spring-security之生產環境的用戶登錄（身份驗證）以及用戶名回顯和用戶退出

超級管理員的用戶登錄（內置，不連接數據庫）

導入依賴

 <!-- 身份驗證 -->
 <dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-web</artifactId>
     <version>${spring.version}</version>
 </dependency>
 <dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-config</artifactId>
     <version>${spring.version}</version>
 </dependency>
 <dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-cas</artifactId>
     <version>${spring.version}</version>
 </dependency>

在web.xml中加入對spring-security.xml的加載和spring-security的過濾器

<!-- 身份驗證 -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

spring-security.xml的配置：

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
		http://www.springframework.org/schema/beans/spring-beans.xsd
		http://www.springframework.org/schema/security
		http://www.springframework.org/schema/security/spring-security.xsd">

    <!-- 以下資源不攔截 -->
    <http pattern="/css/**" security="none" />
    <http pattern="/img/**" security="none"/>
    <http pattern="/js/**" security="none"/>
    <http pattern="/plugins/**" security="none"/>

    <http pattern="/login.html" security="none"/>

    <!-- 頁面攔截規則 -->
    <http use-expressions="false">
        <intercept-url pattern="/**" access="ROLE_ADMIN" />
        <form-login login-page="/login.html" default-target-url="/admin/index.html"
                    authentication-failure-url="/login.html" always-use-default-target="true" />
        <csrf disabled="true" />
        <headers>
            <frame-options policy="SAMEORIGIN" />
        </headers>

        <!-- 開啓退出功能：會生成一個 /logout 的url來實現退出 -->
        <logout />

    </http>

    <!-- 認證管理器 -->
    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="admin" password="123456" authorities="ROLE_ADMIN" />
                <user name="a" password="a" authorities="ROLE_ADMIN" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

</beans:beans>

的作用加載frame的頁面 因爲後端頁面是採用frame set框架實現左側導航欄和頂部信息欄

用戶名回顯

前端訪問後臺獲取用戶名
後端從spring security中獲取到然後返回給前端
security上下文保存者獲取上下文對象在獲取認證信息，最後再獲取用戶名

@RestController
@RequestMapping("/login")
public class LoginController {

    @RequestMapping("getName")
    public String getName(){
        //從spring security中獲取登錄對象
        //security上下文保存者獲取上下文對象在獲取認證信息
        return SecurityContextHolder.getContext().getAuthentication().getName();
    }
}

用戶退出

退出也是交給spring security來做
在spring-security.xml配置文件的頁面攔截規則中加入 <logout
spring security就會生成一個logout的退出url

在前端頁面訪問/logout即可實現用戶退出