• security安全框架,用户登录安全认证与退出


    一、创建用户表及实体类

    二、编写security配置文件

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:security="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security.xsd">
    <!--不拦截静态资源-->
    <security:http pattern="/css/**" security="none"></security:http>
    <security:http pattern="/img/**" security="none"></security:http>
    <security:http pattern="/plugins/**" security="none"></security:http>
    <!--不拦截登录 不拦截error -->
    <security:http pattern="/login.jsp" security="none"></security:http>
    <security:http pattern="/error.jsp" security="none"></security:http>
    <security:http pattern="/favicon.ico" security="none"></security:http>
    <!--2拦截规则
    auto-config="使用自带页面"
    use-expressions 是否使用spel 表达式
    -->
    <security:http auto-config="true" use-expressions="false">
    <security:intercept-url pattern="/**" access="ROLE_USER"></security:intercept-url>
    <!--使用安全框架 使用的页面
    login-page 指的是登录页面
    login-processing-url 登录请求路径 -登录必须使用该路径
    default-target-url 登录成功后 进入的页面
    authentication-failure-url 登录失败后 进入的页面
    -->
    <security:form-login
    login-page="/login.jsp"
    login-processing-url="/login"
    default-target-url="/index.jsp"
    authentication-failure-url="/login.jsp"
    />

    <!--关闭跨域请求-->
    <security:csrf disabled="true"/>
    <!--退出-->
    <security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/login.jsp"/>


    </security:http>
    <!-- 配置认证登录信息 认证管理器自带账户密码-->
    <security:authentication-manager>
    <!--提供服务类 去数据库查询账户密码-->
    <security:authentication-provider user-service-ref="sysUserServiceImpl">
    <!-- <security:user-service>-->
    <!--临时账户密码
    authorities:指定用户的认证角色
    {noop}不加密-->
    <!-- <security:user name="admin" password="{noop}admin" authorities="ROLE_USER"></security:user>-->

    <!-- </security:user-service>-->
    </security:authentication-provider>
    </security:authentication-manager>
    </beans>
    三、编写web配置文件
    <!DOCTYPE web-app PUBLIC
    "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd" >

    <web-app>
    <display-name>Archetype Created Web Application</display-name>
    <!--1 指定配置文件路径-->
    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath*:spring/*.xml</param-value>
    </context-param>

    <!--3编码过滤器-->
    <filter>
    <filter-name>CharacterEncodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
    <param-name>encoding</param-name>
    <param-value>utf-8</param-value>
    </init-param>
    </filter>
    <!--安全控件配置拦截所有-->
    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
    <!--filter-name必须是springcurityFilterChain-->
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!--编码过滤器拦截所有-->
    <filter-mapping>
    <filter-name>CharacterEncodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!--监听-->
    <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <!--2前端控制器-->
    <servlet>
    <servlet-name>DispatcherServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:springMVC.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
    <servlet-name>DispatcherServlet</servlet-name>
    <url-pattern>/</url-pattern>
    </servlet-mapping>

    </web-app>
    四、编写登录页面,指定登录路径
    <form action="login" method="post">
    .....(此处省略自定义登录页面代码)
    </form>
    五、编写dao
    public interface SysUserDao{
    // 根据用户名查询用户对象(唯一对象)
    @Select("select * from sys_user where username=#{username}")
    SysUser findByUsername(String username);
    }
    六、编写service及实现类
    (1)service
    //  该接口继承UserDetailsService    里面有个方法 loadUserByUsername
    public interface SysUserService extends UserDetailsService {
    }
    (2)实现类
    @Service
    public class SysUserServiceImpl implements SysUserService {
    @Autowired
    SysUserDao sysUserDao;
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    // 根据用户名获取用户对象
    SysUser sysUser = sysUserDao.findByUsername(username);
    if(sysUser!=null){
    // 创建角色集合对象
    Collection<GrantedAuthority> collection = new ArrayList<>();
    // 创建临时角色对象
    GrantedAuthority grantedAuthority = new SimpleGrantedAuthority("ROLE_USER");
    // 对象添加到集合中
    collection.add(grantedAuthority);
    User user = new User(sysUser.getUsername(), "{noop}" + sysUser.getPassword(), collection);
    return user;
    }
    return null;
    }
    七、编写退出代码及配置文件(在有退出按钮的页面编写),指定退出路径(退出路径在安全框架配置文件中书写配置)
    <a href="${pageContext.request.contextPath}/logout"
    class="btn btn-default btn-flat">注销</a>
  • 相关阅读:
    2018-2-26 php、mysql数据库制作简单的商城购物车
    2018-2-8 租房信息的增删改和搜索
    2018-2-6 留言板的制作
    ztree连接数据库问题总结
    织梦cms
    MySQLDB.class.php
    类和对象
    构造、析构;重写;设计模式;单例;抽象;重载
    类、面向对象、类的继承
    css 区块与盒子模型
  • 原文地址:https://www.cnblogs.com/zhangrongfei/p/11236722.html
Copyright © 2020-2023  润新知