本文共 1853 字,大约阅读时间需要 6 分钟。
Security是一个基于Spring安全访问控制解决方案的安全框架
代码如下:
/** * 多对多 用户可以有多个角色 */ private ListsysRoles = new ArrayList<>(); public List getSysRoles() { return sysRoles; } public void setSysRoles(List sysRoles) { this.sysRoles = sysRoles; }
@Service("sysUserService")@Transactional //事务注解public class SysUserServiceImpl implements SysUserService { @Autowired(required = false) private SysUserDao sysUserDao; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //根据username查询数据 SysUser sysUser = sysUserDao.findByName(username); if (sysUser != null) { //创建一个授权集合 Collection collection = new ArrayList<>(); //创建一个授权对象 //TODO 从sysUser中查询出所有角色 for (SysRole sysRole : sysUser.getSysRoles()) { GrantedAuthority grantedAuthority = new SimpleGrantedAuthority("ROLE_" + sysRole.getRolename()); collection.add(grantedAuthority); } User user = new User(sysUser.getUsername(), sysUser.getPassword(), collection); return user; } return null; }} dao层
public interface SysUserDao { /** * TODO 登录 * 根据用户名和状态查询一个 SysUser 对象 * * @param username * @return */ SysUser findByName(String username);} SysUserDao.xml
security.xml中的部分配置