SpringSecurity入门例子及遇到的问题解决
最近学习《Spring 实战》学习到了SpringSecurity,觉得书本上的例子过于复杂,而且不喜欢它基于java配置,更喜欢用xml文件进行配置
于是在极客学院网上学习,感觉挺不错的,由浅入深,推荐,附上网址:http://wiki.jikexueyuan.com/project/spring-security/first-experience.html
我的例子是看上面了,自己在进行了简单的配置。
我的项目是基于maven的,所以添加依赖成为了关键
spring security需要spring-security-config,spring-security-web即可,肯能是例子过于简单,并没有用到spring security的另外两个常用jar包spring-security-taglibs和spring-security-core
另外,还需要加入commons-logging,这是spring需要的jar包,否则将会报错:错误如下
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>SpringSecurity</groupId>
<artifactId>SpringSecurity</artifactId>
<packaging>war</packaging>
<version>1.0-SNAPSHOT</version>
<name>SpringSecurity Maven Webapp</name>
<url>http://maven.apache.org</url> <!--classpath-->
<build>
<resources>
<resource>
<directory>src/main/java</directory>
</resource>
<resource>
<directory>src/main/resources</directory>
<includes>
<include>**/*.xml</include>
<include>**/*.properties</include>
</includes>
</resource>
</resources>
</build> <dependencies> <dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.1.0.RELEASE</version>
</dependency> <dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.1.0.RELEASE</version>
</dependency> <dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.1</version>
</dependency> <dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.5</version>
</dependency> <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency> </dependencies> </project>
更重要的还有spring security的配置文件和web.xml
先讲web.xml
spring配置文件需要加载spring security的配置文件,一般是在web.xml中指定它为spring的初始配置文件,通过<context-param/>元素
还需要定义filter用来拦截需要给spring security处理的请求,注意,该filter一定要定义在其他拦截器之前
<listener>用来加载spring的配置文件
完整的web.xml代码如下:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
id="WebApp_ID" version="3.1">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-security.xml</param-value>
</context-param> <filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> <listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
</web-app>
在讲一下spring-security.xml配置文件
spring-security配置文件需要配置两样东西
1)配置权限控制的规则
里面的元素简介
security:是用命名空间的一个前缀
intercept-ref:定义权限控制的柜子
pattern:表示对哪些url进行权限控制
access:表示在请求对应url时需要什么权限
role前缀:提示spring是用基于角色的检查的标记
2)配置认证
user-service用于获取用户信息
里面配置一些登陆的用户密码和用户名 具体的spring-security配置文件如下
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http auto-config="true">
<security:intercept-url pattern="/**" access="ROLE_USER"/>
</security:http> <security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="user" password="user" authorities="ROLE_USER"/>
<security:user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager> </beans>
当指定 http 元素的 auto-config=”true” 时,就相当于如下内容的简写:
<security:http>
<security:form-login/>
<security:http-basic/>
<security:logout/>
</security:http>
<security:form-login/>的优先级高于<security:http-basic/>,所以两者都存在时会采用<security:form-login/>
<security:http-basic/>是弹窗效果的表单验证
最新文章
- Flask 模板语言
- jsp 页面json数据提交到后台spring处理举例
- Codeforces Round #306 (Div. 2) B. Preparing Olympiad dfs
- 如何将XML转换成XSD(XML Schema)文件
- Linux程序设计 读笔3 文件操作
- Android九宫格图片(9.png)的讲解与制作
- Codeforces 148D Bag of mice 概率dp(水
- linux tcp中time_wait
- ASP.NET Core轻松入门Bind读取配置文件到C#实例
- Git Compare with base,比较大文件时,长时间等待,无法加载
- 数据库连接问题之:Caused by: java.sql.SQLException: Connections could not be acquired from the underlying database!
- TopCoder SRM 559 Div 1 - Problem 900 CircusTents
- react-native中的setNativeProps
- python catch socket timeout
- python 计时程序运行时间
- debian9使用systemd部署etcd集群
- PHP获取客户端的IP地址
- UINavigationController 、UINavigationBar 、UINavigationItem 超清晰直观详解(扩展)
- 【CF839E】Mother of Dragons 折半状压
- 关于struts2中ActionContext类的作用