泡泡SpringSecurity3.1【授权-注解使用】

在spring-mvc.xml中开启对权限控制注解的支持(有三种)

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="
       http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/context
       http://www.springframework.org/schema/context/spring-context.xsd
       http://www.springframework.org/schema/mvc
       http://www.springframework.org/schema/mvc/spring-mvc.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security.xsd
">

    <!--组件扫描-->
    <context:component-scan base-package="com.haifei.controller" />

    <!--注解驱动-->
    <mvc:annotation-driven />

    <!--
        开启权限控制注解支持
        jsr250-annotations="enabled" 表示支持jsr250-api的注解支持,需要jsr250-api的jar包
        pre-post-annotations="enabled" 表示支持Spring的表达式注解
        secured-annotations="enabled" 这个才是SpringSecurity提供的注解
     -->
    <security:global-method-security
            jsr250-annotations="enabled"
            pre-post-annotations="enabled"
            secured-annotations="enabled"
    />

</beans>
View Code

 

 

 


 

 

1 jsr250的使用

添加依赖

 

 

 控制器中通过注解@RoleAllowed设置

package com.haifei.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import javax.annotation.security.RolesAllowed;

@Controller
@RequestMapping("/user")
public class UserController {

    @RolesAllowed(value = {"ROLE_ADMIN"})
    @RequestMapping("/query")
    public String query(){
        System.out.println("用户查询。。。");
        return "/home.jsp";
    }

    @RolesAllowed(value = {"ROLE_USER"})
    @RequestMapping("/save")
    public String save(){
        System.out.println("用户添加。。。");
        return "/home.jsp";
    }

    @RequestMapping("/update")
    public String update(){
        System.out.println("用户更新。。。");
        return "/home.jsp";
    }

}
View Code

 

测试

登录

 

 

 

 

 

 

 无权限

 

 

 有权限

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 

2 Spring表达式的使用

package com.haifei.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import javax.annotation.security.RolesAllowed;

@Controller
@RequestMapping("/user2")
public class UserController2 {

    @PreAuthorize(value = "hasAnyRole('ROLE_ADMIN')")
    @RequestMapping("/query")
    public String query(){
        System.out.println("用户查询。。。");
        return "/home.jsp";
    }

    @PreAuthorize(value = "hasAnyRole('ROLE_USER')")
    @RequestMapping("/save")
    public String save(){
        System.out.println("用户添加。。。");
        return "/home.jsp";
    }

    @RequestMapping("/update")
    public String update(){
        System.out.println("用户更新。。。");
        return "/home.jsp";
    }

}
View Code

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 

3 SpringSecurity提供的注解

package com.haifei.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
@RequestMapping("/user3")
public class UserController3 {

    @Secured("ROLE_ADMIN")
    @RequestMapping("/query")
    public String query(){
        System.out.println("用户查询。。。");
        return "/home.jsp";
    }

    @Secured("ROLE_USER")
    @RequestMapping("/save")
    public String save(){
        System.out.println("用户添加。。。");
        return "/home.jsp";
    }

    @RequestMapping("/update")
    public String update(){
        System.out.println("用户更新。。。");
        return "/home.jsp";
    }

}
View Code

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


 

SpringSecurity异常处理

 

 

 

 

 

 

 

 

 

 

 

 

 

posted @ 2021-08-18 18:56  yub4by  阅读(56)  评论(0)    收藏  举报