Springsecurity 3.2 Getting Started (10) Customizing permissions control authentication and authorization process

The code implementation of the previous chapter still has some problems, such as the role table, the use of the permission table is not reflected, but has been able to complete the URL interception function, the following will continue to improve the authentication and authorization process.

The process of certification and authorization is as follows:

1, the container starts, the Myinvocationsecuritymetadatasourceservice class executes the Loadresourcedefine () method, extracts all the resources in the database, and the resource URL as the key, and the resource identifier as the value To form the data of the map structure.

2, the user sends the request, if the request is set does not intercept the attribute, then the Mysecurityfilter class executes the Dofilter () method, intercepts the request.

3. Call the GetAttributes (Object object) method of the Myinvocationsecuritymetadatasourceservice class to obtain the permissions (Resource identification) required to access the request.

4. Then call the Myaccessdecisionmanager class's decide () method to verify that the user has access rights. If one is passed, none prompts for access to the resource without permission. If you are not logged in at this time, jump to the login page.

5, when logging in, Myusernamepasswordauthenticationfilter class executes Attemptauthentication () method, obtains the attestation.

6, after the successful login, call the Myuserdetailsservice class of the Loaduserbyusername () method to obtain a userdetail entity, the role of the method to authorize the user.

7, repeat 2, 3, 4 steps to intercept access requests.

Springsecurity 3.2 Getting Started (10) Customizing permissions control authentication and authorization process