spring security 自定义登录页面及从数据库查询账户登录

一.使用自定义登录页面

  1.首先关闭 登录页面 , 登录错误后跳转页面, 登录成功后跳转页面 的拦截

     <!--不拦截静态资源-->
 <security:http pattern="/css/**" security="none"></security:http>
 <security:http pattern="/img/**" security="none"></security:http>
 <security:http pattern="/plugins/**" security="none"></security:http>  
 
     <!--不拦截登录 不拦截 error-->
  <security:http pattern="/login.jsp" security="none"/>
  <security:http pattern="/file.jsp" security="none"/>
  <security:http pattern="/index.ico" security="none"/>
 

  2.自定义登录页面

 <security:http  use-expressions="false">
        <security:intercept-url pattern="/**" access="ROLE_USER"/>
        <!--开启表单登录
            login-page=""  登录页面
        login-processing-url="/log" 登录提交页面路径,默认login
            default-target-url=""   登录成功页面
            authentication-failure-url=""   登录失败页面
        -->
        <security:form-login
                            login-page="/login.jsp"
                            login-processing-url="/log"
                             default-target-url="/index.jsp"
                             authentication-failure-url="/file.jsp"
        />
        <!--关闭跨越请求  如果没有关闭会报403错误-->
        <security:csrf disabled="true"/>
</security:http>

二. 从数据库查询用户登录

1.修改spring-security配置

 <!-- 配置认证登录信息 从数据库读取账户-->
<security:authentication-manager>
   <!--提供服务类 去数据库查询账户密码-->
  <security:authentication-provider user-service-ref="membersServiceImpl">
  </security:authentication-provider>
</security:authentication-manager>

2.创建pojo dao service层

注:service接口要继承UserDetailsService

public class MembersServiceImpl implements MembersService {

    @Autowired
    MembersDao membersDao;

    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
          //根据用户名获取对象
       Members members = membersDao.findByName(username);
        if (members!=null){
        //创建角色集合对象
            Collection<GrantedAuthority> authorities = new ArrayList<>();
          
            GrantedAuthority grantedAuthority = new SimpleGrantedAuthority("ROLE_USER");
            authorities.add(grantedAuthority);
            User user = new User(members.getUserName(), "{noop}"+members.getPassword(), authorities);
            return user;
        }
        return null;
    }
}

 

 

 

注:顺序不能错,先关闭要页面的拦截,再定义页面,否则无法运行

posted @ 2019-07-24 21:19  陌之殇  阅读(2015)  评论(0)    收藏  举报