SpringSecurity和Shiro的区别:
简单来说,Shiro使用比较简单,但SpringSecurity的功能更加强大。Springsecurity是属于Spring家族的,与Spring框架整合的比较贴切,充分利用了Spring框架的一些特性,IOC,AOP等。
SSM项目整合SpringSecurity框架:
1,导入springsecurity环境
在health_parent父工程的pom.xml中导入Spring Security的maven坐标
1 <dependency>
2 <groupId>org.springframework.security</groupId>
3 <artifactId>spring-security-web</artifactId>
4 <version>${spring.security.version}</version>
5 </dependency>
6 <dependency>
7 <groupId>org.springframework.security</groupId>
8 <artifactId>spring-security-config</artifactId>
9 <version>${spring.security.version}</version>
10 </dependency>
在health_web工程的web.xml文件中配置用于整合Spring Security框架的过滤器DelegatingFilterProxy
1 <!--委派过滤器,用于整合其他框架-->
2 <filter>
3 <!--整合spring security时,此过滤器的名称固定springSecurityFilterChain-->
4 <filter-name>springSecurityFilterChain</filter-name>
5 <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
6 </filter>
7 <filter-mapping>
8 <filter-name>springSecurityFilterChain</filter-name>
9 <url-pattern>/*</url-pattern>
10 </filter-mapping>
2,
1 package cn.ftf.service;
2
3 import cn.ftf.pojo.Permission;
4 import cn.ftf.pojo.Role;
5 import cn.ftf.pojo.User;
6 import com.alibaba.dubbo.config.annotation.Reference;
7 import org.springframework.security.core.GrantedAuthority;
8 import org.springframework.security.core.authority.SimpleGrantedAuthority;
9 import org.springframework.security.core.userdetails.UserDetails;
10 import org.springframework.security.core.userdetails.UserDetailsService;
11 import org.springframework.security.core.userdetails.UsernameNotFoundException;
12 import org.springframework.stereotype.Component;
13
14 import java.util.ArrayList;
15 import java.util.List;
16 import java.util.Set;
17
18 @Component
19 public class SpringSecurityUserService implements UserDetailsService {
20 //通过dubbo通过网络来远程调用服务提供方
21 @Reference
22 private UserService userService;
23 @Override
24 public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
25 User user=userService.findByUsername(username);
26 if(user==null){
27 return null;
28 }
29 List<GrantedAuthority> list=new ArrayList<>();
30
31 //动态为当前用户授权
32 Set<Role> roles=user.getRoles();
33 if(!roles.isEmpty()){
34 for(Role role:roles){
35 list.add(new SimpleGrantedAuthority(role.getKeyword()));
36 Set<Permission> permissions=role.getPermissions();
37 if(!permissions.isEmpty()) {
38 for (Permission permission : permissions) {
39 list.add(new SimpleGrantedAuthority(permission.getKeyword()));
40 }
41 }
42 }
43 }
44
45 org.springframework.security.core.userdetails.User securityUser=new org.springframework.security.core.userdetails.User(username,user.getPassword(),list);
46 return securityUser;
47 }
48 }
Service层和Dao层就不再展示,具体为根据user对象获取其权限标识。