Spring Security 01
2024-10-07 11:07:55
环境搭建
maven依赖jar包
<!-- spring-security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<version>4.2.3.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
note: spring security jar的具体解析见https://blog.csdn.net/sun_Leaf/article/details/78954501
applicationContext-security.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- 配置不过滤的资源(静态资源及登录相关).是忽略拦截某些资源的意思,主要是针对静态资源 -->
<http pattern="/**/*.css" security="none"></http>
<http pattern="/**/*.jpg" security="none"></http>
<http pattern="/**/*.jpeg" security="none"></http>
<http pattern="/**/*.gif" security="none"></http>
<http pattern="/**/*.png" security="none"></http>
<http pattern="/js/*.js" security="none"></http>
<http pattern="/login.jsp" security="none"></http>
<http pattern="/getCode" security="none" /><!-- 不过滤验证码 -->
<http pattern="/test/**" security="none"></http><!-- 不过滤测试内容 -->
<http auto-config="true">
<!-- 表示访问app.jsp时,需要ROLE_SERVICE权限 -->
<intercept-url pattern="/adminpage.jsp" access="hasRole('ROLE_ADMIN')"></intercept-url>
<!--表示访问任何资源都需要ROLE_ADMIN权限。-->
<intercept-url pattern="/**" access="hasRole('ROLE_USER')"></intercept-url>
</http>
<authentication-manager>
<authentication-provider>
<!-- 用户的权限控制 -->
<user-service>
<user name="admin" password="123" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="user" password="123" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
web.xml配置
<!-- 加载配置文件 -->
<context-param>
<!-- 配置文件的路径 -->
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:applicationContext-security.xml</param-value>
</context-param>
<!-- 先由web容器加载为k-v,在通过spring security监听器监听获取 -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
定义访问页面
- adminpage.jsp
<html>
<body>
<h2>this is admin page!</h2>
</body>
</html>
- index.jsp
<html>
<body>
<h2>this is index page!</h2>
</body>
</html>
- adminpage.jsp,需要具有ROLE_ADMIN权限的用户才能访问
index.jsp,需要具有ROLE_USER权限的用户才能访问
最新文章
- maven权威指南学习笔记(四)—— maven生命周期(lifecycle)
- Nuget版本冲突的问题
- JSON+YAML初步学习+ciscoconfparse
- Creating a CSRF protection with Spring 3.x--reference
- MongoDB Long/Int(长整型)的自增长主键 解决方案
- Nginx源码安装及调优配置
- [置顶] Objective-C ,ios,iphone开发基础:自定义控件:Eg: UIButton
- 基于视觉的Web页面分页算法VIPS的实现源代码下载
- JNDI常见配置方式
- 学习Ajax
- SQL强化(二) 在Oracle 中写代码
- poj 2230详解
- Redis——常见面试题
- Slop One 算法
- requests库的基本使用
- BZOJ1398Vijos1382寻找主人 Necklace——最小表示法
- Jquery封装ajax
- openstack项目【day23】:openstack组件介绍
- [BZOJ1115][POI2009]石子游戏Kam解题报告|阶梯博弈
- Spring WebSocket教程(二)