此处使用spring Security3.1,springMVC+SpringSecurity。
配置文件:spring-security.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http auto-config="true">
<security:form-login
login-page="/login.html"
login-processing-url="/login.do"
default-target-url="/hhh.html"
authentication-success-handler-ref="authSuccess"
authentication-failure-handler-ref="authFailure"
username-parameter="username"
password-parameter="password" />
<security:intercept-url pattern="/login.html" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:logout logout-url="/logout" logout-success-url="/login.html"/>
<security:http-basic/>
<security:intercept-url pattern="/**" access="ROLE_USER" />
</security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="myUserDetailsService"/>
</security:authentication-manager>
<bean id="authSuccess" class="com.txd.security.utils.AuthenticationSuccessHandlerImpl"/>
<bean id="authFailure" class="com.txd.security.utils.AuthenticationFailureHandlerImpl"/>
<bean id="myUserDetailsService" class="com.txd.security.utils.MyUserDetailsService"/>
<bean id="myAuthenticationProvider" class="com.txd.security.utils.MyAuthenticationProvider">
<property name="myUserDetailsService" ref="myUserDetailsService"/>
</bean>
</beans>
案例的整体结构如下:
我在验证成功/失败的处理类里边加了一个简单的重定向,在myUserDetailsService里边结合MyBatis重MySQL的users表单里边查询用户信息来进行验证,代码如下:
package com.txd.security.utils;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import com.txd.hello.model.User;
public class MyUserDetailsService implements UserDetailsService {
@Autowired
private com.txd.hello.service.UserService UserService;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = new User();
user.setUsername(username);
try {
List<User> list = UserService.findByExample(user);
for(User u:list) {
if(username.equals(u.getUsername())) {
Collection<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();
SimpleGrantedAuthority authority = new SimpleGrantedAuthority("ROLE_USER");
auths.add(authority);
return new org.springframework.security.core.userdetails.User(u.getUsername(),u.getPassword(),auths);
}
}
}catch(Exception e) {
e.printStackTrace();
}
return null;
}
}
案例的页面显示文件结构如下:
简单的验证,简单的页面调转,实验成功。