Java 使用Spring Security和Struts2的表单动态URL访问权限?
现在我已经用java和spring框架开发了一个web应用程序。为了安全起见,我还使用了SpringSecurity3.0 我已经使用spring安全性通过数据库、URL访问和默认会话管理进行用户登录身份验证。现在,我愿意从表单动态地应用URL权限,而不是在XML文件上定义URL权限,这在spring安全性中有点困难 Struts.xmlJava 使用Spring Security和Struts2的表单动态URL访问权限?,java,spring,spring-mvc,struts2,spring-security,Java,Spring,Spring Mvc,Struts2,Spring Security,现在我已经用java和spring框架开发了一个web应用程序。为了安全起见,我还使用了SpringSecurity3.0 我已经使用spring安全性通过数据库、URL访问和默认会话管理进行用户登录身份验证。现在,我愿意从表单动态地应用URL权限,而不是在XML文件上定义URL权限,这在spring安全性中有点困难 Struts.xml <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE struts PUBLIC "-//Apa
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<constant name="struts.devMode" value="false" />
<constant name="struts.action.excludePattern" value="/j_spring_security_check" />
<constant name="struts.action.excludePattern"
value="/j_spring_security_check.*,.*\\.j_spring_security_check" />
<package name="lms" extends="struts-default,json-default">
<!-- /** defining result types for implementing tiles **/ -->
<result-types>
<result-type name="tiles" class="org.apache.struts2.views.tiles.TilesResult" />
<result-type name="plainText" class="org.apache.struts2.dispatcher.PlainTextResult" />
<result-type name="json" class="org.apache.struts2.json.JSONResult" />
</result-types>
<interceptors>
<interceptor name="json"
class="org.apache.struts2.json.JSONInterceptor" />
<!-- <interceptor-stack name="storeStack">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="store">
<param name="operationMode">STORE</param>
</interceptor-ref>
</interceptor-stack>
<interceptor-stack name="retrieveStack">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="store">
<param name="operationMode">RETRIEVE</param>
</interceptor-ref>
</interceptor-stack> -->
</interceptors>
<!-- <interceptors>
<interceptor-stack name="storeStack">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="store">
<param name="operationMode">STORE</param>
</interceptor-ref>
</interceptor-stack>
<interceptor-stack name="retrieveStack">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="store">
<param name="operationMode">RETRIEVE</param>
</interceptor-ref>
</interceptor-stack>
</interceptors> -->
<action name="lead_home">
<result type="tiles">lead_tiles</result>
</action>
<action name="">
<result></result>
</action>
<action name="baseTemplate">
<result>/dashboard.jsp</result>
</action>
</package>
<!-- #####[Lead_Setup_Source]#### -->
<package name="lead_setup_source" namespace="/lead/setup/source" extends="lms">
<action name="getForm" class="com.tpc.action.LeadSourceAction">
<result type="tiles">setup_lead_source</result>
</action>
<action name="formAction" method="actionTriggerLeadSource"
class="com.tpc.action.LeadSourceAction">
<result name="SAVE_SUCCESS" type="redirectAction">
<param name="actionName">getList</param>
<param name="action_msg">${action_msg}</param>
</result>
<result name="SAVE_ERROR" type="tiles">setup_lead_source</result>
<result name="UPDATE_ERROR" type="tiles">setup_lead_source</result>
<result name="DELETE_ERROR" type="tiles">setup_lead_source</result>
<result name="UPDATE_SUCCESS" type="redirectAction">
<param name="actionName">getList</param>
<param name="action_msg">${action_msg}</param>
</result>
<result name="DELETE_SUCCESS" type="redirectAction">
<param name="actionName">getList</param>
<param name="action_msg">${action_msg}</param>
</result>
<result name="NEW_SUCCESS" type="redirect">getForm</result>
</action>
<action name="getById" method="actionGetLeadSource"
class="com.tpc.action.LeadSourceAction">
<result name="success" type="tiles">setup_lead_source</result>
</action>
<action name="getList" method="actionGetListLeadSource"
class="com.tpc.action.LeadSourceAction">
<result name="success" type="tiles">setup_lead_source_list</result>
</action>
</package>
<!-- #####[Lead_Source_Event]#### -->
<package name="lead_setup_source_event" namespace="/lead/setup/source_event" extends="lms">
<action name="getForm" method="loadLeadSourceEventForm" class="com.tpc.action.LeadSourceEventAction">
<interceptor-ref name="store">
<param name="operationMode">RETRIEVE</param>
</interceptor-ref>
<result name="success" type="tiles">setup_lead_source_event</result>
<result name="error" type="tiles">setup_lead_source_event</result>
</action>
<action name="formAction" method="triggerAction" class="com.tpc.action.LeadSourceEventAction">
<interceptor-ref name="store">
<param name="operationMode">STORE</param>
</interceptor-ref>
<interceptor-ref name="defaultStack" />
<result name="CREATE_SUCCESS" type="redirectAction">
<param name="actionName">getList</param>
<param name="lead_source_e_id">${lead_source_e_id}</param>
</result>
<result name="CREATE_ERROR" type="redirectAction">getForm</result>
<result name="GET_SUCCESS" type="tiles">setup_lead_source_event
</result>
<result name="UPDATE_SUCCESS" type="redirectAction">
<param name="actionName">getList</param>
<param name="lead_source_e_id">${lead_source_e_id}</param>
</result>
<result name="UPDATE_ERROR" type="redirectAction">getById</result>
<result name="DELETE_SUCCESS" type="redirectAction">getList
</result>
<result name="DELETE_ERROR" type="redirectAction">getList
</result>
<result name="error" type="tiles">setup_lead_source_event
</result>
</action>
<action name="getById" method="actionGetLeadSourceEvent" class="com.tpc.action.LeadSourceEventAction">
<interceptor-ref name="defaultStack" />
<interceptor-ref name="store">
<param name="operationMode">RETRIEVE</param>
</interceptor-ref>
<result name="success" type="tiles">setup_lead_source_event
</result>
<result name="error" type="tiles">setup_lead_source_event</result>
</action>
<action name="getList" method="actionGetLeadSourceEventList" class="com.tpc.action.LeadSourceEventAction">
<interceptor-ref name="store">
<param name="operationMode">RETRIEVE</param>
</interceptor-ref>
<result name="success" type="tiles">list_lead_source_event
</result>
<result name="error" type="tiles">list_lead_source_event</result>
</action>
</package>
</struts>
铅瓦
/dashboard.jsp
设置\u引导\u源
获取列表
${action_msg}
设置\u引导\u源
设置\u引导\u源
设置\u引导\u源
获取列表
${action_msg}
获取列表
${action_msg}
getForm
设置\u引导\u源
设置\u线索\u来源\u列表
检索
设置\u线索\u来源\u事件
设置\u线索\u来源\u事件
贮藏
获取列表
${lead\u source\u e\u id}
getForm
设置\u线索\u来源\u事件
获取列表
${lead\u source\u e\u id}
getById
获取列表
获取列表
设置\u线索\u来源\u事件
检索
设置\u线索\u来源\u事件
设置\u线索\u来源\u事件
检索
列出线索来源事件
列出线索来源事件
spring-security.xml
<?xml version="1.0" encoding="UTF-8" ?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http realm="Project Realm" auto-config="true" use-expressions="true">
<!-- Lead Source Setup -->
<intercept-url pattern="/lead/setup/source/**" access="hasAnyRole('ROLE_ADMIN','ROLE_DIRECTOR','ROLE_LEAD_MANAGER')"/>
<!-- Lead Source Event -->
<intercept-url pattern="/lead/setup/source_event/**" access="hasAnyRole('ROLE_ADMIN','ROLE_DIRECTOR','ROLE_LEAD_MANAGER','ROLE_LEAD_OFFICER')"/>
<intercept-url pattern="/lead/lead_home" access="hasAnyRole('ROLE_ADMIN','ROLE_DIRECTOR','ROLE_LEAD_MANAGER','ROLE_LEAD_OFFICER')"/>
<!-- ******END OF LEAD ******END OF LEAD ******END OF LEAD ******END OF LEAD ******END OF LEAD ******END OF LEAD ******END OF LEAD ****** -->
<intercept-url pattern="/annapurnaERP/**" access="hasAnyRole('ROLE_ADMIN','ROLE_DIRECTOR')"/>
<form-login login-page="/login.jsp" default-target-url="/dashboard.jsp"
authentication-failure-url="/login.jsp?login_error=1"/>
<logout logout-success-url="/login.jsp"/>
<remember-me />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="
SELECT USERNAME, PASSWORD, CASE ENABLED WHEN 1 THEN 'true' ELSE 'false' END 'ENABLED'
FROM SETUP_SYSTEM_USER_CREDIENTIALS
WHERE USERNAME=?;"
authorities-by-username-query="
SELECT u.USERNAME, r.ROLES
FROM SETUP_SYSTEM_USER_CREDIENTIALS u, SETUP_SYSTEM_STAFF_USER_ROLES r
WHERE u.SSUR_ID = r.SSUR_ID
AND u.USERNAME=?;"
/>
</authentication-provider>
</authentication-manager>
</b:beans>
因此,正如您所看到的,所有URL模式都在这个xml文件中定义。那么,如何从表单中动态定义这些URL模式呢。
顺便说一句,现在我的项目运行良好,只想添加一些动态
好吧,假设我有两种不同的表单,一种是管理员表单,另一种是普通用户表单。要为管理员和普通用户设置访问这两个表单的用户权限,现在我必须从xml文件进行设置。和下面的示例一样,管理员拥有访问这两个表单的用户权限,而主管(普通用户)只能访问第二个表单。
<-- Lead Source Setup -->
<intercept-url pattern="/lead/setup/source/**" access="hasAnyRole('ROLE_ADMIN','ROLE_DIRECTOR')"/>
<!-- Lead Source Event -->
<intercept-url pattern="/lead/setup/source_event/**" access="hasAnyRole('ROLE_ADMIN','ROLE_DIRECTOR','ROLE_LEAD_OFFICER')"/>
现在这些都是在xml文件中设置的。如果有新用户,我必须手动添加这个xml文件。但我想做的是从UI表单向新用户分配所需的权限。现在我不知道怎么做。因此,任何帮助都将不胜感激。谢谢将这一行添加到jsp,
“>
在这个UrlCreationAction类中,您可以添加代码来动态创建URL从表单中创建URL是什么意思?您希望它在哪里?基于Web的表单,实际上这个项目是基于Web的,所以想知道如何为给定的用户动态分配不同的用户权限。我肯定答案不会是2-3行,但我正在寻找过程,呵呵w为了实现这一功能,您写道:“如果有新用户,我必须手动添加此xml文件”。您是指新角色(不是新用户)吗?您能详细说明过程吗?