BCrypt 加密出来的字符串 ,密码相同,加密出的密文字符串是不一样的!配合springSecurity使用
目录结构
pom.xml
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>spring-demo</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<!-- 解决post乱码 -->
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<!-- 指定加载的配置文件 ,通过参数contextConfigLocation加载-->
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/springmvc.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>Demo-7.html</welcome-file>
</welcome-file-list>
<!--安全框架配置-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/spring-security.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:dubbo="http://code.alibabatech.com/schema/dubbo"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://code.alibabatech.com/schema/dubbo http://code.alibabatech.com/schema/dubbo/dubbo.xsd">
<!--设置页面不登录也可以访问页面-->
<http pattern="/*.html" security="none"></http>
<http pattern="/*.ico" security="none"></http>
<http pattern="/css/**" security="none"></http>
<http pattern="/img/**" security="none"></http>
<http pattern="/js/**" security="none"></http>
<http pattern="/plugins/**" security="none"></http>
<http pattern="/seller/add" security="none"></http>
<!--页面的拦截规则 expressions 是否启用SPEL表达式-->
<http use-expressions="false">
<!--pattern :匹配 当前目录下的所有资源
access: 角色名称 当前用户必须有ROLE_USER的角色才能访问资源-->
<intercept-url pattern="/**" access="ROLE_SELLER"/>
<!--开启表单登录功能
always-use-default-target= 总是跳转默认页面
login-page登录页面
default-target-url 登录成功页面
authentication-failure-url 登录失败页面
login-processing-url 请求地址配置
-->
<form-login always-use-default-target="false"
login-page="/shoplogin.html"
default-target-url="/admin/index.html"
authentication-failure-url="/shoplogin.html"
/>
<csrf disabled="true"/>
<!--可以使用内置框架也-->
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
<!--自动产生退出地址
logout-success-url 指定退出的地址-->
<logout />
<!--<logout logout-success-url="/login.html"/>-->
</http>
<!--认证管理器-->
<authentication-manager>
<!--认证提供者-->
<authentication-provider user-service-ref="userDetailsService">
<password-encoder ref="passwordEncoder"></password-encoder>
<!--<user-service>-->
<!--<!–定义用户–>-->
<!--<user name="admin" password="123456" authorities="ROLE_ADMIN"/>-->
<!--<user name="sunwukong" password="dasheng" authorities="ROLE_ADMIN"/>-->
<!--</user-service>-->
</authentication-provider>
</authentication-manager>
<beans:bean id="userDetailsService" class="cn.bufanli.service.UserDetailsServiceImpl">
<beans:property name="sellerService" ref="sellerService"></beans:property>
</beans:bean>
<!-- 引用dubbo 服务 -->
<dubbo:application name="pinyougou-shop-web" />
<dubbo:registry address="zookeeper://IP:PORT"/>
<dubbo:reference id="sellerService" interface="cn.bufanli.sellergoods.service.SellerService"></dubbo:reference>
<beans:bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></beans:bean>
</beans:beans>
加密代码
package cn.bufanli.shop.controller;
import cn.bufanli.pojo.TbSeller;
import cn.bufanli.sellergoods.service.SellerService;
import cn.bufanli.utiles.Message;
import com.alibaba.dubbo.config.annotation.Reference;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* controller
*`
* @author Administrator
*/
@RestController
@RequestMapping("/seller")
public class SellerController {
@Reference
private SellerService sellerService;
/**
* 增加
*
* @param seller
* @return
*/
@RequestMapping("/add")
public Message add(@RequestBody TbSeller seller) {
//将密码进行加密
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String pas = passwordEncoder.encode(seller.getPassword());
seller.setPassword(pas);
Message add = sellerService.add(seller);
System.out.println(add);
return add;
}
}
认证类
package cn.bufanli.service;
import cn.bufanli.pojo.TbSeller;
import cn.bufanli.sellergoods.service.SellerService;
import cn.bufanli.utiles.Message;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
/**
* 认证类
*
* @author BuShuangLi
* @date 2019/3/5
*/
public class UserDetailsServiceImpl implements UserDetailsService {
private SellerService sellerService;
public void setSellerService(SellerService sellerService) {
this.sellerService = sellerService;
}
/**
* 用户在页面输入的用户名
* @param username
* @return
* @throws UsernameNotFoundException
*/
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
System.out.println("---经过了UserDetailsService----");
//构建角色列表
List<GrantedAuthority> grantAuths =new ArrayList();
grantAuths.add(new SimpleGrantedAuthority("ROLE_SELLER"));
//获取用户对象
Message one = sellerService.findOne(username);
//查到对应的对象
if("200".equals(one.getStatus())){
TbSeller data = (TbSeller)one.getData();
if ("1".equals(data.getStatus())){
return new User(username,data.getPassword(),grantAuths);
}else{
return null;
}
}else{
return null;
}
}
}
页面from表单 action 必须="/login" method必须="post"
<form class="sui-form" action="/login" method="post" id="loginFrom">
<div class="input-prepend"><span class="add-on loginname"></span>
<input id="prependedInput" name="username" type="text" placeholder="邮箱/用户名/手 机号" class="span2 input-xfat">
</div>
<div class="input-prepend"><span class="add-on loginpwd"></span>
<input id="prependedInput" type="password" name="password" placeholder="请输入密码" class="span2 input-xfat">
</div>
<div class="setting">
<label class="checkbox inline"><input name="m1" type="checkbox" value="2" checked="">自动登录</label>
<span class="forget">忘记密码?</span>
</div>
<div class="logined">
<a class="sui-btn btn-block btn-xlarge btn-danger" onclick="document: loginFrom.submit()" target="_blank">登 录</a>
</div>
</form>