app开发者平台在数字化时代的重要性与发展趋势解析
542
2022-09-04
Spring Security实现后台管理员登录(一)
一、实现功能
二、数据表设计
为了测试方便,这里创建一个简单的数据表,只含有name和password两个字段。至于角色,权限等,这里都先不考虑。
插入一条数据,name为admin,password为e10adc3949ba59abbe56e057f20f883e(这是123456经md5加密后得到的值)。
三、配置文件
1 在pom.xml中添加三个相关的包
2 web.xml中添加过滤器
3 src/main/resource/spring/applicationContext-security.xml的内容为
四、相关代码
1src/main/java/com/zheng/shared/sercurity/JadeUserPwdAuthFilter.java中的代码为
package com.zheng.shared.security;import javax.servlet.javax.servlet.org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.authentication.AuthenticationServiceException;import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;import org.springframework.security.core.Authentication;import org.springframework.security.core.AuthenticationException;import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;import com.zheng.bean.User;import com.zheng.dao.UserMapper;public class JadeUserPwdAuthFilter extends UsernamePasswordAuthenticationFilter { public static final String USERNAME = "userName"; public static final String PASSWORD = "userPassword"; @Autowired private UserMapper userDao; @Override public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException { if (!request.getMethod().equals("POST")) { throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod()); } String userName = request.getParameter(USERNAME); String password = request.getParameter(PASSWORD); User user = userDao.findUserByUserName(userName); System.out.println("username: " + user.getUsername()); System.out.println("password: " + user.getPassword()); // 验证用户是否被启用 UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(userName, password); // 允许子类设置详细属性 setDetails(request, authRequest); // 运行UserDetailsService的loadUserByUsername 再次封装Authentication return this.getAuthenticationManager().authenticate(authRequest); }}
2 src/main/java/com/zheng/service/UserService.java的内容为
package com.zheng.service;import org.springframework.security.core.userdetails.UserDetailsService;public interface UserService extends UserDetailsService{}
3 src/main/java/com/zheng/service/impl/UserServiceImpl.java的内容为
package com.zheng.service.impl;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UsernameNotFoundException;import com.zheng.bean.User;import com.zheng.dao.UserMapper;import com.zheng.service.UserService;public class UserServiceImpl implements UserService{ @Autowired private UserMapper userMapper; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user = null; try { user = userMapper.findUserByUserName(username); } catch (Exception e) { e.printStackTrace(); } if (user == null) { throw new UsernameNotFoundException("用户名或密码不正确!"); } System.out.println("username: " + user.getUsername()); System.out.println("password: " + user.getPassword()); return user; }}
4 src/main/java/com/zheng/bean/User.java的内容为
package com.zheng.bean;import java.io.Serializable;import java.util.Collection;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.userdetails.UserDetails;public class User implements UserDetails , Serializable { private static final long serialVersionUID = 123L; private String userName; private String password; private Collection
特别需要注意的是:用户只有在不过期、没被锁定、没被禁用的情况下才能登录成功,所以isEnabled()方法的返回值设为真,表示用户没有禁用。
5 src/main/java/com/zheng/dao/UserMapper.java的内容为
package com.zheng.dao;import com.zheng.bean.User;public interface UserMapper { /** * 根据用户名查找 * @param userName * @return */ User findUserByUserName(String name);}
6 src/main/resources/config/mybatis/mapper/UserMapper.xml
7 LoginController.java中响应登录成功和失败的方法为
/** * 登陆成功进行处理的方法 * @param request * @return */ @RequestMapping("/loginSucc") @ResponseBody public Map
五、运行结果
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
发表评论
暂时没有评论,来抢沙发吧~