spring-security.xml 文件:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<security:http auto-config="true" use-expressions="true" access-denied-page="/auth/denied" >
<security:intercept-url pattern="/auth/login" access="permitAll"/>
<security:intercept-url pattern="/main/admin" access="hasRole('ROLE_CH')"/>
<security:intercept-url pattern="/main/common" access="hasRole('ROLE_CH')"/>
<security:form-login
login-page="/auth/login"
authentication-failure-url="/auth/login?error=true"
default-target-url="/main/common"/>
<security:logout
invalidate-session="true"
logout-success-url="/auth/login"
logout-url="/auth/logout"/>
</security:http>
<!-- 指定一个自定义的authentication-manager :customUserDetailsService -->
<security:authentication-manager>
<security:authentication-provider user-service-ref="customUserDetailsService">
<security:password-encoder ref="passwordEncoder"/>
</security:authentication-provider>
</security:authentication-manager>
<!-- 对密码进行MD5编码 -->
<bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/>
<!--
通过 customUserDetailsService,Spring会自动的用户的访问级别.
也可以理解成:以后我们和数据库操作就是通过customUserDetailsService来进行关联.
-->
<bean id="customUserDetailsService" class="org.liukai.tutorial.service.CustomUserDetailsService"/>
</beans>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<!-- SpringSecurity必须的filter -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
/WEB-INF/applicationContext.xml
</param-value>
</context-param>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
</web-app>
package org.liukai.tutorial.service;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.liukai.tutorial.dao.UserDao;
import org.liukai.tutorial.domain.DbUser;
import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
public class CustomUserDetailsService implements UserDetailsService {
private UserDao userDAO = new UserDao();
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
UserDetails user = null;
try {
DbUser dbUser = userDAO.getDatabase(username);
user = new User(dbUser.getUsername(), dbUser.getPassword()
.toLowerCase(), true, true, true, true,
getAuthorities(dbUser.getAccess()));
} catch (Exception e) {
throw new UsernameNotFoundException("Error in retrieving user");
}
return user;
}
public Collection<GrantedAuthority> getAuthorities(Integer access) {
List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>();
String value= getMaps1().get(access);
String[] str=value.split(",");
for(String s :str){
authList.add(new GrantedAuthorityImpl(getMaps2().get(s)));
}
// if (access.compareTo(1) == 0) {
// authList.add(new GrantedAuthorityImpl("ROLE_ADMIN"));
// }
// if(access.compareTo(3)==0){
//
// authList.add(new GrantedAuthorityImpl("ROLE_CH"));
// }
//
// if (access.compareTo(2) == 0) {
// authList.add(new GrantedAuthorityImpl("ROLE_USER"));
// }
return authList;
}
public static Map<Integer,String> getMaps1(){
Map<Integer,String> map=new HashMap<Integer, String>();
map.put(1, "1,2,3");
map.put(2, "2,3");
map.put(3, "1,2,3");
return map;
}
public static Map<String,String> getMaps2(){
Map<String,String> map=new HashMap<String, String>();
map.put("1", "ROLE_ADMIN");
map.put("2", "ROLE_USER");
map.put("3", "ROLE_CH");
return map;
}
}