Spring Security - jak mogę dynamicznie zdefiniować intercept-url przy użyciu Database?

Ostatnio pracowałem nad wiosennym zabezpieczeniem i muszę wiedzieć, jak dynamicznie definiować intercept-url (w Spring Security) przy użyciu bazy danych.

Wykopałem już cały Internet i nie mogłem znaleźć żadnego unikalnego (i oczywiście przydatnego) samouczka w tej dziedzinie.

Oto co zrobiłem:

Najpierw zaimplementowałem klasę FilterInvocationSecurityMetadataSource:

<p></p><pre><code>public class MyFilterSecurityMetadataSource implements FilterInvocationSecurityMetadataSource { public List<ConfigAttribute> getAttributes(Object object) { FilterInvocation fi = (FilterInvocation) object; String url = fi.getRequestUrl(); List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(); attributes = getAttributesByURL(url); return attributes; } public Collection<ConfigAttribute> getAllConfigAttributes() { return null; } public boolean supports(Class<?> clazz) { return FilterInvocation.class.isAssignableFrom(clazz); } public List<ConfigAttribute> getAttributesByURL(String inputUrl) { List<ConfigAttribute> attributes = new ArrayList<ConfigAttribute>(); Connection connection = null; String url = "jdbc:mysql://173.0.0.22:3306/"; String dbName = "kheirkhahandb"; String driverName = "com.mysql.jdbc.Driver"; String userName = "kheirkhahan"; String password = "kheirkhahan"; try{ Class.forName(driverName).newInstance(); connection = DriverManager.getConnection(url+dbName, userName, password); try{ Statement stmt = connection.createStatement(); String selectquery = "select * from URL_ACCESS where URL = '" + inputUrl +"'"; ResultSet rs = stmt.executeQuery(selectquery); while(rs.next()){ MyConfigAttribute temp = new MyConfigAttribute(); String attr = rs.getString("ACCESS").toString(); temp.setAttr(attr); attributes.add(temp); } } catch(SQLException s){ System.out.println(s); } connection.close(); } catch (Exception e){ e.printStackTrace(); } return attributes; } </code></pre>


i ustawiłem mój plik security.xml jako:

<p></p><pre><code><bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy"> <sec:filter-chain-map path-type="ant"> <sec:filter-chain pattern="/css/**" filters="none" /> <sec:filter-chain pattern="/images/**" filters="none" /> <sec:filter-chain pattern="/login.jsp*" filters="none" /> <sec:filter-chain pattern="/**" filters=" securityContextPersistenceFilter, logoutFilter, authenticationProcessingFilter, exceptionTranslationFilter, filterSecurityInterceptor" /> </sec:filter-chain-map> </bean> <bean id="securityContextPersistenceFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"> </bean> <bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter"> <property name="authenticationEntryPoint" ref="authenticationEntryPoint" /> <property name="accessDeniedHandler" ref="accessDeniedHandler" /> </bean> <bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <property name="loginFormUrl" value="/login.jsp?error=entryPoint" /> </bean> <bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl"> <property name="errorPage" value="/login.jsp?error=access_denied" /> </bean> <bean id="authenticationProcessingFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> <property name="authenticationManager" ref="authenticationManager" /> </bean> <bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager" /> <property name="accessDecisionManager" ref="accessDecisionManager" /> <property name="securityMetadataSource" ref="myFilterInvocationSecurityMetadataSource" /> </bean> <bean id="myFilterInvocationSecurityMetadataSource" class="com.datx.dao.MyFilterSecurityMetadataSource"> </bean> <bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <constructor-arg value="/login.jsp?error=logout" /> <constructor-arg ref="logoutHandler"> </constructor-arg> </bean> <bean id="logoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"></bean> <sec:authentication-manager alias="authenticationManager"> <sec:authentication-provider> <sec:jdbc-user-service data-source-ref="dataSource" group-authorities-by-username-query=" SELECT acg.ID, acg.GROUP_NAME, a.AUTHORITY_NAME AS AUTHORITY FROM ACCESS_GROUPS acg, ACCESS_GROUP_MEMBERSHIP agm, GROUP_AUTHORITIES ga, AUTHORITIES a WHERE agm.USERNAME = ? and acg.ID = ga.GROUP_ID and acg.ID = agm.GROUP_ID and ga.AUTHORITY_ID = a.ID " users-by-username-query="SELECT USERNAME,PASSWORD,IS_ACTIVE FROM USER where USERNAME = ?" authorities-by-username-query=" SELECT ua.USERNAME, a.AUTHORITY_NAME AS AUTHORITY FROM USER_AUTHORITIES ua, AUTHORITIES a WHERE ua.USERNAME = ? and ua.AUTHORITY_ID = a.ID " /> </sec:authentication-provider> </sec:authentication-manager> <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> <property name="decisionVoters"> <list> <ref bean="roleVoter" /> </list> </property> </bean> <bean id="roleVoter" class="org.springframework.security.access.vote.RoleHierarchyVoter"> <property name="rolePrefix" value="" /> <constructor-arg ref="roleHierarchy" /> </bean> <bean id="roleHierarchy" class="com.datx.dao.MyRoleHierarchyImpl"> <property name="roleHierarchyEntryDaoJdbc" ref="RoleHierarchyEntryDaoJdbc" /> </bean> </beans> </code></pre>


Są pewne problemy, których nie mogę znaleźć:
1. Wstawiłem kilka par, takich jak <"URL", "ROLE"> do bazy danych URL_ACCESS. Ale nie jestem pewien, czy metoda getAttributes działa dobrze, czy nie
2. Czy muszę zaimplementować wszystkie filtry, których użyłem



3. Otrzymuję wyjątek, gdy użytkownik używa niewłaściwej nazwy użytkownika / hasła lub próbuje uzyskać dostęp do stron niedozwolonych, zamiast przekierowywać do login.jsp. Dlaczego?

Z góry dziękuję

questionAnswers(2)

yourAnswerToTheQuestion