引用
http://lym6520.iteye.com/blog/275868
对spring security用来作用权限做个记录
lym6520在测试的项目上引进了spring security 基于名称空间配置的安全架构,遇到一个问题,请指教下!
配置代码如下:
<?xml version="1.0" encoding="UTF-8"?>
<!--
- 基于名称空间配置
-->
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<global-method-security secured-annotations="enabled">
</global-method-security>
<http access-denied-page="/error.jsp" session-fixation-protection="newSession" auto-config="true" path-type="ant" ><!--session-fixation-protection属性可以防止session固定攻击 -->
<!-- 权限入口的顺序十分重要,注意必须把特殊的URL权限写在一般的URL权限之前。 -->
<intercept-url pattern="/acegiTest.do" access="ROLE_SUPERVISOR"/>
<intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_REMEMBERED" />
<intercept-url pattern="/role1.jsp" access="ROLE_USER_1"/>
<intercept-url pattern="/role2.jsp" access="ROLE_USER_2"/>
<intercept-url pattern="/role3.jsp" access="ROLE_USER_3"/>
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!--
x509认证
<x509 />
-->
<!-- All of this is unnecessary if auto-config="true"
<form-login />
<anonymous />
<http-basic />
<logout />
<remember-me /> -->
<form-login login-page="/login.jsp" default-target-url="/index.jsp" authentication-failure-url="/login.jsp?login_error=1" />
<anonymous key="cookie_key" username="ananoymous" granted-authority="IS_AUTHENTICATED_ANONYMOUSLY"/>
<logout invalidate-session="true" />
<!-- session并发控制
<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/>
-->
<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="false" /><!-- exception-if-maximum-exceeded="true" 第二次登入失效 -->
</http>
<authentication-provider >
<password-encoder hash="md5"/><!-- 密码md5加密 -->
<jdbc-user-service data-source-ref="f3CenterDS"
users-by-username-query="select name as 'username',password,'true' from users where name = ?"
authorities-by-username-query="select name as 'username',authorities as 'authority' from authentication where name =?"
/>
</authentication-provider>
</beans:beans>
在代码中
authorities-by-username-query="select name as 'username',authorities as 'authority' from authentication where name =?"
,如果数据库里分配多个权限给用户的话,用户登入系统就不能正常使用(不能访问),倘若只分配一个权限则可以正常访问,还请指教一二!!!
网友回答
如果lym6520把<jdbc-user-service/>放在缓存中,则不会出现这样的问题了!
如下
<user-service>
<user name="user" password="123" authorities="ROLE_SUPERVISOR, ROLE_USER_1"/>
</user-service>