spring-security的权限验证

导入jar包

<dependency> 
 	<groupId>org.springframework.security</groupId> 
 	<artifactId>spring-security-web</artifactId>  	 
</dependency> 
<dependency> 
 	<groupId>org.springframework.security</groupId> 
 	<artifactId>spring-security-config</artifactId>  
 	</dependency> 

修改web.xml中的配置

<context-param> 
 	 	<param-name>contextConfigLocation</param-name> 
 	 	<param-value>classpath:spring/spring-security.xml</param-value> 
 	 </context-param> 
 	 <listener>  	 	<listener-class> 
 	 	 	org.springframework.web.context.ContextLoaderListener 
 	 	</listener-class> 
 	 </listener>  
 	 <filter>   
 	 	<filter-name>springSecurityFilterChain</filter-name>   
 	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-clas s>   
 	 </filter>   
 	 <filter-mapping>   
 	 	<filter-name>springSecurityFilterChain</filter-name>   
 	 	<url-pattern>/*</url-pattern>   
 	 </filter-mapping>  

添加spring-security.xml 在里面进行添加

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:dubbo="http://code.alibabatech.com/schema/dubbo" 
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
	        			http://code.alibabatech.com/schema/dubbo http://code.alibabatech.com/schema/dubbo/dubbo.xsd
						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

	<!-- 以下页面不被拦截 --> 
 	<http pattern="/*.html" security="none"></http> 
 	<http pattern="/css/**" security="none"></http> 
	<http pattern="/img/**" security="none"></http> 
 	<http pattern="/js/**" security="none"></http> 
 	<http pattern="/plugins/**" security="none"></http> 
	<http pattern="/seller/add.do" security="none"></http> 
	
	 	<!-- 1.配置页面的拦截规则 
		 	pattern=/* :拦截当前文件目录下的所有资源(不包括子目录)
		 	pattern=/** :包括该目录及子目录下的所有文件夹 
			access="ROLE_ADMIN" :允许通过的角色 登入用户拥有该角色则放行. 
			use-expressions="false" :是否启用SPEL表达式 默认true 如果开启,则access="hasRole(ROLE_ADMIN)" 
			form-login : 开启表单登入功能 ,默认接收的登入账号字段为username 
			密码字段password 提供了/login 提交方式必须为post
			login-page :登入页面 
			default-target-url :默认登入的页面 
			authentication-failure-url :页面登入失败后访问的页面
		    always-use-default-target="true" :登入成功后默认跳转页面 
			csrf disabled="true" : 关闭CRSF保护 (如果所有页面为HTML则需要关闭才能访问)  403错误的使用
		    frame-options policy="SAMEORIGIN" :允许使用其他框架
		    logout :退出 logout-success-url :退出后跳转页面 -->
	<!-- 页面拦截规则 --> 
	<http use-expressions="false"> 
 	 	<intercept-url pattern="/**" access="ROLE_ADMIN" /> 
 	 	<!-- 开启表单登陆选择 --> 
			<form-login login-page="/shoplogin.html"  
		default-target-url="/admin/index.html" 
		authentication-failure-url="/shoplogin.html"
		always-use-default-target="true"/>    
 	 	<csrf disabled="true"/> 
		<logout/>  //  退出的方法   在要退出的按钮上添加onclick="/logout" 可以直接退出
		//要是系统中使用了框架记得放行
		<headers> 
 	 	 	<frame-options policy="SAMEORIGIN"/> 
 	 	</headers> 
		
	</http>
	<!-- 开启密码加密 -->
	<beans:bean id="bcryptEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" /> 
	
	<!-- 认证管理器 --> 
	<!-- 2.配置认证管理器 
		authentication-provider 					:认证提供者
		password-encoder ref="bcryptEncoder"		:引用解密对象
		 -->
 	<authentication-manager> 
 	 	<authentication-provider  user-service-ref="userDetailService">
 	 		 <password-encoder ref="bcryptEncoder"></password-encoder>
 	 	</authentication-provider> 
 	</authentication-manager> 
 	
	<!-- 在dubbo上面进行注册-->
 	<dubbo:application name="pinyougou-shop-web" /> 
	<dubbo:registry address="zookeeper://192.168.25.128:2181"/> 
 	<dubbo:reference id="sellerService" interface="com.pinyougou.sellergoods.service.SellerService" >
 	</dubbo:reference> 
 	<beans:bean id="userDetailService" class="com.pinyougou.service.UserDetailsServiceImpl">
 	 		<beans:property name="sellerService" ref="sellerService"></beans:property>
 	</beans:bean>

</beans:beans>

密码加密

//既然是密码加密    就应该在添加的时候进行加密
@RequestMapping("/add") 
 	public Result add(@RequestBody TbSeller seller){ 
 	 	//密码加密 
 	 	BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();  	 	
 	 	String password = passwordEncoder.encode(seller.getPassword()); 
 	 	seller.setPassword(password); 
 	 	try { 
 	 	 	sellerService.add(seller); 
 	 	 	return new Result(true, "增加成功"); 
 	 	} catch (Exception e) { 
 	 	 	e.printStackTrace(); 
 	 	 	return new Result(false, "增加失败"); 
 	 	} 
 	} 

创建一个UserDetailsServiceImpl.java 实现 UserDetailsService 接口

public class UserDetailsServiceImpl implements UserDetailsService {

private SellerService sellerService;
public void setSellerService(SellerService sellerService) {
	this.sellerService = sellerService;
}

@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

	// 构建角色列表
	List<GrantedAuthority> authorities = new ArrayList();
	authorities.add(new SimpleGrantedAuthority("ROLE_SELLER"));

	// 根据用户名查询数据库.返回用户和登入用户信息比对
	TbSeller seller = sellerService.findOne(username);

	if (seller != null && seller.getStatus().equals("1")) {
		return new User(username, seller.getPassword(), authorities);		
	} else {
		return null;
	}
} }