spring安全框架:spring-security-白红宇

spring安全框架:spring-security

阅读量：2240 次

发布时间：2019-05-09

本文共 4076 字，大约阅读时间需要 13 分钟。

　　Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。它提供了一组可以在Spring应用上下文中配置的Bean，充分利用了Spring IoC，DI（控制反转Inversion of Control ,DI:Dependency Injection 依赖注入）和AOP（面向切面编程）功能，为应用系统提供声明式的安全访问控制功能，减少了为企业系统安全控制编写大量重复代码的工作

(1) 相关依赖


             
                 
      
       org.springframework.security
                  
      
       spring-security-web
              
             
                 
      
       org.springframework.security
                  
      
       spring-security-config

(2) spring-security.xml配置文件

(3) web.xml


     
         
      
       xxx-sellergoods-web
          
              
       
        shoplogin.html
           
          
          
              
       
        CharacterEncodingFilter
               
       
        org.springframework.web.filter.CharacterEncodingFilter
               
                   
        
         encoding
                    
        
         utf-8
                
           
          
              
       
        CharacterEncodingFilter
               
       
        /*
           
          
          
              
       
        xxx-sellergoods-web
               
       
        org.springframework.web.servlet.DispatcherServlet
               
               
                   
        
         contextConfigLocation
                    
        
         classpath:spring/springmvc.xml
                
               
       
        1
           
          
              
       
        xxx-sellergoods-web
               
               
       
        *.do
           
          
          
              
       
        contextConfigLocation
               
       
        classpath:spring/spring-*.xml
           
          
              
       
        org.springframework.web.context.ContextLoaderListener
           
          
          
              
       
        springSecurityFilterChain
               
       
        org.springframework.web.filter.DelegatingFilterProxy
           
          
              
       
        springSecurityFilterChain
               
       
        /*

(4) 认证类

import java.util.ArrayList;import java.util.List;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.authority.SimpleGrantedAuthority;import org.springframework.security.core.userdetails.User;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.core.userdetails.UsernameNotFoundException;public class UserDetailsServiceImpl implements UserDetailsService {    private SellerService sellerService;        public void setSellerService(SellerService sellerService) {        this.sellerService = sellerService;    }    @Override    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {                List
     
       grantAuths = new ArrayList<>();        grantAuths.add(new SimpleGrantedAuthority("ROLE_SELLER"));        /**         * User:         * * 参数：         *     * 1.用户名         *  * 2.密码         *  * 3.认证信息（角色）         */        // 去数据库进行查询:        TbSeller seller = sellerService.findByUserName(username);        if(seller != null){            if(seller.getStatus().equals("1")){                return new User(username,seller.getPassword(),grantAuths );            }else{                return null;            }        }        return null;     }}

转载于:https://www.cnblogs.com/lin-nest/p/10322565.html

你可能感兴趣的文章