Spring security settings for different user rights

Project Right-click-myeclipse-facet-install Spring facet-

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/7A/wKiom1UuUSLzXhhkAAGe6_cgVd8704.jpg "title=" 1.PNG " alt= "Wkiom1uuuslzxhhkaage6_cgvd8704.jpg"/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/6B/7A/wKiom1UuUTmAX0XOAALl_03JpoQ920.jpg "title=" 2.PNG " alt= "Wkiom1uuutmax0xoaall_03jpoq920.jpg"/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/6B/75/wKioL1UuUqCCbKINAALZOdRvhgs748.jpg "title=" 3.PNG " alt= "Wkiol1uuuqccbkinaalzodrvhgs748.jpg"/>

Finish,spring Security's jar package is added to the project. (The Spring+hibernate environment is already configured.)

To configure Spring security:

Xml:

<?xml version= "1.0"  encoding= "UTF-8"? ><web-app xmlns:xsi= "http://www.w3.org/2001/ Xmlschema-instance " xmlns=" Http://java.sun.com/xml/ns/javaee " xmlns:web=" http://java.sun.com/xml/ns/ Javaee/web-app_2_5.xsd " xsi:schemalocation=" http://java.sun.com/xml/ns/javaee http://java.sun.com/ Xml/ns/javaee/web-app_3_0.xsd " version=" 3.0 ">  <display-name>springsecurity2</ Display-name>  <listener>    <listener-class> Org.springframework.web.context.contextloaderlistener</listener-class>  </listener>   <context-param>    <param-name>contextconfiglocation</ param-name>    <param-value>classpath:*.xml</param-value>  </ context-param>          <filter>               <filter-name>springsecurityfilterchain</filter-name>               <filter-class> org.springframework.web.filter.delegatingfilterproxy</filter-class>           </filter>                 <filter-mapping>               <filter-name>springSecurityFilterChain</filter-name>               <url-pattern>/*</url-pattern >          </filter-mapping>     </web-app>

Applicationcontext.xml:

<?xml version= "1.0"  encoding= "UTF-8"? ><beans xmlns= "http://www.springframework.org/ Schema/beans "xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance "xmlns:aop=" http://www.springframework.org/ Schema/aop "xmlns:c=" http://www.springframework.org/schema/c "xmlns:cache=" Http://www.springframework.org/schema /cache "xmlns:context=" Http://www.springframework.org/schema/context "xmlns:jdbc=" http://www.springframework.org /schema/jdbc "xmlns:jee=" Http://www.springframework.org/schema/jee "xmlns:jms=" http://www.springframework.org/ SCHEMA/JMS "xmlns:lang=" Http://www.springframework.org/schema/lang "xmlns:mvc=" http://www.springframework.org/ Schema/mvc "xmlns:oxm=" HTTP://WWW.SPRINGFRAMEWORK.ORG/SCHEMA/OXM "xmlns:p=" Http://www.springframework.org/schema /P "xmlns:task=" Http://www.springframework.org/schema/task "xmlns:tx=" Http://www.springframework.org/schema/tx " Xmlns:util= "Http://www.springframework.org/schema/util" xsi:schemalocation= "http://www.springframework.org/ schema/beans http://www.springframework.org/schema/beans/spring-beans.xsdhttp://www.springframework.org/schema/aop http:// www.springframework.org/schema/aop/spring-aop-3.1.xsdhttp://www.springframework.org/schema/cache http:// www.springframework.org/schema/cache/spring-cache-3.1.xsdhttp://www.springframework.org/schema/context  Http://www.springframework.org/schema/context/spring-context-3.1.xsdhttp://www.springframework.org/schema/jdbc  http://www.springframework.org/schema/jdbc/spring-jdbc-3.1.xsdhttp://www.springframework.org/schema/jee  http://www.springframework.org/schema/jee/spring-jee-3.1.xsdhttp://www.springframework.org/schema/jms  http://www.springframework.org/schema/jms/spring-jms-3.1.xsdhttp://www.springframework.org/schema/lang  http://www.springframework.org/schema/lang/spring-lang-3.1.xsdhttp://www.springframework.org/schema/mvc  http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsdhttp://www.springframework.org/schema/oxm  http://www.springframework.org/schema/oxm/spring-oxm-3.1.xsdhttp://www.springframework.org/schema/task http:// www.springframework.org/schema/task/spring-task-3.1.xsdhttp://www.springframework.org/schema/tx http:// www.springframework.org/schema/tx/spring-tx-3.1.xsdhttp://www.springframework.org/schema/util http:// Www.springframework.org/schema/util/spring-util-3.1.xsd ><!--  Configure data sources  --><!--  Import resource files  --><context:property-placeholder location= "Classpath:db.properties"/><bean id= " DataSource " class=" Org.springframework.jdbc.datasource.DriverManagerDataSource "><!-- class=" Org.springframework.jdbc.datasource.DriverManagerDataSource " --><property name=" username "  value= "${jdbc.user}" ></property><property name= "password"  value= "${jdbc.password}" ></property><property name= "url"  value= "${jdbc.jdbcurl}" ></property>< Property name= "Driverclassname"  value="${jdbc.driverclass}" ></property></bean><bean id= "Sessionfactory" class= " Org.springframework.orm.hibernate4.LocalSessionFactoryBean "><property name=" DataSource "><ref  bean= "DataSource"  /></property><property name= "Hibernateproperties" ><props ><prop key= "Hibernate.dialect" >org.hibernate.dialect.MySQLDialect</prop></props>< /property><property name= "Mappingresources" ><list><value>com/template/security/ role.hbm.xml</value><value>com/template/security/authority.hbm.xml</value><value>com/ Template/security/user.hbm.xml</value></list></property></bean><bean id= " TransactionManager "class=" Org.springframework.orm.hibernate4.HibernateTransactionManager "><property  name= "Sessionfactory"  ref= "Sessionfactory"  /></bean><tx:annotation-driven  Transaction-manager= "TransactionManager"  /></beans> 

Security.xml:

<?xml version= "1.0"  encoding= "UTF-8"? ><beans xmlns= "http://www.springframework.org/ Schema/beans "xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance "xmlns:security="/HTTP/ Www.springframework.org/schema/security "xsi:schemalocation=" http://www.springframework.org/schema/beans  Http://www.springframework.org/schema/beans/spring-beans.xsdhttp://www.springframework.org/schema/security  http://www.springframework.org/schema/security/spring-security-3.1.xsd "><import resource=" Applicationcontext.xml "/><security:http use-expressions=" true "><security:intercept-url  Pattern= "/**"  access= "hasrole (' role_admin ')"  requires-channel= "http"/><security:form-login/ ><security:remember-me/></security:http><security:authentication-manager><security: authentication-provider><security:jdbc-user-service data-source-ref= "DataSource" Users-by-username-query= "select username,password,enabled As status from user where username=? " Authorities-by-username-query= "Select u.username,r.name as authority from user u  join authority a on a.userid=u.id join role r on r.id= A.roleid where u.username=? " /></security:authentication-provider></security:authentication-manager></beans>

Define users, roles, permissions in the system three entities, a user can have multiple roles, a role can be owned by multiple users, so the user and the role is a many-to-many relationship, for easy to understand, here to add a third entity permissions, as the user and role of the intermediary entities, Split the many-to-many relationship between users and roles into two one-to-many relationships. Such a user corresponds to multiple permissions, a permission corresponds to a user, and a role corresponds to multiple permissions, and a permission corresponds to a role.

User.java:

package com.template.security;import java.util.list;public class user {private  integer id;      private string username;       private String password;      private Boolean  enabled;        private list<authority> authorities;         public user ()  {      } Public integer getid ()  {return id;} Public void setid (Integer id)  {this.id = id;} Public string getusername ()  {return username;} Public void setusername (String username)  {this.username = username;} Public string getpassword ()  {return password;} Public void setpassword (String password)  {this.password = passworD;} Public boolean getenabled ()  {return enabled;} Public void setenabled (boolean enabled)  {this.enabled = enabled;} Public list<authority> getauthorities ()  {return authorities;} Public void setauthorities (list<authority> authorities)  {this.authorities =  authorities;}           }

User.hbm.xml:

<?xml version= "1.0"  encoding= "Utf-8"? ><! doctype hibernate-mapping public  "-//hibernate/hibernate mapping dtd 3.0//en" " Http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd "><!--     Mapping  File autogenerated by myeclipse persistence tools-->
Role.java:
Package Com.template.security;public class Role {private Integer ID;        private String name; Public Role () {}public Integer getId () {return ID;} public void SetId (Integer id) {this.id = ID;} Public String GetName () {return name;}          public void SetName (String name) {this.name = name;} }
Role.hbm.xml:
<?xml version= "1.0"  encoding= "Utf-8"? ><! doctype hibernate-mapping public  "-//hibernate/hibernate mapping dtd 3.0//en" " Http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd "><!--     Mapping  File autogenerated by myeclipse persistence tools-->
Authority.java:
Package Com.template.security;public class Authority {private Integer ID;      private user user;        private role role; Public authority () {}public Integer getId () {return ID;} public void SetId (Integer id) {this.id = ID;} Public User GetUser () {return user;} public void SetUser (user user) {this.user = user;} Public role Getrole () {return role;}          public void Setrole (role role) {this.role = role;} }
Authority.hbm.xml:
<?xml version= "1.0"  encoding= "Utf-8"? ><! doctype hibernate-mapping public  "-//hibernate/hibernate mapping dtd 3.0//en" " Http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd "><!--     Mapping  File autogenerated by myeclipse persistence tools-->
Db.property:
jdbc.user=rootjdbc.password=rootjdbc.driverclass=com.mysql.jdbc.driverjdbc.jdbcurl=jdbc:mysql://localhost:3306 /spring_security# ...

Spring security settings for different user rights