商家系统登录与安全控制

Cook-R · Cook-R · commit feaf501057ff · 2019-03-20T15:28:17.000+08:00
diff --git a/pinyougou-parent/pinyougou-shop-web/src/main/java/com/pinyougou/service/UserDetailsServiceImpl.java b/pinyougou-parent/pinyougou-shop-web/src/main/java/com/pinyougou/service/UserDetailsServiceImpl.java
@@ -3,29 +3,59 @@
 import java.util.ArrayList;
 import java.util.List;
 
+import org.omg.CORBA.PRIVATE_MEMBER;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
+import com.pinyougou.pojo.TbSeller;
+import com.pinyougou.sellergoods.service.SellerService;
+
 /**
  * 认证类
  * @author rxs
  *
  */
 public class UserDetailsServiceImpl implements UserDetailsService {
 
+	private SellerService sellerService;
 	
+	public SellerService getSellerService() {
+		return sellerService;
+	}
+
+	public void setSellerService(SellerService sellerService) {
+		this.sellerService = sellerService;
+	}
+
 	@Override
 	public UserDetails loadUserByUsername(String username)
 			throws UsernameNotFoundException {
+		
+
 		System.out.println("经过了这个类型方法阿斯顿发");
 		//构建角色列表
-		List<GrantedAuthority> grantAuths =new ArrayList<GrantedAuthority>();
+		List<GrantedAuthority> grantAuths =new ArrayList();
 		grantAuths.add(new SimpleGrantedAuthority("ROLE_SELLER"));
-		return new User(username,"123456",grantAuths);
+		
+		TbSeller seller = sellerService.findOne(username);
+		if(seller !=null){
+			if(seller.getStatus().equals("1")){
+				return new User(username,seller.getPassword(),grantAuths);
+
+			}else {
+				return null;
+			}
+
+		}else {
+			return null;
+		}
+		
 	}
 
+
+
 }
diff --git a/pinyougou-parent/pinyougou-shop-web/src/main/java/com/pinyougou/shop/controller/SellerController.java b/pinyougou-parent/pinyougou-shop-web/src/main/java/com/pinyougou/shop/controller/SellerController.java
@@ -1,9 +1,11 @@
 package com.pinyougou.shop.controller;
 import java.util.List;
 
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
+
 import com.alibaba.dubbo.config.annotation.Reference;
 import com.pinyougou.pojo.TbSeller;
 import com.pinyougou.sellergoods.service.SellerService;
@@ -48,6 +50,9 @@ public PageResult  findPage(int page,int rows){
 	 */
 	@RequestMapping("/add")
 	public Result add(@RequestBody TbSeller seller){
+		BCryptPasswordEncoder passwordEncoder=new BCryptPasswordEncoder();
+		String password = passwordEncoder.encode(seller.getPassword());
+		seller.setPassword(password);
 		try {
 			sellerService.add(seller);
 			return new Result(true, "增加成功");
diff --git a/pinyougou-parent/pinyougou-shop-web/src/main/resources/spring/spring-security.xml b/pinyougou-parent/pinyougou-shop-web/src/main/resources/spring/spring-security.xml
@@ -1,7 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <beans:beans xmlns="http://www.springframework.org/schema/security"
-	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:beans="http://www.springframework.org/schema/beans" 
+	xmlns:dubbo="http://code.alibabatech.com/schema/dubbo" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+						http://code.alibabatech.com/schema/dubbo http://code.alibabatech.com/schema/dubbo/dubbo.xsd
 						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
 
 
@@ -16,9 +18,9 @@
 	<!-- 页面的拦截规则  use-expressions:是否启动SPEL表达式  默认是true -->
 	<http use-expressions="false">
 		<!-- 当前用户必须拥有ROLE_USER的角色 才可以访问更目录及所属子目录的资源 -->
-		<intercept-url pattern="/*" access="ROLE_SELLER"/>
+		<intercept-url pattern="/**" access="ROLE_SELLER"/>
 		<!-- 开启表单登录功能 -->
-		<form-login login-page="/shoplogin.html" default-target-url="/admin/index.html" authentication-failure-forward-url="/shoplogin.html" always-use-default-target="true"/>
+		<form-login login-page="/shoplogin.html" default-target-url="/admin/index.html" authentication-failure-url="/shoplogin.html" always-use-default-target="true"/>
 		<csrf disabled="true"/>
 		<headers>
 			<frame-options policy="SAMEORIGIN"/>
@@ -29,12 +31,20 @@
 		<authentication-manager>
 			<!-- 认证的提供者 -->
 			<authentication-provider user-service-ref="userDetailService"> 
-				
+				<password-encoder ref="bcryptEncoder"></password-encoder>
 			</authentication-provider>
 		</authentication-manager>
 		
 		<!-- 认证类 -->
 		<beans:bean id="userDetailService" class="com.pinyougou.service.UserDetailsServiceImpl">
+			<beans:property name="sellerService" ref="sellerService" ></beans:property>
 		</beans:bean>
 		
+		<!-- 引用dubbo 服务 -->
+		<dubbo:application name="pinyougou-shop-web" />
+		<dubbo:registry address="zookeeper://192.168.25.135:2181" timeout="50000"/>
+		<dubbo:reference id="sellerService" interface="com.pinyougou.sellergoods.service.SellerService"></dubbo:reference>
+		
+		
+		<beans:bean id="bcryptEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></beans:bean>
 </beans:beans>
diff --git a/pinyougou-parent/pinyougou-shop-web/src/main/resources/spring/springmvc.xml b/pinyougou-parent/pinyougou-shop-web/src/main/resources/spring/springmvc.xml
@@ -26,6 +26,8 @@
 	<!-- 引用dubbo 服务 -->
 	<dubbo:application name="pinyougou-shop-web" />
 	<dubbo:registry address="zookeeper://192.168.25.135:2181" timeout="50000"/>
-	<dubbo:annotation package="com.pinyougou.shop.controller" />  	
+	<dubbo:annotation package="com.pinyougou.shop.controller" />  
+	
+		
 
 </beans>
