Spring Security实现后台管理员登录(一)
一、实现功能
二、数据表设计
为了测试方便,这里创建一个简单的数据表,只含有name和password两个字段。至于角色,权限等,这里都先不考虑。
插入一条数据,name为admin,password为e10adc3949ba59abbe56e057f20f883e(这是123456经md5加密后得到的值)。
三、配置文件
1 在pom.xml中添加三个相关的包
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-core</artifactId>
- <version>${org.springframework.security.version}</version>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-config</artifactId>
- <version>${org.springframework.security.version}</version>
- </dependency>
- <dependency>
- <groupId>org.springframework.security</groupId>
- <artifactId>spring-security-web</artifactId>
- <version>${org.springframework.security.version}</version>
- </dependency>
2 web.xml中添加过滤器
- <!-- 添加Spring-Security过滤器 -->
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/service/*</url-pattern>
- </filter-mapping>
3 src/main/resource/spring/applicationContext-security.xml的内容为
- <?xml version="1.0" encoding="UTF-8"?>
- <beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns="http://www.springframework.org/schema/security"
- xsi:schemaLocation="http://www.springframework.org/schema/beans
- http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
- http://www.springframework.org/schema/security
- http://www.springframework.org/schema/security/spring-security-3.1.xsd">
- <!-- 需要登陆能够访问的路径 -->
- <http access-denied-page="/service/login/unSecurity" entry-point-ref="authenticationProcessingFilterEntryPoint">
- <!-- 首页 -->
- <intercept-url pattern="/service/index/index" access="ROLE_AUTHORITY"/>
- <!-- 自定义loginFilter -->
- <custom-filter ref="loginFilter" position="FORM_LOGIN_FILTER" />
- <logout logout-url="/service/login/logout" logout-success-url="/" invalidate-session="true"
- delete-cookies="JSESSIONID,SPRING_SECURITY_REMEMBER_ME_COOKIE"/>
- <session-management invalid-session-url="/service/login/unSecurity" session-authentication-strategy-ref="sas"/>
- </http>
- <!-- 登录验证器 -->
- <beans:bean id="loginFilter" class="com.zheng.shared.security.JadeUserPwdAuthFilter">
- <!-- 处理登录的action -->
- <beans:property name="filterProcessesUrl" value="/service/login/userLogin"/>
- <!-- 认证管理 点击完登录后,最终实现校验的是AuthenticationProvider-->
- <beans:property name="authenticationManager" ref="myAuthenticationManager"/>
- <!-- 验证成功后的处理-->
- <beans:property name="authenticationSuccessHandler" ref="loginLogAuthenticationSuccessHandler"/>
- <!-- 验证失败后的处理-->
- <beans:property name="authenticationFailureHandler" ref="simpleUrlAuthenticationFailureHandler"/>
- <!-- 实现多个帐号登录时最后一次登录的有效,目前只请允许登录一个帐号 -->
- <beans:property name="sessionAuthenticationStrategy" ref="sas"/>
- </beans:bean>
- <beans:bean id="loginLogAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
- <beans:property name="alwaysUseDefaultTargetUrl" value="true"/>
- <beans:property name="defaultTargetUrl" value="/service/login/loginSucc"/>
- </beans:bean>
- <beans:bean id="simpleUrlAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
- <!-- 可以配置相应的跳转方式。属性forwardToDestination为true采用forward false为sendRedirect -->
- <beans:property name="defaultFailureUrl" value="/service/login/loginFail"/>
- </beans:bean>
- <beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
- <beans:property name="maximumSessions" value="1"/>
- <beans:property name="exceptionIfMaximumExceeded" value="false"/>
- <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry"/>
- </beans:bean>
- <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl"/>
- <authentication-manager alias="myAuthenticationManager">
- <authentication-provider ref="authenticationProvider"/>
- </authentication-manager>
- <beans:bean id="authenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
- <!-- 配置异常能被捕捉 -->
- <beans:property name="hideUserNotFoundExceptions" value="false" />
- <beans:property name="userDetailsService" ref="userDetailService" />
- <!-- <beans:property name="messageSource" ref="messageSource" /> -->
- <!-- <beans:property name="userCache" ref="userCache" />可使用缓存保存用户信息-->
- <!-- 开发过程中可以先把这两行注释掉-->
- <!-- <beans:property name="passwordEncoder" ref="passwordEncode"/>
- <beans:property name="saltSource" ref="saltSource" /> -->
- </beans:bean>
- <!-- 密码加密 -->
- <beans:bean id="passwordEncode" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
- <beans:bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource">
- <beans:property name="userPropertyToUse" value="id"/>
- </beans:bean>
- <beans:bean id="userDetailService" class="com.zheng.service.impl.UserServiceImpl" />
- <!-- 未登录的切入点-->
- <beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
- <beans:property name="loginFormUrl" value="/service/login/unSecurity" />
- </beans:bean>
- </beans:beans>
四、相关代码
1src/main/Java/com/zheng/shared/sercurity/JadeUserPwdAuthFilter.java中的代码为
- package com.zheng.shared.security;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.security.authentication.AuthenticationServiceException;
- import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
- import org.springframework.security.core.Authentication;
- import org.springframework.security.core.AuthenticationException;
- import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
- import com.zheng.bean.User;
- import com.zheng.dao.UserMapper;
- public class JadeUserPwdAuthFilter extends UsernamePasswordAuthenticationFilter {
- public static final String USERNAME = "userName";
- public static final String PASSWORD = "userPassword";
- @Autowired
- private UserMapper userDao;
- @Override
- public Authentication attemptAuthentication(HttpServletRequest request,
- HttpServletResponse response) throws AuthenticationException {
- if (!request.getMethod().equals("POST")) {
- throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
- }
- String userName = request.getParameter(USERNAME);
- String password = request.getParameter(PASSWORD);
- User user = userDao.findUserByUserName(userName);
- System.out.println("username: " + user.getUsername());
- System.out.println("password: " + user.getPassword());
- // 验证用户是否被启用
- UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(userName, password);
- // 允许子类设置详细属性
- setDetails(request, authRequest);
- // 运行UserDetailsService的loadUserByUsername 再次封装Authentication
- return this.getAuthenticationManager().authenticate(authRequest);
- }
- }
2 src/main/java/com/zheng/service/UserService.java的内容为
- package com.zheng.service;
- import org.springframework.security.core.userdetails.UserDetailsService;
- public interface UserService extends UserDetailsService{
- }
3 src/main/java/com/zheng/service/impl/UserServiceImpl.java的内容为
- package com.zheng.service.impl;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.security.core.userdetails.UserDetails;
- import org.springframework.security.core.userdetails.UsernameNotFoundException;
- import com.zheng.bean.User;
- import com.zheng.dao.UserMapper;
- import com.zheng.service.UserService;
- public class UserServiceImpl implements UserService{
- @Autowired
- private UserMapper userMapper;
- @Override
- public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
- User user = null;
- try {
- user = userMapper.findUserByUserName(username);
- } catch (Exception e) {
- e.printStackTrace();
- }
- if (user == null) {
- throw new UsernameNotFoundException("用户名或密码不正确!");
- }
- System.out.println("username: " + user.getUsername());
- System.out.println("password: " + user.getPassword());
- return user;
- }
- }
4 src/main/java/com/zheng/bean/User.java的内容为
- package com.zheng.bean;
- import java.io.Serializable;
- import java.util.Collection;
- import org.springframework.security.core.GrantedAuthority;
- import org.springframework.security.core.userdetails.UserDetails;
- public class User implements UserDetails , Serializable {
- private static final long serialVersionUID = 123L;
- private String userName;
- private String password;
- private Collection<GrantedAuthority> authorities;// 用户证书是否有效
- @Override
- public String getUsername() {
- return this.userName;
- }
- @Override
- public String getPassword() {
- return password;
- }
- public void setPassword(String password) {
- this.password = password;
- }
- @Override
- public Collection<? extends GrantedAuthority> getAuthorities() {
- return authorities;
- }
- public void setAuthorities(Collection<GrantedAuthority> authorities) {
- this.authorities = authorities;
- }
- @Override
- public boolean isAccountNonExpired() {
- return true;
- }
- @Override
- public boolean isAccountNonLocked() {
- return true;
- }
- @Override
- public boolean isCredentialsNonExpired() {
- return true;
- }
- @Override
- public boolean isEnabled() {
- return true;
- }
- }
特别需要注意的是:用户只有在不过期、没被锁定、没被禁用的情况下才能登录成功,所以isEnabled()方法的返回值设为真,表示用户没有禁用。
5 src/main/java/com/zheng/dao/UserMapper.java的内容为
- package com.zheng.dao;
- import com.zheng.bean.User;
- public interface UserMapper {
- /**
- * 根据用户名查找
- * @param userName
- * @return
- */
- User findUserByUserName(String name);
- }
6 src/main/resources/config/mybatis/mapper/UserMapper.xml
- <?xml version="1.0" encoding="UTF-8"?>
- <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
- <mapper namespace="com.zheng.dao.UserMapper" >
- <resultMap id="BaseResultMap" type="com.zheng.bean.User" >
- <result column="name" property="userName" jdbcType="VARCHAR" />
- <result column="password" property="password" jdbcType="VARCHAR" />
- </resultMap>
- <select id="findUserByUserName" parameterType="string" resultMap="BaseResultMap" >
- select * from user where name = #{userName}
- </select>
- </mapper>
7 LoginController.java中响应登录成功和失败的方法为
- /**
- * 登陆成功进行处理的方法
- * @param request
- * @return
- */
- @RequestMapping("/loginSucc")
- @ResponseBody
- public Map<String,Object> loginSucc(HttpServletRequest request){
- System.out.println("登录成功!");
- Map<String,Object> result = new HashMap<String,Object>();
- return result;
- }
- /**
- * 登陆失败进行的操作
- * @param request
- * @return
- */
- @RequestMapping("/loginFail")
- @ResponseBody
- public Map<String,Object> loginFail(HttpServletRequest request){
- System.out.println("登录失败!");
- Map<String,Object> result = new HashMap<String,Object>();
- return result;
- }
五、运行结果
- 顶
Spring Security实现后台管理员登录(一)的更多相关文章
- 七:Spring Security 前后端分离登录,非法请求直接返回 JSON
Spring Security 前后端分离登录,非法请求直接返回 JSON 解决方案 在 Spring Security 中未获认证的请求默认会重定向到登录页,但是在前后端分离的登录中,这个默认行为则 ...
- spring security 动态 修改当前登录用户的 权限
1.前言 spring security 可以获取当前登录的用户信息,同时提供了接口 来修改权限列表信息 , 使用这个方法 ,可以动态的修改当前登录用户权限. 那么问题来了... 如果我是管理员 ,如 ...
- Spring Security 入门(1-3-1)Spring Security - http元素 - 默认登录和登录定制
登录表单配置 - http 元素下的 form-login 元素是用来定义表单登录信息的.当我们什么属性都不指定的时候 Spring Security 会为我们生成一个默认的登录页面. 如果不想使用默 ...
- Spring Security默认的用户登录表单 页面源代码
Spring Security默认的用户登录表单 页面源代码 <html><head><title>Login Page</title></hea ...
- Spring Security OAuth2 SSO 单点登录
基于 Spring Security OAuth2 SSO 单点登录系统 SSO简介 单点登录(英语:Single sign-on,缩写为 SSO),又译为单一签入,一种对于许多相互关连,但是又是各自 ...
- Spring Security之多次登录失败后账户锁定功能的实现
在上一次写的文章中,为大家说到了如何动态的从数据库加载用户.角色.权限信息,从而实现登录验证及授权.在实际的开发过程中,我们通常会有这样的一个需求:当用户多次登录失败的时候,我们应该将账户锁定,等待一 ...
- spring security实现记录用户登录时间等信息
目录 spring security实现记录用户登录时间等信息 一.原理分析 二.实现方式 2.1 自定义AuthenticationSuccessHandler实现类 2.2 在spring-sec ...
- SpringCloud微服务实战——搭建企业级开发框架(四十):使用Spring Security OAuth2实现单点登录(SSO)系统
一.单点登录SSO介绍 目前每家企业或者平台都存在不止一套系统,由于历史原因每套系统采购于不同厂商,所以系统间都是相互独立的,都有自己的用户鉴权认证体系,当用户进行登录系统时,不得不记住每套系统的 ...
- Spring Security 前后端分离登录,非法请求直接返回 JSON
hello 各位小伙伴,国庆节终于过完啦,松哥也回来啦,今天开始咱们继续发干货! 关于 Spring Security,松哥之前发过多篇文章和大家聊聊这个安全框架的使用: 手把手带你入门 Spring ...
随机推荐
- QQ分享 QQ空间分享 API链接:
QZone: "http://sns.qzone.qq.com/cgi-bin/qzshare/cgi_qzshare_onekey?url={{URL}}&title={{TITL ...
- Java面向对象和特征
面向对象: 概念: 面向对象是一种程序设计思想,计算机程序的设计实质上就是将现实中的一些事物的特征抽离出来描述成一些计算机事件的过程,这种抽象的过程中,我们把具体的事物封装成一个一个的整体进行描述,使 ...
- coreseek mmseg分词配置和创建
1.文件格式为 沃尔沃 1x:1现代 1x:1徐工 1x:1住友 1 ... 3.将生成的符合格式要求的词表粘贴到原词表unigram.txt末尾,保存为unigram_new.txt,并拷贝到mms ...
- 【概率论】hdu5985 Lucky Coins
kill(i,j)表示第i种硬币在第j轮或者之前就死光的概率,它等于(1-pi^j)^num(i) rev(i,j)表示第i种硬币在j轮后仍然存活的概率,它等于1-kill(i,j) 然后对每种硬币i ...
- 【分块】【LCT】bzoj2002 [Hnoi2010]Bounce 弹飞绵羊
分块,每个点统计还有几步弹出该块,以及它弹出块后的下一个节点是哪个点. 注意:update某个点的时候,会可能对当前块内 该点及以前的点 产生影响,所以对这部分点进行更新. #include<c ...
- Android手机 "已安装了存在签名冲突的同名数据包"
如果你不是开发者:如果你在android上更新一个已经安装过较早版本软件时,安装到最后一步提示你:已安装了存在签名冲突的同名数据包,然后安装失败.这是因为旧版软件的签名信息与新版不一致造成的.你可以卸 ...
- [HNOI/AHOI2017]影魔
[HNOI/AHOI2017]影魔 题目大意: 有一排\(n(n\le2\times10^5)\)个数\(k_{1\sim n}\).对于点对\((i,j)\),若不存在\(k_s(i<s< ...
- (原创)Stanford Machine Learning (by Andrew NG) --- (week 6) Advice for Applying Machine Learning & Machine Learning System Design
(1) Advice for applying machine learning Deciding what to try next 现在我们已学习了线性回归.逻辑回归.神经网络等机器学习算法,接下来 ...
- redis源码解析之事件驱动
Redis 内部有个小型的事件驱动,它主要处理两项任务: 文件事件:使用I/O多路复用技术处理多个客户端请求,并返回执行结果. 时间事件:维护服务器的资源管理,状态检查. 主要的数据结构包括文件事件结 ...
- JS类型判断typeof PK {}.toString.call(obj)
参考链接:https://www.talkingcoder.com/article/6333557442705696719 先看typeof <!doctype html> <htm ...