Spring Security query from a back-end database to realize the landing control

Spring Security Framework is a framework for landing control, obtain a user name and password backend configuration file, compare landing judgment

Steps for usage

　　1, import-dependent

<!-- 身份验证 -->
            <dependency>
                <groupId>org.springframework.security</groupId>
                <artifactId>spring-security-web</artifactId>
                <version>4.1.0.RELEASE</version>
            </dependency>
            <dependency>
                <groupId>org.springframework.security</groupId>
                <artifactId>spring-security-config</artifactId>
                <version>4.1.0.RELEASE</version>
            </dependency>

　　2, web.xml file loaded spring-security.xml file

 <context-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>classpath:spring/spring-security.xml</param-value>
      </context-param>
    <listener>
      <listener-class>
        org.springframework.web.context.ContextLoaderListener
      </listener-class>
    </listener>

    <filter>
      <filter-name>springSecurityFilterChain</filter-name>
      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
      <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
      </filter-mapping>

　　3, the front page

　　　

　　4, the background to create an entity class code implemented UserDetailsService interfaces, wherein the method implemented

// authenticated user logs class 
public  class UserDetailsServiceImpl   the implements the UserDetailsService { 
　　// Get-Service layer is a back-end database and the user name information 
    Private SellerService sellerService;
     // SET a method of injecting 
    public  void setSellerService (SellerService sellerService) {
         the this .sellerService = sellerService; 
    } 
    // get user name objects in the database, 
    @Override
     public the UserDetails loadUserByUsername (String username) throws UsernameNotFoundException { 
        System.out.println ( "elapsed imp method" );
 //        username is the user name to get the front of the form
         // which users have landing rights, 
        List <GrantedAuthority> = Grant new new ArrayList <> ();
         // add the user's roles, able to use 
        grant.add ( new new SimpleGrantedAuthority ( "ROLE_SELLER" ));
         // username is defined control framework, in fact, seller_id entity class 
        Seller Seller = sellerService.findOne (username);
 //         Ruoguo this user does not exist 
        IF ! (Seller = null && "1" .equals (Seller .getStatus ())) {
             // only if the approval of the business in order to log in, the user is returned you enter a user name, password, role, 
                return  new new  the user (username, seller.getPassword (), Grant);
        } the else {
            return null;
        }
    }

　　5, spring-security.x <? Xml version = "1.0" encoding = "UTF-8"?>
　　Rules inside, I have to elaborate on a blog, we can look back

<beans:beans 
    xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:dubbo="http://code.alibabatech.com/schema/dubbo" 
    
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                        http://code.alibabatech.com/schema/dubbo http://code.alibabatech.com/schema/dubbo/dubbo.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
    <!-- 以下页面不被拦截 -->
    <http pattern="/*.html" security="none"></http>
    <http pattern="/css/**" security="none"></http>
    <http pattern="/img/**" security="none"></http>
    <http pattern="/js/**" security="none"></http>
    <http pattern="/plugins/**" security="none"></http>
    <!--<http pattern="/seller/add.do" security="none"></http>-->
   <!-- 页面拦截规则 -->
    <http use-expressions="false">
        <intercept-url pattern="/**" access="ROLE_SELLER" />
        <form-login login-page="/shoplogin.html"  default-target-url="/admin/index.html" authentication-failure-url="/shoplogin.html" always-use-default-target="true"/>
        <csrf disabled="true"/>
        <headers>
            <frame-options policy="SAMEORIGIN"/> //角色信息
        </headers>
        <logout/>
    </http>
    <!-- 认证管理器 -->
    <authentication-manager>
        <authentication-provider user-service-ref="userDetailService">
        </authentication-provider>
    </authentication-manager>
    <!-- 应用dubbo-->
    <dubbo:application name="youlexuan-shop" />
    <dubbo:registry address="zookeeper://192.168.200.128:2181"/>
    <dubbo:reference id="sellerService"  interface="com.ghh.core.service.SellerService" >
    </dubbo:reference>
　

<! - custom configuration class ->

　　<beans:bean id="userDetailService" class="com.ghh.shop.service.UserDetailsServiceImpl"> 
　　　　<beans:property name="sellerService" ref="sellerService"/> //ref引用dubbo中的sellerService
　　</beans:bean> 
</beans:beans>

　Custom configuration point to the custom class UserDetailsServiceImpl class, background return the user name, password, role information, for determination null