如何使用SpringSecurity实现动态加载权限信息

(2)重写的support方法都返回true

@Configurationpublic class MyFilterInvocation implements FilterInvocationSecurityMetadataSource {     @Autowired    private MenuService menuService;     AntPathMatcher antPathMatcher = new AntPathMatcher();     @Override    public Collection getAttributes(Object object) throws IllegalArgumentException {        String requestUrl = ((FilterInvocation) object).getRequestUrl();        List menus = menuService.getMenusWithRoles();        //- 遍历数据库的url，看请求路径是否与其匹配        for (Menu menu : menus) {            //- 如果请求路径和数据库的路径匹配            if (antPathMatcher.match(menu.getUrl(),requestUrl)){                //- 访问该路径需要的角色                List roles = menu.getRoles();                String[] strs = new String[roles.size()];                for (int i = 0; i < roles.size(); i++) {                    strs[i] = roles.get(i).getName();                }                return SecurityConfig.createList(strs);            }        }        //- 如果请求路径和数据库的所有路径都不匹配，说明这个资源是登录后即可访问的        //- 用户登录即可访问,相当于在SecurityConfig中配置了.anyRequest().authenticated()        return SecurityConfig.createList("ROLE_LOGIN");    }     @Override    public Collection getAllConfigAttributes() {        return null;    }     @Override    public boolean supports(Class clazz) {        return true;    }}

③实现AccessDecisionManager类

重写的support方法都返回true

@Configurationpublic class MyDecisionManager implements AccessDecisionManager {      @Override    public void decide(Authentication authentication, Object object, Collection configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {        for (ConfigAttribute configAttribute : configAttributes) {            String needRole = configAttribute.getAttribute();            if ("ROLE_LOGIN".equals(needRole)) {                //- 用户登录即可访问,相当于在SecurityConfig中配置了.anyRequest().authenticated()                if (authentication instanceof AnonymousAuthenticationToken) {                    throw new AccessDeniedException("尚未登录，请先登录");                } else {                    return;                }            }                        Collection authorities = authentication.getAuthorities();            //这里我写的是只要访问该资源的用户具有`访问该资源所需要角色`的其中一个即可            for (GrantedAuthority authority : authorities) {                if (authority.getAuthority().equals(needRole)) {                    return;                }            }        }        throw new AccessDeniedException("权限不足，请联系管理员");    }     @Override    public boolean supports(ConfigAttribute attribute) {        return true;    }     @Override    public boolean supports(Class clazz) {        return true;    }}

④到SecurityConfig配置类中完成相应配置

@Autowired    private MyDecisionManager myDecisionManager;        @Autowired    private  MyFilterInvocation myFilterInvocation;      @Override    protected void configure(HttpSecurity http) throws Exception {        http.authorizeRequests()                .withObjectPostProcessor(new ObjectPostProcessor() {                    @Override                    public  O postProcess(O object) {                        object.setAccessDecisionManager(myDecisionManager);                        object.setSecurityMetadataSource(myFilterInvocation);                        return object;                    }                });             http.exceptionHandling().accessDeniedHandler(myAccessDeniedHandler());     }      @Bean    MyAccessDeniedHandler myAccessDeniedHandler(){        return new MyAccessDeniedHandler();    }

⑤可选，实现AccessDeniedHandler类

public class MyAccessDenied implements AccessDeniedHandler {     @Override    public void handle(HttpServletRequest req, HttpServletResponse resp, AccessDeniedException accessDeniedException) throws IOException, ServletException {        resp.setContentType("application/json;charset=utf-8");        PrintWriter pw = resp.getWriter();        pw.write(new ObjectMapper().writeValueAsString(RespBean.error("权限不够，请联系管理员")));        pw.flush();        pw.close();    }}

感谢你能够认真阅读完这篇文章，希望小编分享的"如何使用SpringSecurity实现动态加载权限信息"这篇文章对大家有帮助，同时也希望大家多多支持，关注行业资讯频道，更多相关知识等着你来学习!