spring MVC+mybatis+spring security笔记<二>

上篇中用户信息配置在了spring-security中，登陆界面也使用的是security自带的页面，接下来就将mybatis整合进来，当然用户信息和权限信息肯定是要从数据库中获取了，除此之外，登录界面也使用自定义的。

步骤一：

首先，先写个自定义的登录页面：

<form method="post" class="am-form" action="<%=path%>/j_spring_security_check">      <label for="email">用户名:</label>      <input type="text" name="j_username">      <br>      <label for="password">密码:</label>      <input type="password" name="j_password" id="password">      <br>      <label for="remember-me">        <input id="remember-me" type="checkbox">        记住密码      </label>      <br />      <div class="am-cf">        <input type="submit" name="submit" value="登 录" class="am-btn am-btn-primary am-btn-sm am-fl">        <input type="submit" onclick="forget();" value="忘记密码 ^_^? " class="am-btn am-btn-default am-btn-sm am-fr">      </div>    </form>

注意现在还是使用的security自己的登录验证，所以输入框的name值必须为:j_username，j_password

然后修改配置文件，只需增加一行：

<http auto-config="true"><intercept-url pattern="/main.jsp" access="ROLE_SALE"/><access-denied-handler error-page="/error.jsp"/><span style="color:#ff6600;"><form-login login-page="/index.jsp" default-target-url="/main.jsp"/></span></http>

启动项目试一下：

OK了。。

步骤二

在数据库中先简单的建三张表：user、role、user_role

user：id  username  password

role：id  name  roleKey  enable

user_role：id  userId(FK) roleId(FK) ----中间表

引入mybatis的jar包和MySQL的驱动包，加入mybatis的配置文件spring-security.xml（这个配置文件资料太多了，就不写出来了）；

稍微修改下web.xml

<context-param>  <param-name>contextConfigLocation</param-name>  <param-value>  classpath:spring-security.xml,classpath:spring-mybatis.xml  </param-value>  </context-param>

项目中加入User.java、Role.java、UserDao、RoleDao、UserService、RoleService

步骤三

要从数据库中读取用户和权限等信息实现登录验证，就需要写一个实现了UserDetailsService接口的类

package org.advancingCat.security;import java.util.Collection;import java.util.HashSet;import java.util.List;import java.util.Set;import org.advancingCat.entity.Role;import org.advancingCat.service.RoleService;import org.advancingCat.service.UserService;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.authority.SimpleGrantedAuthority;import org.springframework.security.core.userdetails.User;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.core.userdetails.UsernameNotFoundException;public class MyUserService implements UserDetailsService{@Autowiredprivate UserService userService;@Autowiredprivate RoleService roleService;@Overridepublic UserDetails loadUserByUsername(String username)throws UsernameNotFoundException {org.advancingCat.entity.User dbUser = null;try {dbUser = userService.queryByName(username);} catch (Exception e) {e.printStackTrace();}if(dbUser==null){throw new UsernameNotFoundException("用户名不存在");}Collection<GrantedAuthority> grantedAuth = getGrantedAuth(dbUser);//security的UserUserDetails user = new User(dbUser.getUsername(), dbUser.getPassword(),true,true,true,true, grantedAuth);return user;}/** * 获取用户的角色：role中的roleKey字段封装到Set<GrantedAuthority>中 * @param user * @return */private Set<GrantedAuthority> getGrantedAuth(org.advancingCat.entity.User user){Set<GrantedAuthority> authSet = new HashSet<GrantedAuthority>();try {List<Role> roleList = roleService.queryByUserId(user.getId());for(Role r : roleList){authSet.add(new SimpleGrantedAuthority(r.getRoleKey()));}} catch (Exception e) {e.printStackTrace();}return authSet;}}

其中queryByUserId是根据用户ID获取用户的角色集合(有时候用户不止一个角色)  Rolemapper文件：

<select id="queryByUserId" resultMap="BaseResultMap" parameterType="java.lang.Integer">select name,roleKey from role r left join user_role ur on r.id=ur.roleIdwhere ur.userId=#{userId}</select>

修改spring-security.xml，将之前的<user-service>去掉

<authentication-manager><authentication-provider user-service-ref="myUserService"></authentication-provider></authentication-manager><beans:bean id="myUserService" class="org.advancingCat.security.MyUserService"></beans:bean>

至此，结合数据库实现一个简单的登录就完成了。