spring-security之生产环境的用户登录（身份验证）以及用户名回显和用户退出

超级管理员的用户登录（内置，不连接数据库）

导入依赖

 <!-- 身份验证 -->
 <dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-web</artifactId>
     <version>${spring.version}</version>
 </dependency>
 <dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-config</artifactId>
     <version>${spring.version}</version>
 </dependency>
 <dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-cas</artifactId>
     <version>${spring.version}</version>
 </dependency>

在web.xml中加入对spring-security.xml的加载和spring-security的过滤器

<!-- 身份验证 -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

spring-security.xml的配置：

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
		http://www.springframework.org/schema/beans/spring-beans.xsd
		http://www.springframework.org/schema/security
		http://www.springframework.org/schema/security/spring-security.xsd">

    <!-- 以下资源不拦截 -->
    <http pattern="/css/**" security="none" />
    <http pattern="/img/**" security="none"/>
    <http pattern="/js/**" security="none"/>
    <http pattern="/plugins/**" security="none"/>

    <http pattern="/login.html" security="none"/>

    <!-- 页面拦截规则 -->
    <http use-expressions="false">
        <intercept-url pattern="/**" access="ROLE_ADMIN" />
        <form-login login-page="/login.html" default-target-url="/admin/index.html"
                    authentication-failure-url="/login.html" always-use-default-target="true" />
        <csrf disabled="true" />
        <headers>
            <frame-options policy="SAMEORIGIN" />
        </headers>

        <!-- 开启退出功能：会生成一个 /logout 的url来实现退出 -->
        <logout />

    </http>

    <!-- 认证管理器 -->
    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="admin" password="123456" authorities="ROLE_ADMIN" />
                <user name="a" password="a" authorities="ROLE_ADMIN" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

</beans:beans>

的作用加载frame的页面 因为后端页面是采用frame set框架实现左侧导航栏和顶部信息栏

用户名回显

前端访问后台获取用户名
后端从spring security中获取到然后返回给前端
security上下文保存者获取上下文对象在获取认证信息，最后再获取用户名

@RestController
@RequestMapping("/login")
public class LoginController {

    @RequestMapping("getName")
    public String getName(){
        //从spring security中获取登录对象
        //security上下文保存者获取上下文对象在获取认证信息
        return SecurityContextHolder.getContext().getAuthentication().getName();
    }
}

用户退出

退出也是交给spring security来做
在spring-security.xml配置文件的页面拦截规则中加入 <logout
spring security就会生成一个logout的退出url

在前端页面访问/logout即可实现用户退出