Spring Security框架是一個控制登陸的框架,通過配置文件獲取后台的用戶名及密碼,進行比較進行登陸判斷
使用步驟
1、導入依賴
<!-- 身份驗證 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.1.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.1.0.RELEASE</version>
</dependency>
2、web.xml文件中加載spring-security.xml文件
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/spring-security.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3、前端頁面
4、后台代碼中創建一個實體類實現 UserDetailsService接口,實現其中的方法
//用戶登錄的認證類 public class UserDetailsServiceImpl implements UserDetailsService { //service層是獲取后台數據庫中的用戶名信息 private SellerService sellerService; //set方法注入一個 public void setSellerService(SellerService sellerService) { this.sellerService = sellerService; } //通過用戶名去拿數據庫中對象, @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { System.out.println("經過了imp方法"); // username是得到前端表單的用戶名 //哪些用戶有登陸權限, List<GrantedAuthority> grant = new ArrayList<>(); //添加用戶的角色信息,能夠去使用 grant.add(new SimpleGrantedAuthority("ROLE_SELLER")); //username是控制框架規定的,其實就是實體類的seller_id Seller seller = sellerService.findOne(username); // 若果不存在此用戶 if (seller !=null && "1".equals(seller.getStatus())){ //只有當審核通過的商家才能登陸,返回的user是你輸入的用戶名,密碼,角色, return new User(username,seller.getPassword(),grant); }else { return null; } }
5、spring-security
里面的細則,我上一篇博客有細說,大家可以回顧一下
<beans:beans
xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:dubbo="http://code.alibabatech.com/schema/dubbo" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://code.alibabatech.com/schema/dubbo http://code.alibabatech.com/schema/dubbo/dubbo.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- 以下頁面不被攔截 --> <http pattern="/*.html" security="none"></http> <http pattern="/css/**" security="none"></http> <http pattern="/img/**" security="none"></http> <http pattern="/js/**" security="none"></http> <http pattern="/plugins/**" security="none"></http> <!--<http pattern="/seller/add.do" security="none"></http>--> <!-- 頁面攔截規則 --> <http use-expressions="false"> <intercept-url pattern="/**" access="ROLE_SELLER" /> <form-login login-page="/shoplogin.html" default-target-url="/admin/index.html" authentication-failure-url="/shoplogin.html" always-use-default-target="true"/> <csrf disabled="true"/> <headers> <frame-options policy="SAMEORIGIN"/> //角色信息 </headers> <logout/> </http> <!-- 認證管理器 --> <authentication-manager> <authentication-provider user-service-ref="userDetailService"> </authentication-provider> </authentication-manager> <!-- 應用dubbo--> <dubbo:application name="youlexuan-shop" /> <dubbo:registry address="zookeeper://192.168.200.128:2181"/> <dubbo:reference id="sellerService" interface="com.ghh.core.service.SellerService" > </dubbo:reference>
<!--自定義的配置類-->
<beans:bean id="userDetailService" class="com.ghh.shop.service.UserDetailsServiceImpl">
<beans:property name="sellerService" ref="sellerService"/> //ref引用dubbo中的sellerService
</beans:bean>
</beans:beans>
自定義配置類中指向自定義的UserDetailsServiceImpl類中,將后台返回的用戶名,密碼,角色信息,進行控制判斷