Spring Security Access Role តាមរយៈ Annotation

ក្នុងការបង្កើត Spring Project វាមានច្រើនវិធីសាស្រ្តក្នុងការបង្កើត និង​ configuration។ គេអាច បង្កើត Spring តាមរយៈ Dynamic Web Project ហើយបម្លែងទៅជា Maven ឬបង្កើតជា Maven តែម្តង ឬ តាម Spring Project ។ បន្តិចទៀតនេះ នឹងមានការបង្ហាញពី ការបែងចែក សិទ្ធរបស់អ្នកប្រើប្រាស់ម្នាក់ៗ ដោយការពារលើ URL។
៙តម្រូវការ
  • Spring 3.2.8.RELEASE
  • Spring Security 3.2.3.RELEASE
  • JSTL 1.2
  • JDK 1.7
  • Tomcat 8.x
  • STS 3.7.0
៙រចនាសម្ពន្ធ័ធ្វើរួចរាល់


៙pom.xml
 <properties>
  <org.springframework-version>3.2.8.RELEASE</org.springframework-version>
  <spring.security.version>3.2.3.RELEASE</spring.security.version>
  <jstl.version>1.2</jstl.version>
 </properties>]
 <dependencies>
  <!-- Spring -->
  <dependency>
   <groupId>org.springframework</groupId>
   <artifactId>spring-context</artifactId>
   <version>${org.springframework-version}</version>
  </dependency>
  <dependency>
   <groupId>org.springframework</groupId>
   <artifactId>spring-webmvc</artifactId>
   <version>${org.springframework-version}</version>
  </dependency>
  
  <!-- Spring Security -->
  <dependency>
   <groupId>org.springframework.security</groupId>
   <artifactId>spring-security-web</artifactId>
   <version>${spring.security.version}</version>
  </dependency>

  <dependency>
   <groupId>org.springframework.security</groupId>
   <artifactId>spring-security-config</artifactId>
   <version>${spring.security.version}</version>
  </dependency>

  <!-- jstl for jsp page -->
  <dependency>
   <groupId>jstl</groupId>
   <artifactId>jstl</artifactId>
   <version>${jstl.version}</version>
  </dependency>
        
 </dependencies>

៙web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

 <!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
 <context-param>
  <param-name>contextConfigLocation</param-name>
  <param-value>/WEB-INF/spring/root-context.xml</param-value>
 </context-param>
 
 <!-- Creates the Spring Container shared by all Servlets and Filters -->
 <!-- <listener>
  <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
 </listener> -->
 <!-- ContextLoader no here in SecurityInit class was load -->
 <!-- Processes application requests -->
 <servlet>
  <servlet-name>appServlet</servlet-name>
  <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
  <init-param>
   <param-name>contextConfigLocation</param-name>
   <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
 </servlet>
  
 <servlet-mapping>
  <servlet-name>appServlet</servlet-name>
  <url-pattern>/</url-pattern>
 </servlet-mapping>
</web-app>

៙SecurityConfig.java|package com.heng.config
package com.heng.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
 @Autowired
 public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
   auth.inMemoryAuthentication().withUser("vary").password("123456").roles("USER");
   auth.inMemoryAuthentication().withUser("admin").password("123456").roles("ADMIN");
   auth.inMemoryAuthentication().withUser("dba").password("123456").roles("DBA");
 }

 @Override
 protected void configure(HttpSecurity http) throws Exception {

   http.authorizeRequests()
  .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')  or hasRole('ROLE_DBA')")
  .antMatchers("/dba/**").access("hasRole('ROLE_DBA')")
  .and().formLogin();
   http.csrf().disable();
 }
}
  • @EnableWebSecurity annotation និង extends  ពីClass WebSecurityConfigurerAdapter ជួយអោយយើង ទាមទារនូវការកំនត់សិទ្ធ។
  • Enable Http Basic និង Form login 
  • Spring Security និងផ្តល់នូវ URL login និង logout page free សម្រាប់អ្នក។
  • URL (/admin/) អាចចូលបាន លុះត្រាតែមាន សិទ្ធជា ADMIN ឬ DBA។

៙SecurityInit.java|package com.heng.config
package com.heng.config;

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

public class SecurityInit extends AbstractSecurityWebApplicationInitializer{
 public SecurityInit() {
  super(SecurityConfig.class);
 }
 //Load ContextLoaderListener && springSecurityFilterChain
}

៙HomeController.java|package com.heng.samplesecurity.controller
package com.heng.samplesecurity.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;

/**
 * @author Heng-Cyber
 */
@Controller
public class HomeController {
 
 @RequestMapping(value = { "/", "/welcome**" }, method = RequestMethod.GET)
 public ModelAndView welcomePage() {

  ModelAndView model = new ModelAndView();
  model.addObject("title", "Spring Security Hello World");
  model.addObject("message", "This is welcome page!");
  model.setViewName("home");
  return model;

 }

 @RequestMapping(value = "/admin**", method = RequestMethod.GET)
 public ModelAndView adminPage() {
  
  ModelAndView model = new ModelAndView();
  model.addObject("title", "Spring Security Hello World");
  model.addObject("message", "This is protected page - Admin Page!");
  model.setViewName("admin");
  return model;
 }
 @RequestMapping(value = "/dba**", method = RequestMethod.GET)
 public ModelAndView dbaPage() {
  
  ModelAndView model = new ModelAndView();
  model.addObject("title", "Spring Security Hello World");
  model.addObject("message", "This is protected page - Database Page!");
  model.setViewName("admin");
  return model;

 } 
}
៙Screen Shot
Login as simple user
access denied in URL admin
ប្រភព៖  spring.io
ទាញយក Source Code: ទីនេះ

No comments:

Post a Comment

សូម​មាន​យោបល់​ខាងក្រោម​នេះ៖