spring-security的权限验证登入基于ssm angularJS框架

最新推荐文章于 2021-05-30 23:28:40 发布

JGCS

最新推荐文章于 2021-05-30 23:28:40 发布

阅读量289

点赞数

分类专栏：笔记文章标签： java

本文链接：https://blog.csdn.net/weixin_43342054/article/details/97401332

版权

笔记专栏收录该内容

55 篇文章 0 订阅

订阅专栏

1.pom.xml引入依赖

<!-- springSecurity 权限验证框架 -->
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-web</artifactId>
		</dependency>

		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-config</artifactId>
		</dependency>

2.web.xml文件配置

 <!-- spring-security -->
	 <context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>classpath:spring/spring-security.xml</param-value>
	 </context-param>
	 <listener>
		<listener-class>
			org.springframework.web.context.ContextLoaderListener
		</listener-class>
	 </listener>
	
	 <filter>  
		<filter-name>springSecurityFilterChain</filter-name>  
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
	 </filter>  
	 <filter-mapping>  
		<filter-name>springSecurityFilterChain</filter-name>  
		<url-pattern>/*</url-pattern>  
	 </filter-mapping>

3.spring-security.xml文件配置

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans"
	xmlns:dubbo="http://code.alibabatech.com/schema/dubbo"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
						http://code.alibabatech.com/schema/dubbo http://code.alibabatech.com/schema/dubbo/dubbo.xsd
						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
						
	<!-- 放行资源 ,不登入也可以访问(登入页面.失败页面.静态资源.注册页面.退出页面等等) -->
	<http pattern="/*.html" security="none" />
	<http pattern="/css/**" security="none" /> 
	<http pattern="/img/**" security="none" />
	<http pattern="/js/**" security="none" />
	<http pattern="/plugins/**" security="none" />
	<http pattern="/seller/add.do" security="none" />

	<!-- 1.配置页面的拦截规则 pattern=/* :拦截当前文件目录下的所有资源(不包括子目录) pattern=/** :包括该目录及子目录下的所有文件夹 
		access="ROLE_ADMIN" :允许通过的角色 登入用户拥有该角色则放行. use-expressions="false" :是否启用SPEL表达式 
		默认true 如果开启,则access="hasRole(ROLE_ADMIN)" form-login : 开启表单登入功能 ,默认接收的登入账号字段为username 
		密码字段password 提供了/login 提交方式必须为post login-page :登入页面 default-target-url :默认登入的页面 
		authentication-failure-url :页面登入失败后访问的页面 always-use-default-target="true" 
		:登入成功后默认跳转页面 csrf disabled="true" :关闭CRSF保护 (如果所有页面为HTML则需要关闭才能访问) frame-options 
		policy="SAMEORIGIN" :允许使用其他框架 logout :退出 logout-success-url :退出后跳转页面 -->
	<http use-expressions="false">
		<intercept-url pattern="/**" access="ROLE_SELLER" />

		<form-login login-page="/shoplogin.html"
			default-target-url="/admin/index.html" authentication-failure-url="/shoplogin.html"
			always-use-default-target="true" />

		<csrf disabled="true" />
		<headers>
			<frame-options policy="SAMEORIGIN" />
		</headers>
		<logout />
	</http> 
 


	<!-- 2.配置认证管理器 
	authentication-provider 					:认证提供者
	password-encoder ref="bcryptEncoder"		:引用解密对象
	 -->
	<authentication-manager>
		<authentication-provider user-service-ref="userDetailsService">
		
			<password-encoder ref="bcryptEncoder"></password-encoder>
			
		</authentication-provider>

	</authentication-manager>

	<!-- 认证类 -->
	<beans:bean id="userDetailsService"
		class="com.pinyougou.service.UserDetailsServiceImpl">
		<beans:property name="sellerService" ref="sellerService"></beans:property>
	</beans:bean> 

	<!-- 引用dubbo 服务 -->
	<dubbo:application name="pinyougou-shop-web" />
	<dubbo:registry address="zookeeper://192.168.25.128:2181" />
	<dubbo:reference id="sellerService" interface="com.pinyougou.sellergoods.service.SellerService"></dubbo:reference>
	
	<!-- 配置密码解密对象 -->
	<beans:bean id="bcryptEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></beans:bean>
	
</beans:beans>

创建类
UserDetailsServiceImpl.java 实现 UserDetailsService 接口


public class UserDetailsServiceImpl implements UserDetailsService {

	private SellerService sellerService;

	public void setSellerService(SellerService sellerService) {
		this.sellerService = sellerService;
	}

	@Override
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

		// 构建角色列表
		List<GrantedAuthority> authorities = new ArrayList();
		authorities.add(new SimpleGrantedAuthority("ROLE_SELLER"));

		// 根据用户名查询数据库.返回用户和登入用户信息比对
		TbSeller seller = sellerService.findOne(username);

		if (seller != null && seller.getStatus().equals("1")) {

			return new User(username, seller.getPassword(), authorities);
			
		} else {
			return null;
		}

	}

}

5.Controller层添加注册用户时,对密码加密保存

	@RequestMapping("/add")
	public Result add(@RequestBody TbSeller seller){
		
		//密码加密
		BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
		String password = passwordEncoder.encode(seller.getPassword());
		seller.setPassword(password);
		
		try {
			
			sellerService.add(seller);
			
			return new Result(true, "增加成功");
		} catch (Exception e) {
			e.printStackTrace();
			return new Result(false, "增加失败");
		}
		
	}