Spring Security-多个用户登录

如何解决Spring Security-多个用户登录

当我以userxxx身份登录时，我可以看到所有其他用户数据。

我怎么只能看到与教授登录有关的课程

配置：

   @EnableWebSecurity
   @Configuration
   @Order(1)
   public class ProfesseurSecurityConfiguration extends WebSecurityConfigurerAdapter{


@Autowired
private ProfesseurService professeurService;


protected void configure(HttpSecurity httpSecurity) throws Exception{
    httpSecurity.cors().and().csrf().disable();
    
    httpSecurity.antMatcher("/professeur/**")
                .authorizeRequests()
                .antMatchers("/professeur/**").access("hasRole('ROLE_PROFESSEUR')")
                .and()
                .formLogin()
                .loginPage("/professeur-panel")
                .loginProcessingUrl("/professeur/process-login")
                .defaultSuccessUrl("/professeur-panel/welcome",true)
                .failureUrl("/professeur-panel/login?error")
                .usernameParameter("email").passwordParameter("motdepass")
                .and()
                .logout()
                .logoutUrl("/professeur/process-logout")
                .logoutSuccessUrl("/professeur-panel/login?logout")
                .deleteCookies("JSESSIONID")
                .and()
                .exceptionHandling().accessDeniedPage("/professeur-panel/accesDenied");
                
}

@Autowired
public void configureGlobal(AuthenticationManagerBuilder builder)throws Exception{
    builder.userDetailsService(professeurService);
}

@Bean
public BCryptPasswordEncoder encoder() {
    return new BCryptPasswordEncoder();
}

@Bean
public SecurityContextHolderAwareRequestFilter awareRequestFilter(){
    return new SecurityContextHolderAwareRequestFilter();
}

@Bean
public SecurityContextPersistenceFilter persistenceFilter() {
    return new SecurityContextPersistenceFilter();
}
}

登录控制器：

@Controller     
@RequestMapping("professeur-panel")
public class LoginProfesseurController {



@RequestMapping(value = {"","acc"},method = RequestMethod.GET)
public String index() {
    return "redirect:/professeur-panel/login";
}

@RequestMapping(value = "login",method = RequestMethod.GET)
public String login(
        @RequestParam(value = "error",required = false) String error,@RequestParam(value = "logout",required = false) String logout,ModelMap modelMap) {
    
    if(error != null) {
        
        modelMap.put("msg","Invalid email or password");  
    }
    if(logout != null) {
        modelMap.put("msg","Logout Seccussfully");
    }
    
    return "Professeur/auth/login";
}


@RequestMapping( value="process",method = RequestMethod.GET)
public String process() {
    return "redirect:/professeur/accueil";
}


@RequestMapping( value="logout",method = RequestMethod.GET)
public String logout() {
    
    return "redirect:/professeur-panel/login?logout";
}


@RequestMapping( value="accessDenied",method = RequestMethod.GET)
public String accessDenied(Authentication authentication,ModelMap modelMap) {
    if(authentication != null) {
        modelMap.put("msg","Bonjour" + authentication.getName() + ",vous n'avez pas la permission");
    }else {
        modelMap.put("msg","Vous n'avez pas la permission pour cette page!");
    }
    return "Professeur/accessDenied";
}

@RequestMapping( value="welcome",method = RequestMethod.GET)
public String welcome() {
    return "redirect:/professeur/accueil";
}

courController：

    @RequestMapping(value="cours",method = RequestMethod.GET)
    public String list(ModelMap modelMap,@ModelAttribute Professeur professeur ) {
    
    
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    System.out.println("auth :" + auth.getDetails());
    
    
    modelMap.put("cours",courService.selectAll());
    return "Professeur/cours/index";
}

课程模型：

    @Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private int idCour;

@OneToMany(fetch = FetchType.LAZY,mappedBy = "cour")
private List<Fichier> fichiers;

private String nom;

private String module;

@ManyToOne
@JoinColumn(name="idProf")
private Professeur prof;

public Cour() {
    
}

public Cour(int idCour,List<Fichier> fichiers,String nom,String module,Professeur prof) {
    super();
    this.idCour = idCour;
    this.fichiers = fichiers;
    this.nom = nom;
    this.module = module;
    this.prof = prof;
}

// getters and setters

教授模型：

 @Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private int idProf;

private String nom;

private String prenom;

private String email; 

private String motdepass;

@ManyToOne
@JoinColumn(name = "role_id",nullable = false)
private Role role_prof;

@OneToMany(mappedBy = "prof",fetch = FetchType.LAZY)
private List<Cour> cours;

@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name="idDept")
private Departement departement;

@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name="idFil")
private Filiere filiere ;

public Professeur() {
    
}


public Professeur(int idProf,String prenom,String email,String motdepass,Role role_prof,List<Cour> cours,Departement departement,Filiere filiere) {
    super();
    this.idProf = idProf;
    this.nom = nom;
    this.prenom = prenom;
    this.email = email;
    this.motdepass = motdepass;
    this.role_prof = role_prof;
    this.cours = cours;
    this.departement = departement;
    this.filiere = filiere;
}

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。