【郑州校区】品优购电商系统开发第 4 章 八

5.商家系统登录与安全控制
5.1 需求分析
完成商家系统登陆与安全控制，商家账号来自数据库，并实现密码加密
5.2 自定义认证类
（1）pom.xml、web.xml 、login.html 参照运营商管理后台
（2）在pinyougou-shop-web创 建com.pinyougou.service包 ， 包 下 创 建 类UserDetailsServiceImpl.java 实现 UserDetailsService 接口

[AppleScript] 纯文本查看 复制代码

 package com.pinyougou.service;
import java.util.ArrayList;
import java.util.List;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
/**
* 认证类
* @author Administrator
*
*/
public class UserDetailsServiceImpl implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username) throws
UsernameNotFoundException {
List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_SELLER"));
return new User(username,"123456", grantedAuths);
}
}

（3）在 pinyougou-shop-web 的 spring 目录下创建 spring-security.xml

[AppleScript] 纯文本查看 复制代码

 <!-- 以下页面不被拦截 -->
<http pattern="/*.html" security="none"></http>
<http pattern="/css/**" security="none"></http>
<http pattern="/img/**" security="none"></http>
<http pattern="/js/**" security="none"></http>
<http pattern="/plugins/**" security="none"></http>
<http pattern="/seller/add.do" security="none"></http>
<!-- 页面拦截规则 -->
<http use-expressions="false">
<intercept-url pattern="/**" access="ROLE_SELLER" />
<form-login login-page="/shoplogin.html"
default-target-url="/admin/index.html" authentication-failure-url="/shoplogin.html"
always-use-default-target="true"/>
<csrf disabled="true"/>
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
<logout/>
</http>
<!-- 认证管理器 -->
<authentication-manager>
<authentication-provider user-service-ref="userDetailService">
</authentication-provider>
</authentication-manager>
<beans:bean id="userDetailService"
class="com.pinyougou.service.UserDetailServiceImpl"></beans:bean> 

经过上述配置，用户在输入密码 123456 时就会通过（用户名随意）
5.3 认证类调用服务方法
修改 UserDetailsServiceImpl.java ，添加属性和 setter 方法 ，修改 loadUserByUsername 方法

[AppleScript] 纯文本查看 复制代码

/**
* 认证类
* @author Administrator
*
*/
public class UserDetailsServiceImpl implements UserDetailsService {
private SellerService sellerService;
public void setSellerService(SellerService sellerService) {
this.sellerService = sellerService;
}
@Override
public UserDetails loadUserByUsername(String username) throws
UsernameNotFoundException {
System.out.println("经过了 UserDetailsServiceImpl");
//构建角色列表
List<GrantedAuthority> grantAuths=new ArrayList();
grantAuths.add(new SimpleGrantedAuthority("ROLE_SELLER"));
//得到商家对象
TbSeller seller = sellerService.findOne(username);
if(seller!=null){
if(seller.getStatus().equals("1")){
return new User(username,seller.getPassword(),grantAuths);
}else{
return null;
}
}else{
return null;
}
}
}

修改 pinyougou-shop-web 的 spring-security.xml ，添加如下配置

[AppleScript] 纯文本查看 复制代码

<!-- 引用 dubbo 服务 -->
<dubbo:application name="pinyougou-shop-web" />
<dubbo:registry address="zookeeper://192.168.25.129:2181"/>
<dubbo:reference id="sellerService"
interface="com.pinyougou.sellergoods.service.SellerService" >
</dubbo:reference>
<beans:bean id="userDetailService"
class="com.pinyougou.service.UserDetailsServiceImpl">
<beans:property name="sellerService" ref="sellerService"></bean:property>
</beans:bean> 

经过上述修改后，在登陆页输入用户名和密码与数据库一致即可登陆 。

【郑州校区】品优购电商系统开发第 4 章 八

5.商家系统登录与安全控制
5.1 需求分析
完成商家系统登陆与安全控制，商家账号来自数据库，并实现密码加密
5.2 自定义认证类
（1）pom.xml、web.xml 、login.html 参照运营商管理后台
（2）在pinyougou-shop-web创 建com.pinyougou.service包 ， 包 下 创 建 类UserDetailsServiceImpl.java 实现 UserDetailsService 接口

[AppleScript] 纯文本查看 复制代码

 package com.pinyougou.service;
import java.util.ArrayList;
import java.util.List;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
/**
* 认证类
* @author Administrator
*
*/
public class UserDetailsServiceImpl implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username) throws
UsernameNotFoundException {
List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();
grantedAuths.add(new SimpleGrantedAuthority("ROLE_SELLER"));
return new User(username,"123456", grantedAuths);
}
}

（3）在 pinyougou-shop-web 的 spring 目录下创建 spring-security.xml

[AppleScript] 纯文本查看 复制代码

 <!-- 以下页面不被拦截 -->
<http pattern="/*.html" security="none"></http>
<http pattern="/css/**" security="none"></http>
<http pattern="/img/**" security="none"></http>
<http pattern="/js/**" security="none"></http>
<http pattern="/plugins/**" security="none"></http>
<http pattern="/seller/add.do" security="none"></http>
<!-- 页面拦截规则 -->
<http use-expressions="false">
<intercept-url pattern="/**" access="ROLE_SELLER" />
<form-login login-page="/shoplogin.html"
default-target-url="/admin/index.html" authentication-failure-url="/shoplogin.html"
always-use-default-target="true"/>
<csrf disabled="true"/>
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
<logout/>
</http>
<!-- 认证管理器 -->
<authentication-manager>
<authentication-provider user-service-ref="userDetailService">
</authentication-provider>
</authentication-manager>
<beans:bean id="userDetailService"
class="com.pinyougou.service.UserDetailServiceImpl"></beans:bean> 

经过上述配置，用户在输入密码 123456 时就会通过（用户名随意）
5.3 认证类调用服务方法
修改 UserDetailsServiceImpl.java ，添加属性和 setter 方法 ，修改 loadUserByUsername 方法

[AppleScript] 纯文本查看 复制代码

/**
* 认证类
* @author Administrator
*
*/
public class UserDetailsServiceImpl implements UserDetailsService {
private SellerService sellerService;
public void setSellerService(SellerService sellerService) {
this.sellerService = sellerService;
}
@Override
public UserDetails loadUserByUsername(String username) throws
UsernameNotFoundException {
System.out.println("经过了 UserDetailsServiceImpl");
//构建角色列表
List<GrantedAuthority> grantAuths=new ArrayList();
grantAuths.add(new SimpleGrantedAuthority("ROLE_SELLER"));
//得到商家对象
TbSeller seller = sellerService.findOne(username);
if(seller!=null){
if(seller.getStatus().equals("1")){
return new User(username,seller.getPassword(),grantAuths);
}else{
return null;
}
}else{
return null;
}
}
}

修改 pinyougou-shop-web 的 spring-security.xml ，添加如下配置

[AppleScript] 纯文本查看 复制代码

<!-- 引用 dubbo 服务 -->
<dubbo:application name="pinyougou-shop-web" />
<dubbo:registry address="zookeeper://192.168.25.129:2181"/>
<dubbo:reference id="sellerService"
interface="com.pinyougou.sellergoods.service.SellerService" >
</dubbo:reference>
<beans:bean id="userDetailService"
class="com.pinyougou.service.UserDetailsServiceImpl">
<beans:property name="sellerService" ref="sellerService"></bean:property>
</beans:bean> 

经过上述修改后，在登陆页输入用户名和密码与数据库一致即可登陆 。