现在我已经使用带有 spring 框架的 java 开发了一个网络应用程序。出于安全目的,我还使用了 spring security 3.0。
我通过数据库、URL 访问及其默认 session 管理使用 spring security 进行用户登录身份验证。现在,我愿意从表单动态应用 URL 权限,而不是在 XML 文件上定义,我发现这在 spring 安全性中有点困难。
Struts.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<constant name="struts.devMode" value="false" />
<constant name="struts.action.excludePattern" value="/j_spring_security_check" />
<constant name="struts.action.excludePattern"
value="/j_spring_security_check.*,.*\\.j_spring_security_check" />
<package name="lms" extends="struts-default,json-default">
<!-- /** defining result types for implementing tiles **/ -->
<result-types>
<result-type name="tiles" class="org.apache.struts2.views.tiles.TilesResult" />
<result-type name="plainText" class="org.apache.struts2.dispatcher.PlainTextResult" />
<result-type name="json" class="org.apache.struts2.json.JSONResult" />
</result-types>
<interceptors>
<interceptor name="json"
class="org.apache.struts2.json.JSONInterceptor" />
<!-- <interceptor-stack name="storeStack">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="store">
<param name="operationMode">STORE</param>
</interceptor-ref>
</interceptor-stack>
<interceptor-stack name="retrieveStack">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="store">
<param name="operationMode">RETRIEVE</param>
</interceptor-ref>
</interceptor-stack> -->
</interceptors>
<!-- <interceptors>
<interceptor-stack name="storeStack">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="store">
<param name="operationMode">STORE</param>
</interceptor-ref>
</interceptor-stack>
<interceptor-stack name="retrieveStack">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="store">
<param name="operationMode">RETRIEVE</param>
</interceptor-ref>
</interceptor-stack>
</interceptors> -->
<action name="lead_home">
<result type="tiles">lead_tiles</result>
</action>
<action name="">
<result></result>
</action>
<action name="baseTemplate">
<result>/dashboard.jsp</result>
</action>
</package>
<!-- #####[Lead_Setup_Source]#### -->
<package name="lead_setup_source" namespace="/lead/setup/source" extends="lms">
<action name="getForm" class="com.tpc.action.LeadSourceAction">
<result type="tiles">setup_lead_source</result>
</action>
<action name="formAction" method="actionTriggerLeadSource"
class="com.tpc.action.LeadSourceAction">
<result name="SAVE_SUCCESS" type="redirectAction">
<param name="actionName">getList</param>
<param name="action_msg">${action_msg}</param>
</result>
<result name="SAVE_ERROR" type="tiles">setup_lead_source</result>
<result name="UPDATE_ERROR" type="tiles">setup_lead_source</result>
<result name="DELETE_ERROR" type="tiles">setup_lead_source</result>
<result name="UPDATE_SUCCESS" type="redirectAction">
<param name="actionName">getList</param>
<param name="action_msg">${action_msg}</param>
</result>
<result name="DELETE_SUCCESS" type="redirectAction">
<param name="actionName">getList</param>
<param name="action_msg">${action_msg}</param>
</result>
<result name="NEW_SUCCESS" type="redirect">getForm</result>
</action>
<action name="getById" method="actionGetLeadSource"
class="com.tpc.action.LeadSourceAction">
<result name="success" type="tiles">setup_lead_source</result>
</action>
<action name="getList" method="actionGetListLeadSource"
class="com.tpc.action.LeadSourceAction">
<result name="success" type="tiles">setup_lead_source_list</result>
</action>
</package>
<!-- #####[Lead_Source_Event]#### -->
<package name="lead_setup_source_event" namespace="/lead/setup/source_event" extends="lms">
<action name="getForm" method="loadLeadSourceEventForm" class="com.tpc.action.LeadSourceEventAction">
<interceptor-ref name="store">
<param name="operationMode">RETRIEVE</param>
</interceptor-ref>
<result name="success" type="tiles">setup_lead_source_event</result>
<result name="error" type="tiles">setup_lead_source_event</result>
</action>
<action name="formAction" method="triggerAction" class="com.tpc.action.LeadSourceEventAction">
<interceptor-ref name="store">
<param name="operationMode">STORE</param>
</interceptor-ref>
<interceptor-ref name="defaultStack" />
<result name="CREATE_SUCCESS" type="redirectAction">
<param name="actionName">getList</param>
<param name="lead_source_e_id">${lead_source_e_id}</param>
</result>
<result name="CREATE_ERROR" type="redirectAction">getForm</result>
<result name="GET_SUCCESS" type="tiles">setup_lead_source_event
</result>
<result name="UPDATE_SUCCESS" type="redirectAction">
<param name="actionName">getList</param>
<param name="lead_source_e_id">${lead_source_e_id}</param>
</result>
<result name="UPDATE_ERROR" type="redirectAction">getById</result>
<result name="DELETE_SUCCESS" type="redirectAction">getList
</result>
<result name="DELETE_ERROR" type="redirectAction">getList
</result>
<result name="error" type="tiles">setup_lead_source_event
</result>
</action>
<action name="getById" method="actionGetLeadSourceEvent" class="com.tpc.action.LeadSourceEventAction">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="store">
<param name="operationMode">RETRIEVE</param>
</interceptor-ref>
<result name="success" type="tiles">setup_lead_source_event
</result>
<result name="error" type="tiles">setup_lead_source_event</result>
</action>
<action name="getList" method="actionGetLeadSourceEventList" class="com.tpc.action.LeadSourceEventAction">
<interceptor-ref name="store">
<param name="operationMode">RETRIEVE</param>
</interceptor-ref>
<result name="success" type="tiles">list_lead_source_event
</result>
<result name="error" type="tiles">list_lead_source_event</result>
</action>
</package>
</struts>
spring-security.xml
<?xml version="1.0" encoding="UTF-8" ?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http realm="Project Realm" auto-config="true" use-expressions="true">
<!-- Lead Source Setup -->
<intercept-url pattern="/lead/setup/source/**" access="hasAnyRole('ROLE_ADMIN','ROLE_DIRECTOR','ROLE_LEAD_MANAGER')"/>
<!-- Lead Source Event -->
<intercept-url pattern="/lead/setup/source_event/**" access="hasAnyRole('ROLE_ADMIN','ROLE_DIRECTOR','ROLE_LEAD_MANAGER','ROLE_LEAD_OFFICER')"/>
<intercept-url pattern="/lead/lead_home" access="hasAnyRole('ROLE_ADMIN','ROLE_DIRECTOR','ROLE_LEAD_MANAGER','ROLE_LEAD_OFFICER')"/>
<!-- ******END OF LEAD ******END OF LEAD ******END OF LEAD ******END OF LEAD ******END OF LEAD ******END OF LEAD ******END OF LEAD ****** -->
<intercept-url pattern="/annapurnaERP/**" access="hasAnyRole('ROLE_ADMIN','ROLE_DIRECTOR')"/>
<form-login login-page="/login.jsp" default-target-url="/dashboard.jsp"
authentication-failure-url="/login.jsp?login_error=1"/>
<logout logout-success-url="/login.jsp"/>
<remember-me />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="
SELECT USERNAME, PASSWORD, CASE ENABLED WHEN 1 THEN 'true' ELSE 'false' END 'ENABLED'
FROM SETUP_SYSTEM_USER_CREDIENTIALS
WHERE USERNAME=?;"
authorities-by-username-query="
SELECT u.USERNAME, r.ROLES
FROM SETUP_SYSTEM_USER_CREDIENTIALS u, SETUP_SYSTEM_STAFF_USER_ROLES r
WHERE u.SSUR_ID = r.SSUR_ID
AND u.USERNAME=?;"
/>
</authentication-provider>
</authentication-manager>
</b:beans>
因此,如您所见,所有 URL 模式都在此 xml 文件中定义。那么如何从表单中动态定义这些 URL 模式。 顺便说一下,现在我的项目运行良好,只是想添加一些动态。
好吧,假设我有两种不同的形式,一种用于管理员,另一种用于普通用户。要为管理员和普通用户设置访问这两种形式的用户权限,现在我必须从 xml 文件中进行。就像在下面的例子中一样,管理员有访问两种形式的用户权限,而 LEAD_OFFICER(普通用户)只能访问第二种形式。
<-- Lead Source Setup -->
<intercept-url pattern="/lead/setup/source/**" access="hasAnyRole('ROLE_ADMIN','ROLE_DIRECTOR')"/>
<!-- Lead Source Event -->
<intercept-url pattern="/lead/setup/source_event/**" access="hasAnyRole('ROLE_ADMIN','ROLE_DIRECTOR','ROLE_LEAD_OFFICER')"/>
现在这些都设置在xml文件中。如果有新用户,我必须手动添加此 xml 文件。但我想做的是从 UI FORM 向新用户分配所需的权限。现在我不知道该怎么做。所以任何帮助将不胜感激。谢谢
最佳答案
将此行添加到 jsp,<img src="<s:url value="YourUrlCreationAction" />">
并且在此 UrlCreationAction 类中,您可以添加代码以动态创建 Urls
关于java - 使用带有 Struts2 的 Spring Security 的表单的动态 URL 访问权限?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23751281/