杩欑瘒鏂囩珷涓昏浠嬬粛浜哠pring Security濡備綍浣跨敤URL鍦板潃杩涜鏉冮檺鎺у埗,鏂囦腑閫氳繃绀轰緥浠g爜浠嬬粛鐨勯潪甯歌缁嗭紝瀵瑰ぇ瀹剁殑瀛︿範鎴栬€呭伐浣滃叿鏈変竴瀹氱殑鍙傝€冨涔犱环鍊?闇€瑕佺殑鏈嬪弸鍙互鍙傝€冧笅
鐩殑鏄細绯荤粺鍐呭瓨鍦ㄥ緢澶氫笉鍚岀殑鐢ㄦ埛锛屾瘡涓敤鎴峰叿鏈変笉鍚岀殑璧勬簮璁块棶鏉冮檺锛屽叿浣撹〃鐜板氨鏄煇涓敤鎴峰浜庢煇涓猆RL鏄棤鏉冮檺璁块棶鐨勩€傞渶瑕丼pring Security蹇欐垜浠繃婊ゃ€?/p>
FilterSecurityInterceptor鏄疭pring Security杩涜URL鏉冮檺鍒ゆ柇鐨勶紝FilterSecurityInterceptor鍙堢户鎵夸簬AbstractSecurityInterceptor锛岀敱姝ゅ彲鎺ㄦ祴锛屾垜浠彲浠ユ柊澧炰竴涓狪nterceptor缁ф壙AbstractSecurityInterceptor锛屽疄鐜版垜浠嚜宸辩殑鏉冮檺鏍¢獙閫昏緫銆?/p>
鏌ョ湅鐖剁被鍙婂叾浠g爜閫昏緫锛屾湁鍑犵偣蹇呴』瑕佹敞鎰忥細
1銆佷富瑕侀壌鏉冩柟娉曟槸璋冪敤鐖剁被涓璦ccessDecisionManager鐨刣ecide鍊硷紝鎵€浠ユ垜浠渶瑕佽嚜宸卞疄鐜颁竴涓猘ccessDecisionManager
2銆佺埗绫讳腑瀛樺湪鎶借薄鏂规硶public abstract SecurityMetadataSource obtainSecurityMetadataSource();浣滅敤鏄幏鍙朥RL鍙婄敤鎴疯鑹插搴旂殑鍏崇郴銆傛垜浠渶瑕佸姞鍏ヨ嚜宸辩殑瀹炵幇銆?/p>
浠ヤ笅鏄儴鍒嗕唬鐮佸疄鐜?br />
涓昏鎷︽埅鍣↗wtUrlSecurityInterceptor锛岄渶瑕佸湪WebSecurityConfig(Spring Security閰嶇疆)鏂囦欢涓敞鍐?/p>
//杩欎釜鎷︽埅鍣ㄧ敤鏉ュ疄鐜版寜鐓х敤鎴锋潈闄愶紝瀵规墍璇锋眰鐨剈rl杩涜鎷︽埅@Bean public JwtUrlSecurityInterceptor jwtUrlSecurityInterceptorBean() throws Exception{return new JwtUrlSecurityInterceptor();}@Override protected void configure(HttpSecurity httpSecurity) throws Exception {... httpSecurity.addFilterBefore(jwtUrlSecurityInterceptorBean(), FilterSecurityInterceptor.class);...}
瀹炵幇鑷畾涔夌殑accessDecisionManager
package org.zerhusen.security.dsuri;import org.springframework.security.access.AccessDecisionManager;import org.springframework.security.access.AccessDeniedException;import org.springframework.security.access.ConfigAttribute;import org.springframework.security.authentication.InsufficientAuthenticationException;import org.springframework.security.core.Authentication;import java.util.Collection;/** * Created by dingshuo on 2017/6/28. */public class MyAccessDecisionManager implements AccessDecisionManager {@Override public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {System.out.println("鑷畾涔夌殑鎺ュ彛");throw new AccessDeniedException("no right");}@Override public Boolean supports(ConfigAttribute attribute) {return true;}@Override public Boolean supports(Class<?> clazz) {return true;}}
瀹炵幇鑷畾涔夌殑璧勬簮SecurityMetadataSource
package org.zerhusen.security.dsuri;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.access.ConfigAttribute;import org.springframework.security.access.SecurityConfig;import org.springframework.security.web.FilterInvocation;import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;import java.util.*;/** * Created by dingshuo on 2017/6/28. */public class MyInvocationSecurityMetadataSource implements FilterInvocationSecurityMetadataSource {private static Map<String, Collection<ConfigAttribute>> resourceMap = null;@Autowired UrlMatcher urlMatcher;public MyInvocationSecurityMetadataSource() {//杩欓噷鍙互鏌ユ暟鎹簱瀹炵幇//娉ㄥ叆dao鍗冲彲resourceMap = new HashMap<String, Collection<ConfigAttribute>>();Collection<ConfigAttribute> atts = new ArrayList<ConfigAttribute>();ConfigAttribute ca = new SecurityConfig("ROLE_USER1");atts.add(ca);resourceMap.put("/index.jsp", atts);Collection<ConfigAttribute> attsno =new ArrayList<ConfigAttribute>();ConfigAttribute cano = new SecurityConfig("ROLE_NO");attsno.add(cano);resourceMap.put("/other.jsp", attsno);}@Override public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException {String url = ((FilterInvocation)object).getRequestUrl();Iterator<String> ite = resourceMap.keySet().iterator();while (ite.hasNext()) {String resURL = ite.next();if (url.equals("/protected")) {return resourceMap.get(resURL);}}return null;}@Override public Collection<ConfigAttribute> getAllConfigAttributes() {return null;}@Override public Boolean supports(Class<?> clazz) {return true;}}
瀹炵幇JwtUrlSecurityInterceptor
package org.zerhusen.security.dsuri;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.security.access.AccessDecisionManager;import org.springframework.security.access.SecurityMetadataSource;import org.springframework.security.access.intercept.AbstractSecurityInterceptor;import org.springframework.security.access.intercept.InterceptorStatusToken;import org.springframework.security.authentication.AuthenticationManager;import org.springframework.security.web.FilterInvocation;import javax.servlet.*;import java.io.IOException;/** * Created by dingshuo on 2017/6/28. */public class JwtUrlSecurityInterceptor extends AbstractSecurityInterceptor implements Filter {@Autowired public void setMyAccessDecisionManager(){super.setAccessDecisionManager(myAccessDecisionManagerBean());}@Bean public MyAccessDecisionManager myAccessDecisionManagerBean(){return new MyAccessDecisionManager();}@Bean public MyInvocationSecurityMetadataSource myInvocationSecurityMetadataSourceBean(){return new MyInvocationSecurityMetadataSource();}@Override public void init(FilterConfig filterConfig) throws ServletException {}@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {FilterInvocation fi = new FilterInvocation(request, response, chain);invoke(fi);}@Override public void destroy() {}@Override public Class<?> getSecureObjectClass() {return FilterInvocation.class;}@Override public SecurityMetadataSource obtainSecurityMetadataSource() {return this.myInvocationSecurityMetadataSourceBean();}public void invoke(FilterInvocation fi) throws IOException, ServletException {InterceptorStatusToken token = super.beforeInvocation(fi);try {fi.getChain().doFilter(fi.getRequest(), fi.getResponse());}finally {super.afterInvocation(token, null);}}}
濡備笂鏄畝鍗曠殑URL鏉冮檺鎺у埗
浠ヤ笂灏辨槸鏈枃鐨勫叏閮ㄥ唴瀹癸紝甯屾湜瀵瑰ぇ瀹剁殑瀛︿範鏈夋墍甯姪锛屼篃甯屾湜澶у澶氬鏀寔鎴戜滑銆?/p>
鏈枃鏍囬: Spring Security濡備綍浣跨敤URL鍦板潃杩涜鏉冮檺鎺у埗
鏈枃鍦板潃: http://www.xuebuyuan.com/ruanjian/java/292328.html
以上就上有关SpringSecurity濡備綍浣跨敤URL鍦板潃杩涜鏉冮檺鎺у埗的全部内容,学步园全面介绍编程技术、操作系统、数据库、web前端技术等内容。