edwin492
- 浏览: 112585 次
- 性别:
- 来自: 深圳
-
文章分类
最新评论
-
distinys:
Qkxh320 写道createmyidea 写道glorys ...
springsecurity3.0.5应用 -
Qkxh320:
createmyidea 写道glorysongglory 写 ...
springsecurity3.0.5应用 -
dafa1892:
非常感谢,把我的问题解决了。
maven编译文件路径设置 -
xumen:
我的后台传回来的Json是{"key":& ...
json时间格式转为ext -
xumen:
我的怎么没效果啊?ext3.4 gridpanel中..... ...
json时间格式转为ext
花了一些时间了解了一下springsecurity
SS配置主要包括如下:
*web.xml和spring中进行相应配置
*UserDetails
*创建过滤器
*用户权限获取
*资源权限获取
*决策类(依据上面两集合进行判断)
applicationContext-security.xml其中Bean的配置主要是应用注释,ss的spring配置都此文件中。
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"
default-lazy-init="true">
<!-- 国际化资源引入 -->
<bean id="messageSource"
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="classpath:i18nResources_zh_CN.properties" />
</bean>
<!-- 设置登录页面为login.jsp且不拦截页面login.jsp后面的*防止带了参数 -->
<s:http auto-config="true" access-denied-page="/denied.jsp">
<s:form-login login-page="/login.jsp" default-target-url="/index.jsp" authentication-failure-url="/login.jsp"/>
<s:intercept-url pattern="/login.jsp*" filters="none" />
<!-- session失效 -->
<s:session-management invalid-session-url="/invalid.jsp" />
<!-- 自定义过滤器 -->
<s:custom-filter ref="customFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
</s:http>
<bean id="customFilter" class="com.sc.ss.security.CustomFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="accessDecisionManager"/>
<property name="securityMetadataSource" ref="securityMetadataSource"/>
</bean>
<!-- 认证md5加密密码(原密码加盐值进行加密) -->
<s:authentication-manager alias="authenticationManager">
<s:authentication-provider user-service-ref="userDetailManager">
<s:password-encoder hash="md5">
<s:salt-source user-property="username"/>
</s:password-encoder>
</s:authentication-provider>
</s:authentication-manager>
</beans>
applicationContext.xml配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.5.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<!--
当使用<context:component-scan base-package="com.cc" />时,
就无需使用<context:annotation-config />, 因为<context:component-scan
base-package="com.cc" /> 会开始<context:annotation-config />里面包含的处理器
-->
<context:annotation-config />
<!-- 自动查找配置的bean -->
<context:component-scan base-package="com.sc.ss" />
<!-- **********引入hibernate的配置属性文件************ -->
<bean id="extendedPropertyPlaceholderConfigurer"
class="com.scommon.util.properties.ExtendedPropertyPlaceholderConfigurer">
<property name="locations">
<list>
<value>classpath:hibernate.properties</value>
<value>classpath:global.properties</value>
</list>
</property>
</bean>
<!--
****************************************数据源***************************************************************
-->
<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource"
destroy-method="close">
<!-- 指定连接数据库的驱动 -->
<property name="driverClass" value="${driver_class}" />
<!-- 指定连接数据库的URL -->
<!--
&zeroDateTimeBehavior=convertToNull是为了避免因数据库中为date类型的数据为0000-00-00,
若为此值hibernate会报错‘Cannot convert value '0000-00-00 00:00:00' from
column 1 to TIMESTAMP’
-->
<property name="jdbcUrl" value="${url}" />
<!-- 指定连接数据库的用户名 -->
<property name="user" value="${username}" />
<!-- 指定连接数据库的密码 -->
<property name="password" value="${password}" />
<!-- 指定连接数据库连接池的最大连接数 -->
<property name="maxPoolSize" value="${maxPoolSize}" />
<!-- 指定连接数据库连接池的最小连接数 -->
<property name="minPoolSize" value="${minPoolSize}" />
<!-- 指定连接数据库连接池的初始化连接数 -->
<property name="initialPoolSize" value="${initialPoolSize}" />
<!-- 指定连接数据库连接池的连接的最大空闲时间 -->
<property name="maxIdleTime" value="${maxIdleTime}" />
<property name="idleConnectionTestPeriod" value="${idleConnectionTestPeriod}" />
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
<property name="dataSource">
<ref bean="dataSource" />
</property>
<!-- 自动搜索包里面的实体类 -->
<property name="packagesToScan">
<list>
<value>com.sc.ss.model</value>
</list>
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">${dialect}</prop>
<prop key="hibernate.show_sql">${show_sql}</prop>
<prop key="hibernate.format_sql">${format_sql}</prop>
<prop key="hibernate.hbm2ddl.auto">${auto}</prop>
</props>
</property>
</bean>
<!-- 配置事务 begin -->
<bean id="txManager"
class="org.springframework.orm.hibernate3.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory" />
</bean>
<bean id="txJDBCManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource" ref="dataSource" />
</bean>
<tx:advice id="txAdvice" transaction-manager="txManager">
<tx:attributes>
<tx:method name="*" propagation="REQUIRED" />
</tx:attributes>
</tx:advice>
<tx:advice id="txJDBCAdvice" transaction-manager="txJDBCManager">
<tx:attributes>
<tx:method name="*" propagation="REQUIRED" />
</tx:attributes>
</tx:advice>
<aop:config>
<aop:pointcut id="bussinessService"
expression="execution(public * com.sc.ss.service.*.*(..))" />
<aop:advisor pointcut-ref="bussinessService" advice-ref="txAdvice" />
</aop:config>
<aop:config>
<aop:pointcut expression="execution(public * com.sc.ss.security.*.*(..))"
id="jdbcBussinessService" />
<aop:advisor pointcut-ref="jdbcBussinessService"
advice-ref="txJDBCAdvice" />
</aop:config>
<!-- 配置事务 end -->
</beans>
web.xml文件:
<!-- ss3过滤器链 --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern> /* </url-pattern> </filter-mapping>
sql文件:
DROP TABLE IF EXISTS `authorities`;
CREATE TABLE `authorities` (
`id` varchar(32) COLLATE utf8_bin NOT NULL,
`name` varchar(20) COLLATE utf8_bin NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
/*Data for the table `authorities` */
insert into `authorities`(`id`,`name`) values ('1312869365835e2baaac768e4c079c14','发贴'),('13128693bb8a5e2baaac768e4c057d23','进入系统'),('13128693bb8a5e2baaac768e4c079c14','删帖');
/*Table structure for table `authorities_resources` */
DROP TABLE IF EXISTS `authorities_resources`;
CREATE TABLE `authorities_resources` (
`id` varchar(32) COLLATE utf8_bin NOT NULL,
`authorities` varchar(32) COLLATE utf8_bin DEFAULT NULL,
`resource` varchar(32) COLLATE utf8_bin DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `FK401C1687DEFE40` (`authorities`),
KEY `FK401C168771EB41B1` (`resource`),
CONSTRAINT `FK401C168771EB41B1` FOREIGN KEY (`resource`) REFERENCES `resources` (`id`),
CONSTRAINT `FK401C1687DEFE40` FOREIGN KEY (`authorities`) REFERENCES `authorities` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
/*Data for the table `authorities_resources` */
insert into `authorities_resources`(`id`,`authorities`,`resource`) values ('1312869365835e2baabbaaeeec079c14','1312869365835e2baaac768e4c079c14','1312869365835e2baaacaaae4c079c14'),('13128693bb8b3e2bacdc768e4c057d23','13128693bb8a5e2baaac768e4c057d23','13128abcbb8bbe55abac768e4c079c14'),('13128abcbb8aaa2daaac768e4c079c14','13128693bb8a5e2baaac768e4c079c14','13128abcbb8a5e23aaac768e4c079c14');
/*Table structure for table `resources` */
DROP TABLE IF EXISTS `resources`;
CREATE TABLE `resources` (
`id` varchar(32) COLLATE utf8_bin NOT NULL,
`describle` varchar(255) COLLATE utf8_bin DEFAULT NULL,
`enabled` int(11) DEFAULT NULL,
`name` varchar(32) COLLATE utf8_bin NOT NULL,
`url` varchar(20) COLLATE utf8_bin NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
/*Data for the table `resources` */
insert into `resources`(`id`,`describle`,`enabled`,`name`,`url`) values ('1312869365835e2baaacaaae4c079c14',NULL,1,'发贴','/post.action'),('13128abcbb8a5e23aaac768e4c079c14',NULL,1,'删帖','/delete.action'),('13128abcbb8bbe55abac768e4c079c14',NULL,1,'进入系统','/index.jsp');
/*Table structure for table `role_authorities` */
DROP TABLE IF EXISTS `role_authorities`;
CREATE TABLE `role_authorities` (
`id` varchar(32) COLLATE utf8_bin NOT NULL,
`authorities` varchar(32) COLLATE utf8_bin DEFAULT NULL,
`role` varchar(32) COLLATE utf8_bin DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `FKD255F0D8DEFE40` (`authorities`),
KEY `FKD255F0D8A8FA3DB1` (`role`),
CONSTRAINT `FKD255F0D8A8FA3DB1` FOREIGN KEY (`role`) REFERENCES `roles` (`id`),
CONSTRAINT `FKD255F0D8DEFE40` FOREIGN KEY (`authorities`) REFERENCES `authorities` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
/*Data for the table `role_authorities` */
insert into `role_authorities`(`id`,`authorities`,`role`) values ('13128633253bbaab9c3c768e4c079c14','1312869365835e2baaac768e4c079c14','1312863325335e1b9c3c768e4c079c14'),('1312869363835e2babcd768e4c079c14','13128693bb8a5e2baaac768e4c079c14','1312863325335e1b9c3c768e4c079c14'),('1312869365835e2b4cab76834c079c45','1312869365835e2baaac768e4c079c14','1312869365835e2b4c3c768e4c079c14'),('13128693bb8a5e2baaac768ejcab7d23','13128693bb8a5e2baaac768e4c057d23','1312869365835e2b4c3c768e4c079c14'),('13128693ew8a5e2maaac768e4c057d23','13128693bb8a5e2baaac768e4c057d23','1312863325335e1b9c3c768e4c079c14');
/*Table structure for table `roles` */
DROP TABLE IF EXISTS `roles`;
CREATE TABLE `roles` (
`id` varchar(32) COLLATE utf8_bin NOT NULL,
`name` varchar(30) COLLATE utf8_bin NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
/*Data for the table `roles` */
insert into `roles`(`id`,`name`) values ('1312863325335e1b9c3c768e4c079c14','管理员'),('1312869365835e2b4c3c768e4c079c14','普通用户');
/*Table structure for table `user_roles` */
DROP TABLE IF EXISTS `user_roles`;
CREATE TABLE `user_roles` (
`id` varchar(32) COLLATE utf8_bin NOT NULL,
`role` varchar(32) COLLATE utf8_bin DEFAULT NULL,
`user` varchar(32) COLLATE utf8_bin DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `FK73429949A8FA3DB1` (`role`),
KEY `FK73429949A927A851` (`user`),
CONSTRAINT `FK73429949A927A851` FOREIGN KEY (`user`) REFERENCES `users` (`id`),
CONSTRAINT `FK73429949A8FA3DB1` FOREIGN KEY (`role`) REFERENCES `roles` (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
/*Data for the table `user_roles` */
insert into `user_roles`(`id`,`role`,`user`) values ('1312863323335a1b9b3c768s4c079c14','1312869365835e2b4c3c768e4c079c14','1312869365235e1b9c4c768e4c079c15'),('1312869365835e2b4c3c263e4a079c22','1312863325335e1b9c3c768e4c079c14','1312869365235e1b9c3c768e4c079c14');
/*Table structure for table `users` */
DROP TABLE IF EXISTS `users`;
CREATE TABLE `users` (
`id` varchar(32) COLLATE utf8_bin NOT NULL,
`enabled` int(11) NOT NULL,
`password` varchar(50) COLLATE utf8_bin NOT NULL,
`username` varchar(20) COLLATE utf8_bin NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin;
/*Data for the table `users` */
insert into `users`(`id`,`enabled`,`password`,`username`) values ('1312869365235e1b9c3c768e4c079c14',1,'ceb4f32325eda6142bd65215f4c0f371','admin'),('1312869365235e1b9c4c768e4c079c15',1,'47a733d60998c719cf3526ae7d106d13','user');
/* ClassName:AccessDecisionManager
* Function: 决策类
* 当请求访问时,判断用户是否具有访问所需的所有权限
* @author sux
* @version 1.0, 2011-8-17
* @since ss31.0
*/
@Component("accessDecisionManager")
public class AccessDecisionManager implements org.springframework.security.access.AccessDecisionManager{
org.apache.commons.logging.Log log = LogFactory.getLog(AccessDecisionManager.class);
/**
* authentication用户认证后 存有用户的所有权限
* configAttributes访问所需要的权限
* 若无权则抛出异常
*/
public void decide(Authentication authentication, Object arg1, Collection<ConfigAttribute> configAttributes)
throws AccessDeniedException, InsufficientAuthenticationException {
if(null == configAttributes){
return;
}
for(ConfigAttribute configAttribute : configAttributes){
for(GrantedAuthority gAuthority : authentication.getAuthorities()){
log.info("conf="+configAttribute.getAttribute()+" auth="+gAuthority.getAuthority());
if(configAttribute.getAttribute().trim().equals(gAuthority.getAuthority().trim())){
return;
}
}
}
//无权限抛出拒绝异常
throw new AccessDeniedException("");
}
public boolean supports(ConfigAttribute arg0) {
return true;
}
public boolean supports(Class<?> arg0) {
return true;
}
}
/**
* ClassName:CustomFilter
* Function: TODO ADD FUNCTION
*
* @author sux
* @version 1.0, 2011-8-16
* @since ss31.0
*/
public class CustomFilter extends AbstractSecurityInterceptor implements Filter{
private FilterInvocationSecurityMetadataSource securityMetadataSource;
@Override
public Class<? extends Object> getSecureObjectClass() {
return FilterInvocation.class;
}
@Override
public SecurityMetadataSource obtainSecurityMetadataSource() {
return this.securityMetadataSource;
}
public void destroy() {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
ServletException {
FilterInvocation fi = new FilterInvocation(request, response, chain);
InterceptorStatusToken token = super.beforeInvocation(fi);
try{
fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
}finally{
super.afterInvocation(token, null);
}
}
public void init(FilterConfig arg0) throws ServletException {
}
public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() {
return securityMetadataSource;
}
public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource securityMetadataSource) {
this.securityMetadataSource = securityMetadataSource;
}
}
/**
* ClassName:SecurityMetadataSource
* Function: 资源与权限建立管理
* 在服务器启动时就加载所有访问URL所需的权限,存入resourceMap集合中。
* Spring在设置完一个bean所有的合作者后,会检查bean是否实现了InitializingBean接口,
* 如果实现就调用bean的afterPropertiesSet方法。 但这样便造成bean和spring的耦合,
* 最好用init-method
* @author sux
* @version 1.0, 2011-8-17
* @since ss31.0
*/
@Component("securityMetadataSource")
public class SecurityMetadataSource implements FilterInvocationSecurityMetadataSource, InitializingBean{
org.apache.commons.logging.Log log = LogFactory.getLog(SecurityMetadataSource.class);
private UrlMatcher urlMatcher = new AntUrlPathMatcher();
private Map<String, Collection<ConfigAttribute>> resourceMap = null;
private AuthoritiesDao authoritiesDao;
private ResourcesDao resourcesDao;
/**
* 构造方法中建立请求url(key)与权限(value)的关系集合
*/
public void afterPropertiesSet() throws Exception {
//查询出所有资源
List<String> urls = resourcesDao.findAllUrl();
Collection<ConfigAttribute> cAttributes = null;
resourceMap = new HashMap<String, Collection<ConfigAttribute>>();
for(String url : urls){
List<String> auths = authoritiesDao.findNameByUrl(url);
if(resourceMap.containsKey(url)){
cAttributes = resourceMap.get(url);
}else{
cAttributes = new ArrayList<ConfigAttribute>();
}
for(String auth : auths){
ConfigAttribute ca = new SecurityConfig(auth);
cAttributes.add(ca);
}
resourceMap.put(url, cAttributes);
}
log.info(resourceMap);
}
public Collection<ConfigAttribute> getAllConfigAttributes() {
return null;
}
/**
* 根据请求的url从集合中查询出所需权限
*/
public Collection<ConfigAttribute> getAttributes(Object arg0) throws IllegalArgumentException {
String url = ((FilterInvocation) arg0).getRequestUrl();
log.info("request url is "+url);
int position = url.indexOf("?");
if(-1 != position){
url = url.substring(0, position);
}
Iterator<String> it = resourceMap.keySet().iterator();
while(it.hasNext()){
//判断两地址是否相同
if(urlMatcher.pathMatchesUrl(url, it.next())){
log.info(resourceMap.get(url));
return resourceMap.get(url);
}
}
return null;
}
/**
* 返回false则报错
* SecurityMetadataSource does not support secure object class:
* class org.springframework.security.web.FilterInvocation
*/
public boolean supports(Class<?> arg0) {
return true;
}
public AuthoritiesDao getAuthoritiesDao() {
return authoritiesDao;
}
@Resource
public void setAuthoritiesDao(AuthoritiesDao authoritiesDao) {
this.authoritiesDao = authoritiesDao;
}
public ResourcesDao getResourcesDao() {
return resourcesDao;
}
@Resource
public void setResourcesDao(ResourcesDao resourcesDao) {
this.resourcesDao = resourcesDao;
}
}
/**
* ClassName:UserDetailManager
* Function: 查询出用户所具有的权限等信息并进行封装得到UserDetails
*
* @author sux
* @version 1.0, 2011-8-16
* @since ss31.0
*/
@Component("userDetailManager")
public class UserDetailManager implements UserDetailsService {
org.apache.commons.logging.Log log = LogFactory.getLog(UserDetailManager.class);
private UsersDao usersDao;
private AuthoritiesDao authoritiesDao;
/**
* 根据用户名取得及权限等信息
*/
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException {
Users user = usersDao.findByUsername(username);
List<String> authoritiesNames = authoritiesDao.findNameByUsername(username);
log.info(authoritiesNames);
List<GrantedAuthority> gAuthoritys = new ArrayList<GrantedAuthority>();
for (String authoritiesName : authoritiesNames) {
GrantedAuthorityImpl gai = new GrantedAuthorityImpl(authoritiesName);
gAuthoritys.add(gai);
}
return new CustomUserDetails(user.getPassword(), user.getUsername(), true, true, true, true, gAuthoritys);
}
public UsersDao getUsersDao() {
return usersDao;
}
@Resource
public void setUsersDao(UsersDao usersDao) {
this.usersDao = usersDao;
}
public AuthoritiesDao getAuthoritiesDao() {
return authoritiesDao;
}
@Resource
public void setAuthoritiesDao(AuthoritiesDao authoritiesDao) {
this.authoritiesDao = authoritiesDao;
}
}
/**
* ClassName:UserDetails
* Function:创建UserDetails的实现类,本质为用户详细信息的一个载体
* 在实现类中可以进一步扩展属性
*
* @author sux
* @version 1.0, 2011-8-16
* @since ss31.0
*/
public class CustomUserDetails implements UserDetails {
private Collection<GrantedAuthority> authorities;
private String password;
private String username;
private boolean accountNonExpired;
private boolean accountNonLocked;
private boolean credentialsNonExpired;
private boolean enabled;
public CustomUserDetails(String password, String username, boolean accountNonExpired, boolean accountNonLocked,
boolean credentialsNonExpired, boolean enabled, List<GrantedAuthority> gAuthoritys) {
this.password = password;
this.username = username;
this.accountNonExpired = accountNonExpired;
this.accountNonLocked = accountNonLocked;
this.credentialsNonExpired = credentialsNonExpired;
this.enabled = enabled;
this.authorities = gAuthoritys;
}
public Collection<GrantedAuthority> getAuthorities() {
return this.authorities;
}
public String getPassword() {
return this.password;
}
public String getUsername() {
return this.username;
}
public boolean isAccountNonExpired() {
return this.accountNonExpired;
}
public boolean isAccountNonLocked() {
return this.accountNonLocked;
}
public boolean isCredentialsNonExpired() {
return this.credentialsNonExpired;
}
public boolean isEnabled() {
return this.enabled;
}
}
DaoClass:
@Repository("authoritiesDao")
public class AuthoritiesDaoImpl extends BaseDao<Authorities> implements AuthoritiesDao {
public List<String> findNameByUsername(String username) {
String sql = "SELECT a.name FROM users u, user_roles ur, roles r, role_authorities ra, authorities a WHERE u.username = ? AND u.id = ur.user AND r.id = ur.role AND r.id = ra.role AND a.id = ra.authorities";
List<String> authoritiesNames = super.findBySQL(sql, username);
return authoritiesNames;
}
public List<String> findNameByUrl(String url) {
String sql = "select a.name from authorities a, authorities_resources ar, resources r "
+ "where r.url = ? and r.id = ar.resource and a.id = ar.authorities";
return super.findBySQL(sql, url);
}
}
login.jsp:
<html>
<head>
<base href="<%=basePath%>">
<title>login</title>
</head>
其中name和action都是固定的
<body>
${sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message }
<form method="post" action="j_spring_security_check">
username: <input type="text" name="j_username"/><br/>
password: <input type="password" name="j_password"/><br/>
<input type="submit" value="submit"/>
</form>
</body>
</html>
index.jsp:
<body> index.jsp <a href="post.action">post</a> <a href="delete.action">delete</a> </body>
编辑器中不知道为什么不能输入中文了?
从上面的SQL脚本可知post.action和delete.action作为资源保存在资源表中,user具有post权限但没有,delete权限,而admin两者都有。在点击超链接时请求的地址就会进入创建的过滤器中,通过决策类判断用户是否有权限进行访问,无权限是跳转到denied.jsp页面。
- ss3.rar (55.3 KB)
- 下载次数: 94
- SpringSecurity3.0.pdf (1.1 MB)
- 下载次数: 69
- springsecurity3x.pdf (1.3 MB)
- 下载次数: 80
分享到:
评论
8 楼
distinys
2015-08-25
Qkxh320 写道
createmyidea 写道
glorysongglory 写道
AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation
楼主遇到过这样的错误吗,小弟好长时间无法解决,求指导!
楼主遇到过这样的错误吗,小弟好长时间无法解决,求指导!
我也遇到了这个错误,后面发现可能和决策器里面的supports函数有关,默认返回false,改成返回true之后就能启动了,哦 还有给资源授权的那个类里面的supports函数也返回true就可以了
正解,还没弄清流程,看的头大也没看出来!thanks
正解...搞定了...
7 楼
Qkxh320
2014-04-29
createmyidea 写道
glorysongglory 写道
AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation
楼主遇到过这样的错误吗,小弟好长时间无法解决,求指导!
楼主遇到过这样的错误吗,小弟好长时间无法解决,求指导!
我也遇到了这个错误,后面发现可能和决策器里面的supports函数有关,默认返回false,改成返回true之后就能启动了,哦 还有给资源授权的那个类里面的supports函数也返回true就可以了
正解,还没弄清流程,看的头大也没看出来!thanks
6 楼
socialfist
2013-03-19
在学习中,感谢楼主分享
5 楼
createmyidea
2012-08-08
glorysongglory 写道
AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation
楼主遇到过这样的错误吗,小弟好长时间无法解决,求指导!
楼主遇到过这样的错误吗,小弟好长时间无法解决,求指导!
我也遇到了这个错误,后面发现可能和决策器里面的supports函数有关,默认返回false,改成返回true之后就能启动了,哦 还有给资源授权的那个类里面的supports函数也返回true就可以了
4 楼
orochijk
2012-07-20
感谢楼主分享 最近正在加紧时间学这个呢 呵呵
3 楼
1586810868
2012-07-03
感谢楼主
2 楼
glorysongglory
2012-06-02
AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation
楼主遇到过这样的错误吗,小弟好长时间无法解决,求指导!
楼主遇到过这样的错误吗,小弟好长时间无法解决,求指导!
1 楼
低低D
2011-10-21
不错~~~资料我收下了~~谢谢发表评论
-
adfasdf
2014-06-18 12:19 0阿斯蒂芬 -
sh配置lob
2012-03-08 21:22 1038spring+hibernate中配置对oracle的 ... -
spring源码学习
2011-07-21 21:56 997Jar包org.springframewrork.bea ... -
ss整合问题
2010-06-06 12:25 945ss整合问题 初次弄这个就弄了半天。。。。。以下是问题的一些 ... -
struts2.0上传拦截器不起作用
2010-10-22 20:01 1276刚在实用了struts2.0的上传,发现其上传成功,但发现虽然 ... -
EL小数保留位数
2010-10-26 20:59 1614<%@tagliburi="http: ... -
log4j相对路径的配置
2010-10-26 23:36 1239对于下面的方法3没有细看,我用的是listener,设置 ... -
Line: 209 - com/opensymphony/xwork2/spring/SpringO
2011-01-09 22:21 1337启动服务器时出现异常:警告: Failed startu ... -
No result defined for action and result
2011-01-09 23:00 1136No result defined for action an ... -
hibernate方法
2011-01-16 17:01 831clear() 清除Session中缓存的所有对象,并 ... -
SSH三大框架整合需要的JAR包简介
2011-05-11 12:54 1432转:http://www.blogjava.net/weish ... -
基于Ext+S2SH的企业人力资源管理系统
2011-06-18 23:46 1857前些时间写的一个简单的企业人力资源管理系统,前台用到ExtJs ...
相关推荐
NULL 博文链接:https://junjun16818.iteye.com/blog/1109094
spring security 3.0.5中文详解 跟着解说一步一步的做,你将有很大的收获
spring-security源码 spring-security源码
spring-security-3.0.5帮助文档 spring-security-3.0.5帮助文档 spring-security-3.0.5帮助文档
springsecurity3.0.5简单例子 当用firefox访问时产生的临时cookie,在下次访问中还存在的话,获取的session还是原来的session(user验证信息不变),如果把那个临时cookie删除的话,则springsecuriyt生成新的session...
spring-security-3.0.5.RELEASE
Spring Security为基于J2EE企业应用软件提供了全面安全服务。 特别是使用领先的J2EE解决方案-spring框架开发的企业软件项目。 如果你没有使用Spring开发企业软件,我们热情的推荐你仔细研究一下。 熟悉Spring-尤其是...
spring security3.0.5 安全 配置手册
spring-3.0.5最全jar包
Spring Framework 3.0.5_API英文 chm 格式方便查询和携带
org.springframework.aop-3.0.5.RELEASE.jar,org.springframework.asm-3.0.5.RELEASE.jar,org.springframework.aspects-3.0.5.RELEASE.jar,org.springframework.beans-3.0.5.RELEASE.jar,org.springframework....
spring-security-3.0.5.RELEASE 版本的官方下载
包含spring 3.0.5的所有jar文件: org.springframework.aop-3.0.5.RELEASE.jar org.springframework.asm-3.0.5.RELEASE.jar org.springframework.aspects-3.0.5.RELEASE.jar org.springframework.beans-3.0.5.RELEASE...
Spring MVC 3.0.5+Spring 3.0.5+MyBatis3.0.4全注解实例详解
Spring3.0.5帮助文档 Spring3.0.5帮助文档 Spring3.0.5帮助文档
spring-framework-3.0.5.reference官方开发文档 spring-framework-3.0.5官方开发文档 spring-3.0.5官方开发文档
spring security3.0.5的5个jar包,分别为: spring-security-acl-3.0.5.RELEASE.jar spring-security-config-3.0.5.RELEASE.jar spring-security-core-3.0.5.RELEASE.jar spring-security-taglibs-3.0.5.RELEASE...