前言
本来是打算在上一篇SpringMVC+Hibernate上写的,结果发现上面那篇一起整合的,结果发现上一篇内容实在是太长了,就另起一篇,这篇主要是采用 Maven搭建Spring+SpringMVC+Hibernate+Security整合,而Spring+SpringMVC+Hibernate已经在上一篇介绍了,在这篇将不再重复写了,主要说明一下SpringSecurity3.2权限控制整合搭建,以及配置,使用注意事项等。
SpringSecurity的Api文档地址:查看
1、Maven映入SpringSecurity依赖包
在pom.xml中引入我们需要引入spring-security-core,spring-security-config,spring-security-taglibs三个包,如下
<!-- spring-security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${security.version}</version>
</dependency>
2、配置security的配置文件
我们新建一个配置文件(起名随意),我这儿就叫spring-security.xml,我现在定义了几个权限,权限信息表内容如下:
其中:管理用户和全部用户的权限将通过jsp中security标签配置,其他的通过spring-security.xml文件配置。
先贴出spring-security.xml的文件,详细配置含义我将做一个简单的说明:
<span style="font-size:14px;"><?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd"
default-lazy-init="true">
<description>spring-security配置</description>
<!-- 静态资源 -->
<security:http pattern="/css/**" security="none" />
<security:http pattern="/js/**" security="none" />
<security:http pattern="/images/**" security="none" />
<security:http>
<security:intercept-url pattern="/user/save*"
access="ROLE_添加用户" requires-channel="any" />
<security:intercept-url pattern="/user/delete*"
access="ROLE_删除用户" requires-channel="any" />
<security:intercept-url pattern="/user/user*"
access="ROLE_浏览用户" requires-channel="any" />
<security:intercept-url pattern="/user/update*"
access="ROLE_修改用户" requires-channel="any" />
<security:session-management>
<security:concurrency-control
expired-url="/login/login.htmls?repeat=true" max-sessions="1"
error-if-maximum-exceeded="true" />
</security:session-management>
<security:form-login login-page="/login/login.htmls"
authentication-failure-url="/login/login.htmls?error=true"
default-target-url="/user/main.htmls" always-use-default-target='true'
username-parameter="nickName" password-parameter="nickPassword" />
<security:logout invalidate-session="true"
logout-success-url="/login/login.htmls?logout=true" />
</security:http>
<!-- 认证配置 自定义认证实现UserDetailsService接口 -->
<security:authentication-manager>
<security:authentication-provider
user-service-ref="userDetailsService">
<!-- 配置密码加密方式 -->
<security:password-encoder hash="md5" />
</security:authentication-provider>
</security:authentication-manager>
<bean id="userDetailsService" class="org.andy.work.service.impl.UserDetailsServiceImpl" />
</beans></span>
其中:我们配置了静态文件管理,session对话管理,登录管理,注销配置,权限配置,自定义数据表权限认证配置。