一·配置文件
(1)修改pinyougou-manager-web的pom.xml ,添加依赖
<!-- 身份验证 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
(2)修改web.xml
1 <context-param>
2 <param-name>contextConfigLocation</param-name>
3 <param-value>classpath:spring/spring-security.xml</param-value>
4 </context-param>
5 <listener>
6 <listener-class> 7 org.springframework.web.context.ContextLoaderListener 8 </listener-class> 9 </listener> 10 <filter> 11 <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 12 </filter> 13 <filter-mapping> 14 <filter-name>springSecurityFilterChain</filter-name> 15 <url-pattern>/*</url-pattern> 16 </filter-mapping>
(3)pinyougou-manager-web的spring目录下添加配置文件spring-security.xml
1 <!-- 以下页面不被拦截 --> 2 <http pattern="/login.html" security="none"></http> 3 <http pattern="/css/**" security="none"></http> 4 <http pattern="/img/**" security="none"></http> 5 <http pattern="/js/**" security="none"></http> 6 <http pattern="/plugins/**" security="none"></http> 7 8 <!-- 页面拦截规则 --> 9 <http use-expressions="false"> 10 <intercept-url pattern="/*" access="ROLE_ADMIN" /> 11 <form-login login-page="/login.html" default-target-url="/admin/index.html" authentication-failure-url="/login.html" always-use-default-target="true"/> 12 <csrf disabled="true"/> 13 <headers> 14 <frame-options policy="SAMEORIGIN"/> 15 </headers> 16 </http> 17 18 <!-- 认证管理器 --> 19 <authentication-manager> 20 <authentication-provider> 21 <user-service> 22 <user name="admin" password="123456" authorities="ROLE_ADMIN"/> 23 <user name="sunwukong" password="dasheng" authorities="ROLE_ADMIN"/> 24 </user-service> 25 </authentication-provider> 26 </authentication-manager>
二、配置说明:
always-use-default-target:指定了是否在身份验证通过后总是跳转到default-target-url属性指定的URL。
如果你在系统中使用了框架页,需要设置框架页的策略为SAMEORIGIN
登录页面
修改pinyougou-manager-web的 login.html
1 <form id="loginform" action="/login" method="post" class="sui-form"> 2 <div class="input-prepend"><span class="add-on loginname"></span> 3 <input id="prependedInput" name="username" type="text" placeholder="邮箱/用户名/手机号" class="span2 input-xfat"> 4 </div> 5 <div class="input-prepend"><span class="add-on loginpwd"></span> 6 <input id="prependedInput" name="password" type="password" placeholder="请输入密码" class="span2 input-xfat"> 7 </div> 8 <div class="setting"> 9 <div id="slider"> 10 <div id="slider_bg"></div> 11 <span id="label">>></span> <span id="labelTip">拖动滑块验证</span> 12 </div> 13 </div> 14 <div class="logined"> 15 <a class="sui-btn btn-block btn-xlarge btn-danger" onclick="document:loginform.submit()" target="_blank">登 录</a> 16 </div>
三、
主界面显示登陆人
在pinyougou-manager-web新建LoginController.java
1 package com.pinyougou.manager.controller; 2 import java.util.HashMap; 3 import java.util.Map; 4 import org.springframework.security.core.context.SecurityContextHolder; 5 import org.springframework.security.core.userdetails.UserDetails; 6 import org.springframework.web.bind.annotation.RequestMapping; 7 import org.springframework.web.bind.annotation.RestController; 8 @RestController 9 @RequestMapping("/login") 10 public class LoginController { 11 @RequestMapping("name") 12 public Map name(){ 13 String name=SecurityContextHolder.getContext() 14 .getAuthentication().getName(); 15 Map map=new HashMap(); 16 map.put("loginName", name); 17 return map ; 18 } 19 }
前端代码
新建loginService.js
/登陆服务层 app.service('loginService',function($http){ //读取登录人名称 this.loginName=function(){ return $http.get('../login/name.do'); } });
(1)新建indexController.js
app.controller('indexController' ,function($scope,$controller ,loginService){
//读取当前登录人
$scope.showLoginName=function(){
loginService.loginName().success(
function(response){
$scope.loginName=response.loginName;
}
);
}
});
页面上引入JS
<script type="text/javascript" src="../plugins/angularjs/angular.min.js"></script> <script type="text/javascript" src="../js/base.js"></script> <script type="text/javascript" src="../js/service/loginService.js"></script> <script type="text/javascript" src="../js/controller/indexController.js"></script> 指令 <body class="hold-transition skin-green sidebar-mini" ng-app="pinyougou" ng-controller="indexController" ng-init="showLoginName ()">
将页面上的测试用户 替换成 {{loginName}}
退出登录
在pinyougou-manager-web的spring-security.xml的http节点中添加配置
<logout/>
加此配置后,会自动的产生退出登录的地址/logout,如果你不想用这个地址 ,你也可以定义生成的退出地址以及跳转的页面,配置如下
<logout logout-url="" logout-success-url=""/>
<div class="pull-right"> <a href="../logout" class="btn btn-default btn-flat">注销</a> </div>
<form id="loginform" action="/login" method="post" class="sui-form"> <div class="input-prepend"><span class="add-on loginname"></span> <input id="prependedInput" name="username" type="text" placeholder="邮箱/用户名/手机号" class="span2 input-xfat"> </div> <div class="input-prepend"><span class="add-on loginpwd"></span> <input id="prependedInput" name="password" type="password" placeholder="请输入密码" class="span2 input-xfat"> </div> <div class="setting"> <div id="slider"> <div id="slider_bg"></div> <span id="label">>></span> <span id="labelTip">拖动滑块验证</span> </div> </div> <div class="logined"> <a class="sui-btn btn-block btn-xlarge btn-danger" onclick="document:loginform.submit()" target="_blank">登 录</a> </div>
商家系统登录与安全控制
自定义认证类
在pinyougou-shop-web创建com.pinyougou.service包,包下创建类UserDetailsServiceImpl.java 实现UserDetailsService接口
package com.pinyougou.service; import java.util.ArrayList; import java.util.List; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; /** * 认证类 * @author Administrator * */ public class UserDetailsServiceImpl implements UserDetailsService { @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>(); grantedAuths.add(new SimpleGrantedAuthority("ROLE_SELLER")); return new User(username,"123456", grantedAuths); } }
在pinyougou-shop-web的spring目录下创建spring-security.xml
<!-- 以下页面不被拦截 -->
<http pattern="/*.html" security="none"></http>
<http pattern="/css/**" security="none"></http>
<http pattern="/img/**" security="none"></http>
<http pattern="/js/**" security="none"></http>
<http pattern="/plugins/**" security="none"></http>
<http pattern="/seller/add.do" security="none"></http>
<!-- 页面拦截规则 -->
<http use-expressions="false">
<intercept-url pattern="/**" access="ROLE_SELLER" />
<form-login login-page="/shoplogin.html" default-target-url="/admin/index.html" authentication-failure-url="/shoplogin.html" always-use-default-target="true"/>
<csrf disabled="true"/>
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
<logout/>
</http>
<!-- 认证管理器 -->
<authentication-manager>
<authentication-provider user-service-ref="userDetailService">
</authentication-provider>
</authentication-manager>
<beans:bean id="userDetailService"
class="com.pinyougou.service.UserDetailServiceImpl"></beans:bean>
经过上述配置,用户在输入密码123456时就会通过(用户名随意)
认证类调用服务方法
修改UserDetailsServiceImpl.java ,添加属性和setter方法 ,修改loadUserByUsername方法
/** * 认证类 * @author Administrator * */ public class UserDetailsServiceImpl implements UserDetailsService { private SellerService sellerService; public void setSellerService(SellerService sellerService) { this.sellerService = sellerService; } @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { System.out.println("经过了UserDetailsServiceImpl"); //构建角色列表 List<GrantedAuthority> grantAuths=new ArrayList(); grantAuths.add(new SimpleGrantedAuthority("ROLE_SELLER")); //得到商家对象 TbSeller seller = sellerService.findOne(username); if(seller!=null){ if(seller.getStatus().equals("1")){ return new User(username,seller.getPassword(),grantAuths); }else{ return null; } }else{ return null; } } }
修改pinyougou-shop-web的spring-security.xml ,添加如下配置
<!-- 引用dubbo 服务 -->
<dubbo:application name="pinyougou-shop-web" />
<dubbo:registry address="zookeeper://192.168.25.129:2181"/>
<dubbo:reference id="sellerService" interface="com.pinyougou.sellergoods.service.SellerService" >
</dubbo:reference>
<beans:bean id="userDetailService" class="com.pinyougou.service.UserDetailsServiceImpl">
<beans:property name="sellerService" ref="sellerService"></bean:property>
</beans:bean>
经过上述修改后,在登陆页输入用户名和密码与数据库一致即可登陆
商家入驻密码加密
商家申请入驻的密码要使用BCrypt算法进行加密存储,修改SellerController.java的add方法
/** * 增加 * @param seller * @return */ @RequestMapping("/add") public Result add(@RequestBody TbSeller seller){ //密码加密 BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); String password = passwordEncoder.encode(seller.getPassword()); seller.setPassword(password); try { sellerService.add(seller); return new Result(true, "增加成功"); } catch (Exception e) { e.printStackTrace(); return new Result(false, "增加失败"); } }
加密配置
修改pinyougou-shop-web的spring-security.xml ,添加如下配置
<beans:bean id="bcryptEncoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
修改认证管理器的配置
<!-- 认证管理器 -->
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref='userDetailService'>
<password-encoder ref="bcryptEncoder"></password-encoder>
</authentication-provider>
</authentication-manager>