SpringSecurity 自定义用户 角色 资源权限控制
1 package com.joyen.learning.security; 2 3 import java.sql.ResultSet; 4 import java.sql.SQLException; 5 import java.util.List; 6 7 import org.springframework.context.support.MessageSourceAccessor; 8 import org.springframework.dao.DataAccessException; 9 import org.springframework.jdbc.core.RowMapper; 10 import org.springframework.jdbc.core.support.JdbcDaoSupport; 11 import org.springframework.security.core.GrantedAuthority; 12 import org.springframework.security.core.SpringSecurityMessageSource; 13 import org.springframework.security.core.authority.AuthorityUtils; 14 import org.springframework.security.core.authority.GrantedAuthorityImpl; 15 import org.springframework.security.core.userdetails.UserDetails; 16 import org.springframework.security.core.userdetails.UserDetailsService; 17 import org.springframework.security.core.userdetails.UsernameNotFoundException; 18 19 /** 20 * 在这个类中,从数据库中读入用户的密码,角色信息,是否锁定,账号是否过期等 21 * @author fwj 22 * 23 */ 24 public class MyUserDetailService extends JdbcDaoSupport implements UserDetailsService { 25 26 27 private String authoritiesByUsernameQuery; 28 private String usersByUsernameQuery; 29 30 protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor(); 31 32 public UserDetails loadUserByUsername(String username) 33 throws UsernameNotFoundException, DataAccessException { 34 List<MyUser> users = loadUsersByUsername(username); 35 36 if (users==null || users.size() == 0) { 37 logger.debug("Query returned no results for user '" + username + "'"); 38 39 throw new UsernameNotFoundException( 40 messages.getMessage("JdbcDaoImpl.notFound", new Object[]{username}, "Username {0} not found"), username); 41 } 42 43 MyUser user = users.get(0); 44 List<GrantedAuthority> dbAuths = loadUserAuthorities(user.getUsername()); 45 46 if (dbAuths == null || dbAuths.size() == 0) { 47 logger.debug("User '" + username + "' has no authorities and will be treated as 'not found'"); 48 49 throw new UsernameNotFoundException( 50 messages.getMessage("JdbcDaoImpl.noAuthority", 51 new Object[] {username}, "User {0} has no GrantedAuthority"), username); 52 } 53 54 return createUserDetails(username,user,dbAuths); 55 56 } 57 58 protected List<MyUser> loadUsersByUsername(String username) { 59 60 return getJdbcTemplate().query(usersByUsernameQuery, new String[] {username}, new RowMapper<MyUser>() { 61 public MyUser mapRow(ResultSet rs, int rowNum) throws SQLException { 62 String username = rs.getString(1); 63 String password = rs.getString(2); 64 String email = rs.getString(3); 65 boolean enabled = rs.getBoolean(4); 66 return new MyUser(username, password, email, enabled, true, true, true, AuthorityUtils.NO_AUTHORITIES); 67 } 68 69 }); 70 } 71 72 protected List<GrantedAuthority> loadUserAuthorities(String username) { 73 return getJdbcTemplate().query(authoritiesByUsernameQuery, new String[] {username}, new RowMapper<GrantedAuthority>() { 74 public GrantedAuthority mapRow(ResultSet rs, int rowNum) throws SQLException { 75 String roleName = rs.getString(2); 76 GrantedAuthorityImpl authority = new GrantedAuthorityImpl(roleName); 77 78 return authority; 79 } 80 }); 81 } 82 83 protected UserDetails createUserDetails(String username, MyUser userFromUserQuery, 84 List<GrantedAuthority> combinedAuthorities) { 85 String returnUsername = userFromUserQuery.getUsername(); 86 87 return new MyUser(returnUsername, userFromUserQuery.getPassword(), userFromUserQuery.getEmail(), userFromUserQuery.isEnabled(), 88 true, true, true, combinedAuthorities); 89 } 90 91 public String getAuthoritiesByUsernameQuery() { 92 return authoritiesByUsernameQuery; 93 } 94 95 public void setAuthoritiesByUsernameQuery(String authoritiesByUsernameQuery) { 96 this.authoritiesByUsernameQuery = authoritiesByUsernameQuery; 97 } 98 99 public String getUsersByUsernameQuery() { 100 return usersByUsernameQuery; 101 } 102 103 public void setUsersByUsernameQuery(String usersByUsernameQuery) { 104 this.usersByUsernameQuery = usersByUsernameQuery; 105 } 106 107 108 109 }