现权限管理
- Spring Security 安全权限管理手册(0.0.8更新)
- 使用Spring Security实现权限管理
- 使用Spring Security实现权限管理
- Spring安全权限管理(Spring Security)
- Spring安全权限管理(Spring Security)
- Spring安全权限管理(Spring Security的配置使用)
- 使用Spring Security实现权限管理
- Spring安全权限管理(Spring Security) .
- spring之使用Spring Security实现权限管理
- 使用Spring Security实现权限管理
- Spring Security 安全权限管理手册(0.1.0更新)
- spring security3 实现自定义管理权限
- Spring安全权限管理(Spring Security)
- Spring安全权限管理(Spring Security)
- Spring安全权限管理(Spring Security)