最近刚接触maven(60%的程序员都会使用,公司项目一般都用),所以建立在maven项目基础之上学习了Spring Security
先推荐一下spring security的资料:
一.首先建立maven的web项目
可以参考该博客 http://blog.csdn.net/gwd1154978352/article/details/53019163
二.配置pom.xml,在里面加入Spring security的配置文件
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.2.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.2.0.RELEASE</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
三.配置web.xml文件
context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:applicationContext-security.xml
</param-value>
</context-param>
<!-- SpringSecurity 核心过滤器配置 -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring监听器 -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
四.配置applicationContext-security.xml文件
官方有两种配置:
第一种:命名空间用security开头,但是在配置中一直需要用<security:*>来配置。
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
...
</beans>
第二种:命名空间用bean开头,在配置中不需要security前缀,但是bean的配置需要用<beans:bean>配置。
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
...
</beans:beans>
这里使用第一种
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- 配置不过滤的内容 -->
<!--所有jsp页面均在webapp下-->
<sec:http pattern="/login.jsp" security="none"></sec:http>
<!-- auto-config='true'将自动配置几种常用的权限控制机制,包括form, anonymous, rememberMe -->
<sec:http auto-config="true" >
<!--自定义登录页面,该标签如果不设置,Spring Security会自动给你添加一个简单的登录验证界面 -->
<!-- authentication-failure-url为验证失败跳转的页面 -->
<!-- default-target-url 验证成功跳转的页面 -->
<sec:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp" default-target-url="/index.jsp"/>
<!-- 该页面需要的权限为ROLE_user,ROLE_是固定的模式 -->
<sec:intercept-url pattern="/index.jsp" access="ROLE_user"/>
<!-- 无访问权限后跳转的页面 -->
<sec:access-denied-handler error-page="/error.jsp"/>
</sec:http>
<sec:authentication-manager>
<sec:authentication-provider>
<!-- 配置用户以及相关的权限 -->
<sec:user-service>
<sec:user name="TOM" authorities="ROLE_user" password="TOM"/>
<sec:user name="jack" authorities="ROLE_Manger" password="jack"/>
</sec:user-service>
</sec:authentication-provider>
</sec:authentication-manager>
</beans>
五.自定义界面的编写
注意:action,name是固定的,更改后Spring将无法识别
<body>
<form action="j_spring_security_check" method="POST">
<table>
<tr><td>用户名</td><td><input type="text" name="j_username"></td></tr>
<tr><td>密 码</td><td><input type="password" name="j_password"></td></tr>
<tr><td><input type="reset" value="重新登录"></td><td><input type="submit" value="登录"/></td></tr>
</table>
</form>
</body>
那么有人要问了,在jsp页面如何引入用户名呢?
首先引入taglib
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
通过<sec:authentication property="name"/>该方法即可获得用户名
六.运行maven,输入jetty:run即可