Spring Security框架是一个控制登陆的框架,通过配置文件获取后台的用户名及密码,进行比较进行登陆判断
使用步骤
1、导入依赖
<!-- 身份验证 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.1.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.1.0.RELEASE</version>
</dependency>
2、web.xml文件中加载spring-security.xml文件
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/spring-security.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3、前端页面
4、后台代码中创建一个实体类实现 UserDetailsService接口,实现其中的方法
//用户登录的认证类 public class UserDetailsServiceImpl implements UserDetailsService { //service层是获取后台数据库中的用户名信息 private SellerService sellerService; //set方法注入一个 public void setSellerService(SellerService sellerService) { this.sellerService = sellerService; } //通过用户名去拿数据库中对象, @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { System.out.println("经过了imp方法"); // username是得到前端表单的用户名 //哪些用户有登陆权限, List<GrantedAuthority> grant = new ArrayList<>(); //添加用户的角色信息,能够去使用 grant.add(new SimpleGrantedAuthority("ROLE_SELLER")); //username是控制框架规定的,其实就是实体类的seller_id Seller seller = sellerService.findOne(username); // 若果不存在此用户 if (seller !=null && "1".equals(seller.getStatus())){ //只有当审核通过的商家才能登陆,返回的user是你输入的用户名,密码,角色, return new User(username,seller.getPassword(),grant); }else { return null; } }
5、spring-security
里面的细则,我上一篇博客有细说,大家可以回顾一下
<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:dubbo="http://code.alibabatech.com/schema/dubbo"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://code.alibabatech.com/schema/dubbo http://code.alibabatech.com/schema/dubbo/dubbo.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- 以下页面不被拦截 -->
<http pattern="/*.html" security="none"></http>
<http pattern="/css/**" security="none"></http>
<http pattern="/img/**" security="none"></http>
<http pattern="/js/**" security="none"></http>
<http pattern="/plugins/**" security="none"></http>
<!--<http pattern="/seller/add.do" security="none"></http>-->
<!-- 页面拦截规则 -->
<http use-expressions="false">
<intercept-url pattern="/**" access="ROLE_SELLER" />
<form-login login-page="/shoplogin.html" default-target-url="/admin/index.html" authentication-failure-url="/shoplogin.html" always-use-default-target="true"/>
<csrf disabled="true"/>
<headers>
<frame-options policy="SAMEORIGIN"/> //角色信息
</headers>
<logout/>
</http>
<!-- 认证管理器 -->
<authentication-manager>
<authentication-provider user-service-ref="userDetailService">
</authentication-provider>
</authentication-manager>
<!-- 应用dubbo-->
<dubbo:application name="youlexuan-shop" />
<dubbo:registry address="zookeeper://192.168.200.128:2181"/>
<dubbo:reference id="sellerService" interface="com.ghh.core.service.SellerService" >
</dubbo:reference>
<!--自定义的配置类-->
<beans:bean id="userDetailService" class="com.ghh.shop.service.UserDetailsServiceImpl">
<beans:property name="sellerService" ref="sellerService"/> //ref引用dubbo中的sellerService
</beans:bean>
</beans:beans>
自定义配置类中指向自定义的UserDetailsServiceImpl类中,将后台返回的用户名,密码,角色信息,进行控制判断