springsecurity登录*CAS单点登录
<beans:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <beans:constructor-arg value="http://localhost:9100/cas/logout?service=http://localhost:9103"/> ........ </beans:bean>
一·配置文件
(1)修改pinyougou-manager-web的pom.xml ,添加依赖
<!-- 身份验证 -->
<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> </dependency>
(2)修改web.xml
1 <context-param>
2 <param-name>contextConfigLocation</param-name>
3 <param-value>classpath:spring/spring-security.xml</param-value>
4 </context-param>
5 <listener>
6 <listener-class>
7 org.springframework.web.context.ContextLoaderListener
8 </listener-class>
9 </listener>
10 <filter>
11 <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
12 </filter>
13 <filter-mapping>
14 <filter-name>springSecurityFilterChain</filter-name>
15 <url-pattern>/*</url-pattern>
16 </filter-mapping>
(3)pinyougou-manager-web的spring目录下添加配置文件spring-security.xml
1 <!-- 以下页面不被拦截 --> 2 <http pattern="/login.html" security="none"></http> 3 <http pattern="/css/**" security="none"></http> 4 <http pattern="/img/**" security="none"></http> 5 <http pattern="/js/**" security="none"></http> 6 <http pattern="/plugins/**" security="none"></http> 7 8 <!-- 页面拦截规则 --> 9 <http use-expressions="false"> 10 <intercept-url pattern="/*" access="ROLE_ADMIN" /> 11 <form-login login-page="/login.html" default-target-url="/admin/index.html" authentication-failure-url="/login.html" always-use-default-target="true"/> 12 <csrf disabled="true"/> 13 <headers> 14 <frame-options policy="SAMEORIGIN"/> 15 </headers> 16 </http> 17 18 <!-- 认证管理器 --> 19 <authentication-manager> 20 <authentication-provider> 21 <user-service> 22 <user name="admin" password="123456" authorities="ROLE_ADMIN"/> 23 <user name="sunwukong" password="dasheng" authorities="ROLE_ADMIN"/> 24 </user-service> 25 </authentication-provider> 26 </authentication-manager>
二、配置说明:
always-use-default-target:指定了是否在身份验证通过后总是跳转到default-target-url属性指定的URL。
如果你在系统中使用了框架页,需要设置框架页的策略为SAMEORIGIN
登录页面
修改pinyougou-manager-web的 login.html
1 <form id="loginform" action="/login" method="post" class="sui-form"> 2 <div class="input-prepend"><span class="add-on loginname"></span> 3 <input id="prependedInput" name="username" type="text" placeholder="邮箱/用户名/手机号" class="span2 input-xfat"> 4 </div> 5 <div class="input-prepend"><span class="add-on loginpwd"></span> 6 <input id="prependedInput" name="password" type="password" placeholder="请输入密码" class="span2 input-xfat"> 7 </div> 8 <div class="setting"> 9 <div id="slider"> 10 <div id="slider_bg"></div> 11 <span id="label">>></span> <span id="labelTip">拖动滑块验证</span> 12 </div> 13 </div> 14 <div class="logined"> 15 <a class="sui-btn btn-block btn-xlarge btn-danger" onclick="document:loginform.submit()" target="_blank">登 录</a> 16 </div>
三、
主界面显示登陆人
在pinyougou-manager-web新建LoginController.java
1 package com.pinyougou.manager.controller; 2 import java.util.HashMap; 3 import java.util.Map; 4 import org.springframework.security.core.context.SecurityContextHolder; 5 import org.springframework.security.core.userdetails.UserDetails; 6 import org.springframework.web.bind.annotation.RequestMapping; 7 import org.springframework.web.bind.annotation.RestController; 8 @RestController 9 @RequestMapping("/login") 10 public class LoginController { 11 @RequestMapping("name") 12 public Map name(){ 13 String name=SecurityContextHolder.getContext() 14 .getAuthentication().getName(); 15 Map map=new HashMap(); 16 map.put("loginName", name); 17 return map ; 18 } 19 }
前端代码
新建loginService.js
/登陆服务层 app.service('loginService',function($http){ //读取登录人名称 this.loginName=function(){ return $http.get('../login/name.do'); } });
(1)新建indexController.js
app.controller('indexController' ,function($scope,$controller ,loginService){
//读取当前登录人
$scope.showLoginName=function(){
loginService.loginName().success(
function(response){
$scope.loginName=response.loginName;
}
);
}
});
页面上引入JS
<script type="text/javascript" src="../plugins/angularjs/angular.min.js"></script> <script type="text/javascript" src="../js/base.js"></script> <script type="text/javascript" src="../js/service/loginService.js"></script> <script type="text/javascript" src="../js/controller/indexController.js"></script> 指令 <body class="hold-transition skin-green sidebar-mini" ng-app="pinyougou" ng-controller="indexController" ng-init="showLoginName ()">
将页面上的测试用户 替换成 {{loginName}}
退出登录
在pinyougou-manager-web的spring-security.xml的http节点中添加配置
<logout/>
加此配置后,会自动的产生退出登录的地址/logout,如果你不想用这个地址 ,你也可以定义生成的退出地址以及跳转的页面,配置如下
<logout logout-url="" logout-success-url=""/>
<div class="pull-right"> <a href="../logout" class="btn btn-default btn-flat">注销</a> </div>
<form id="loginform" action="/login" method="post" class="sui-form"> <div class="input-prepend"><span class="add-on loginname"></span> <input id="prependedInput" name="username" type="text" placeholder="邮箱/用户名/手机号" class="span2 input-xfat"> </div> <div class="input-prepend"><span class="add-on loginpwd"></span> <input id="prependedInput" name="password" type="password" placeholder="请输入密码" class="span2 input-xfat"> </div> <div class="setting"> <div id="slider"> <div id="slider_bg"></div> <span id="label">>></span> <span id="labelTip">拖动滑块验证</span> </div> </div> <div class="logined"> <a class="sui-btn btn-block btn-xlarge btn-danger" onclick="document:loginform.submit()" target="_blank">登 录</a> </div>
商家系统登录与安全控制
自定义认证类
在pinyougou-shop-web创建com.pinyougou.service包,包下创建类UserDetailsServiceImpl.java 实现UserDetailsService接口
package com.pinyougou.service; import java.util.ArrayList; import java.util.List; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; /** * 认证类 * @author Administrator * */ public class UserDetailsServiceImpl implements UserDetailsService { @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>(); grantedAuths.add(new SimpleGrantedAuthority("ROLE_SELLER")); return new User(username,"123456", grantedAuths); } }
在pinyougou-shop-web的spring目录下创建spring-security.xml
<!-- 以下页面不被拦截 -->
<http pattern="/*.html" security="none"></http>
<http pattern="/css/**" security="none"></http>
<http pattern="/img/**" security="none"></http>
<http pattern="/js/**" security="none"></http>
<http pattern="/plugins/**" security="none"></http>
<http pattern="/seller/add.do" security="none"></http>
<!-- 页面拦截规则 -->
<http use-expressions="false">
<intercept-url pattern="/**" access="ROLE_SELLER" />
<form-login login-page="/shoplogin.html" default-target-url="/admin/index.html" authentication-failure-url="/shoplogin.html" always-use-default-target="true"/>
<csrf disabled="true"/>
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
<logout/>
</http>
<!-- 认证管理器 -->
<authentication-manager>
<authentication-provider user-service-ref="userDetailService">
</authentication-provider>
</authentication-manager>
<beans:bean id="userDetailService"
class="com.pinyougou.service.UserDetailServiceImpl"></beans:bean>
经过上述配置,用户在输入密码123456时就会通过(用户名随意)
认证类调用服务方法
修改UserDetailsServiceImpl.java ,添加属性和setter方法 ,修改loadUserByUsername方法
/** * 认证类 * @author Administrator * */ public class UserDetailsServiceImpl implements UserDetailsService { private SellerService sellerService; public void setSellerService(SellerService sellerService) { this.sellerService = sellerService; } @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { System.out.println("经过了UserDetailsServiceImpl"); //构建角色列表 List<GrantedAuthority> grantAuths=new ArrayList(); grantAuths.add(new SimpleGrantedAuthority("ROLE_SELLER")); //得到商家对象 TbSeller seller = sellerService.findOne(username); if(seller!=null){ if(seller.getStatus().equals("1")){ return new User(username,seller.getPassword(),grantAuths); }else{ return null; } }else{ return null; } } }
修改pinyougou-shop-web的spring-security.xml ,添加如下配置
<!-- 引用dubbo 服务 -->
<dubbo:application name="pinyougou-shop-web" />
<dubbo:registry address="zookeeper://192.168.25.129:2181"/>
<dubbo:reference id="sellerService" interface="com.pinyougou.sellergoods.service.SellerService" >
</dubbo:reference>
<beans:bean id="userDetailService" class="com.pinyougou.service.UserDetailsServiceImpl">
<beans:property name="sellerService" ref="sellerService"></bean:property>
</beans:bean>
经过上述修改后,在登陆页输入用户名和密码与数据库一致即可登陆
商家入驻密码加密
商家申请入驻的密码要使用BCrypt算法进行加密存储,修改SellerController.java的add方法
/** * 增加 * @param seller * @return */ @RequestMapping("/add") public Result add(@RequestBody TbSeller seller){ //密码加密 BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder(); String password = passwordEncoder.encode(seller.getPassword()); seller.setPassword(password); try { sellerService.add(seller); return new Result(true, "增加成功"); } catch (Exception e) { e.printStackTrace(); return new Result(false, "增加失败"); } }
加密配置
修改pinyougou-shop-web的spring-security.xml ,添加如下配置
<beans:bean id="bcryptEncoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
修改认证管理器的配置
<!-- 认证管理器 -->
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref='userDetailService'>
<password-encoder ref="bcryptEncoder"></password-encoder>
</authentication-provider>
</authentication-manager>
品优购用户中心(CAS)
将用户中心相关的页面(home-开头的)拷贝至 pinnyougou-user-web
pom.xml 引入springSecurity、cas客户端和springSecurity Cas整合包依赖
web.xml 添加spring-security过滤器(参照参照casclient_demo3)设置首页为home-index.html
<welcome-file-list>
<welcome-file>home-index.html</welcome-file>
</welcome-file-list>
构建UserDetailsServiceImpl.java
添加spring-security.xml
配置匿名访问资源
<!-- 匿名访问资源 -->
<http pattern="/css/**" security="none"></http>
<http pattern="/js/**" security="none"></http>
<http pattern="/image/**" security="none"></http>
<http pattern="/plugins/**" security="none"></http>
<http pattern="/register.html" security="none"></http>
<http pattern="/user/add.do" security="none"></http>
<http pattern="/user/sendCode.do" security="none"></http>
设置服务地址属性
<beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<beans:property name="service" value="http://localhost:9106/login/cas"/>
</beans:bean>
设置认证类
<beans:bean
id="userDetailsService" class="com.pinyougou.user.service.UserDetailServiceImpl"/>
页面显示用户名
pinyougou-user-web创建LoginController.java
@RestController @RequestMapping("/login") public class LoginController { @RequestMapping("/name") public Map showName(){ String name = SecurityContextHolder.getContext().getAuthentication().getName();//得到登陆人账号 Map map=new HashMap<>(); map.put("loginName", name); return map; } }
创建loginService.js
/服务层 app.service('loginService',function($http){ //读取列表数据绑定到表单中 this.showName=function(){ return $http.get('../login/name.do'); } });
(3)创建indexController.js
//首页控制器 app.controller('indexController',function($scope,loginService){ $scope.showName=function(){ loginService.showName().success( function(response){ $scope.loginName=response.loginName; } ); } });
修改home-index.html 引入js
<script type="text/javascript" src="plugins/angularjs/angular.min.js"></script>
<script type="text/javascript" src="js/base.js"></script>
<script type="text/javascript" src="js/service/loginService.js"></script>
<script type="text/javascript" src="js/controller/indexController.js"></script>
指令,调用方法查询登陆名
<body ng-app="pinyougou" ng-controller="indexController" ng-init="showName()">
显示用户名
<span class="name">{{loginName}}</span>
退出登录
设置退出登录后的跳转地址
<beans:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <beans:constructor-arg value="http://localhost:9100/cas/logout?service=http://localhost:9103"/> ........ </beans:bean>
退出登录后,跳转到网站首页
<span class="safe"> <a href="/logout/cas">退出登录 </a></span>
配置匿名访问资源
浙公网安备 33010602011771号