运营商系统登录与安全控制
2.1 需求分析
完成运营商登陆功能
2.1 登陆功能的实现
2.1.1 配置文件
(1)修改 pinyougou-manager-web 的 pom.xml ,添加依赖
<!-- 身份验证 --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> </dependency>(2)修改 web.xml
<context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring/spring-security.xml</param-value> </context-param> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-clas s> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> (3)pinyougou-manager-web 的 spring 目录下添加配置文件 spring-security.xml <!-- 以下页面不被拦截 --> <http pattern="/login.html" security="none"></http> <http pattern="/css/**" security="none"></http> <http pattern="/img/**" security="none"></http> <http pattern="/js/**" security="none"></http> <http pattern="/plugins/**" security="none"></http> <!-- 页面拦截规则 --> <http use-expressions="false"> <intercept-url pattern="/*" access="ROLE_ADMIN" /> <form-login login-page="/login.html" default-target-url="/admin/index.html" authentication-failure-url="/login.html" always-use-default-target="true"/> <csrf disabled="true"/> <headers> <frame-options policy="SAMEORIGIN"/> </headers> </http> <!-- 认证管理器 --> <authentication-manager> <authentication-provider> <user-service> <user name="admin" password="123456" authorities="ROLE_ADMIN"/> <user name="sunwukong" password="dasheng" authorities="ROLE_ADMIN"/> </user-service> </authentication-provider> </authentication-manager> 配置说明: always-use-default-target:指定了是否在身份验证通过后总是跳转到 default-target-url 属性指定的 URL。 如果你在系统中使用了框架页,需要设置框架页的策略为 SAMEORIGIN <headers> <frame-options policy="SAMEORIGIN"/> </headers> 2.1.1 登录页面 修 改 pinyougou-manager-web 的 login.html <form id="loginform" action="/login" method="post" class="sui-form"> <div class="input-prepend"><span class="add-on loginname"></span> <input id="prependedInput" name="username" type="text" placeholder="邮箱/用户名/手机号" class="span2 input-xfat"> </div> <div class="input-prepend"><span class="add-on loginpwd"></span> <input id="prependedInput" name="password" type="password" placeholder="请输入密码" class="span2 input-xfat"> </div> <div class="setting"> <div id="slider"> <div id="slider_bg"></div> <span id="label">>></span> <span id="labelTip">拖动滑块验证</span> </div> </div> <div class="logined"> <a class="sui-btn btn-block btn-xlarge btn-danger" onclick="document:loginform.submit()" target="_blank">登 录</a> </div> </form>
