用户角色权限表关系使用数据库完成springSecurity用户登录验证

1.springSecurity的使用步骤：1.在web工程的pom.xml文件下导入依赖

!--SpringSecurity权限管理--dependencygroupIdorg.springframework.security/groupIdartifactIdspring-security-web/artifactIdversion${spring.security.version}/version/dependencydependencygroupIdorg.springframework.security/groupIdartifactIdspring-security-config/artifactIdversion${spring.security.version}/version/dependencydependencygroupIdorg.springframework.security/groupIdartifactIdspring-security-core/artifactIdversion${spring.security.version}/version/dependency!--使用标签拦截配置--dependencygroupIdorg.springframework.security/groupIdartifactIdspring-security-taglibs/artifactIdversion${spring.security.version}/version/dependency

2.2.创建spring-security.xml配置文件

?xmlversion="1.0"encoding="UTF-8"?beansxmlns="http://www.springframework.org/schema/beans"xmlns:security="http://www.springframework.org/schema/security"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans.xsdhttp://www.springframework.org/schema/securityhttp://www.springframework.org/schema/security/spring-security.xsd"!--配置不拦截的资源--security:httppattern="/login.jsp"security="none"/security:httppattern="/failer.jsp"security="none"/security:httppattern="/css/**"security="none"/security:httppattern="/img/**"security="none"/security:httppattern="/plugins/**"security="none"/!--配置具体的规则auto-config="true"不用自己编写登录的页面，框架提供默认登录页面use-expressions="false"是否使用SPEL表达式（没学习过）--security:httpauto-config="true"use-expressions="true"!--配置具体的拦截的规则pattern="请求路径的规则"access="访问系统的人，必须有ROLE_USER的角色"--security:intercept-urlpattern="/**"access="hasAnyRole('ROLE_USER','ROLE_ADMIN')"/!--定义跳转的具体的页面--security:form-loginlogin-page="/login.jsp"login-processing-url="/login.do"default-target-url="/index.jsp"authentication-failure-url="/failer.jsp"authentication-success-forward-url="/pages/main.jsp"/!--关闭跨域请求--security:csrfdisabled="true"/!--退出--security:logoutinvalidate-session="true"logout-url="/logout.do"logout-success-url="/login.jsp"//security:http!--切换成数据库中的用户名和密码--security:authentication-managersecurity:authentication-provideruser-service-ref="userService"!--配置加密的方式--security:password-encoderref="passwordEncoder"//security:authentication-provider/security:authentication-manager!--配置加密类--beanid="passwordEncoder"class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"//beans

3.3.用户登录的前台页面login.jsp

divclass="login-logo"ahref="all-admin-index.html"bWANG/b后台管理系统/a/div!--/.login-logo--divclass="login-box-body"pclass="login-box-msg"登录系统/pformaction="${pageContext.request.contextPath}/login.do"method="post"divclass="form-grouphas-feedback"inputtype="text"name="username"class="form-control"placeholder="用户名"spanclass="glyphiconglyphicon-envelopeform-control-feedback"/span/divdivclass="form-grouphas-feedback"inputtype="password"name="password"class="form-control"placeholder="密码"spanclass="glyphiconglyphicon-lockform-control-feedback"/span/divdivclass="row"divclass="col-xs-8"divclass="checkboxicheck"labelinputtype="checkbox"记住下次自动登录/label/div/div!--/.col--divclass="col-xs-4"buttontype="submit"class="btnbtn-primarybtn-blockbtn-flat"登录/button/div!--/.col--/div/formahref="#"忘记密码/abr/div

4.4.用户权限登录的service层

@Service("userService")@TransactionalpublicclassIUserServiceImplimplementsIUserService{@AutowiredprivateIUserDaouserDao;@AutowiredprivateBCryptPasswordEncoderbCryptPasswordEncoder;@OverridepublicUserDetailsloadUserByUsername(Stringusername)throwsUsernameNotFoundException{UserInfouserInfo=userDao.findByUsername(username);Useruser=newUser(userInfo.getUsername(),userInfo.getPassword(),userInfo.getStatus()==0?false:true,true,true,true,getAuthority(userInfo.getRoles()));returnuser;}privateListSimpleGrantedAuthoritygetAuthority(ListRoleroles){ListSimpleGrantedAuthoritylist=newArrayList();for(Rolerole:roles){list.add(newSimpleGrantedAuthority("ROLE_"+role.getRoleName()));}returnlist;}

5.5.userDao层

@Select("select*fromuserswhereusername=#{username}")@Results({@Result(id=true,property="id",column="id"),@Result(column="username",property="username"),@Result(column="email",property="email"),@Result(column="password",property="password"),@Result(column="phoneNum",property="phoneNum"),@Result(column="status",property="status"),@Result(column="id",property="roles",javaType=java.util.List.class,many=@Many(select="com.wang.ssm.dao.IRoleDao.findRoleByUserId"))})publicUserInfofindByUsername(Stringusername);用户退出

6.配置

security:logoutinvalidate-session="true"logout-url="/logout.do"logout-successurl="/login.jsp"/

7.页面

ahref="${pageContext.request.contextPath}/logout.do"class="btnbtn-defaultbtn-flat"注销/a用户查询

8.UserController层

/***查看用户*@return*@throwsException*/@RequestMapping("/findAll.do")publicModelAndViewfindAll()throwsException{ListUserInfousers=userService.findAll();ModelAndViewmv=newModelAndView();mv.addObject("userList",users);mv.setViewName("user-list");returnmv;}

9.Dao层

@Select("select*fromuser")publicListUserInfofindAll()用户添加

10.UserController层

/***保存用户*@paramuser*@return*/@RequestMapping("/save.do")publicStringsave(UserInfouser){userService.save(user);return"redirect:findAll.do";}

11.Dao层

@Insert("insertintousers(email,username,password,phoneNum,status)"+"values(#{email},#{username},#{password},#{phoneNum},#{status})")publicvoidsave(UserInfouser);用户详情/***根据id查询某个用户*@paramid*@return*@throwsException*/@RequestMapping("/findById.do")publicModelAndViewfindById(Stringid)throwsException{ModelAndViewmv=newModelAndView();UserInfouserInfo=userService.findById(id);mv.addObject("user",userInfo);mv.setViewName("user-show1");returnmv;}@Select("select*fromuserswhereid=#{id}")@Results({@Result(id=true,property="id",column="id"),@Result(property="username",column="username"),@Result(property="email",column="email"),@Result(property="password",column="password"),@Result(property="phoneNum",column="phoneNum"),@Result(property="status",column="status"),@Result(property="roles",column="id",javaType=java.util.List.class,many=@Many(select="com.wang.ssm.dao.IRoleDao.findRoleByUserId"))})publicUserInfofindById(Stringid);