沧源网站建设,无锡论坛网站制作,广州建网站新科网站建设,河南省住房城乡建设厅网站在之前的博客中#xff0c;已经介绍了Spring Security的用户UserDetails、用户服务UserDetailsService和密码编码器PasswordEncoder#xff0c;它们都是用于验证用户的身份#xff0c;而GrantedAuthority则表示用户验证通过后被授予的权限#xff08;可能授予多种权限…在之前的博客中已经介绍了Spring Security的用户UserDetails、用户服务UserDetailsService和密码编码器PasswordEncoder它们都是用于验证用户的身份而GrantedAuthority则表示用户验证通过后被授予的权限可能授予多种权限本篇博客介绍GrantedAuthority接口及其实现类。
Spring Security用户UserDetails源码与Debug分析Spring Security用户服务UserDetailsService源码分析Spring Security密码编码器PasswordEncoder介绍与Debug分析
应用的依赖
?xml version1.0 encodingUTF-8?
project xmlnshttp://maven.apache.org/POM/4.0.0xmlns:xsihttp://www.w3.org/2001/XMLSchema-instancexsi:schemaLocationhttp://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsdmodelVersion4.0.0/modelVersiongroupIdcom.kaven/groupIdartifactIdsecurity/artifactIdversion1.0-SNAPSHOT/versionparentgroupIdorg.springframework.boot/groupIdartifactIdspring-boot-starter-parent/artifactIdversion2.3.1.RELEASE/version/parentpropertiesmaven.compiler.source8/maven.compiler.sourcemaven.compiler.target8/maven.compiler.target/propertiesdependenciesdependencygroupIdorg.springframework.boot/groupIdartifactIdspring-boot-starter-web/artifactId/dependencydependencygroupIdorg.springframework.boot/groupIdartifactIdspring-boot-starter-security/artifactId/dependencydependencygroupIdorg.projectlombok/groupIdartifactIdlombok/artifactId/dependency/dependencies
/project启动类
SpringBootApplication
public class Application {public static void main(String[] args) {SpringApplication.run(Application.class);}
}GrantedAuthority
GrantedAuthority接口源码
package org.springframework.security.core;import java.io.Serializable;import org.springframework.security.access.AccessDecisionManager;/*** 表示授予Authentication对象需要进行验证或通过验证的用户封装的权限*/
public interface GrantedAuthority extends Serializable {/*** 获取权限*/String getAuthority();
}GrantedAuthority接口及其实现类如下图所示
SimpleGrantedAuthority
GrantedAuthority的基本具体实现存储授予Authentication对象的权限的String表示形式。
SimpleGrantedAuthority类源码
public final class SimpleGrantedAuthority implements GrantedAuthority {private static final long serialVersionUID SpringSecurityCoreVersion.SERIAL_VERSION_UID;// 授予Authentication对象的权限private final String role;public SimpleGrantedAuthority(String role) {Assert.hasText(role, A granted authority textual representation is required);this.role role;}Overridepublic String getAuthority() {return role;}// 只会比较role属性是否equalsOverridepublic boolean equals(Object obj) {if (this obj) {return true;}if (obj instanceof SimpleGrantedAuthority) {return role.equals(((SimpleGrantedAuthority) obj).role);}return false;}Overridepublic int hashCode() {return this.role.hashCode();}Overridepublic String toString() {return this.role;}
}增加配置文件
spring:security:user:name: kavenpassword: itkavenroles:- USER- ADMINDebug启动应用Spring Security在应用启动时会创建配置文件中定义的用户首先会创建用户服务InMemoryUserDetailsManagerbean。 通过用户服务创建用户并且授予权限通过创建SimpleGrantedAuthority实例。 可见SimpleGrantedAuthority是默认的授权实现特殊场景除外它只存储权限是一种简易的授权实现。
JaasGrantedAuthority
JaasGrantedAuthority类源码
/*** 除了分配的角色还持有授权人AuthorityGranter的主体Principal用作授予此权限的理由*/
public final class JaasGrantedAuthority implements GrantedAuthority {private static final long serialVersionUID SpringSecurityCoreVersion.SERIAL_VERSION_UID;private final String role;// 授权人的主体private final Principal principal;public JaasGrantedAuthority(String role, Principal principal) {Assert.notNull(role, role cannot be null);Assert.notNull(principal, principal cannot be null);this.role role;this.principal principal;}public Principal getPrincipal() {return principal;}Overridepublic String getAuthority() {return role;}Overridepublic int hashCode() {int result this.principal.hashCode();result 31 * result this.role.hashCode();return result;}// 判断role属性和principal属性是否都equalsOverridepublic boolean equals(Object obj) {if (this obj) {return true;}if (obj instanceof JaasGrantedAuthority) {JaasGrantedAuthority jga (JaasGrantedAuthority) obj;return this.role.equals(jga.role) this.principal.equals(jga.principal);}return false;}Overridepublic String toString() {return Jaas Authority [ role , principal ];}
}AuthorityGranter接口源码
/*** AuthorityGranter接口用于将给定的主体映射到角色名称集合*/
public interface AuthorityGranter {/*** 根据主体映射到角色名称集合*/SetString grant(Principal principal);
}JaasGrantedAuthority是一种用于Java 验证和授权服务Java Authentication and Authorization Service简称JAAS场景下的授权实现感兴趣可自行了解JAAS。
SwitchUserGrantedAuthority
SwitchUserGrantedAuthority类源码
/*** SwitchUserFilter使用的自定义GrantedAuthority* 存储原始用户的Authentication对象以便从退出用户切换时使用。*/
public final class SwitchUserGrantedAuthority implements GrantedAuthority {private static final long serialVersionUID SpringSecurityCoreVersion.SERIAL_VERSION_UID;private final String role;// 存储原始用户的Authentication对象private final Authentication source;public SwitchUserGrantedAuthority(String role, Authentication source) {Assert.notNull(role, role cannot be null);Assert.notNull(source, source cannot be null);this.role role;this.source source;}/*** 返回与成功的用户切换关联的原始用户*/public Authentication getSource() {return source;}Overridepublic String getAuthority() {return role;}Overridepublic int hashCode() {int result this.role.hashCode();result 31 * result this.source.hashCode();return result;}// 判断role属性和source属性是否都equalsOverridepublic boolean equals(Object obj) {if (this obj) {return true;}if (obj instanceof SwitchUserGrantedAuthority) {SwitchUserGrantedAuthority swa (SwitchUserGrantedAuthority) obj;return this.role.equals(swa.role) this.source.equals(swa.source);}return false;}Overridepublic String toString() {return Switch User Authority [ role , source ];}
}该授权实现类似于Linux系统下用户之间的切换授权使用su命令的权限如下所示在Linux系统中添加kaven用户然后从root用户切换到kaven用户root用户有这个权限。
root48556522ad65:~# adduser kaven
Adding user kaven ...
Adding new group kaven (1000) ...
Adding new user kaven (1000) with group kaven ...
Creating home directory /home/kaven ...
Copying files from /etc/skel ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for kaven
Enter the new value, or press ENTER for the defaultFull Name []: Room Number []: Work Phone []: Home Phone []: Other []:
Is the information correct? [Y/n] Y
root48556522ad65:~# su kaven
kaven48556522ad65:/root$SwitchUserGrantedAuthority是SwitchUserFilter使用的自定义GrantedAuthoritySwitchUserFilter用户切换处理过滤器负责用户上下文切换对于Spring Security管理的web应用程序此过滤器类似于su命令此功能的一个常见例子是能够允许更高权限的用户如ROLE_ADMIN切换到普通用户如ROLE_USER。Spring Security的过滤器以及如何将自定义的过滤器集成到Spring Security中博主以后会进行介绍这里只是了解即可。
所以SwitchUserGrantedAuthority是一种用于用户切换场景下的授权实现不仅存储了权限还存储了原始用户的Authentication对象即source属性方便用户切换的退出。
kaven48556522ad65:/root$ exit
exit
root48556522ad65:~# exit
logout
Connection closing...Socket close.Connection closed by foreign host.Disconnected from remote host(predict) at 13:40:23.Type help to learn how to use Xshell prompt.
[C:\~]$ Spring Security的授权GrantedAuthority介绍就到这里如果博主有说错的地方或者大家有不同的见解欢迎大家评论补充。
