Spring Security+Spring MVC+Mybatis

項目環境:JDK8+maven3.0+MySQLhtml

項目結構:前端

 

pom.xml:java

 

<?xml version="1.0" encoding="UTF-8"?>

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>

  <groupId>com.liby</groupId>
  <artifactId>springsecurity</artifactId>
  <version>1.0-SNAPSHOT</version>
  <packaging>war</packaging>

  <name>springsecurity Maven Webapp</name>
  <!-- FIXME change it to the project's website -->
  <url>http://www.example.com</url>

  <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <maven.compiler.source>1.7</maven.compiler.source>
    <maven.compiler.target>1.7</maven.compiler.target>
    <springframework.version>4.2.5.RELEASE</springframework.version>
    <springsecurity.version>4.0.4.RELEASE</springsecurity.version>
    <mysql.connector.version>5.1.31</mysql.connector.version>
    <mybatis.version>3.2.6</mybatis.version>
    <!-- log4j日誌文件管理包版本 -->
    <slf4j.version>1.7.7</slf4j.version>
    <log4j.version>1.2.17</log4j.version>
  </properties>

  <dependencies>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>4.11</version>
      <scope>test</scope>
    </dependency>
    <!-- Spring -->
    <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-core</artifactId>
      <version>${springframework.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-web</artifactId>
      <version>${springframework.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-webmvc</artifactId>
      <version>${springframework.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-tx</artifactId>
      <version>${springframework.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-orm</artifactId>
      <version>${springframework.version}</version>
    </dependency>

    <!-- Spring Security -->
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-web</artifactId>
      <version>${springsecurity.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-config</artifactId>
      <version>${springsecurity.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-taglibs</artifactId>
      <version>${springsecurity.version}</version>
    </dependency>
    <!-- MySQL -->
    <dependency>
      <groupId>mysql</groupId>
      <artifactId>mysql-connector-java</artifactId>
      <version>${mysql.connector.version}</version>
    </dependency>
    <!-- Servlet+JSP+JSTL -->
    <dependency>
      <groupId>javax.servlet</groupId>
      <artifactId>javax.servlet-api</artifactId>
      <version>3.1.0</version>
    </dependency>
    <dependency>
      <groupId>javax.servlet.jsp</groupId>
      <artifactId>javax.servlet.jsp-api</artifactId>
      <version>2.3.1</version>
    </dependency>
    <dependency>
      <groupId>javax.servlet</groupId>
      <artifactId>jstl</artifactId>
      <version>1.2</version>
    </dependency>
    <!-- mybatis核心包 -->
    <dependency>
      <groupId>org.mybatis</groupId>
      <artifactId>mybatis</artifactId>
      <version>${mybatis.version}</version>
    </dependency>
    <dependency>
      <groupId>org.mybatis.generator</groupId>
      <artifactId>mybatis-generator-core</artifactId>
      <version>1.3.2</version>
    </dependency>
    <!-- mybatis/spring包 -->
    <dependency>
      <groupId>org.mybatis</groupId>
      <artifactId>mybatis-spring</artifactId>
      <version>1.2.2</version>
    </dependency>
    <!-- log start -->
    <dependency>
      <groupId>log4j</groupId>
      <artifactId>log4j</artifactId>
      <version>${log4j.version}</version>
    </dependency>
    <!-- 格式化對象,方便輸出日誌 -->
    <dependency>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-api</artifactId>
      <version>${slf4j.version}</version>
    </dependency>
    <dependency>
      <groupId>org.slf4j</groupId>
      <artifactId>slf4j-log4j12</artifactId>
      <version>${slf4j.version}</version>
    </dependency>
    <!-- log end -->
    <!-- 加載數據源 -->
    <dependency>
      <groupId>com.alibaba</groupId>
      <artifactId>druid</artifactId>
      <version>1.0.18</version>
    </dependency>
    <dependency>
      <groupId>com.alibaba</groupId>
      <artifactId>fastjson</artifactId>
      <version>1.2.31</version>
    </dependency>
  </dependencies>

  <build>
    <!--解決Intellij構建項目時,target/classes目錄下不存在mapper.xml文件-->
    <resources>
      <resource>
        <directory>${basedir}/src/main/java</directory>
        <includes>
          <include>**/*.xml</include>
        </includes>
      </resource>
    </resources>
    <finalName>springsecurity</finalName>
    <pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
      <plugins>
        <plugin>
          <groupId>org.mybatis.generator</groupId>
          <artifactId>mybatis-generator-maven-plugin</artifactId>
          <version>1.3.2</version>
          <configuration>
            <configurationFile>src/main/resources/mybatis-generator-config.xml</configurationFile>
            <verbose>true</verbose>
            <overwrite>true</overwrite>
          </configuration>
          <executions>
            <execution>
              <id>Generate MyBatis Artifacts</id>
              <goals>
                <goal>generate</goal>
              </goals>
            </execution>
          </executions>
        </plugin>
        <plugin>
          <artifactId>maven-clean-plugin</artifactId>
          <version>3.0.0</version>
        </plugin>
        <!-- see http://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_war_packaging -->
        <plugin>
          <artifactId>maven-resources-plugin</artifactId>
          <version>3.0.2</version>
        </plugin>
        <plugin>
          <artifactId>maven-compiler-plugin</artifactId>
          <version>3.7.0</version>
        </plugin>
        <plugin>
          <artifactId>maven-surefire-plugin</artifactId>
          <version>2.20.1</version>
        </plugin>
        <plugin>
          <artifactId>maven-war-plugin</artifactId>
          <version>3.2.0</version>
        </plugin>
        <plugin>
          <artifactId>maven-install-plugin</artifactId>
          <version>2.5.2</version>
        </plugin>
        <plugin>
          <artifactId>maven-deploy-plugin</artifactId>
          <version>2.8.2</version>
        </plugin>
      </plugins>
    </pluginManagement>
  </build>
</project>

 

 

 

 web.xml: mysql

<web-app>
  <display-name>Archetype Created Web Application</display-name>

  <!-- Spring監聽器 -->
  <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>

  <!-- 防止Spring內存溢出監聽器 -->
  <listener>
    <listener-class>org.springframework.web.util.IntrospectorCleanupListener</listener-class>
  </listener>

  <!-- Spring MVC servlet -->
  <servlet>
    <servlet-name>SpringMVC</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>classpath:springmvc.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>SpringMVC</servlet-name>
    <!-- 此處能夠能夠配置成*.do,對應struts的後綴習慣 -->
    <url-pattern>/</url-pattern>
  </servlet-mapping>

  <!-- Spring的配置文件 -->
  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:spring-*.xml</param-value>
  </context-param>

  <!--springSecurity -->
  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <!-- 編碼過濾器 -->
  <filter>
    <filter-name>encodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
      <param-name>encoding</param-name>
      <param-value>UTF-8</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>encodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <!--歡迎頁面-->
  <welcome-file-list>
    <welcome-file>/index.html</welcome-file>
    <welcome-file>/index.jsp</welcome-file>
  </welcome-file-list>
</web-app>

db.properties:git

driver=com.mysql.jdbc.Driver
url=jdbc:mysql://localhost:3306/springsecurity?useUnicode=true&characterEncoding=UTF-8&allowMultiQueries=true
name=root
password=Yy30240103

log4j.properties:github

### 設置###
log4j.rootLogger = debug,stdout,D,E
 
### 輸出信息到控制擡 ###
log4j.appender.stdout = org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target = System.out
log4j.appender.stdout.layout = org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern = [%-5p] %d{yyyy-MM-dd HH:mm:ss,SSS} method:%l%n%m%n
 
### 輸出DEBUG 級別以上的日誌到文件F://logs/debug.log ###
log4j.appender.D = org.apache.log4j.FileAppender
log4j.appender.D.File = E:/logs/debug.log
log4j.appender.D.Append = true
log4j.appender.D.Threshold = DEBUG
log4j.appender.D.layout = org.apache.log4j.PatternLayout
log4j.appender.D.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss}  [ %t:%r ] - [ %p ]  %m%n
 
### 輸出ERROR 級別以上的日誌到文件F://logs/error.log ###
log4j.appender.E = org.apache.log4j.FileAppender
log4j.appender.E.File = E://logs/error.log
log4j.appender.E.Append = true
log4j.appender.E.Threshold = ERROR
log4j.appender.E.layout = org.apache.log4j.PatternLayout
log4j.appender.E.layout.ConversionPattern = %d{yyyy-MM-dd HH:mm:ss}  [ %t:%r ] - [ %p ]  %m%n

spring-dao.xml:web

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/context
       http://www.springframework.org/schema/context/spring-context-4.0.xsd">

    <!-- 加載配置文件 -->
    <context:property-placeholder location="classpath:db.properties" ignore-unresolvable="true" />
    <!-- 數據庫鏈接池 -->
    <bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource"
          init-method="getConnection"
          destroy-method="close">
        <property name="driverClassName" value="${driver}" />
        <property name="url" value="${url}" />
        <property name="username" value="${name}" />
        <property name="password" value="${password}" />
        <!-- 初始化鏈接大小 -->
        <property name="initialSize" value="2" />
        <!-- 鏈接池最大使用鏈接數量 -->
        <property name="maxActive" value="100" />
        <!-- 鏈接池最小空閒 -->
        <property name="minIdle" value="2" />
        <!-- 獲取鏈接最大等待時間 -->
        <!-- <property name="maxWait" value="60000" /> -->
    </bean>
    <!-- mapper配置 -->
    <!-- 讓spring管理sqlsessionfactory 使用mybatis和spring整合包中的 -->
    <!-- mybatis核心bean -->
    <bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
        <!-- 數據庫鏈接池 -->
        <property name="dataSource" ref="dataSource" />
        <!-- 加載mybatis的全局配置文件 -->
        <property name="configLocation" value="classpath:SqlMapConfig.xml" />
        <property name="mapperLocations" value="classpath:com/liby/springmvc/mapper/**/*.xml"/>
    </bean>

    <!-- 配置Mapper掃描器 -->
    <!-- 自動掃描DAO接口 -->
    <bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
        <property name="basePackage" value="com.liby.springmvc.dao"/>
        <property name="sqlSessionFactoryBeanName" value="sqlSessionFactory" />
    </bean>
    <!-- (事務管理)transaction manager, use JtaTransactionManager for global tx -->
    <bean id="transactionManager"
          class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
        <property name="dataSource" ref="dataSource" />
    </bean>
</beans>

spring-mvc.xml:spring

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/context
       http://www.springframework.org/schema/context/spring-context-4.0.xsd">

    <!-- 激活spring的註解. -->
    <context:annotation-config />
    <!-- @Controller註解掃描 -->
    <context:component-scan base-package="com.liby.springmvc"></context:component-scan>

    <!-- 配置視圖解析器
    做用:在controller中指定頁面路徑的時候就不用寫頁面的完整路徑名稱了,能夠直接寫頁面去掉擴展名的名稱
    -->
    <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <!-- 真正的頁面路徑 =  前綴 + 去掉後綴名的頁面名稱 + 後綴 -->
        <!-- 前綴 -->
        <property name="prefix" value="/view/"></property>
        <!-- 後綴 -->
        <property name="suffix" value=".jsp"></property>
    </bean>
</beans>

SqlMapConfig.xml:mybatis配置文件,不可缺乏。sql

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE configuration
        PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
        "http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>

</configuration>

 

重點來啦!!!數據庫

Spring Security配置

spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--suppress ALL -->
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:context="http://www.springframework.org/schema/context"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/context
       http://www.springframework.org/schema/context/spring-context-4.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security.xsd">

    <context:component-scan base-package="com.liby.springmvc"></context:component-scan>
    <http pattern="/login" security="none"/>
    <http auto-config="true">
        <!--intercept-url有攔截順序,若是下面兩個被反轉了./**會一直 被匹配,/security/admin**就永遠也不會執行。-->
        <!--知足該條件的請求須要有ADMIN角色-->
        <intercept-url pattern="/security/admin**" access="hasRole('ROLE_ADMIN')"/>
        <!--pattern="/**" 對全部路徑進行角色認證-->
        <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>


        <!--自定義登陸頁面是經過login-page屬性來指定的。提到login-page咱們不得不提另外幾個屬性。
        一、username-parameter:表示登陸時用戶名使用的是哪一個參數,默認是「j_username」。
        二、password-parameter:表示登陸時密碼使用的是哪一個參數,默認是「j_password」。
        三、login-processing-url:表示登陸時提交的地址,默認是「/j-spring-security-check」。這個只是Spring Security用來標記登陸頁面使用的提交地址,真正關於登陸這個請求是不須要用戶本身處理的。
        四、authentication-success-handler-ref:使用了authentication-success-handler-ref以後認證成功後的處理就由指定的AuthenticationSuccessHandler來處理,default-target-url則失效
        五、authentication-failure-url:經過authentication-failure-url指定登陸失敗後的頁面
        六、authentication-failure-handler-ref:對應一個用於處理認證失敗的AuthenticationFailureHandler實現類。指定了該屬性,Spring Security在認證失敗後會調用指定AuthenticationFailureHandler的onAuthenticationFailure方法對認證失敗進行處理,此時authentication-failure-url屬性將再也不發生做用。
        -->
        <form-login
                login-page="/login"
                login-processing-url="/checkLogin"
                default-target-url="/hello"
                authentication-success-handler-ref="authenticationSuccessHandlerImpl"
                username-parameter="username"
                password-parameter="password"
                authentication-failure-url="/error"
        />

        <!--要實現退出登陸的功能咱們須要在http元素下定義logout元素,這樣Spring Security將自動爲咱們添加用於處理退出登陸的過濾器LogoutFilter到FilterChain。
        當咱們指定了http元素的auto-config屬性爲true時logout定義是會自動配置的,此時咱們默認退出登陸的URL爲「/logout」,
        能夠經過logout元素的logout-url屬性來改變退出登陸的默認地址。
        一、logout-url:改變退出登陸的默認地址,這裏須要注意的一點是,spring security 3.x默認的註銷攔截url爲/j_spring_security_logout,而4.x則默認使用/logout
        二、invalidate-session:表示是否要在退出登陸後讓當前session失效,默認爲true。
        三、delete-cookies:指定退出登陸後須要刪除的cookie名稱,多個cookie之間以逗號分隔。
        四、logout-success-url:指定成功退出登陸後要重定向的URL。須要注意的是對應的URL應當是不須要登陸就能夠訪問的。
        五、success-handler-ref:指定用來處理成功退出登陸的LogoutSuccessHandler的引用。
        -->
        <logout invalidate-session="true"
                logout-success-url="/login"
        />
        <!--Spring Security 4默認啓用了CSRF保護功能(false),該功能在Spring Security 3時就已經存在默認是不啓用,該功能防止跨站請求僞造攻擊;
        在提交請求時,該請求被CsrfFilter攔截,驗證_csrf的token是否有效。
        -->
        <csrf disabled="true"/>

    </http>
    <!--<authentication-manager>-->
        <!--<authentication-provider>-->
            <!--<user-service>-->
                <!--<user name="yebing" password="123456" authorities="ROLE_USER"/>-->
                <!--<user name="admin" password="admin" authorities="ROLE_USER,ROLE_ADMIN"/>-->
            <!--</user-service>-->
        <!--</authentication-provider>-->
    <!--</authentication-manager>-->

    <!-- 配置認證管理器 -->
    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="userDetailServiceImpl">
            <!--<password-encoder hash="md5">-->
                <!--<salt-source user-property="lamb" />-->
            <!--</password-encoder>-->
            <password-encoder ref="messageDigestPasswordEncoderImpl"></password-encoder>
        </authentication-provider>
    </authentication-manager>
    <beans:bean id="messageDigestPasswordEncoderImpl" class="com.liby.springmvc.config.springsecurity.MessageDigestPasswordEncoderImpl">
        <beans:constructor-arg value="md5"></beans:constructor-arg>
    </beans:bean>
</beans:beans>

Java代碼:

MD5加密工具類:Md5Util.java

package com.li.springmvc.util;

import org.springframework.stereotype.Component;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

/**
 * 功能:獲取Md5加密後的密文
 * @Author Created by yebing
 * @Date 2018/8/11 22:07
 * @Version 1.0.0
 */
@Component
public class Md5Util {
    private static final String SALT = "lamb";
    public String encode(String password){
        password = password + SALT;
        StringBuffer stringBuffer = new StringBuffer();
        MessageDigest digest = null;
        try {
            digest = MessageDigest.getInstance("md5");
        } catch (NoSuchAlgorithmException e) {
            e.printStackTrace();
        }
        byte[] strByte = password.getBytes();
        byte[] result = digest.digest(strByte);
        System.out.println();
        for (byte aByte : result) {
            String s=Integer.toHexString(0xff & aByte);
            if(s.length()==1){
                stringBuffer.append(s);
            }else{
                stringBuffer.append(s);
            }

        }
        return stringBuffer.toString();
    }

    public static void main(String[] args){
        Md5Util md5Util = new Md5Util();
        System.out.println(md5Util.encode("123456"));
    }
}
AuthenticationSuccessHandlerImpl.java:
用做Spring Security認證成功後的處理,可用做頁面跳轉等邏輯業務處理。
package com.li.springmvc.config.springsecurity;

import org.springframework.context.annotation.Bean;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.stereotype.Component;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * 功能:Spring Security成功登錄後頁面處理器,
 * 結合Spring-security.xml文件下authentication-success-handler-ref="authenticationSuccessHandlerImpl"使用
 *
 * @Author Created by yebing
 * @Date 2018/8/12 21:15
 * @Version 1.0.0
 */
@Component("authenticationSuccessHandlerImpl")
public class AuthenticationSuccessHandlerImpl implements AuthenticationSuccessHandler {
    @Override
    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        System.out.println("Setting session!");
        httpServletResponse.sendRedirect("/hello");
    }
}
UserDetailsServiceImpl.java:
用於登陸時,獲取前端發送過來的帳號,調用dao動態獲取數據庫用戶信息,例如帳號權限以及密碼,並將帳號信息寫入Spring Security中。
package com.li.springmvc.config.springsecurity;

import com.li.springmvc.dao.UserDao;
import com.li.springmvc.domain.UserBean;
import com.li.springmvc.util.Md5Util;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;
import java.util.ArrayList;
import java.util.List;

/**
 * 功能:動態獲取用戶帳號密碼認證
 * @Author Created by yebing
 * @Date 2018/8/12 22:05
 * @Version 1.0.0
 */
@Component("userDetailServiceImpl")
public class UserDetailsServiceImpl implements UserDetailsService {
    @Autowired
    private UserDao userDao;
    @Autowired
    private Md5Util md5Util;
    private static Logger logger = Logger.getLogger(UserDetailsServiceImpl.class);
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        UserBean userBean = userDao.getUser(username);

        if (null == userBean) {
            throw new UsernameNotFoundException("用戶" + username + "不存在");
        }

        //GrantedAuthority是security提供的權限類,
        List<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();
        //獲取角色,放到list裏面
        getRoles(userBean,auths);
        logger.info("數據庫密碼:"+userBean.getPassword());
        //返回包括權限角色的User給security
        return new User(username, userBean.getPassword(), true, true, true, true, auths);
    }
    public void getRoles(UserBean userBean,List<GrantedAuthority> list){
        for (String role:userBean.getRoles().split(",")) {
            //權限若是前綴是ROLE_,security就會認爲這是個角色信息,而不是權限,例如ROLE_MENBER就是MENBER角色,CAN_SEND就是CAN_SEND權限
           System.out.println("角色是:"+role);
            list.add(new SimpleGrantedAuthority("ROLE_"+role));
        }
    }
MessageDigestPasswordEncoderImpl.java:
密碼認證處理器,繼承MessageDigestPasswordEncoder類,重寫密碼認證方法。
package com.li.springmvc.config.springsecurity;

import com.li.springmvc.util.Md5Util;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.encoding.MessageDigestPasswordEncoder;
import org.springframework.stereotype.Component;

/**
 * 功能:密碼認證處理器,繼承MessageDigestPasswordEncoder類,重寫密碼認證方法。
 *       <password-encoder ref="messageDigestPasswordEncoderImpl"></password-encoder>搭配使用
 * @Author: yebing
 * @Date: 2018-8-13 12:32
 * @Version 1.0.0
 */
public class MessageDigestPasswordEncoderImpl extends MessageDigestPasswordEncoder {
    @Autowired
    private Md5Util md5Util;
    private static Logger logger = Logger.getLogger(MessageDigestPasswordEncoderImpl.class);

    public MessageDigestPasswordEncoderImpl(String algorithm) throws  IllegalArgumentException{
        super(algorithm);
    }
    public MessageDigestPasswordEncoderImpl(String algorithm, boolean encodeHashAsBase64) throws IllegalArgumentException {
        super(algorithm, encodeHashAsBase64);
    }

    /**
     * @param encPass 數據庫密碼
     * @param rawPass 前端傳送過來的密碼
     * @param salt 加鹽,這裏忽略,暫時不引用
     * @return
     */
    @Override
    public boolean isPasswordValid(String encPass, String rawPass, Object salt) {
        String pass1 = "" + encPass;
        String pass2 = md5Util.encode(rawPass);
        boolean bool=false;
        if(pass1.equals(pass2)){
            bool=true;
        }
        return bool;
    }
}

最後來一個Spring Security註銷登陸:

    @RequestMapping(value = "/logout")
    public String logoutPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse){
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if(authentication!=null){
            new SecurityContextLogoutHandler().logout(httpServletRequest,httpServletResponse,authentication);
        }
        logger.info("註銷登陸成功!");
        return "login";
    }

就這麼簡單粗暴的註銷實例。

項目github地址:完整的項目,不懂的能夠看代碼註釋,我以爲我寫的仍是比較清楚的

相關文章
相關標籤/搜索