spring boot 3.x版本中集成spring security 6.x版本进行实现动态权限控制解决方案
import org.springframework.context.annotation.Bean
import org.springframework.context.annotation.Configuration
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler
import org.springframework.security.access.hierarchicalroles.RoleHierarchy
import org.springframework.security.access.hierarchicalroles.RoleHierarchyImpl
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity
import org.springframework.security.config.annotation.web.builders.HttpSecurity
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
import org.springframework.security.core.userdetails.User
import org.springframework.security.core.userdetails.UserDetailsService
import org.springframework.security.provisioning.InMemoryUserDetailsManager
import org.springframework.security.web.SecurityExpressionHandler
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
class SecurityConfig : WebSecurityConfigurerAdapter() {
@Throws(Exception::class)
override fun configure(http: HttpSecurity) {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
}
@Bean
override fun userDetailsService(): UserDetailsService {
val manager = InMemoryUserDetailsManager()
manager.createUser(User.withDefaultPasswordEncoder("password").username("user").roles("USER").build())
return manager
}
@Bean
fun roleHierarchy(): RoleHierarchy {
val hierarchy = RoleHierarchyImpl()
hierarchy.setHierarchy("ROLE_ADMIN > ROLE_USER")
return hierarchy
}
@Bean
override fun methodSecurityExpressionHandler(): MethodSecurityExpressionHandler {
val expressionHandler = super.methodSecurityExpressionHandler() as SecurityExpressionHandler<FilterInvocation>
return expressionHandler
}
}这个代码示例展示了如何在Spring Boot 3.x中使用Spring Security 6.x来配置基于内存的用户和角色,以及如何设置角色层级。同时开启了方法安全性注解,允许使用@PreAuthorize等注解来实现对方法的权限控制。
评论已关闭