pom.xml:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
web.xml:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/spring-security.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
登录html页面:
<form id="loginform" method="post" action="/login">//此处action使用安全框架默认路径
<input name="username"></input>
<input name="password"></input>
<a href="admin/index.html" onclick="document:loginform.submit()" >登录</a>
<form>
从数据库获取用户的后端代码:
package com.pinyougou.service;
import com.pinyougou.pojo.TbSeller;
import com.pinyougou.sellergoods.service.SellerService;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import java.util.ArrayList;
import java.util.List;
public class UserDetailsServiceImpl implements UserDetailsService {
private SellerService sellerService;
public void setSellerService(SellerService sellerService) {
this.sellerService = sellerService;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
System.out.println("返回了User");
List<GrantedAuthority> grantedAuths = new ArrayList<>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_SELLER"));
//得到商家用户
TbSeller seller = sellerService.findOne(username);
if (seller != null) {//数据库有此用户
if (seller.getStatus() == "1") {//商家当前状态是否可用
return new User(username, seller.getPassword(), grantedAuths);
} else {
return null;
}
} else {
return null;
}
}
spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- 设置页面不登陆也可以访问 -->
<http pattern="/*.html" security="none">
</http>
<http pattern="/css/**" security="none">
</http>
<http pattern="/img/**" security="none">
</http>
<http pattern="/js/**" security="none">
</http>
<http pattern="/plugins/**" security="none">
</http>
<http pattern="/seller/add.do" security="none">
</http>
<!-- 页面的拦截规则 use-expressions:是否启动SPEL表达式 默认是true -->
<http use-expressions="false">
<!-- 当前用户必须有ROLE_USER的角色 才可以访问根目录及所属子目录的资源 -->
<intercept-url pattern="/**" access="ROLE_ADMIN"/>
<!-- 开启表单登陆功能 -->
<form-login login-page="/shoplogin.html" default-target-url="/admin/index.html" authentication-failure-url="/shoplogin.html" always-use-default-target="true"/>
<csrf disabled="true"/>
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
<logout/>
</http>
-
<authentication-manager> <authentication-provider user-service-ref="userDetailService"> </authentication-provider> </authentication-manager> <!-- 认证类,为类中set方法注入实体bean--> <beans:bean id="userDetailService" class="com.pinyougou.service.UserDetailsServiceImpl"> <beans:property name="sellerService" ref="sellerService" > </beans:property> </beans:bean> <!--引用dubbo服务--> <dubbo:application name="pinyougou-shop-web" /> <dubbo:registry address="zookeeper://192.168.199.123:2181"/>
<dubbo:reference id="sellerService" interface="com.pinyougou.sellergoods.service.SellerService"/>
</beans:beans>