黑马程序员技术交流社区

标题: 【郑州校区】品优购电商系统开发第 4 章 八 [打印本页]
作者: 我是楠楠    时间: 2020-5-19 15:45
标题: 【郑州校区】品优购电商系统开发第 4 章 八
【郑州校区】品优购电商系统开发第 4 章 八

5.商家系统登录与安全控制
5.1 需求分析
完成商家系统登陆与安全控制,商家账号来自数据库,并实现密码加密
5.2 自定义认证类
1pom.xmlweb.xml login.html 参照运营商管理后台
2)在pinyougou-shop-web创 建com.pinyougou.service包 , 包 下 创 建 类UserDetailsServiceImpl.java 实现 UserDetailsService 接口
[AppleScript] 纯文本查看 复制代码
 package com.pinyougou.service;

import java.util.ArrayList;

import java.util.List;

import org.springframework.security.core.GrantedAuthority;

import org.springframework.security.core.authority.SimpleGrantedAuthority;

import org.springframework.security.core.userdetails.User;

import org.springframework.security.core.userdetails.UserDetails;

import org.springframework.security.core.userdetails.UserDetailsService;

import org.springframework.security.core.userdetails.UsernameNotFoundException;

/**

* 认证类

* @author Administrator

*

*/

public class UserDetailsServiceImpl implements UserDetailsService {

@Override

public UserDetails loadUserByUsername(String username) throws

UsernameNotFoundException {

List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();

grantedAuths.add(new SimpleGrantedAuthority("ROLE_SELLER"));

return new User(username,"123456", grantedAuths);

}

}

3)在 pinyougou-shop-web spring 目录下创建 spring-security.xml
[AppleScript] 纯文本查看 复制代码
 <!-- 以下页面不被拦截 -->

<http pattern="/*.html" security="none"></http>

<http pattern="/css/**" security="none"></http>

<http pattern="/img/**" security="none"></http>

<http pattern="/js/**" security="none"></http>

<http pattern="/plugins/**" security="none"></http>

<http pattern="/seller/add.do" security="none"></http>

<!-- 页面拦截规则 -->

<http use-expressions="false">

<intercept-url pattern="/**" access="ROLE_SELLER" />

<form-login login-page="/shoplogin.html"

default-target-url="/admin/index.html" authentication-failure-url="/shoplogin.html"

always-use-default-target="true"/>

<csrf disabled="true"/>

<headers>

<frame-options policy="SAMEORIGIN"/>

</headers>

<logout/>

</http>

<!-- 认证管理器 -->

<authentication-manager>

<authentication-provider user-service-ref="userDetailService">

</authentication-provider>

</authentication-manager>

<beans:bean id="userDetailService"

class="com.pinyougou.service.UserDetailServiceImpl"></beans:bean>


经过上述配置,用户在输入密码 123456 时就会通过(用户名随意)
5.3 认证类调用服务方法
修改 UserDetailsServiceImpl.java ,添加属性和 setter 方法 ,修改 loadUserByUsername 方法

[AppleScript] 纯文本查看 复制代码
/**

* 认证类

* @author Administrator

*

*/

public class UserDetailsServiceImpl implements UserDetailsService {

private SellerService sellerService;

public void setSellerService(SellerService sellerService) {

this.sellerService = sellerService;

}

@Override

public UserDetails loadUserByUsername(String username) throws

UsernameNotFoundException {

System.out.println("经过了 UserDetailsServiceImpl");

//构建角色列表

List<GrantedAuthority> grantAuths=new ArrayList();

grantAuths.add(new SimpleGrantedAuthority("ROLE_SELLER"));

//得到商家对象

TbSeller seller = sellerService.findOne(username);

if(seller!=null){

if(seller.getStatus().equals("1")){

return new User(username,seller.getPassword(),grantAuths);

}else{

return null;

}

}else{

return null;

}

}

}

修改 pinyougou-shop-web spring-security.xml ,添加如下配置

[AppleScript] 纯文本查看 复制代码
<!-- 引用 dubbo 服务 -->

<dubbo:application name="pinyougou-shop-web" />

<dubbo:registry address="zookeeper://192.168.25.129:2181"/>

<dubbo:reference id="sellerService"

interface="com.pinyougou.sellergoods.service.SellerService" >

</dubbo:reference>

<beans:bean id="userDetailService"

class="com.pinyougou.service.UserDetailsServiceImpl">

<beans:property name="sellerService" ref="sellerService"></bean:property>

</beans:bean>

经过上述修改后,在登陆页输入用户名和密码与数据库一致即可登陆 。






欢迎光临 黑马程序员技术交流社区 (http://bbs.itheima.com/) 黑马程序员IT技术论坛 X3.2