如何解决Spring Security-多个用户登录
当我以userxxx身份登录时,我可以看到所有其他用户数据。
我怎么只能看到与教授登录有关的课程
配置:
@EnableWebSecurity
@Configuration
@Order(1)
public class ProfesseurSecurityConfiguration extends WebSecurityConfigurerAdapter{
@Autowired
private ProfesseurService professeurService;
protected void configure(HttpSecurity httpSecurity) throws Exception{
httpSecurity.cors().and().csrf().disable();
httpSecurity.antMatcher("/professeur/**")
.authorizeRequests()
.antMatchers("/professeur/**").access("hasRole('ROLE_PROFESSEUR')")
.and()
.formLogin()
.loginPage("/professeur-panel")
.loginProcessingUrl("/professeur/process-login")
.defaultSuccessUrl("/professeur-panel/welcome",true)
.failureUrl("/professeur-panel/login?error")
.usernameParameter("email").passwordParameter("motdepass")
.and()
.logout()
.logoutUrl("/professeur/process-logout")
.logoutSuccessUrl("/professeur-panel/login?logout")
.deleteCookies("JSESSIONID")
.and()
.exceptionHandling().accessDeniedPage("/professeur-panel/accesDenied");
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder builder)throws Exception{
builder.userDetailsService(professeurService);
}
@Bean
public BCryptPasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
@Bean
public SecurityContextHolderAwareRequestFilter awareRequestFilter(){
return new SecurityContextHolderAwareRequestFilter();
}
@Bean
public SecurityContextPersistenceFilter persistenceFilter() {
return new SecurityContextPersistenceFilter();
}
}
登录控制器:
@Controller
@RequestMapping("professeur-panel")
public class LoginProfesseurController {
@RequestMapping(value = {"","acc"},method = RequestMethod.GET)
public String index() {
return "redirect:/professeur-panel/login";
}
@RequestMapping(value = "login",method = RequestMethod.GET)
public String login(
@RequestParam(value = "error",required = false) String error,@RequestParam(value = "logout",required = false) String logout,ModelMap modelMap) {
if(error != null) {
modelMap.put("msg","Invalid email or password");
}
if(logout != null) {
modelMap.put("msg","Logout Seccussfully");
}
return "Professeur/auth/login";
}
@RequestMapping( value="process",method = RequestMethod.GET)
public String process() {
return "redirect:/professeur/accueil";
}
@RequestMapping( value="logout",method = RequestMethod.GET)
public String logout() {
return "redirect:/professeur-panel/login?logout";
}
@RequestMapping( value="accessDenied",method = RequestMethod.GET)
public String accessDenied(Authentication authentication,ModelMap modelMap) {
if(authentication != null) {
modelMap.put("msg","Bonjour" + authentication.getName() + ",vous n'avez pas la permission");
}else {
modelMap.put("msg","Vous n'avez pas la permission pour cette page!");
}
return "Professeur/accessDenied";
}
@RequestMapping( value="welcome",method = RequestMethod.GET)
public String welcome() {
return "redirect:/professeur/accueil";
}
courController:
@RequestMapping(value="cours",method = RequestMethod.GET)
public String list(ModelMap modelMap,@ModelAttribute Professeur professeur ) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
System.out.println("auth :" + auth.getDetails());
modelMap.put("cours",courService.selectAll());
return "Professeur/cours/index";
}
课程模型:
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private int idCour;
@OneToMany(fetch = FetchType.LAZY,mappedBy = "cour")
private List<Fichier> fichiers;
private String nom;
private String module;
@ManyToOne
@JoinColumn(name="idProf")
private Professeur prof;
public Cour() {
}
public Cour(int idCour,List<Fichier> fichiers,String nom,String module,Professeur prof) {
super();
this.idCour = idCour;
this.fichiers = fichiers;
this.nom = nom;
this.module = module;
this.prof = prof;
}
// getters and setters
教授模型:
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private int idProf;
private String nom;
private String prenom;
private String email;
private String motdepass;
@ManyToOne
@JoinColumn(name = "role_id",nullable = false)
private Role role_prof;
@OneToMany(mappedBy = "prof",fetch = FetchType.LAZY)
private List<Cour> cours;
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name="idDept")
private Departement departement;
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name="idFil")
private Filiere filiere ;
public Professeur() {
}
public Professeur(int idProf,String prenom,String email,String motdepass,Role role_prof,List<Cour> cours,Departement departement,Filiere filiere) {
super();
this.idProf = idProf;
this.nom = nom;
this.prenom = prenom;
this.email = email;
this.motdepass = motdepass;
this.role_prof = role_prof;
this.cours = cours;
this.departement = departement;
this.filiere = filiere;
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。