(转载) spring security 权限分配有关问题

(转载) spring security 权限分配问题
转载来自：lym6520
<?xml version="1.0" encoding="UTF-8"?> <!-- - 基于名称空间配置 --> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd"> <global-method-security secured-annotations="enabled"> </global-method-security> <http access-denied-page="/error.jsp" session-fixation-protection="newSession" auto-config="true" path-type="ant" ><!--session-fixation-protection属性可以防止session固定攻击 --> <!-- 权限入口的顺序十分重要，注意必须把特殊的URL权限写在一般的URL权限之前。 --> <intercept-url pattern="/acegiTest.do" access="ROLE_SUPERVISOR"/> <intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_REMEMBERED" /> <intercept-url pattern="/role1.jsp" access="ROLE_USER_1"/> <intercept-url pattern="/role2.jsp" access="ROLE_USER_2"/> <intercept-url pattern="/role3.jsp" access="ROLE_USER_3"/> <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <!-- x509认证 <x509 /> --> <!-- All of this is unnecessary if auto-config="true" <form-login /> <anonymous /> <http-basic /> <logout /> <remember-me /> --> <form-login login-page="/login.jsp" default-target-url="/index.jsp" authentication-failure-url="/login.jsp?login_error=1" /> <anonymous key="cookie_key" username="ananoymous" granted-authority="IS_AUTHENTICATED_ANONYMOUSLY"/> <logout invalidate-session="true" /> <!-- session并发控制 <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true"/> --> <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="false" /><!-- exception-if-maximum-exceeded="true" 第二次登入失效 --> </http> <authentication-provider > <password-encoder hash="md5"/><!-- 密码md5加密 --> <jdbc-user-service data-source-ref="f3CenterDS" users-by-username-query="select name as 'username',password,'true' from users where name = ?" authorities-by-username-query="select name as 'username',authorities as 'authority' from authentication where name =?" /> </authentication-provider> </beans:beans>

在代码中

authorities-by-username-query="select name as 'username',authorities as 'authority' from authentication where name =?"   

，如果数据库里分配多个权限给用户的话，用户登入系统就不能正常使用（不能访问），倘若只分配一个权限则可以正常访问，还请指教一二！！！

网友回答

如果lym6520把<jdbc-user-service/>放在缓存中，则不会出现这样的问题了！
如下

<user-service>              <user name="user" password="123" authorities="ROLE_SUPERVISOR, ROLE_USER_1"/>          </user-service> 

查看更多 下一篇