spring Security 3.1的配置2
更新时间:2024-03-30 12:43:01 阅读量: 综合文库 文档下载
- springboot推荐度:
- 相关推荐
spring Security 3.1的配置(二)
四.将用户角色及权限放入数据库(mysql 5)。
首先先配置数据源,可以是任何的库。Jar包就用下载的ss3.1里的包就可以。以下以mysql为例。
1.定义三个表:用u_user,权限表u_authority,用户权限表u_role。
CREATE DATABASE initlife CHARACTER SET utf8
COLLATE 'utf8_general_ci';
CREATE TABLE `u_user` (
`us_name` VARCHAR(50) NOT NULL, `us_password` VARCHAR(50) NOT NULL,
`us_enabled` TINYINT(1) NULL DEFAULT NULL, PRIMARY KEY (`us_name`),
UNIQUE INDEX `u_name` (`us_name`) )
COLLATE='utf8_general_ci' ENGINE=InnoDB;
CREATE TABLE `u_authority` (
`au_authority` VARCHAR(50) NOT NULL,
`au_name` VARCHAR(50) NULL DEFAULT NULL, PRIMARY KEY (`au_authority`),
UNIQUE INDEX `au_authority` (`au_authority`) )
COLLATE='utf8_general_ci' ENGINE=InnoDB;
CREATE TABLE `u_role` (
`ro_usname` VARCHAR(50) NOT NULL,
`ro_auauthority` VARCHAR(50) NULL DEFAULT NULL, INDEX `FK_u_role_u_user` (`ro_usname`),
INDEX `FK_u_role_u_authority` (`ro_auauthority`),
CONSTRAINT `FK_u_role_u_authority` FOREIGN KEY (`ro_auauthority`)
REFERENCES `u_authority` (`au_authority`) ON UPDATE CASCADE ON DELETE CASCADE,
CONSTRAINT `FK_u_role_u_user` FOREIGN KEY (`ro_usname`) REFERENCES `u_user` (`us_name`) ON UPDATE CASCADE ON DELETE CASCADE )
COLLATE='utf8_general_ci' ENGINE=InnoDB;
2.添加数据
INSERT INTO `u_authority` (`au_authority`, `au_name`) VALUES ('ROLE_ADMIN', '管理员'), ('ROLE_GUESS', '访客'), ('ROLE_USER', '普通用户');
INSERT INTO `u_role` (`ro_usname`, `ro_auauthority`) VALUES ('user', 'ROLE_USER'), ('user', 'ROLE_GUESS'), ('admin', 'ROLE_ADMIN'), ('admin', 'ROLE_USER'), ('guest', 'ROLE_GUESS');
INSERT INTO `u_user` (`us_name`, `us_password`, `us_enabled`) VALUES ('admin', '21232f297a57a5a743894a0e4a801fc3', 1), ('guest', '084e0343a0486ff05530df6c705c8bb4', 0), ('user', 'ee11cbb19052e40b07aac0ca060c23ee', 1);
3.修改
applicationContext-security.xml
xsi:schemaLocation=\ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd\> authentication-failure-url=\/> username ,u.us_password password ,u.us_enabled enabled from u_user u where u.us_name = ? and u.us_enabled = 1\ authorities-by-username-query=\ r.ro_usname,r.ro_auauthority from u_role r where r.ro_usname = ?\ /> class=\ leMessageSource\> value=\/>
4.我的web.xml
xmlns=\ xmlns:xsi=\ xsi:schemaLocation=\ http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd\>
5.我的另外配置文件
applicationContext-common.xml
class=\ destroy-method=\> xmlns=\ xmlns:xsi=\ xmlns:p=\ xsi:schemaLocation=\ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd\> value=\ncoding=UTF-8\/> --> \> hibernate.dialect=org.hibernate.dialect.MySQL5Dialect hibernate.hbm2ddl.auto=update hibernate.show_sql=false hibernate.format_sql=false class=\> class=\
6.可以发布测试了。
五.开启页面ss EL表达式
1.修改plicationContext-security.xml
xsi:schemaLocation=\ http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd\> authentication-failure-url=\/> username ,u.us_password password ,u.us_enabled enabled from u_user u where u.us_name = ? and u.us_enabled = 1\ authorities-by-username-query=\ r.ro_usname,r.ro_auauthority from u_role r where r.ro_usname = ?\ /> class=\ leMessageSource\>
value=\/>
注
能与access=\
access=\等一起应用,而需要改成如上的格式。
use-expressions=\
:不或
2.index.jsp 红色部分为标签库及表达式
<%@ page language=\ import=\ pageEncoding=\%> <%@ taglib prefix=\
uri=\ %>
<%@taglib prefix=\ uri=\ %>
这是首页,欢迎
You are a administrator! You can therefore see the 管理员页.
You are a user! You can therefore see the 用户页.
Home
Logout
ifAllGranted:只有当前用户拥有所有指定的权限时,才能显示标签体的内容 (相当于“与” 的关系)
ifAnyGranted:当前用户拥有指定的权限中的一个的时候,就能显示标签内部内容(相当于“或”的关系)
ifNotGranted:没有指定的权限的时候,显示标签体的内容 (相当于“非”的关系)