数据库表:sec_user
create table sec_user( username varchar(100) primary key, password varchar(255), role varchar(100) );
插入数据:
insert into sec_user values('admin','admin','ROLE_USER,ROLE_ADMIN');
insert into sec_user values('test','test','ROLE_USER');
要使用数据库需要自定义一个UserDetailsService的实现类,该接口有一个方法:
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
return null;
}
由该方法看到该方法返回一个UserDetails的对象,UserDetails是一个接口,那么这个接口该如何实现呢?答案很简单,使用我们数据库表对应的实体类来实现这个接口就行了。下面看一下实现:
MyUserDetailService.java
@Service("myUserDetailService")
public class MyUserDetailService implements UserDetailsService {
@Autowired
private UserDao userDao;
public UserDao getUserDao() {
return userDao;
}
public void setUserDao(UserDao userDao) {
this.userDao = userDao;
}
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
User user = this.userDao.findByUsername(username);
return user;
}
}
我采用注解的方法将userDao注入进来,userDao中有一个通过用户名查找用户信息的方法findByUsername。
UserDaoImpl.java
@Repository("userDao")
public class UserDaoImpl extends HibernateDaoSupport implements UserDao {
@Autowired
public void setSessionFactory0(SessionFactory sessionFactory) {
super.setSessionFactory(sessionFactory);
}
public User findByUsername(String username) {
return this.getHibernateTemplate().get(User.class, username);
}
}
UserDao接口的实现类,实现了findByUsername方法供loadUserByUsername方法调用。
User.java
@Entity
@Table(name="SEC_USER")
public class User implements Serializable,UserDetails {
/**
*
*/
private static final long serialVersionUID = 1L;
@Id
@Column(name="USERNAME",unique=true,nullable=false)
private String username;
@Column(name="PASSWORD")
private String password;
@Column(name="ROLE")
private String role;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getRole() {
return role;
}
public void setRole(String role) {
this.role = role;
}
public Collection<GrantedAuthority> getAuthorities() {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
//数据库中使用了逗号作为角色名的分隔符
String[] roles = this.role.split(",");
for(String r : roles){
if(r != null && !"".equals(r)){
GrantedAuthority authority = new GrantedAuthorityImpl(r);
authorities.add(authority);
}
}
return authorities;
}
public boolean isAccountNonExpired() {
return true;
}
public boolean isAccountNonLocked() {
return true;
}
public boolean isCredentialsNonExpired() {
return true;
}
public boolean isEnabled() {
return true;
}
}
代码中getAuthorities和四个is***方法是UserDetails接口需要实现的方法,四个is***方法都需要返回为true账户才能使用。getAuthorities返回该账户所拥有的角色。
applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true">
<intercept-url pattern="/login.html" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/**" access="ROLE_USER"/>
<form-login login-page="/login.html" default-target-url="/index.html"/>
</http>
<authentication-manager>
<authentication-provider user-service-ref="myUserDetailService">
</authentication-provider>
</authentication-manager>
</beans:beans>
这里authentication-provider使用了我们自定义的UserDetailService的实现类myUserDetailService。
现在spring security就可以工作了,当我们访问项目的某一个页面时,都会首先跳转到登陆页面login.html,登陆成功后进入index.html页面。