超级管理员的用户登录(内置,不连接数据库)
导入依赖
<!-- 身份验证 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>${spring.version}</version>
</dependency>
在web.xml中加入对spring-security.xml的加载和spring-security的过滤器
<!-- 身份验证 -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring-security.xml的配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- 以下资源不拦截 -->
<http pattern="/css/**" security="none" />
<http pattern="/img/**" security="none"/>
<http pattern="/js/**" security="none"/>
<http pattern="/plugins/**" security="none"/>
<http pattern="/login.html" security="none"/>
<!-- 页面拦截规则 -->
<http use-expressions="false">
<intercept-url pattern="/**" access="ROLE_ADMIN" />
<form-login login-page="/login.html" default-target-url="/admin/index.html"
authentication-failure-url="/login.html" always-use-default-target="true" />
<csrf disabled="true" />
<headers>
<frame-options policy="SAMEORIGIN" />
</headers>
<!-- 开启退出功能:会生成一个 /logout 的url来实现退出 -->
<logout />
</http>
<!-- 认证管理器 -->
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="123456" authorities="ROLE_ADMIN" />
<user name="a" password="a" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
的作用加载frame的页面 因为后端页面是采用frame set框架实现左侧导航栏和顶部信息栏
用户名回显
前端访问后台获取用户名
后端从spring security中获取到然后返回给前端
security上下文保存者获取上下文对象在获取认证信息,最后再获取用户名
@RestController
@RequestMapping("/login")
public class LoginController {
@RequestMapping("getName")
public String getName(){
//从spring security中获取登录对象
//security上下文保存者获取上下文对象在获取认证信息
return SecurityContextHolder.getContext().getAuthentication().getName();
}
}
用户退出
退出也是交给spring security来做
在spring-security.xml配置文件的页面拦截规则中加入 <logout
spring security就会生成一个logout的退出url
在前端页面访问/logout即可实现用户退出