- 什么是Spring Security
Spring Security是一个基于Spring框架提供的安全性解决方案,实现了通用的安全功能,例如身份验证、授权、加密等等。它提供了一组用于Web应用程序中的库和API,以便实现许多常见的安全场景,以及为自定义安全需求提供支持的扩展点。
- Spring Security中如何让上级拥有下级的所有权限
在Spring Security中实现让上级拥有下级的所有权限,可以通过以下步骤来实现:
- 自定义UserDetailsService并继承框架提供的JdbcDaoImpl
@Component
public class CustomUserDetailsService extends JdbcDaoImpl {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
List<UserDetails> users = loadUsersByUsername(username);
if (users.size() == 0) {
throw new UsernameNotFoundException("Username not found");
}
CustomUserDetails user = (CustomUserDetails) users.get(0);
Set<GrantedAuthority> authorities = new HashSet<>();
authorities.addAll(user.getAuthorities());
addLowerAuthorities(user, authorities);
List<GrantedAuthority> authoritiesList = new ArrayList<GrantedAuthority>(authorities);
user.setAuthorities(authoritiesList);
if (user.getPassword() == null) {
throw new UsernameNotFoundException("User password not found");
}
return user;
}
/**
* 递归授权
*
* @param user 用户实体
* @param authorities 权限集合
*/
private void addLowerAuthorities(CustomUserDetails user, Set<GrantedAuthority> authorities) {
List<LowerAuthority> lowerAuthorities = user.getLowerAuthorities();
for (LowerAuthority lowerAuthority : lowerAuthorities) {
authorities.add(new SimpleGrantedAuthority(lowerAuthority.getAuthorityName()));
addLowerAuthorities(lowerAuthority.getUser(), authorities); // 递归授权
}
}
}
- 自定义UserDetails实现,并继承User
public class CustomUserDetails extends User {
private List<LowerAuthority> lowerAuthorities;
public CustomUserDetails(String username, String password, Collection<? extends GrantedAuthority> authorities) {
super(username, password, authorities);
}
public CustomUserDetails(String username, String password, boolean enabled, boolean accountNonExpired,
boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
super(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities);
}
public List<LowerAuthority> getLowerAuthorities() {
return lowerAuthorities;
}
public void setLowerAuthorities(List<LowerAuthority> lowerAuthorities) {
this.lowerAuthorities = lowerAuthorities;
}
}
- 自定义LowerAuthority实现,用于实现上级和下级之间的关联
public class LowerAuthority {
private String authorityName;
private CustomUserDetails user;
public LowerAuthority(String authorityName, CustomUserDetails user) {
this.authorityName = authorityName;
this.user = user;
}
public String getAuthorityName() {
return authorityName;
}
public CustomUserDetails getUser() {
return user;
}
}
- 在WebSecurityConfigurerAdapter中指定UserDetailsService的实现
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private CustomUserDetailsService customUserDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(customUserDetailsService).passwordEncoder(passwordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin/**").hasRole("ADMIN")
.antMatchers("/user/**").hasRole("USER")
.and().formLogin().loginPage("/login").defaultSuccessUrl("/")
.and().logout().logoutUrl("/logout").logoutSuccessUrl("/login").invalidateHttpSession(true)
.and().csrf().disable();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
- 在数据库中存储相应的用户和权限信息
示例1:用户John有权限管理Amy和Adam,Adam有权限管理Jess
插入User表记录
| username | password | enabled |
|---|---|---|
| john | $2a$10$E1N/BB9fR0U1fw5/S5Dtq.8vslLMBfBMo6/3LX1UT9kPAZjAEewb2 | 1 |
| amy | $2a$10$MrL8/0LwP0TiEE3LHRMbwOQ2I9l.x91DtnrRvJ1o52ckHAESHPFja | 1 |
| adam | $2a$10$z2JAOzkddZTYOuNglmTuoeHeIKFEOhAQ8XZEDwYO/njAZ5Yo52yY. | 1 |
| jess | $2a$10$mWxJ9GluA8q8loY7Ct0zVelvtVfBFzKoz/GIzY3ViJBMHjOzo1onz | 1 |
插入Authorities表记录
| username | authority |
|---|---|
| john | ROLE_ADMIN |
| john | ROLE_USER |
| amy | ROLE_USER |
| amy | ROLE_AMY |
| adam | ROLE_USER |
| adam | ROLE_ADAM |
| adam | ROLE_JESS |
插入User_Lower_Authorities表记录
| username | authority |
|---|---|
| john | ROLE_AMY |
| john | ROLE_ADAM |
| adam | ROLE_JESS |
示例2:用户John是同级管理员,管理Amy和Adam
插入User表记录
| username | password | enabled |
|---|---|---|
| john | $2a$10$E1N/BB9fR0U1fw5/S5Dtq.8vslLMBfBMo6/3LX1UT9kPAZjAEewb2 | 1 |
| amy | $2a$10$MrL8/0LwP0TiEE3LHRMbwOQ2I9l.x91DtnrRvJ1o52ckHAESHPFja | 1 |
| adam | $2a$10$z2JAOzkddZTYOuNglmTuoeHeIKFEOhAQ8XZEDwYO/njAZ5Yo52yY. | 1 |
插入Authorities表记录
| username | authority |
|---|---|
| john | ROLE_ADMIN |
| john | ROLE_USER |
| amy | ROLE_USER |
| amy | ROLE_AMY |
| adam | ROLE_USER |
| adam | ROLE_ADAM |
插入User_Lower_Authorities表记录
| username | authority |
|---|---|
| john | ROLE_USER |
| john | ROLE_AMY |
| john | ROLE_ADAM |
- 总结
通过以上步骤,我们可以实现Spring Security中让上级拥有下级的所有权限递归授权。这种方式适合在多级管理员、多部门权限管理或针对特殊用户的权限管理中使用。
本站文章如无特殊说明,均为本站原创,如若转载,请注明出处:Spring Security 中如何让上级拥有下级的所有权限(案例分析) - Python技术站
微信扫一扫 
支付宝扫一扫 