Spring Security之配置从DB获取用户信息进行验证(xml配置文件方式)

此处使用spring Security3.1，springMVC+SpringSecurity。

配置文件：spring-security.xml

<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:security="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.1.xsd">

	<security:http auto-config="true">
		<security:form-login 
				login-page="/login.html"
         		login-processing-url="/login.do" 
         		default-target-url="/hhh.html"
         		authentication-success-handler-ref="authSuccess"
         		authentication-failure-handler-ref="authFailure"
         		username-parameter="username"
         		password-parameter="password" />
      	<security:intercept-url pattern="/login.html" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
      	<security:logout logout-url="/logout" logout-success-url="/login.html"/>
      	<security:http-basic/>
      	<security:intercept-url pattern="/**" access="ROLE_USER" />
	</security:http>

	<security:authentication-manager>
      <security:authentication-provider user-service-ref="myUserDetailsService"/>
   </security:authentication-manager>
   
	<bean id="authSuccess" class="com.txd.security.utils.AuthenticationSuccessHandlerImpl"/>
   	<bean id="authFailure" class="com.txd.security.utils.AuthenticationFailureHandlerImpl"/>
   
   	<bean id="myUserDetailsService" class="com.txd.security.utils.MyUserDetailsService"/>
	<bean id="myAuthenticationProvider" class="com.txd.security.utils.MyAuthenticationProvider">
		<property name="myUserDetailsService" ref="myUserDetailsService"/>
	</bean>
	
</beans>

案例的整体结构如下：

我在验证成功/失败的处理类里边加了一个简单的重定向，在myUserDetailsService里边结合MyBatis重MySQL的users表单里边查询用户信息来进行验证，代码如下：

package com.txd.security.utils;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import com.txd.hello.model.User;

public class MyUserDetailsService implements UserDetailsService {

	@Autowired
	private com.txd.hello.service.UserService UserService;
	
	@Override
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
		User user = new User();
		user.setUsername(username);
		try {
			List<User> list = UserService.findByExample(user);
			for(User u:list) {
				if(username.equals(u.getUsername())) {
					Collection<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();
		            SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER"); 
		            auths.add(authority);
					return new org.springframework.security.core.userdetails.User(u.getUsername(),u.getPassword(),auths);
				}
			}
		}catch(Exception e) {
			e.printStackTrace();
		}
		return null;
	}

}

案例的页面显示文件结构如下：

简单的验证，简单的页面调转，实验成功。