Flow chart :
1. Connect a blog https://mp.csdn.net/console/editor/html/104576494 , ready environment.
2.spring-security.xml configuration:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- 配置不拦截的资源 -->
<security:http pattern="/login.jsp" security="none"/>
<security:http pattern="/failer.jsp" security="none"/>
<security:http pattern="/css/**" security="none"/>
<Security: HTTP pattern = "/ img / **" Security = "none" />
<Security: HTTP pattern = "/ plugins / **" Security = "none" />
! <-
configure specific rules
auto- config = "true" do not log in to write a page of their own, the framework provides a default login page
use-expressions = "false" whether SPEL expression (not learned)
->
<Security: HTTP Auto-config = "true" use - = Expressions "false">
<- configure specific rules interception pattern = "rule request path" access = "people to access the system, there must be ROLE_USER or ROLE_ADMIN role" ->!
<Security: intercept url-pattern = "/ **" Access = "ROLE_USER, ROLE_ADMIN" />
<- defined Jump specific page ->!
<Security: form-login
login-page="/login.jsp"
login-processing-url="/login.do"//请求路径
default-target-url="/index.jsp"
authentication-failure-url="/failer.jsp"
authentication-success-forward-url="/pages/main.jsp"
/>
<! - closed cross-domain requests ->
<Security: CSRF Disabled = "to true" />
<! - as long as access to /logout.do exit, automatically jump to /login.jsp page ->
<Security: Zimbabwe Logout the invalidate the session-= "to true" Zimbabwe Logout-URL = "/ logout.do" Zimbabwe Logout-Success-URL = "/ the login.jsp" />
</ Security: HTTP>
<- switch to database! user name and password ->
<Security: authentication-Manager>
<Security: authentication the user-Service-Provider-ref = " userService "> // userService is authenticators need to define it
! <- configure encryption, the user logged on when know ->
<Security: Encoder REF-password = "PasswordEncoder" />
</ Security: authentication-Provider>
</ Security: authentication-Manager>
<-! encryption type configuration, when a user is added when the user password encrypted ->
<bean the above mentioned id = "PasswordEncoder" class = "org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
! <- provides entry-way, user names and passwords stored in memory
<Security: authentication-Manager>
< Security: authentication-Provider>
<Security: User--Service>
<Security: User name = "ADMIN" password = "{NOOP} ADMIN" Authorities = "users with the ROLE_USER" />
</ Security: User--Service>
</ Security: authentication -provider>
</ Security: authentication-Manager>
->
</ Beans>
3. IUserService define a succession UserDetailsService Interface:
Create a UserServiceImpl to achieve IUserService interfaces, covering loadUserByUsername method:
@Service("userService")//这个名字必须与spring-security.xml中配置的认证器名字一样
public class UserServiceImpl implements IUserService {
@Autowired
private IUserDao userDao;
@Autowired//当执行保存用户的时候对用户的密码进行加密
private BCryptPasswordEncoder bCryptPasswordEncoder;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserInfo userInfo = null;
try {
userInfo = userDao.findByUsername(username);//调用到层根据用户查找用户信息,返回值为UserInfo对象
} catch (Exception e) {
e.printStackTrace();
}
//处理自己的用户对象封装成UserDetails
// User user=new User(userInfo.getUsername(),"{noop}"+userInfo.getPassword(),getAuthority(userInfo.getRoles()));//下面这个三元表达式代表该账户是否激活可用
User user = new User(userInfo.getUsername(), userInfo.getPassword(), userInfo.getStatus() == 0 ? false : true, true, true, true, getAuthority(userInfo.getRoles()));
return user;
}
//作用就是返回一个List集合,集合中装入的是角色描述
public List<SimpleGrantedAuthority> getAuthority(List<Role> roles) {
List<SimpleGrantedAuthority> list = new ArrayList<>();
for (Role role : roles) {
list.add(new SimpleGrantedAuthority("ROLE_" + role.getRoleName()));
}
return list;
}
/**
* 用户的添加
* @param userInfo
*/
@Override
public void save(UserInfo userInfo) throws Exception {
//对密码进行加密处理
userInfo.setPassword(bCryptPasswordEncoder.encode(userInfo.getPassword()));
userDao.save(userInfo);
}
}
4.启动项目进行测试添加用户,新添加的用户是否可以登录成功。