Spring Security Framework is a framework for landing control, obtain a user name and password backend configuration file, compare landing judgment
Steps for usage
1, import-dependent
<!-- 身份验证 --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>4.1.0.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>4.1.0.RELEASE</version> </dependency>
2, web.xml file loaded spring-security.xml file
<context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring/spring-security.xml</param-value> </context-param> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
3, the front page
4, the background to create an entity class code implemented UserDetailsService interfaces, wherein the method implemented
// authenticated user logs class public class UserDetailsServiceImpl the implements the UserDetailsService { // Get-Service layer is a back-end database and the user name information Private SellerService sellerService; // SET a method of injecting public void setSellerService (SellerService sellerService) { the this .sellerService = sellerService; } // get user name objects in the database, @Override public the UserDetails loadUserByUsername (String username) throws UsernameNotFoundException { System.out.println ( "elapsed imp method" ); // username is the user name to get the front of the form // which users have landing rights, List <GrantedAuthority> = Grant new new ArrayList <> (); // add the user's roles, able to use grant.add ( new new SimpleGrantedAuthority ( "ROLE_SELLER" )); // username is defined control framework, in fact, seller_id entity class Seller Seller = sellerService.findOne (username); // Ruoguo this user does not exist IF ! (Seller = null && "1" .equals (Seller .getStatus ())) { // only if the approval of the business in order to log in, the user is returned you enter a user name, password, role, return new new the user (username, seller.getPassword (), Grant); } the else { return null; } }
5, spring-security.x <? Xml version = "1.0" encoding = "UTF-8"?>
Rules inside, I have to elaborate on a blog, we can look back
<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:dubbo="http://code.alibabatech.com/schema/dubbo"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://code.alibabatech.com/schema/dubbo http://code.alibabatech.com/schema/dubbo/dubbo.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- 以下页面不被拦截 -->
<http pattern="/*.html" security="none"></http>
<http pattern="/css/**" security="none"></http>
<http pattern="/img/**" security="none"></http>
<http pattern="/js/**" security="none"></http>
<http pattern="/plugins/**" security="none"></http>
<!--<http pattern="/seller/add.do" security="none"></http>-->
<!-- 页面拦截规则 -->
<http use-expressions="false">
<intercept-url pattern="/**" access="ROLE_SELLER" />
<form-login login-page="/shoplogin.html" default-target-url="/admin/index.html" authentication-failure-url="/shoplogin.html" always-use-default-target="true"/>
<csrf disabled="true"/>
<headers>
<frame-options policy="SAMEORIGIN"/> //角色信息
</headers>
<logout/>
</http>
<!-- 认证管理器 -->
<authentication-manager>
<authentication-provider user-service-ref="userDetailService">
</authentication-provider>
</authentication-manager>
<!-- 应用dubbo-->
<dubbo:application name="youlexuan-shop" />
<dubbo:registry address="zookeeper://192.168.200.128:2181"/>
<dubbo:reference id="sellerService" interface="com.ghh.core.service.SellerService" >
</dubbo:reference>
<! - custom configuration class ->
<beans:bean id="userDetailService" class="com.ghh.shop.service.UserDetailsServiceImpl">
<beans:property name="sellerService" ref="sellerService"/> //ref引用dubbo中的sellerService
</beans:bean>
</beans:beans>
Custom configuration point to the custom class UserDetailsServiceImpl class, background return the user name, password, role information, for determination null