"Org.springframework.security:spring-security-web:4.1.0.release",
"Org.springframework.security:spring-security-taglibs:4.1.0.release",
"Org.springframework.security:spring-security-config:4.1.0.release"
Configure Framework-spring-security.xml
Referencing other dependent configuration files in Framework-spring-mvc.xml
<!--database XML--
<import resource= "Dbcp-spring-framework.xml" ></import>
<!--spring-security XML--
<import resource= "Framework-spring-security.xml" ></import>
<beans:beans xmlns= "http://www.springframework.org/schema/security" xmlns:beans= "Http://www.springframework.org/schema/beans" xmlns:p= "/http/ www.springframework.org/schema/p " xmlns:xsi=" Http://www.w3.org/2001/XMLSchema-instance " xmlns:context= "Http://www.springframework.org/schema/context" xsi:schemalocation= "http://www.springframework.org/schema/beans /HTTP www.springframework.org/schema/beans/spring-beans.xsd /HTTP www.springframework.org/schema/context http://www.springframework.org/schema/ context/spring-context.xsd http://www.springframework.org/schema/security Http://www.springframework.org/schema/security/spring-security.xsd ">& nbsp; <context:component-scan base-package= "com.framework.security"/> <!--
3. Writing the Custom UserdetailsservicePackage Com.framework.security;import Org.apache.commons.logging.log;import Org.apache.commons.logging.LogFactory ; Import Org.springframework.context.support.messagesourceaccessor;import Org.springframework.dao.dataaccessexception;import Org.springframework.security.core.grantedauthority;import Org.springframework.security.core.springsecuritymessagesource;import Org.springframework.security.core.authority.authorityutils;import Org.springframework.security.core.authority.simplegrantedauthority;import Org.springframework.security.core.userdetails.userdetails;import Org.springframework.security.core.userdetails.userdetailsservice;import Org.springframework.security.core.userdetails.usernamenotfoundexception;import Org.springframework.security.provisioning.jdbcuserdetailsmanager;import Org.springframework.security.web.authentication.usernamepasswordauthenticationfilter;import Org.springframework.security.web.authentication.www.basicauthenticationfilter;import Org.springframework.stereotype.Service;import Org.springframework.transaction.annotation.transactional;import Javax.annotation.Resource;import java.util.*;/**** * @author Tzz * @ Function Description * @date 2016/5/3 * Modified by modification time ****/@Service @transactional (rollbackfor=exce Ption.class) public class Userdetailsserviceimpl implements Userdetailsservice {@Resource Customuserdao customuserd Ao Jdbcuserdetailsmanager K; Private map<string, userinfo> usermap = null; Protected final Log logger = Logfactory.getlog (GetClass ()); Protected final Messagesourceaccessor messages = Springsecuritymessagesource. Getaccessor (); Private String usersbyusernamequery = "Select Account,pwd,stat,salt,id,company_id,name,login_stat,login_date, Login_ IP from user_account WHERE account =? "; Private String authoritiesbyusernamequery = "Select Name,power_code from vw_user_power WHERE account_id =?"; Public Userdetailsserviceimpl () {UserMap = new hashmap<> (); } public Userdetails LoadusErbyusername (String username) throws Usernamenotfoundexception, DataAccessException {/*securitycontexth Older.getcontext (). Getauthentication (). GetName (); * * list<userdetails> users = Loadusersbyuser Name (username); if (users.size () = = 0) {logger.debug ("Query returned no results for user '" + username + "'"); throw new Usernamenotfoundexception (Messages.getmessage ("Jdbcdaoimpl.notfound", new object[] {Usernam e}, "Username {0} not found")); } UserInfo user = (UserInfo) users.get (0); set<grantedauthority> dbauthsset = new hashset<> (); Dbauthsset.addall (Loaduserauthorities (User.getid ())); Dbauthsset.add (New Simplegrantedauthority ("role_static")); list<grantedauthority> dbauths = new arraylist<> (dbauthsset); if (dbauths.size () = = 0) {logger.debug ("User" + username + "' has nO authorities and would be treated as ' not found ' "); throw new Usernamenotfoundexception (Messages.getmessage ("Jdbcdaoimpl.noauthority", new object[] {User Name}, "User {0} has no grantedauthority"); } return Createuserdetails (username,user,dbauths); return user; } protected Userdetails Createuserdetails (String username, UserInfo userfrom UserQuery, list<grantedauthority> combinedauthorities) {String returnusername = Userfromuserquery.getusernam E (); UserInfo user = new UserInfo (Returnusername,userfromuserquery.getpassword (), userfromuserquery.isenabled (), True, True, True, combinedauthorities); User.setid (Userfromuserquery.getid ()); User.setcompanyid (Userfromuserquery.getcompanyid ()); User.setname (Userfromuserquery.getname ()); User.setloginstat (Userfromuserquery.getloginstat ()); User.setlogindate (Userfromuserquery.getlogindate ()); User.setloginip (Userfromuserquery.getloginip ()); User.setsalt (Userfromuserquery.getsalt ()); return user; }/** * Loads authorities by executing the SQL from * <TT>GROUPAUTHORITIESBYUSERNAMEQUERY</TT>. * * @return A list of Grantedauthority objects for the user */protected list<grantedauthority> Loaduse rauthorities (int userId) {try {return customuserdao.queryforlist (This.authoritiesbyusernamequery, New object[] {userId}, (Rs,rownum), {String roleName = Getroleprefix () + RS . getString (2); return new simplegrantedauthority (RoleName); }); } catch (Exception e) {e.printstacktrace (); } return null; } public String Getroleprefix () {return ' role_ '; }/** * Loads authorities by executing the SQL from <tt>authoritiesbYusernamequery</tt>. * * @return A list of Grantedauthority objects for the user */protected list<userdetails> Loadusersbyuse Rname (String username) {try {return customuserdao.queryforlist (this.usersbyusernamequery, new object[] {username}, (RS, RowNum), {String username1 = rs.getstring (1); String Password = rs.getstring (2); Boolean enabled = Rs.getboolean (3); UserInfo user = new UserInfo (username1, password, enabled, True, True, true, Authorityutils . no_authorities); User.setsalt (Rs.getstring (4)); User.setid (Rs.getint (5)); User.setcompanyid (Rs.getint (6)); User.setname (rs.getstring (7)); User.setloginstat (Rs.getint (8)); User.setlogindate (Rs.getlong (9)); User.setloginip (rs.getstring (10)); return user; } ); } catch (Exception e) {e.printstacktrace (); } return null; }}
Spring Security is used when debugging
Basicauthenticationfilter
Usernamepasswordauthenticationfilter
Basicauthenticationfilter
Messagedigestpasswordencoder.ispasswordvalidPackage Com.framework.security;import Com.framework.db.basedao;import org.springframework.stereotype.repository;@ Repository ("Customuserdao") public class Customuserdao extends Basedao {public Customuserdao () {super (Object.class);}}
@Repository ("Basedao") public class Basedao<t> implements basedaoimp<t> {Logger Log1 = Loggerfactory.getlogger (Basedao.class); @Resource (name= "JdbcTemplate") Private JdbcTemplate Jdbctemplate;public JdbcTemplate getjdbctemplate () {return this.jdbctemplate;} Private class<t> Entityclass; Public Basedao () {}public Basedao (class<t> entityclass) { this.entityclass = Entityclass; } @Override <span style= "White-space:pre" ></span>public <T1> list<t1> queryforlist (String sql, Object[] args, rowmapper<t1> rowmapper) throws DataAccessException {<span style= "White-space:pre" ></ Span>return jdbctemplate.query (SQL, args,rowmapper); <span style= "White-space:pre" ></SPAN>}
Customizing UserInfo objects
package Com.framework.security;import Org.springframework.security.core.grantedauthority;import Org.springframework.security.core.userdetails.user;import java.util.collection;/**** * @author Tzz * @ Function Description * @date 2016 /5/3 * Modified Person modification Time Change Description ****/public class UserInfo extends User {private int id; private int companyid;//company private int loginsystemid = 0;//Current login system ID private String name;//user name private int logi nstat;//Login Status 1: Login 2: Private string loginip;//logon IP private long logindate;//logon time private string salt;//salt value field Public UserInfo (string Username, string password, collection<? extends grantedauthority> authorities) {Supe R (username, password, authorities); Public UserInfo (string Username, string password, Boolean enabled, Boolean accountnonexpired,
Boolean credentialsnonexpired, Boolean accountnonlocked, collection<? Extends grantedauthority> authorities) {Super (username, password, enabled, accountnonexpired, Credentialsnonexp Ired, accountnonlocked, authorities); } public String GetSalt () {return salt; The public void Setsalt (String salt) {this.salt = salt; } public int getId () {return id; } public void setId (int id) {this.id = ID; } public int Getcompanyid () {return companyid; } public void Setcompanyid (int companyid) {This.companyid = CompanyID; } public int Getloginsystemid () {return loginsystemid; } public void Setloginsystemid (int loginsystemid) {this.loginsystemid = Loginsystemid; } public String GetName () {return name; } public void SetName (String name) {this.name = name; } public int Getloginstat () {return loginstat; } public void Setloginstat (int loginStat) {this.loginstat = Loginstat; } public String Getloginip () {return loginip; } public void Setloginip (String loginip) {this.loginip = Loginip; } public Long Getlogindate () {return logindate; } public void Setlogindate (long logindate) {this.logindate = logindate; }}
Spring Security 4.X XML configuration, draft records