Java之品优购课程讲义_day04（7）

.商家系统登录与安全控制

5.1 需求分析

完成商家系统登陆与安全控制，商家账号来自数据库，并实现密码加密

5.2 自定义认证类

（1）pom.xml、web.xml        、login.html        参照运营商管理后台

（2）在        pinyougou-shop-web        创  建        com.pinyougou.service        包 ， 包 下 创 建 类

UserDetailsServiceImpl.java 实现 UserDetailsService 接口

package  com.pinyougou.service; import  java.util.ArrayList; import  java.util.List;
import  org.springframework.security.core.GrantedAuthority;
 
import  org.springframework.security.core.authority.SimpleGrantedAuthority;
 
import  org.springframework.security.core.userdetails.User;
import  org.springframework.security.core.userdetails.UserDetails;
 
import  org.springframework.security.core.userdetails.UserDetailsService;
 
import  org.springframework.security.core.userdetails.UsernameNotFoundException;
 
/**
 
*认证类
 
*@author  Administrator
 
*
 
*/
 
public  class  UserDetailsServiceImpl  implements  UserDetailsService  { @Override
public  UserDetails  loadUserByUsername(String  username)  throws
UsernameNotFoundException  {
 
List<GrantedAuthority>  grantedAuths  =  new  ArrayList<GrantedAuthority>(); grantedAuths.add(new  SimpleGrantedAuthority("ROLE_SELLER"));
return  new  User(username,"123456",  grantedAuths);
 
}
 
}
（3）在 pinyougou-shop-web 的 spring 目录下创建 spring-security.xml

<!-- 以下页面不被拦截 -->
 
<http  pattern="/*.html"  security="none"></http>
 
 
<http  pattern="/css/**"  security="none"></http>
 
 
<http  pattern="/img/**"  security="none"></http>
 
 
<http  pattern="/js/**"  security="none"></http>
 
 
<http  pattern="/plugins/**"  security="none"></http>
<http  pattern="/seller/add.do"  security="none"></http>
 
<!-- 页面拦截规则 -->
 
<http  use-expressions="false">
 
 
<intercept-url  pattern="/**"  access="ROLE_SELLER"  />
 
 
<form-login  login-page="/shoplogin.html"
default-target-url="/admin/index.html"  authentication-failure-url="/shoplogin.html" always-use-default-target="true"/>
 
<csrf  disabled="true"/>
 
 
<headers>
 
 
<frame-options  policy="SAMEORIGIN"/>
 
 
</headers>
 
 
<logout/>
 
 
</http>
 
<!-- 认证管理器 -->
 
<authentication-manager>
 
 
<authentication-provider  user-service-ref="userDetailService">
 
 
</authentication-provider>
 
 
</authentication-manager>
<beans:bean  id="userDetailService" class="com.pinyougou.service.UserDetailServiceImpl"></beans:bean>
经过上述配置，用户在输入密码 123456 时就会通过（用户名随意）