超級管理員的用戶登錄(內置,不連接數據庫)
導入依賴
<!-- 身份驗證 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>${spring.version}</version>
</dependency>
在web.xml中加入對spring-security.xml的加載和spring-security的過濾器
<!-- 身份驗證 -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring-security.xml的配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- 以下資源不攔截 -->
<http pattern="/css/**" security="none" />
<http pattern="/img/**" security="none"/>
<http pattern="/js/**" security="none"/>
<http pattern="/plugins/**" security="none"/>
<http pattern="/login.html" security="none"/>
<!-- 頁面攔截規則 -->
<http use-expressions="false">
<intercept-url pattern="/**" access="ROLE_ADMIN" />
<form-login login-page="/login.html" default-target-url="/admin/index.html"
authentication-failure-url="/login.html" always-use-default-target="true" />
<csrf disabled="true" />
<headers>
<frame-options policy="SAMEORIGIN" />
</headers>
<!-- 開啓退出功能:會生成一個 /logout 的url來實現退出 -->
<logout />
</http>
<!-- 認證管理器 -->
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="123456" authorities="ROLE_ADMIN" />
<user name="a" password="a" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
的作用加載frame的頁面 因爲後端頁面是採用frame set框架實現左側導航欄和頂部信息欄
用戶名回顯
前端訪問後臺獲取用戶名
後端從spring security中獲取到然後返回給前端
security上下文保存者獲取上下文對象在獲取認證信息,最後再獲取用戶名
@RestController
@RequestMapping("/login")
public class LoginController {
@RequestMapping("getName")
public String getName(){
//從spring security中獲取登錄對象
//security上下文保存者獲取上下文對象在獲取認證信息
return SecurityContextHolder.getContext().getAuthentication().getName();
}
}
用戶退出
退出也是交給spring security來做
在spring-security.xml配置文件的頁面攔截規則中加入 <logout
spring security就會生成一個logout的退出url
在前端頁面訪問/logout即可實現用戶退出