security安全框架，用戶登錄安全認證與退出

一、創建用戶表及實體類

二、編寫security配置文件

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd 
　　　　http://www.springframework.org/schema/security 
　　　　http://www.springframework.org/schema/security/spring-security.xsd">
    <!--不攔截靜態資源-->
    <security:http pattern="/css/**" security="none"></security:http>
    <security:http pattern="/img/**" security="none"></security:http>
    <security:http pattern="/plugins/**" security="none"></security:http>
    <!--不攔截登錄   不攔截error -->
    <security:http pattern="/login.jsp" security="none"></security:http>
    <security:http pattern="/error.jsp" security="none"></security:http>
    <security:http pattern="/favicon.ico" security="none"></security:http>
    <!--2攔截規則
    auto-config="使用自帶頁面"
    use-expressions 是否使用spel 表達式
    -->
    <security:http auto-config="true" use-expressions="false">
        <security:intercept-url pattern="/**" access="ROLE_USER"></security:intercept-url>
        <!--使用安全框架 使用的頁面
        login-page 指的是登錄頁面
         login-processing-url 登錄請求路徑 -登錄必須使用該路徑
          default-target-url  登錄成功后 進入的頁面
          authentication-failure-url 登錄失敗后   進入的頁面
         -->
        <security:form-login
                login-page="/login.jsp"
                login-processing-url="/login"
                default-target-url="/index.jsp"
                authentication-failure-url="/login.jsp"
        />

        <!--關閉跨域請求-->
        <security:csrf disabled="true"/>
        <!--退出-->
        <security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/login.jsp"/>


    </security:http>
    <!--  配置認證登錄信息 認證管理器自帶賬戶密碼-->
    <security:authentication-manager>
        <!--提供服務類 去數據庫查詢賬戶密碼-->
        <security:authentication-provider user-service-ref="sysUserServiceImpl">
<!--            <security:user-service>-->
                <!--臨時賬戶密碼
                 authorities：指定用戶的認證角色
                {noop}不加密-->
<!--                <security:user name="admin" password="{noop}admin" authorities="ROLE_USER"></security:user>-->

<!--            </security:user-service>-->
        </security:authentication-provider>
    </security:authentication-manager>
</beans>
三、編寫web配置文件

<!DOCTYPE web-app PUBLIC
        "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
        "http://java.sun.com/dtd/web-app_2_3.dtd" >

<web-app>
  <display-name>Archetype Created Web Application</display-name>
  <!--1 指定配置文件路徑-->
  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath*:spring/*.xml</param-value>
  </context-param>

  <!--3編碼過濾器-->
  <filter>
    <filter-name>CharacterEncodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
      <param-name>encoding</param-name>
      <param-value>utf-8</param-value>
    </init-param>
  </filter>
<!--安全控件配置攔截所有-->
  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <!--filter-name必須是springcurityFilterChain-->
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <!--編碼過濾器攔截所有-->
  <filter-mapping>
    <filter-name>CharacterEncodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <!--監聽-->
  <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>
  <!--2前端控制器-->
  <servlet>
    <servlet-name>DispatcherServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>classpath:springMVC.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>DispatcherServlet</servlet-name>
    <url-pattern>/</url-pattern>
  </servlet-mapping>

</web-app>
四、編寫登錄頁面，指定登錄路徑

<form action="login" method="post">
.....（此處省略自定義登錄頁面代碼）
</form>
五、編寫dao

public interface SysUserDao{
    //  根據用戶名查詢用戶對象（唯一對象）
    @Select("select * from sys_user where username=#{username}")
    SysUser findByUsername(String username);
}
六、編寫service及實現類
（1）service

//  該接口繼承UserDetailsService    里面有個方法 loadUserByUsername
public interface SysUserService extends UserDetailsService {
}

（2）實現類

@Service
public class SysUserServiceImpl implements SysUserService {
    @Autowired
    SysUserDao sysUserDao;
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        // 根據用戶名獲取用戶對象
        SysUser sysUser = sysUserDao.findByUsername(username);
        if(sysUser!=null){
            // 創建角色集合對象
            Collection<GrantedAuthority> collection = new ArrayList<>();
            // 創建臨時角色對象
            GrantedAuthority grantedAuthority = new SimpleGrantedAuthority("ROLE_USER");
            // 對象添加到集合中
            collection.add(grantedAuthority);
            User user = new User(sysUser.getUsername(), "{noop}" + sysUser.getPassword(), collection);
            return user;
        }
        return null;
    }
七、編寫退出代碼及配置文件（在有退出按鈕的頁面編寫），指定退出路徑（退出路徑在安全框架配置文件中書寫配置）

<a href="${pageContext.request.contextPath}/logout"
   class="btn btn-default btn-flat">注銷</a>