最近学习《Spring 实战》学习到了SpringSecurity,觉得书本上的例子过于复杂,而且不喜欢它基于java配置,更喜欢用xml文件进行配置

于是在极客学院网上学习,感觉挺不错的,由浅入深,推荐,附上网址:http://wiki.jikexueyuan.com/project/spring-security/first-experience.html

我的例子是看上面了,自己在进行了简单的配置。

我的项目是基于maven的,所以添加依赖成为了关键

spring security需要spring-security-config,spring-security-web即可,肯能是例子过于简单,并没有用到spring security的另外两个常用jar包spring-security-taglibs和spring-security-core

另外,还需要加入commons-logging,这是spring需要的jar包,否则将会报错:错误如下

 At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
 
具体的pom.xml文件如下:
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

   xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">

   <modelVersion>4.0.0</modelVersion>

   <groupId>SpringSecurity</groupId>

   <artifactId>SpringSecurity</artifactId>

   <packaging>war</packaging>

   <version>1.0-SNAPSHOT</version>

   <name>SpringSecurity Maven Webapp</name>

   <url>http://maven.apache.org</url>

   <!--classpath-->

   <build>

     <resources>

       <resource>

         <directory>src/main/java</directory>

       </resource>

       <resource>

         <directory>src/main/resources</directory>

         <includes>

           <include>**/*.xml</include>

           <include>**/*.properties</include>

         </includes>

       </resource>

     </resources>

   </build>

   <dependencies>

     <dependency>

       <groupId>org.springframework.security</groupId>

       <artifactId>spring-security-web</artifactId>

       <version>3.1.0.RELEASE</version>

     </dependency>

     <dependency>

       <groupId>org.springframework.security</groupId>

       <artifactId>spring-security-config</artifactId>

       <version>3.1.0.RELEASE</version>

     </dependency>

     <dependency>

       <groupId>commons-logging</groupId>

       <artifactId>commons-logging</artifactId>

       <version>1.1.1</version>

     </dependency>

     <dependency>

       <groupId>javax.servlet</groupId>

       <artifactId>servlet-api</artifactId>

       <version>2.5</version>

     </dependency>

     <dependency>

       <groupId>junit</groupId>

       <artifactId>junit</artifactId>

       <version>4.12</version>

       <scope>test</scope>

     </dependency>

   </dependencies>

 </project>

  

更重要的还有spring security的配置文件和web.xml

先讲web.xml

spring配置文件需要加载spring security的配置文件,一般是在web.xml中指定它为spring的初始配置文件,通过<context-param/>元素

还需要定义filter用来拦截需要给spring security处理的请求,注意,该filter一定要定义在其他拦截器之前

<listener>用来加载spring的配置文件

完整的web.xml代码如下:

 <?xml version="1.0" encoding="UTF-8"?>

 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

          xmlns="http://xmlns.jcp.org/xml/ns/javaee"

          xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"

          id="WebApp_ID" version="3.1">

     <context-param>

         <param-name>contextConfigLocation</param-name>

         <param-value>classpath:spring-security.xml</param-value>

     </context-param>

     <filter>

         <filter-name>springSecurityFilterChain</filter-name>

         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

     </filter>

     <filter-mapping>

         <filter-name>springSecurityFilterChain</filter-name>

         <url-pattern>/*</url-pattern>

     </filter-mapping>

     <listener>

         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>

     </listener>

 </web-app>
在讲一下spring-security.xml配置文件
spring-security配置文件需要配置两样东西
1)配置权限控制的规则
里面的元素简介
security:是用命名空间的一个前缀
intercept-ref:定义权限控制的柜子
pattern:表示对哪些url进行权限控制
access:表示在请求对应url时需要什么权限
role前缀:提示spring是用基于角色的检查的标记
2)配置认证
user-service用于获取用户信息
里面配置一些登陆的用户密码和用户名

具体的spring-security配置文件如下
 <beans xmlns="http://www.springframework.org/schema/beans"

        xmlns:security="http://www.springframework.org/schema/security"

        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

        xsi:schemaLocation="http://www.springframework.org/schema/beans

           http://www.springframework.org/schema/beans/spring-beans-3.1.xsd

           http://www.springframework.org/schema/security

           http://www.springframework.org/schema/security/spring-security-3.1.xsd">

     <security:http auto-config="true">

         <security:intercept-url pattern="/**" access="ROLE_USER"/>

     </security:http>

     <security:authentication-manager>

         <security:authentication-provider>

             <security:user-service>

                 <security:user name="user" password="user" authorities="ROLE_USER"/>

                 <security:user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN"/>

             </security:user-service>

         </security:authentication-provider>

     </security:authentication-manager>

 </beans>


当指定 http 元素的 auto-config=”true” 时,就相当于如下内容的简写:




  <security:http>

       <security:form-login/>

       <security:http-basic/>

       <security:logout/>

    </security:http>




<security:form-login/>的优先级高于<security:http-basic/>,所以两者都存在时会采用<security:form-login/>


<security:http-basic/>是弹窗效果的表单验证


 
												


																

最新文章
	

    
						
  1. Flask 模板语言
		
    2. 
						
  2. jsp 页面json数据提交到后台spring处理举例
		
    3. 
						
  3. Codeforces Round #306 (Div. 2) B. Preparing Olympiad dfs
		
    4. 
						
  4. 如何将XML转换成XSD(XML Schema)文件
		
    5. 
						
  5. Linux程序设计 读笔3 文件操作
		
    6. 
						
  6. Android九宫格图片(9.png)的讲解与制作
		
    7. 
						
  7. Codeforces 148D Bag of mice 概率dp(水
		
    8. 
						
  8. linux tcp中time_wait
		
    9. 
						
  9. ASP.NET Core轻松入门Bind读取配置文件到C#实例
		
    10. 
						
  10. Git Compare with base,比较大文件时,长时间等待,无法加载
		
    11. 
						
  11. 数据库连接问题之:Caused by: java.sql.SQLException: Connections could not be acquired from the underlying database!
		
    12. 
						
  12. TopCoder SRM 559 Div 1 - Problem 900 CircusTents
		
    13. 
						
  13. react-native中的setNativeProps
		
    14. 
						
  14. python catch socket timeout
		
    15. 
						
  15. python 计时程序运行时间
		
    16. 
						
  16. debian9使用systemd部署etcd集群
		
    17. 
						
  17. PHP获取客户端的IP地址
		
    18. 
						
  18. UINavigationController 、UINavigationBar 、UINavigationItem 超清晰直观详解(扩展)
		
    19. 
						
  19. 【CF839E】Mother of Dragons 折半状压
		
    20. 
						
  20. 关于struts2中ActionContext类的作用
		
    21. 
		

	


热门文章
	

    
									
  1. React文档(五)组件和props
			
    2. 
						
  2. ubuntu Sublime Text 2编辑器安装
			
    3. 
						
  3. CF-877E-线段树+哈希
			
    4. 
						
  4. oracle数据库静态监听配置示例
			
    5. 
						
  5. (效率低下)77. Combinations C++回溯法 组合
			
    6. 
						
  6. 一、集合框架(Collection和Collections的区别)
			
    7. 
						
  7. PythonWEB框架之Flask
			
    8. 
						
  8. ffmpeg+libmp3lame库源码安装教程(CentOS)
			
    9. 
						
  9. asp.net mvc 笔记一
			
    10. 
						
  10. DDR3和eMMC区别
			
    11.