第一步,配置文件
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <http auto-config="true"> <!-- 图片可以匿名访问 --> <intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <!-- js可以匿名访问 --> <intercept-url pattern="/javaScript/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <!-- css样式可以匿名访问 --> <intercept-url pattern="/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <!-- 登录处理地址样式可以匿名访问 --> <intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <!-- 登录界面可以匿名访问 --> <intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <!-- 除以上其他地址需要登录 --> <intercept-url pattern="/**" access="ROLE_USER"/> <!--登录表单配置,包括失败跳转地址、登录处理地址、表单用户名域名称、表单密码域名称 --> <!-- login-processing-url 指定action可以做登录前的一些验证 default-target-url 指定action可以做登录成功后的一些事 --> <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1" login-processing-url="/login" username-parameter="loginName" password-parameter="loginPassword" default-target-url="/index.jsp" always-use-default-target="true"/> <!-- session-fixation-protection=none防止伪造session max-sessions 同一账号可以登录几次 error-if-maximum-exceeded =true 表示第二次登录被阻止 =false第二次登录时将会把第一次T掉 --> <session-management invalid-session-url="/login.jsp" session-fixation-protection="none"> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/> </session-management> </http> <!-- 配置权限管理 --> <authentication-manager> <!-- 提供获取登录用户的服务 --> <authentication-provider user-service-ref="dataBaseUserDetailsService"></authentication-provider> </authentication-manager> </beans:beans>
第二步,编写三个类
DataBaseUserDetailsService.java
package cn.**.service.login; import org.springframework.security.core.userdetails.UserDetailsService; /** * <p>用于spring-security登录</p> * @version 1.0 */ public interface DataBaseUserDetailsService extends UserDetailsService{ }
DataBaseUserDetailsServiceImpl.java
package cn.**.service.login.impl; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UsernameNotFoundException; import cn.flyingsoft.bean.user.User; import cn.flyingsoft.service.base.BaseService; import cn.flyingsoft.service.login.DataBaseUserDetailsService; import cn.flyingsoft.service.message.MessageService; import cn.flyingsoft.service.user.UserService; /** * <p>用于spring-security登录</p> * @version 1.0 */ public class DataBaseUserDetailsServiceImpl extends BaseService implements DataBaseUserDetailsService { /** * 用户服务 */ private UserService userService ; /** * <p>根据用户名获取用户信息</p> * @version 1.0 * @see org.springframework.security.core.userdetails.UserDetailsService#loadUserByUsername(java.lang.String) * @param username * @return UserDetails * @throws UsernameNotFoundException */ public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException { User user = userService.getUser(userName) ; if(user == null){ return null ; } return new DataBaseUserDetails(user); } /** * @param userService the userService to set */ public void setUserService(UserService userService) { this.userService = userService; } }
DataBaseUserDetails.java
package cn.flyingsoft.service.login.impl; import java.util.ArrayList; import java.util.Collection; import java.util.List; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import cn.flyingsoft.bean.user.User; /** * <p>用于spring-security登录</p> * @version 1.0 */ public class DataBaseUserDetails implements UserDetails { private static final long serialVersionUID = 6104648032859713159L; /** * 用户实体 */ private User user ; public DataBaseUserDetails(User user){ this.user = user ; } public Collection<GrantedAuthority> getAuthorities() { List<GrantedAuthority> list = new ArrayList<GrantedAuthority>() ; list.add(new GrantedAuthority(){ private static final long serialVersionUID = -1182852062644443773L; public String getAuthority() { return "ROLE_USER"; } }) ; return list; } public String getPassword() { return user.getLoginPassWord() ; } public String getUsername() { return user.getLoginName() ; } public boolean isAccountNonExpired() { return true ; } public boolean isAccountNonLocked() { return true ; } public boolean isCredentialsNonExpired() { return true ; } public boolean isEnabled() { return true ; } public User getUser(){ return user ; } }
注:一定要重写DataBaseUserDetails和User的toString()、hasCode()两个方法,不然重复登录不会启作用。