Julywhj 2020-05-01
SpringSecurity和Shiro的区别:
简单来说,Shiro使用比较简单,但SpringSecurity的功能更加强大。Springsecurity是属于Spring家族的,与Spring框架整合的比较贴切,充分利用了Spring框架的一些特性,IOC,AOP等。
SSM项目整合SpringSecurity框架:
1,导入springsecurity环境
在health_parent父工程的pom.xml中导入Spring Security的maven坐标
<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${spring.security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${spring.security.version}</version> </dependency>
在health_web工程的web.xml文件中配置用于整合Spring Security框架的过滤器DelegatingFilterProxy
<!--委派过滤器,用于整合其他框架--> <filter> <!--整合spring security时,此过滤器的名称固定springSecurityFilterChain--> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
2, 实现认证和授权
在health_web工程中按照Spring Security框架要求提供SpringSecurityUserService,并且实现UserDetailsService接口。
package cn.ftf.service; import cn.ftf.pojo.Permission; import cn.ftf.pojo.Role; import cn.ftf.pojo.User; import com.alibaba.dubbo.config.annotation.Reference; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Component; import java.util.ArrayList; import java.util.List; import java.util.Set; @Component public class SpringSecurityUserService implements UserDetailsService { //通过dubbo通过网络来远程调用服务提供方 @Reference private UserService userService; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user=userService.findByUsername(username); if(user==null){ return null; } List<GrantedAuthority> list=new ArrayList<>(); //动态为当前用户授权 Set<Role> roles=user.getRoles(); if(!roles.isEmpty()){ for(Role role:roles){ list.add(new SimpleGrantedAuthority(role.getKeyword())); Set<Permission> permissions=role.getPermissions(); if(!permissions.isEmpty()) { for (Permission permission : permissions) { list.add(new SimpleGrantedAuthority(permission.getKeyword())); } } } } org.springframework.security.core.userdetails.User securityUser=new org.springframework.security.core.userdetails.User(username,user.getPassword(),list); return securityUser; } }
Service层和Dao层就不再展示,具体为根据user对象获取其权限标识。