Package com.lanyuan.security

Source Code of com.lanyuan.security.MyUserDetailServiceImpl

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
package com.lanyuan.security;

import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

import com.lanyuan.dao.ResourcesDao;
import com.lanyuan.dao.UserDao;
import com.lanyuan.entity.Resources;

/**
* User userdetail该类实现 UserDetails 接口,该类在验证成功后会被保存在当前回话的principal对象中
*
* 获得对象的方式:
* WebUserDetails webUserDetails = (WebUserDetails)SecurityContextHolder.getContext().getAuthentication().getPrincipal();
*
* 或在JSP中:
* <sec:authentication property="principal.username"/>
*
* 如果需要包括用户的其他属性,可以实现 UserDetails 接口中增加相应属性即可
* 权限验证类
* @author lanyuan
* 2013-11-19
* @Email: mmm333zzz520@163.com
* @version 1.0v
*/
@Service
public class MyUserDetailServiceImpl implements UserDetailsService {
 
  @Autowired
  private UserDao userDao;
  @Autowired
  private ResourcesDao resourcesDao ;
  // 登录验证
  public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//    System.err.println("-----------MyUserDetailServiceImpl loadUserByUsername ----------- ");
   
    //取得用户的权限
    com.lanyuan.entity.User users = userDao.querySingleUser(username);
    if  (users==null
            throw new UsernameNotFoundException(username+" not exist!")
    Collection<GrantedAuthority> grantedAuths = obtionGrantedAuthorities(users);
    // 封装成spring security的user
    User userdetail = new User(
        users.getUserName(),
        users.getUserPassword(),
        true,
        true,
        true,
        true,
        grantedAuths  //用户的权限
      );
    return userdetail;
  }

  // 取得用户的权限
  private Set<GrantedAuthority> obtionGrantedAuthorities(com.lanyuan.entity.User user) {
    List<Resources> resources = resourcesDao.getUserResources(String.valueOf(user.getUserId()));
    Set<GrantedAuthority> authSet = new HashSet<GrantedAuthority>();
    for (Resources res : resources) {
      // TODO:ZZQ 用户可以访问的资源名称(或者说用户所拥有的权限) 注意:必须"ROLE_"开头
      // 关联代码:applicationContext-security.xml
      // 关联代码:com.huaxin.security.MySecurityMetadataSource#loadResourceDefine
      authSet.add(new SimpleGrantedAuthority("ROLE_" + res.getResKey()));
    }
    return authSet;
  }
}
TOP

Related Classes of com.lanyuan.security.MyUserDetailServiceImpl

  • org.springframework.security.core.authority.SimpleGrantedAuthority
  • org.springframework.security.core.userdetails.User
  • org.springframework.security.core.userdetails.UsernameNotFoundException
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.