安全管理四
本篇主要讲动态资源配置
?
通过安全管理一,二,三,这3讲,我们实现了自定义数据库表结构,以及自定义用户认证与授权实现用户权限管理,但我们的资源配置还是写死在配置文件中,而且以后会越来越多,造成了资源配置的不灵活与臃肿,所以在本篇文章中,我们讲实现资源的动态配置
如下:这是目前我们写死的资源配置
?
<ss:intercept-url pattern="/login.action" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <ss:intercept-url pattern="/company/company.action" access="ROLE_ADMIN"/><ss:intercept-url pattern="/dept/dept.action" access="ROLE_USER"/><ss:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
??
?
第一步:新增一张资源表与一张资源与角色关系表
create table TEST_RESOURCE( ID NUMBER(22) not null, VALUE VARCHAR2(100), TYPE VARCHAR2(5) default 'url', FLAG CHAR(1) default '1', SEQ NUMBER(22))
?
create table TEST_ROLE_RESOURCE( ROLE_ID NUMBER(22), RESOURCE_ID NUMBER(22))
?
?
?
?
对比
<ss:intercept-url pattern="/login.action" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <ss:intercept-url pattern="/company/company.action" access="ROLE_ADMIN"/><ss:intercept-url pattern="/dept/dept.action" access="ROLE_USER"/><ss:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY"/>
??
一目了然,将资源从配置文件转移到了数据库
?
第二步:在安全管理三中提到的Security中 ,添加2个属性
private String roleName;private String resourceValue;
?
第三步:编写DefinitionSourceFactoryBean
package com.longzhun.fpm.security;import java.util.LinkedHashMap;import java.util.List;import org.springframework.beans.factory.FactoryBean;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.beans.factory.annotation.Qualifier;import org.springframework.security.ConfigAttributeDefinition;import org.springframework.security.ConfigAttributeEditor;import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource;import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;import org.springframework.security.intercept.web.RequestKey;import org.springframework.security.util.AntUrlPathMatcher;import org.springframework.security.util.UrlMatcher;import org.springframework.stereotype.Component;import com.longzhun.fpm.security.service.SecurityService;public class DefinitionSourceFactoryBean implements FactoryBean{@Autowired@Qualifier("securityService")private SecurityService securityService;public Object getObject() throws Exception {return new DefaultFilterInvocationDefinitionSource(getUrlMatcher(), buildRequestMap());}@SuppressWarnings("unchecked")public Class getObjectType() {return FilterInvocationDefinitionSource.class;}public boolean isSingleton() {return true;}protected UrlMatcher getUrlMatcher(){return new AntUrlPathMatcher();}protected LinkedHashMap<RequestKey, ConfigAttributeDefinition> buildRequestMap(){List<Security> resources = securityService.getResources();LinkedHashMap<RequestKey, ConfigAttributeDefinition> distMap = new LinkedHashMap<RequestKey, ConfigAttributeDefinition>();ConfigAttributeEditor edit = null;for(Security security : resources){System.out.println(security.getRoleName()+" : "+security.getResourceValue());if(security.getRoleName() != null){edit = new ConfigAttributeEditor();RequestKey key = new RequestKey(security.getResourceValue(), null);edit.setAsText(security.getRoleName());distMap.put(key, (ConfigAttributeDefinition)edit.getValue());}}return distMap;}}?
?
securityService方法我就不写出来了,就一个方法getResources()
我将getResources()的sql查询语句写给大家
select r.role_name roleName,res.value resourceValue from test_role r,test_role_resource rr,test_resource res where r.id = rr.role_id and res.id = rr.resource_id order by res.seq
?
第四步:修改applicationContext-security.xml,最后配置如下
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:ss="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd" default-autowire="byType"><ss:http auto-config="true"><ss:intercept-url pattern="/common/**" filters="none"/><ss:intercept-url pattern="/css/**" filters="none"/><ss:intercept-url pattern="/images/**" filters="none"/><ss:intercept-url pattern="/js/**" filters="none"/><ss:form-loginlogin-page="/login.action"authentication-failure-url="/login.action?error=true"default-target-url="/" always-use-default-target="true" /> <!-- default-target-url登录成功页 /代表系统默认路径 always-use-default-target="true" session过期,跳回登录页面,再次登录时,不让跳转至之前操作的地址--></ss:http><ss:authentication-provider user-service-ref="userDetailsService"/><bean id="definitionSource" ref="definitionSource"/></bean> </beans>
?
1 楼 take 2011-12-26 一模一样的配置,但是重启后,项目还是会有问题.. 不过有区别的在于你的SecurityService有注入. 我的没有.. 是不是这个问题.. 我想得回去试试..