资源认证器package com.onionbbs.security;import java.util.Collection;
import java.util.Iterator;import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
public class GamersAccessDecisionManager implements AccessDecisionManager { public void decide(Authentication authentication, Object object,
Collection<ConfigAttribute> configAttributes)
throws AccessDeniedException, InsufficientAuthenticationException { if(configAttributes == null){
return ;
}
System.out.println("Object:"+object.toString());
Iterator<ConfigAttribute> ite=configAttributes.iterator();
while(ite.hasNext()){
ConfigAttribute ca=ite.next();
//怎么这里输出这个是ROLE_ANONYMOUS
System.out.println(authentication.getAuthorities());
String needRole=((SecurityConfig)ca).getAttribute();
for(GrantedAuthority ga:authentication.getAuthorities()){
if(needRole.equals(ga.getAuthority())){
return;
}
}
} throw new AccessDeniedException("no right");
}
public boolean supports(ConfigAttribute attribute){
return true;
}
public boolean supports(Class<?> clazz) {
return true;
}
}自定义的一个拦截器package com.onionbbs.security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.AntUrlPathMatcher;
import org.springframework.security.web.util.UrlMatcher;import com.OnionEntertainment.Security.Service.SecurityResourceServiceImp;
import com.onionbbs.model.Resources;
import com.onionbbs.model.Role;
public class InvocationSecurityMetadataSource
implements FilterInvocationSecurityMetadataSource { private UrlMatcher urlMatcher = new AntUrlPathMatcher();;
private static Map<String, Collection<ConfigAttribute>> resourceMap = null;
private SecurityResourceServiceImp securityResourceService;
public void setSecurityResourceService(
SecurityResourceServiceImp securityResourceService) {
this.securityResourceService = securityResourceService;
}
public void loadResourceDefine() {
resourceMap = new HashMap<String, Collection<ConfigAttribute>>(); for(Resources item:securityResourceService.getAllResources()){
resourceMap.put(item.getUrl(), listRoleToCollection(item.getRole()));
}
}
public Collection<ConfigAttribute> listRoleToCollection(Set<Role> set){
List<ConfigAttribute> list=new ArrayList<ConfigAttribute>();
for(Role role:set){
System.out.println("=================================="+role.getName()+"==============");
list.add(new SecurityConfig(role.getName()));
}
return list;
} public Collection<ConfigAttribute> getAttributes(Object object)
throws IllegalArgumentException {
String url = ((FilterInvocation)object).getRequestUrl();
Iterator<String> ite = resourceMap.keySet().iterator();
while (ite.hasNext()) {
String resURL = ite.next();
if (urlMatcher.pathMatchesUrl(url, resURL)) {
return resourceMap.get(resURL);
}
}
return null;
} public boolean supports(Class<?> clazz) {
return true;
}
public Collection<ConfigAttribute> getAllConfigAttributes() {
return null;
}}获得用户和权限package com.onionbbs.security;import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Set;import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;import com.OnionEntertainment.Security.Service.SecurityUserServiceImp;
import com.onionbbs.model.Role;
import com.onionbbs.model.UserTable;public class UserDetailService implements UserDetailsService{
private SecurityUserServiceImp securityUserService; public void setSecurityUserService(SecurityUserServiceImp securityUserService) {
this.securityUserService = securityUserService;
} public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
List<UserTable> usertable=securityUserService.getuser(username);
UserTable usertab=new UserTable();
usertab.setId(usertable.get(0).getId());
usertab.setNickname(usertable.get(0).getNickname());
usertab.setUsername(username);
usertab.setEnabled(usertable.get(0).getEnabled());
usertab.setRoles(usertable.get(0).getRoles()); User user = new User(username,
"robin", true, true, true, true, listRoleToCollection(usertable.get(0).getRoles()));
return user; }
public Collection<GrantedAuthority> listRoleToCollection(Set<Role> set){
List<GrantedAuthority> list=new ArrayList<GrantedAuthority>();
for(Role role:set){
System.out.println(role.getName());
list.add(new GrantedAuthorityImpl(role.getName()));
}
return list;
}}把资源查询出来package com.onionbbs.security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.AntUrlPathMatcher;
import org.springframework.security.web.util.UrlMatcher;import com.OnionEntertainment.Security.Service.SecurityResourceServiceImp;
import com.onionbbs.model.Resources;
import com.onionbbs.model.Role;
public class InvocationSecurityMetadataSource
implements FilterInvocationSecurityMetadataSource { private UrlMatcher urlMatcher = new AntUrlPathMatcher();;
private static Map<String, Collection<ConfigAttribute>> resourceMap = null;
private SecurityResourceServiceImp securityResourceService;
public void setSecurityResourceService(
SecurityResourceServiceImp securityResourceService) {
this.securityResourceService = securityResourceService;
}
public void loadResourceDefine() {
resourceMap = new HashMap<String, Collection<ConfigAttribute>>(); for(Resources item:securityResourceService.getAllResources()){
resourceMap.put(item.getUrl(), listRoleToCollection(item.getRole()));
}
}
public Collection<ConfigAttribute> listRoleToCollection(Set<Role> set){
List<ConfigAttribute> list=new ArrayList<ConfigAttribute>();
for(Role role:set){
System.out.println("=================================="+role.getName()+"==============");
list.add(new SecurityConfig(role.getName()));
}
return list;
} public Collection<ConfigAttribute> getAttributes(Object object)
throws IllegalArgumentException {
String url = ((FilterInvocation)object).getRequestUrl();
Iterator<String> ite = resourceMap.keySet().iterator();
while (ite.hasNext()) {
String resURL = ite.next();
if (urlMatcher.pathMatchesUrl(url, resURL)) {
return resourceMap.get(resURL);
}
}
return null;
} public boolean supports(Class<?> clazz) {
return true;
}
public Collection<ConfigAttribute> getAllConfigAttributes() {
return null;
}}
import java.util.Iterator;import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
public class GamersAccessDecisionManager implements AccessDecisionManager { public void decide(Authentication authentication, Object object,
Collection<ConfigAttribute> configAttributes)
throws AccessDeniedException, InsufficientAuthenticationException { if(configAttributes == null){
return ;
}
System.out.println("Object:"+object.toString());
Iterator<ConfigAttribute> ite=configAttributes.iterator();
while(ite.hasNext()){
ConfigAttribute ca=ite.next();
//怎么这里输出这个是ROLE_ANONYMOUS
System.out.println(authentication.getAuthorities());
String needRole=((SecurityConfig)ca).getAttribute();
for(GrantedAuthority ga:authentication.getAuthorities()){
if(needRole.equals(ga.getAuthority())){
return;
}
}
} throw new AccessDeniedException("no right");
}
public boolean supports(ConfigAttribute attribute){
return true;
}
public boolean supports(Class<?> clazz) {
return true;
}
}自定义的一个拦截器package com.onionbbs.security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.AntUrlPathMatcher;
import org.springframework.security.web.util.UrlMatcher;import com.OnionEntertainment.Security.Service.SecurityResourceServiceImp;
import com.onionbbs.model.Resources;
import com.onionbbs.model.Role;
public class InvocationSecurityMetadataSource
implements FilterInvocationSecurityMetadataSource { private UrlMatcher urlMatcher = new AntUrlPathMatcher();;
private static Map<String, Collection<ConfigAttribute>> resourceMap = null;
private SecurityResourceServiceImp securityResourceService;
public void setSecurityResourceService(
SecurityResourceServiceImp securityResourceService) {
this.securityResourceService = securityResourceService;
}
public void loadResourceDefine() {
resourceMap = new HashMap<String, Collection<ConfigAttribute>>(); for(Resources item:securityResourceService.getAllResources()){
resourceMap.put(item.getUrl(), listRoleToCollection(item.getRole()));
}
}
public Collection<ConfigAttribute> listRoleToCollection(Set<Role> set){
List<ConfigAttribute> list=new ArrayList<ConfigAttribute>();
for(Role role:set){
System.out.println("=================================="+role.getName()+"==============");
list.add(new SecurityConfig(role.getName()));
}
return list;
} public Collection<ConfigAttribute> getAttributes(Object object)
throws IllegalArgumentException {
String url = ((FilterInvocation)object).getRequestUrl();
Iterator<String> ite = resourceMap.keySet().iterator();
while (ite.hasNext()) {
String resURL = ite.next();
if (urlMatcher.pathMatchesUrl(url, resURL)) {
return resourceMap.get(resURL);
}
}
return null;
} public boolean supports(Class<?> clazz) {
return true;
}
public Collection<ConfigAttribute> getAllConfigAttributes() {
return null;
}}获得用户和权限package com.onionbbs.security;import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Set;import org.springframework.dao.DataAccessException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;import com.OnionEntertainment.Security.Service.SecurityUserServiceImp;
import com.onionbbs.model.Role;
import com.onionbbs.model.UserTable;public class UserDetailService implements UserDetailsService{
private SecurityUserServiceImp securityUserService; public void setSecurityUserService(SecurityUserServiceImp securityUserService) {
this.securityUserService = securityUserService;
} public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
List<UserTable> usertable=securityUserService.getuser(username);
UserTable usertab=new UserTable();
usertab.setId(usertable.get(0).getId());
usertab.setNickname(usertable.get(0).getNickname());
usertab.setUsername(username);
usertab.setEnabled(usertable.get(0).getEnabled());
usertab.setRoles(usertable.get(0).getRoles()); User user = new User(username,
"robin", true, true, true, true, listRoleToCollection(usertable.get(0).getRoles()));
return user; }
public Collection<GrantedAuthority> listRoleToCollection(Set<Role> set){
List<GrantedAuthority> list=new ArrayList<GrantedAuthority>();
for(Role role:set){
System.out.println(role.getName());
list.add(new GrantedAuthorityImpl(role.getName()));
}
return list;
}}把资源查询出来package com.onionbbs.security;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.AntUrlPathMatcher;
import org.springframework.security.web.util.UrlMatcher;import com.OnionEntertainment.Security.Service.SecurityResourceServiceImp;
import com.onionbbs.model.Resources;
import com.onionbbs.model.Role;
public class InvocationSecurityMetadataSource
implements FilterInvocationSecurityMetadataSource { private UrlMatcher urlMatcher = new AntUrlPathMatcher();;
private static Map<String, Collection<ConfigAttribute>> resourceMap = null;
private SecurityResourceServiceImp securityResourceService;
public void setSecurityResourceService(
SecurityResourceServiceImp securityResourceService) {
this.securityResourceService = securityResourceService;
}
public void loadResourceDefine() {
resourceMap = new HashMap<String, Collection<ConfigAttribute>>(); for(Resources item:securityResourceService.getAllResources()){
resourceMap.put(item.getUrl(), listRoleToCollection(item.getRole()));
}
}
public Collection<ConfigAttribute> listRoleToCollection(Set<Role> set){
List<ConfigAttribute> list=new ArrayList<ConfigAttribute>();
for(Role role:set){
System.out.println("=================================="+role.getName()+"==============");
list.add(new SecurityConfig(role.getName()));
}
return list;
} public Collection<ConfigAttribute> getAttributes(Object object)
throws IllegalArgumentException {
String url = ((FilterInvocation)object).getRequestUrl();
Iterator<String> ite = resourceMap.keySet().iterator();
while (ite.hasNext()) {
String resURL = ite.next();
if (urlMatcher.pathMatchesUrl(url, resURL)) {
return resourceMap.get(resURL);
}
}
return null;
} public boolean supports(Class<?> clazz) {
return true;
}
public Collection<ConfigAttribute> getAllConfigAttributes() {
return null;
}}
在自定义的拦截器里面我输出了role.getName()是==================================ROLE_USER==============
高手们能详细说说吗?我真的搞不懂了,初弄security出了好多问题了。只能发30分的帖子。全部分送上。
Time: 2011-01-10 00:59:39,281
Method: org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:191)
Message: Secure object: FilterInvocation: URL: /index.jsp; Attributes: [ROLE_USER] Level: DEBUG
Time: 2011-01-10 00:59:39,281
Method: org.springframework.security.access.intercept.AbstractSecurityInterceptor.authenticateIfRequired(AbstractSecurityInterceptor.java:292)
Message: Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
Object:FilterInvocation: URL: /index.jsp
[ROLE_ANONYMOUS]
验证的时候出的信息
System.out.println(authentication.getAuthorities());这个在资源认证器里面
"robin", true, true, true, true, listRoleToCollection(usertable.get(0).getRoles()));