Shulou(Shulou.com)06/02 Report--

This article mainly introduces how to use SpringSecurity to achieve dynamic loading permission information, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, let the editor take you to understand it.

The correspondence between resources and roles and between roles and users in the ① database is shown in the following figure:

② implements the FilterInvocationSecurityMetadataSource class

(1) List menus = menuService.getMenusWithRoles (); this is the query method for the role corresponding to your own resources.

(2) all overridden support methods return true

@ Configurationpublic class MyFilterInvocation implements FilterInvocationSecurityMetadataSource {@ Autowired private MenuService menuService; AntPathMatcher antPathMatcher = new AntPathMatcher (); @ Override public Collection getAttributes (Object object) throws IllegalArgumentException {String requestUrl = ((FilterInvocation) object) .getRequestUrl (); List menus = menuService.getMenusWithRoles () / /-traverse the url of the database to see if the request path matches it for (Menu menu: menus) {/ /-if the request path matches the database path if (antPathMatcher.match (menu.getUrl (), requestUrl)) {/ /-the role required to access the path List roles = menu.getRoles () String [] strs = new String [roles.size ()]; for (int I = 0; I < roles.size ()) {strs [I] = roles.get (I) .getName ();} return SecurityConfig.createList (strs) }} / /-if the request path does not match all the paths in the database, the resource can be accessed immediately after login / /-the user can log in, which is equivalent to configuring. AnyRequest (). Authenticated () return SecurityConfig.createList ("ROLE_LOGIN") in SecurityConfig;} @ Override public Collection getAllConfigAttributes () {return null } @ Override public boolean supports (Class clazz) {return true;}}

③ implements the AccessDecisionManager class

All overridden support methods return true

Configurationpublic class MyDecisionManager implements AccessDecisionManager {@ Override public void decide (Authentication authentication, Object object, Collection configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {for (ConfigAttribute configAttribute: configAttributes) {String needRole = configAttribute.getAttribute () If ("ROLE_LOGIN" .equals (needRole)) {/ /-users can log in and access it, which is equivalent to configuring .anyRequest () .authenticated () if (authentication instanceof AnonymousAuthenticationToken) {throw new AccessDeniedException ("not logged in, please log in first");} else {return }} Collection

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.