Spring Security实现后台管理员登录（一）

Spring Security实现后台管理员登录（一）

一、实现功能

二、数据表设计

为了测试方便，这里创建一个简单的数据表，只含有name和password两个字段。至于角色，权限等，这里都先不考虑。

插入一条数据，name为admin，password为e10adc3949ba59abbe56e057f20f883e（这是123456经md5加密后得到的值）。

三、配置文件

1 在pom.xml中添加三个相关的包

org.springframework.security spring-security-core ${org.springframework.security.version} org.springframework.security spring-security-config ${org.springframework.security.version} org.springframework.security spring-security-web ${org.springframework.security.version}

2 web.xml中添加过滤器

springSecurityFilterChain org.springframework.web.filter.DelegatingFilterProxy springSecurityFilterChain /service/*

3 src/main/resource/spring/applicationContext-security.xml的内容为

四、相关代码

1src/main/java/com/zheng/shared/sercurity/JadeUserPwdAuthFilter.java中的代码为

package com.zheng.shared.security;import javax.servlet.javax.servlet.org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.authentication.AuthenticationServiceException;import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;import org.springframework.security.core.Authentication;import org.springframework.security.core.AuthenticationException;import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;import com.zheng.bean.User;import com.zheng.dao.UserMapper;public class JadeUserPwdAuthFilter extends UsernamePasswordAuthenticationFilter { public static final String USERNAME = "userName"; public static final String PASSWORD = "userPassword"; @Autowired private UserMapper userDao; @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { if (!request.getMethod().equals("POST")) { throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod()); } String userName = request.getParameter(USERNAME); String password = request.getParameter(PASSWORD); User user = userDao.findUserByUserName(userName); System.out.println("username: " + user.getUsername()); System.out.println("password: " + user.getPassword()); // 验证用户是否被启用 UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(userName, password); // 允许子类设置详细属性 setDetails(request, authRequest); // 运行UserDetailsService的loadUserByUsername 再次封装Authentication return this.getAuthenticationManager().authenticate(authRequest); }}

2 src/main/java/com/zheng/service/UserService.java的内容为

package com.zheng.service;import org.springframework.security.core.userdetails.UserDetailsService;public interface UserService extends UserDetailsService{}

3 src/main/java/com/zheng/service/impl/UserServiceImpl.java的内容为

package com.zheng.service.impl;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UsernameNotFoundException;import com.zheng.bean.User;import com.zheng.dao.UserMapper;import com.zheng.service.UserService;public class UserServiceImpl implements UserService{ @Autowired private UserMapper userMapper; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user = null; try { user = userMapper.findUserByUserName(username); } catch (Exception e) { e.printStackTrace(); } if (user == null) { throw new UsernameNotFoundException("用户名或密码不正确!"); } System.out.println("username: " + user.getUsername()); System.out.println("password: " + user.getPassword()); return user; }}

4 src/main/java/com/zheng/bean/User.java的内容为

package com.zheng.bean;import java.io.Serializable;import java.util.Collection;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.userdetails.UserDetails;public class User implements UserDetails , Serializable { private static final long serialVersionUID = 123L; private String userName; private String password; private Collection authorities;// 用户证书是否有效 @Override public String getUsername() { return this.userName; } @Override public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } @Override public Collection getAuthorities() { return authorities; } public void setAuthorities(Collection authorities) { this.authorities = authorities; } @Override public boolean isAccountNonExpired() { return true; } @Override public boolean isAccountNonLocked() { return true; } @Override public boolean isCredentialsNonExpired() { return true; } @Override public boolean isEnabled() { return true; }}

特别需要注意的是：用户只有在不过期、没被锁定、没被禁用的情况下才能登录成功，所以isEnabled()方法的返回值设为真，表示用户没有禁用。

5 src/main/java/com/zheng/dao/UserMapper.java的内容为

package com.zheng.dao;import com.zheng.bean.User;public interface UserMapper { /** * 根据用户名查找 * @param userName * @return */ User findUserByUserName(String name);}

6 src/main/resources/config/mybatis/mapper/UserMapper.xml

select * from user where name = #{userName}

7 LoginController.java中响应登录成功和失败的方法为

/** * 登陆成功进行处理的方法 * @param request * @return */ @RequestMapping("/loginSucc") @ResponseBody public Map loginSucc(HttpServletRequest request){ System.out.println("登录成功!"); Map result = new HashMap(); return result; } /** * 登陆失败进行的操作 * @param request * @return */ @RequestMapping("/loginFail") @ResponseBody public Map loginFail(HttpServletRequest request){ System.out.println("登录失败!"); Map result = new HashMap(); return result; }

五、运行结果

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。