在ssm框架下使用springsecurity

• 1.修改pom.xml，导入jar包；

5.0.1.RELEASE

        
            org.springframework.security
            spring-security-web
            ${spring.security.version}
        
        
            org.springframework.security
            spring-security-config
            ${spring.security.version}
        
        
            org.springframework.security
            spring-security-core
            ${spring.security.version}
        
        
            org.springframework.security
            spring-security-taglibs
            ${spring.security.version}
        

• 2.修改web.xml，加载过滤器；

 

  
    springSecurityFilterChain
    org.springframework.web.filter.DelegatingFilterProxy
  
  
    springSecurityFilterChain
    /*
  

• 3.添加spring-security.xml配置文件到resource包下，该文件有点类似controller的作用，用于设置加载默认信息和页面跳转；

• 4.修改web.xml文件，将spring-security.xml加载进来；

 
  
    contextConfigLocation
    classpath*:applicationContext.xml,classpath*:spring-security.xml

  

• 5.修改IUserService,使其继承UserDetailsService类，并在UserService类中实现继承类的函数（在完成此过程中，需要添加修改一些文件，而这些都在后面的步骤中，暂时可以忽略报红部分）；

public interface IUserService extends UserDetailsService {
    public List findAll(int page,int size);
    public  boolean doLogin(UserInfo userInfo);
    int addUser(UserInfo user);
    int deleteUser(UserInfo user);

    int updateUser(UserInfo user);
}

  @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        UserInfo userInfo=userDao.findByUserName(username);
        if(userInfo!=null){
            List roles= roleDao.findRoleByUserId(userInfo.getId());
            userInfo.setRoles(roles);
            User user=new User(userInfo.getUsername(),"{noop}"+userInfo.getPassword(),getAuthority(roles));
            return user;
        }
        return null;
    }
    
       private List getAuthority(List roles) {
        List list=new ArrayList<>();
        for (Role role:roles){
            list.add(new SimpleGrantedAuthority("ROLE_"+ role.getRoleName()));
        }
        return  list;
    }
}

• 6.修改IUserDao,添加findByUserName()函数，用于通过用户名查询用户，同时在对应mapper文件中写上sql语句。

public interface IUserDao {
    public List findAll();
    public  UserInfo doLogin(UserInfo userInfo);
    int addUser(UserInfo user);

    int deleteUser(UserInfo user);

    int updateUser(UserInfo user);
    public UserInfo findByUserName(String username);
}

   
       select * from userinfo where username=#{username}
    

• 7.新建Role实体类，IRoleDao类，rolemapper.xml文件；

public class Role {
    private int id;
    private String roleName;
    private String roleDesc;


    public int getId() {
        return id;
    }

    public void setId(int id) {
        this.id = id;
    }

    public String getRoleName() {
        return roleName;
    }

    public void setRoleName(String roleName) {
        this.roleName = roleName;
    }

    public String getRoleDesc() {
        return roleDesc;
    }

    public void setRoleDesc(String roleDesc) {
        this.roleDesc = roleDesc;
    }

    @Override
    public String toString() {
        return "Role{" +
                "id=" + id +
                ", roleName='" + roleName + '\'' +
                ", roleDesc='" + roleDesc + '\'' +
                '}';
    }
}

public interface IRoleDao {
    public List findRoleByUserId(int userId);
}

    
    select * from role where id in (select roleId from users_role where userId=#{userId})
   

• 8.在UserInfo类中添加新的属性private List roles;，完成UserService中新增的函数。
• 9.UserContrller之前的doLogin.do可以注视掉。

 /*@RequestMapping("login.do")
    public ModelAndView doLogin(UserInfo userInfo){
        Boolean flag=userService.doLogin(userInfo);
        ModelAndView mv=new ModelAndView();
        if(flag)
            mv.setViewName("main");
        else
            mv.setViewName("../failer");
        return mv;
    }*/

• 10.修改login.jsp文件，包括路径以及权限分配。
  
• 注意与spring-security.xml文件中权限角色和url匹配。
  
• 以下为用到的数据表之间的关系和spring-security的作用描述。