运营商系统登录与安全控制

2.1 需求分析

完成运营商登陆功能

2.1 登陆功能的实现

2.1.1 配置文件

（1）修改 pinyougou-manager-web 的 pom.xml ，添加依赖

[AppleScript] 纯文本查看 复制代码

<!-- 身份验证 -->

<dependency>

<groupId>org.springframework.security</groupId>

<artifactId>spring-security-web</artifactId>

</dependency>

<dependency>

<groupId>org.springframework.security</groupId>

<artifactId>spring-security-config</artifactId>

</dependency>

（2）修改 web.xml

[AppleScript] 纯文本查看 复制代码

<context-param>


<param-name>contextConfigLocation</param-name>


<param-value>classpath:spring/spring-security.xml</param-value>


</context-param>

[AppleScript] 纯文本查看 复制代码

<listener>


<listener-class> org.springframework.web.context.ContextLoaderListener
</listener-class>


</listener>


<filter>


<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-clas
s>


</filter>


<filter-mapping>


<filter-name>springSecurityFilterChain</filter-name>


<url-pattern>/*</url-pattern>

</filter-mapping>

（3）pinyougou-manager-web 的 spring 目录下添加配置文件 spring-security.xml

[AppleScript] 纯文本查看 复制代码

<!-- 以下页面不被拦截 -->

<http  pattern="/login.html"  security="none"></http>


<http  pattern="/css/**"  security="none"></http>


<http  pattern="/img/**"  security="none"></http>


<http  pattern="/js/**"  security="none"></http>


<http  pattern="/plugins/**"  security="none"></http>




<!-- 页面拦截规则 -->

<http  use-expressions="false">

[AppleScript] 纯文本查看 复制代码

<intercept-url  pattern="/*"  access="ROLE_ADMIN"  />


<form-login login-page="/login.html"    default-target-url="/admin/index.html" authentication-failure-url="/login.html"  always-use-default-target="true"/>

<csrf  disabled="true"/>


<headers>


<frame-options  policy="SAMEORIGIN"/>


</headers>


</http>




<!-- 认证管理器 -->

<authentication-manager>


<authentication-provider>


<user-service>


<user  name="admin"  password="123456"  authorities="ROLE_ADMIN"/>


<user name="sunwukong" password="dasheng" authorities="ROLE_ADMIN"/>


</user-service>


</authentication-provider>


</authentication-manager>

配置说明：

always-use-default-target：指定了是否在身份验证通过后总是跳转到 default-target-url  属性指定的 URL。

如果你在系统中使用了框架页，需要设置框架页的策略为 SAMEORIGIN

[AppleScript] 纯文本查看 复制代码

<headers>


<frame-options  policy="SAMEORIGIN"/>
</headers>

2.1.1 登录页面

修 改 pinyougou-manager-web 的 login.html

[AppleScript] 纯文本查看 复制代码

<form  id="loginform"  action="/login"  method="post"    class="sui-form">


<div  class="input-prepend"><span  class="add-on  loginname"></span>

<input  id="prependedInput"    name="username"  type="text"  placeholder="邮箱/用户名/手机号"  class="span2  input-xfat">

</div>


<div  class="input-prepend"><span  class="add-on  loginpwd"></span>

<input  id="prependedInput"    name="password"  type="password"  placeholder="请输入密码"  class="span2  input-xfat">

</div>


<div  class="setting">


<div  id="slider">


<div  id="slider_bg"></div>

<span  id="label">>></span>  <span  id="labelTip">拖动滑块验证</span>

</div>


</div>


<div  class="logined">


<a  class="sui-btn  btn-block  btn-xlarge  btn-danger"
onclick="document:loginform.submit()"  target="_blank">登  录</a>

</div>

</form>

运营商系统登录与安全控制

2.1 需求分析

完成运营商登陆功能

2.1 登陆功能的实现

2.1.1 配置文件

（1）修改 pinyougou-manager-web 的 pom.xml ，添加依赖

[AppleScript] 纯文本查看 复制代码

<!-- 身份验证 -->

<dependency>

<groupId>org.springframework.security</groupId>

<artifactId>spring-security-web</artifactId>

</dependency>

<dependency>

<groupId>org.springframework.security</groupId>

<artifactId>spring-security-config</artifactId>

</dependency>

（2）修改 web.xml

[AppleScript] 纯文本查看 复制代码

<context-param>


<param-name>contextConfigLocation</param-name>


<param-value>classpath:spring/spring-security.xml</param-value>


</context-param>

[AppleScript] 纯文本查看 复制代码

<listener>


<listener-class> org.springframework.web.context.ContextLoaderListener
</listener-class>


</listener>


<filter>


<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-clas
s>


</filter>


<filter-mapping>


<filter-name>springSecurityFilterChain</filter-name>


<url-pattern>/*</url-pattern>

</filter-mapping>

（3）pinyougou-manager-web 的 spring 目录下添加配置文件 spring-security.xml

[AppleScript] 纯文本查看 复制代码

<!-- 以下页面不被拦截 -->

<http  pattern="/login.html"  security="none"></http>


<http  pattern="/css/**"  security="none"></http>


<http  pattern="/img/**"  security="none"></http>


<http  pattern="/js/**"  security="none"></http>


<http  pattern="/plugins/**"  security="none"></http>




<!-- 页面拦截规则 -->

<http  use-expressions="false">

[AppleScript] 纯文本查看 复制代码

<intercept-url  pattern="/*"  access="ROLE_ADMIN"  />


<form-login login-page="/login.html"    default-target-url="/admin/index.html" authentication-failure-url="/login.html"  always-use-default-target="true"/>

<csrf  disabled="true"/>


<headers>


<frame-options  policy="SAMEORIGIN"/>


</headers>


</http>




<!-- 认证管理器 -->

<authentication-manager>


<authentication-provider>


<user-service>


<user  name="admin"  password="123456"  authorities="ROLE_ADMIN"/>


<user name="sunwukong" password="dasheng" authorities="ROLE_ADMIN"/>


</user-service>


</authentication-provider>


</authentication-manager>

配置说明：

always-use-default-target：指定了是否在身份验证通过后总是跳转到 default-target-url  属性指定的 URL。

如果你在系统中使用了框架页，需要设置框架页的策略为 SAMEORIGIN

[AppleScript] 纯文本查看 复制代码

<headers>


<frame-options  policy="SAMEORIGIN"/>
</headers>

2.1.1 登录页面

修 改 pinyougou-manager-web 的 login.html

[AppleScript] 纯文本查看 复制代码

<form  id="loginform"  action="/login"  method="post"    class="sui-form">


<div  class="input-prepend"><span  class="add-on  loginname"></span>

<input  id="prependedInput"    name="username"  type="text"  placeholder="邮箱/用户名/手机号"  class="span2  input-xfat">

</div>


<div  class="input-prepend"><span  class="add-on  loginpwd"></span>

<input  id="prependedInput"    name="password"  type="password"  placeholder="请输入密码"  class="span2  input-xfat">

</div>


<div  class="setting">


<div  id="slider">


<div  id="slider_bg"></div>

<span  id="label">>></span>  <span  id="labelTip">拖动滑块验证</span>

</div>


</div>


<div  class="logined">


<a  class="sui-btn  btn-block  btn-xlarge  btn-danger"
onclick="document:loginform.submit()"  target="_blank">登  录</a>

</div>

</form>