在Spring中添加管理部分

在Spring中添加管理部分

首先需要验证用户吗？否则，您的应用程序将如何识别ADMIN正在尝试访问的用户或普通USER？
在执行此 *** 作之前，请

security-constraint

从 web.xml中 删除，以便
在应用程序中添加spring身份验证。
首先创建一个pojo类，以获取

GrantedAuthority

应该实现的列表

org.springframework.security.core.userdetails.UserDetails

。下面是一个示例：

public class YourPojo implements UserDetails{        //This collection will have eCommerceAdmin    public Collection<GrantedAuthority> authorities;        public String username;        public boolean accountNonExpired;        public boolean credentialsNonExpired;        public boolean enabled;        private static final long serialVersionUID = -2342376103893073629L;        @Override    public Collection<GrantedAuthority> getAuthorities() {        return authorities;    }        @Override    public String getPassword() {        return null;    }        @Override    public String getUsername() {        return username;    }        @Override    public boolean isAccountNonExpired() {        return accountNonExpired;    }        @Override    public boolean isAccountNonLocked() {        return accountNonLocked;    }        @Override    public boolean isCredentialsNonExpired() {        return credentialsNonExpired;    }        @Override    public boolean isEnabled() {        return enabled;    }        public void setAuthorities(Collection<GrantedAuthority> authorities) {        this.authorities = authorities;    }        public void setUsername(String username) {        this.username = username;    }        public void setAccountNonExpired(boolean accountNonExpired) {        this.accountNonExpired = accountNonExpired;    }        public void setAccountNonLocked(boolean accountNonLocked) {        this.accountNonLocked = accountNonLocked;    }        public void setCredentialsNonExpired(boolean credentialsNonExpired) {        this.credentialsNonExpired = credentialsNonExpired;    }        public void setEnabled(boolean enabled) {        this.enabled = enabled;    }}

以下是您需要的HTTP标签。

<!-- to use Spring security tags -->    <bean  /><http pattern="/login*" security="none"/><http pattern="/static/**" security="none"/>        <http auto-config="false">   <intercept-url pattern="/admin/**" access="eCommerceAdmin" />        <form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/loginfailed" />        <logout logout-success-url="/logout" />        <session-management> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />        </session-management>    </http>

现在定义您的身份验证提供程序。

<bean id="customeAuthProvider" >  </bean>   <authentication-manager >     <authentication-provider ref="customeAuthProvider" ></authentication-provider>  </authentication-manager>

这

customeAuthProvider

应该实现

org.springframework.security.authentication.AuthenticationProvider

。

@Override    public Authentication authenticate(Authentication authentication) throws AuthenticationException {        UsernamePasswordAuthenticationToken userToken = (UsernamePasswordAuthenticationToken)authentication;        String username = userToken.getName();        String password = (String) authentication.getCredentials();          //Do whatevr you want with the credentials         //Then populate the authorities for this credential         YourPojo user=new YourPojo ();         user.setUserName("add username");        //set other details        List<GrantedAuthority> grantedAuthorityList = new ArrayList<GrantedAuthority>();        //if user is admin add the below line        GrantedAuthorityImpl grantedAuthorityImpl = new GrantedAuthorityImpl("eCommerceAdmin");       //Add other authorities as applicable like 'user' etc.       user.setAuthorities(grantedAuthorityList);       return new UsernamePasswordAuthenticationToken(username, password, user.getAuthorities());

可以在以下方式在web.xml中引用安全性xml文件。此外，您的web.xml还应具有spring安全性过滤器。

<context-param> <param-name>contextConfigLocation</param-name>  <param-value>    /WEB-INF/your-applicationContext.xml    /WEB-INF/your-spring-security.xml  </param-value></context-param><listener>    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener><filter>    <filter-name>springSecurityFilterChain</filter-name>    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping>    <filter-name>springSecurityFilterChain</filter-name>    <url-pattern>/*</url-pattern></filter-mapping>

您还需要spring安全性依赖项。.如果您在项目中使用Maven，请添加以下依赖项，否则您可以手动下载这些jar并继续。

<!-- Spring Security --><dependency>    <groupId>org.springframework.security</groupId>    <artifactId>spring-security-core</artifactId>    <version>${spring.version}</version></dependency><dependency>    <groupId>org.springframework.security</groupId>    <artifactId>spring-security-web</artifactId>    <version>${spring.version}</version></dependency><dependency>    <groupId>org.springframework.security</groupId>    <artifactId>spring-security-config</artifactId>    <version>${spring.version}</version></dependency>

现在您可以开始了。FYR经历了这个