spring security的使用(1)
阿新 • • 發佈:2018-12-21
1.引入spring security的相關依賴:我的版本號為:<spring-security.version>4.2.3.RELEASE</spring-security.version>
<!--spring security --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>${spring-security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${spring-security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${spring-security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> <version>${spring-security.version}</version> </dependency>
2.在web.xml中配置spring security
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>Archetype Created Web Application</display-name> <!-- 載入springsecurity的配置檔案--> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring/applicationContext-security.xml</param-value> </context-param> <!--位於spring-web包下的環境監聽器--> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- 新增spring security的過濾器--> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 下面是springmvc的一些配置--> <servlet> <servlet-name>springmvc</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring/spring-mvc.xml</param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>springmvc</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> </web-app>
3.在maven專案的resources資源目錄下建立檔案applicationContext-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- 相當於WebSecurityConfigurerAdapter中對應的方法. --> <!-- anto-config 為true將啟用自動註冊登入表單,基本身份驗證,登出的URL,登出服務 --> <!-- protected void configure(HttpSecurity http) 用於配置路徑以及全選. --> <http auto-config="true"> <!-- 攔截所有的url access 呼叫一個函式, true為通過,false為拒絕. 這裡是要求有ROLE_USER角色 --> <intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> </http> <!-- 相當於 protected void configure(AuthenticationManagerBuilder auth) 主要配置使用什麼來進行連線. --> <authentication-manager alias="authenticationManager"> <authentication-provider> <user-service> <!-- 使用記憶體使用者儲存提供認證,這裡先提前配置了一個系統的許可權使用者,許可權為user的角色 --> <user authorities="ROLE_USER" name="abc" password="abc" /> </user-service> </authentication-provider> </authentication-manager> </beans:beans>
4.在webapp下建立index.jsp
<html>
<body>
<h2>Hello World!</h2>
</body>
</html>
瀏覽器訪問:localhost:8080/index.jsp,出現spring security內建的許可權認證頁面。輸入abc,abc,跳轉到index.jsp頁面
spring security引入完畢。