5.商家系统登录与安全控制 5.1 需求分析 完成商家系统登陆与安全控制,商家账号来自数据库,并实现密码加密 5.2 自定义认证类 (1)pom.xml、web.xml 、login.html 参照运营商管理后台 (2)在 pinyougou-shop-web 创 建 com.pinyougou.service 包 , 包 下 创 建 类 UserDetailsServiceImpl.java 实现 UserDetailsService 接口
package com.pinyougou.service; import java.util.ArrayList; import java.util.List;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
/**
*认证类
*@author Administrator
*
*/
public class UserDetailsServiceImpl implements UserDetailsService { @Override
public UserDetails loadUserByUsername(String username) throws
UsernameNotFoundException {
List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>(); grantedAuths.add(new SimpleGrantedAuthority("ROLE_SELLER"));
return new User(username,"123456", grantedAuths);
}
}
(3)在 pinyougou-shop-web 的 spring 目录下创建 spring-security.xml
<!-- 以下页面不被拦截 -->
<http pattern="/*.html" security="none"></http>
<http pattern="/css/**" security="none"></http>
<http pattern="/img/**" security="none"></http>
<http pattern="/js/**" security="none"></http>
<http pattern="/plugins/**" security="none"></http> <http pattern="/seller/add.do" security="none"></http>
<!-- 页面拦截规则 -->
<http use-expressions="false">
<intercept-url pattern="/**" access="ROLE_SELLER" />
<form-login login-page="/shoplogin.html" default-target-url="/admin/index.html" authentication-failure-url="/shoplogin.html" always-use-default-target="true"/>
<csrf disabled="true"/>
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
<logout/>
</http>
<!-- 认证管理器 -->
<authentication-manager>
<authentication-provider user-service-ref="userDetailService">
</authentication-provider>
</authentication-manager> <beans:bean id="userDetailService" class="com.pinyougou.service.UserDetailServiceImpl"></beans:bean> 经过上述配置,用户在输入密码 123456 时就会通过(用户名随意)
