导入jar包
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
修改web.xml中的配置
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/spring-security.xml</param-value>
</context-param>
<listener> <listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-clas s>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
添加spring-security.xml 在里面进行添加
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:dubbo="http://code.alibabatech.com/schema/dubbo"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://code.alibabatech.com/schema/dubbo http://code.alibabatech.com/schema/dubbo/dubbo.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- 以下页面不被拦截 -->
<http pattern="/*.html" security="none"></http>
<http pattern="/css/**" security="none"></http>
<http pattern="/img/**" security="none"></http>
<http pattern="/js/**" security="none"></http>
<http pattern="/plugins/**" security="none"></http>
<http pattern="/seller/add.do" security="none"></http>
<!-- 1.配置页面的拦截规则
pattern=/* :拦截当前文件目录下的所有资源(不包括子目录)
pattern=/** :包括该目录及子目录下的所有文件夹
access="ROLE_ADMIN" :允许通过的角色 登入用户拥有该角色则放行.
use-expressions="false" :是否启用SPEL表达式 默认true 如果开启,则access="hasRole(ROLE_ADMIN)"
form-login : 开启表单登入功能 ,默认接收的登入账号字段为username
密码字段password 提供了/login 提交方式必须为post
login-page :登入页面
default-target-url :默认登入的页面
authentication-failure-url :页面登入失败后访问的页面
always-use-default-target="true" :登入成功后默认跳转页面
csrf disabled="true" : 关闭CRSF保护 (如果所有页面为HTML则需要关闭才能访问) 403错误的使用
frame-options policy="SAMEORIGIN" :允许使用其他框架
logout :退出 logout-success-url :退出后跳转页面 -->
<!-- 页面拦截规则 -->
<http use-expressions="false">
<intercept-url pattern="/**" access="ROLE_ADMIN" />
<!-- 开启表单登陆选择 -->
<form-login login-page="/shoplogin.html"
default-target-url="/admin/index.html"
authentication-failure-url="/shoplogin.html"
always-use-default-target="true"/>
<csrf disabled="true"/>
<logout/> // 退出的方法 在要退出的按钮上添加onclick="/logout" 可以直接退出
//要是系统中使用了框架记得放行
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
</http>
<!-- 开启密码加密 -->
<beans:bean id="bcryptEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
<!-- 认证管理器 -->
<!-- 2.配置认证管理器
authentication-provider :认证提供者
password-encoder ref="bcryptEncoder" :引用解密对象
-->
<authentication-manager>
<authentication-provider user-service-ref="userDetailService">
<password-encoder ref="bcryptEncoder"></password-encoder>
</authentication-provider>
</authentication-manager>
<!-- 在dubbo上面进行注册-->
<dubbo:application name="pinyougou-shop-web" />
<dubbo:registry address="zookeeper://192.168.25.128:2181"/>
<dubbo:reference id="sellerService" interface="com.pinyougou.sellergoods.service.SellerService" >
</dubbo:reference>
<beans:bean id="userDetailService" class="com.pinyougou.service.UserDetailsServiceImpl">
<beans:property name="sellerService" ref="sellerService"></beans:property>
</beans:bean>
</beans:beans>
密码加密
//既然是密码加密 就应该在添加的时候进行加密
@RequestMapping("/add")
public Result add(@RequestBody TbSeller seller){
//密码加密
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String password = passwordEncoder.encode(seller.getPassword());
seller.setPassword(password);
try {
sellerService.add(seller);
return new Result(true, "增加成功");
} catch (Exception e) {
e.printStackTrace();
return new Result(false, "增加失败");
}
}
创建一个UserDetailsServiceImpl.java 实现 UserDetailsService 接口
public class UserDetailsServiceImpl implements UserDetailsService {
private SellerService sellerService;
public void setSellerService(SellerService sellerService) {
this.sellerService = sellerService;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
// 构建角色列表
List<GrantedAuthority> authorities = new ArrayList();
authorities.add(new SimpleGrantedAuthority("ROLE_SELLER"));
// 根据用户名查询数据库.返回用户和登入用户信息比对
TbSeller seller = sellerService.findOne(username);
if (seller != null && seller.getStatus().equals("1")) {
return new User(username, seller.getPassword(), authorities);
} else {
return null;
}
} }