Can you describe the three levels of authorization for service access and the corresponding implementation for each level?
RolesReachableInOneStepMap stored in the role of inheritance as follows
A–>B
B–>C
C–>D
After buildRolesReachableInOneOrMoreStepsMap method resolution
A–>[B, C, D]
B – > [C, D]
C–>D
Three ways of authentication and authorization process:
1. Default authentication
The default login page appears when the pop.xml file is loaded into the SpringSecutrity dependency launcher, starts the project, and accesses the article list page. The default user name is required: user, and the password is derived from the console output, which is the most basic login
2. Memory authentication
Custom user name and password (username and password is written in the code, bad maintenance), to build a new SecurityConfig configuration class, inheritance WebSecurityConfigurerAdapter class, Rewrite the configure (AuthenticationManagerBuilder auth) custom authentication
/Enable security management configuration/
@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter {
/Custom identity authentication/
@Override protected void configure(AuthenticationManagerBuilder auth) throws Exception {
/Cryptographic compiler/
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
/1. Memory-based identity authentication/
// Add two account passwords
auth.inMemoryAuthentication().passwordEncoder(encoder) .withUser("admin").password(encoder.encode("admin")).roles("admin") .and() .withUser("junko").password(encoder.encode("123456")).roles("common"); }}
To start the project, you need to enter the account password defined above to log in. There are three tables, namely user, permission, and user-permission table
3. Use UserDetails for identity authentication
Create an interface to query users and their permissions
@Mapper public interface TUserMapper {
/Query user information by user name/
@Select("select * from t_user where username=#{username}") public TUser selectUserByUserName(String username); } @Mapper public interface AuthorityMapper {
/Query user permissions based on the user name/
public List selectAuthorityByUserName(String username); } PUBLIC "- / / mybatis.org//DTD Mapper / 3.0 / EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" > select a. * from t_user u,t_authority a,user_authority au where u.id=au.uid and a.id=au.aid and u.username=#{username}
Write the UserDetailsServiceImpl implementation class
As mentioned above, to use the database query method for authorization authentication, you need to implement the UserDetailsService interface and rewrite the loadUserByUsername method
@Service @Service public class UserDetailsServiceImpl implements UserDetailsService { @Autowired TUserMapper userMapper; @Autowired AuthorityMapper authorityMapper;
/* Query the user information and user permission of the database according to the user name of the front-end login page.
Encapsulate the user information and permissions as UserDetails objects and hand them to SpringSecurity for authentication */
@Override public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
/Query user information and permission information based on the user name/
TUser user = userMapper.selectUserByUserName(s); List authorities = authorityMapper.selectAuthorityByUserName(s);
/Traversal encapsulates user permissions/
List authorityList = new ArrayList(); for (int i=0; i { authorityList.add(new SimpleGrantedAuthority(authorities.get(i).getAuthority())); } if(user! =null) {
/Encapsulate the user name, password, and user rights into a UserDetails object/
UserDetails userDetails = new User(user.getUsername(),encoder.encode(user.getPassword()),authorityList); return userDetails; } else {throw new UsernameNotFoundException (" the user does not exist "); }}}
Configure in-memory authentication for 2 before authenticating against UserDetails in the SecurityConfig class. Comment it out and inject UserDetailsServiceImpl
/Enable security management configuration/
@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired UserDetailsServiceImpl userDetailsService;
/Custom identity authentication/
@Override protected void configure(AuthenticationManagerBuilder auth) throws Exception {
/Cryptographic compiler/
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
/1. Memory-based identity authentication/
// auth.inMemoryAuthentication().passwordEncoder(encoder) // .withUser("admin").password(encoder.encode("admin")).roles("admin") // .and() // .withUser("cai").password(encoder.encode("123457")).roles("common");
/2. Use UserDetails for identity authentication/
auth.userDetailsService(userDetailsService).passwordEncoder(encoder); }}
Test the user information stored in the database when logging in
User Authorization Management
If the user does not have the permission to access a page, the user must override the HttpSecurity HTTP (Configue) method in the SecurityConfig configuration class. An error appears on page 403, which prompts you to modify it according to your project.
/Enable security management configuration/
@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired UserDetailsServiceImpl userDetailsService;
/Custom identity authentication/
@Override protected void configure(AuthenticationManagerBuilder auth) throws Exception {
/Cryptographic compiler/
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
/1. Memory-based identity authentication/
// auth.inMemoryAuthentication().passwordEncoder(encoder) // .withUser("admin").password(encoder.encode("admin")).roles("admin") // .and() // .withUser("cai").password(encoder.encode("123457")).roles("common");
/2. Use UserDetails for identity authentication/
auth.userDetailsService(userDetailsService).passwordEncoder(encoder); }
/Custom user rights/
@Override protected void configure(HttpSecurity http) throws Exception {
/Custom access control/
Http.authorizerequests ().antmatchers (“/”).permitall (
// Configure access permissions based on user permissions
.antMatchers("/admin/**").hasAuthority("admin") .antMatchers("/common/**").hasAuthority("common") .and() .formLogin(); }}
** After setting the user permission, you can access the pages in the/path without authentication, and the pages in the /admin/ path need to be accessed by the user with the admin permission, and /common/ is the same way