SSM项目整合SpringSecurity

SpringSecurity和Shiro的区别:

简单来说,Shiro使用比较简单,但SpringSecurity的功能更加强大。Springsecurity是属于Spring家族的,与Spring框架整合的比较贴切,充分利用了Spring框架的一些特性,IOC,AOP等。

SSM项目整合SpringSecurity框架:

1,导入springsecurity环境

在health_parent父工程的pom.xml中导入Spring Security的maven坐标

<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-web</artifactId>
  <version>${spring.security.version}</version>
</dependency>
<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-config</artifactId>
  <version>${spring.security.version}</version>
</dependency>

在health_web工程的web.xml文件中配置用于整合Spring Security框架的过滤器DelegatingFilterProxy

<!--委派过滤器,用于整合其他框架-->
<filter>
  <!--整合spring security时,此过滤器的名称固定springSecurityFilterChain-->
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

2, 实现认证和授权

在health_web工程中按照Spring Security框架要求提供SpringSecurityUserService,并且实现UserDetailsService接口。

package cn.ftf.service;

import cn.ftf.pojo.Permission;
import cn.ftf.pojo.Role;
import cn.ftf.pojo.User;
import com.alibaba.dubbo.config.annotation.Reference;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;

import java.util.ArrayList;
import java.util.List;
import java.util.Set;

@Component
public class SpringSecurityUserService implements UserDetailsService {
    //通过dubbo通过网络来远程调用服务提供方
    @Reference
    private UserService userService;
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        User user=userService.findByUsername(username);
        if(user==null){
            return null;
        }
        List<GrantedAuthority> list=new ArrayList<>();

        //动态为当前用户授权
        Set<Role> roles=user.getRoles();
        if(!roles.isEmpty()){
            for(Role role:roles){
                list.add(new SimpleGrantedAuthority(role.getKeyword()));
                Set<Permission> permissions=role.getPermissions();
                if(!permissions.isEmpty()) {
                    for (Permission permission : permissions) {
                        list.add(new SimpleGrantedAuthority(permission.getKeyword()));
                    }
                }
            }
        }

        org.springframework.security.core.userdetails.User securityUser=new org.springframework.security.core.userdetails.User(username,user.getPassword(),list);
        return securityUser;
    }
}

Service层和Dao层就不再展示,具体为根据user对象获取其权限标识。

相关推荐