此教程为新手入门级教程...
使用Spring Security3在网上也提供了四种使用配置方法:
1.全部利用配置文件,将用户、权限、资源(url)硬编码在xml文件中,已经实现过,并经过验证;
2.用户和权限用数据库存储,而资源(url)和权限的对应采用硬编码配置,目前这种方式已经实现,并经过验证。
3.细分角色和权限,并将用户、角色、权限和资源均采用数据库存储,并且自定义过滤器,代替原有的FilterSecurityInterceptor过滤器,并分别实现AccessDecisionManager、InvocationSecurityMetadataSourceService和UserDetailsService,并在配置文件中进行相应配置。
4.修改spring security的源代码,主要是修改InvocationSecurityMetadataSourceService和UserDetailsService两个类。
前者是将配置文件或数据库中存储的资源(url)提取出来加工成为url和权限列表的Map供Security使用,后者提取用户名和权限组成一个完整的(UserDetails)User对象,该对象可以提供用户的详细信息供AuthentationManager进行认证与授权使用。
由于只是对spring security3进行了入门级的学习,所以今天给大家展示的是第一种方法。以助未接触过Spring security更好的同学能简单地理解
后面第三种方法将在日后的学习陆续给大家发出来
=================================================================================================================
现在我们开始配置这个简单的DEMO。
[先看一下项目的目录结构吧....]
[下载架包--spring-security-3.1.0.RELEASE.zip] 因为在spring官网上面已经找不到相关下载页面,所以可以上百度直接搜索该文件
zip目录解压出来的目录
再解压spring-security-3.1.0.RELEASE\dist\spring-security-samples-contacts-3.1.0.RELEASE.war
再把WEB-INF\lib 所有的架包复制到DEMO项目中去,这样子架包这部分就算完成了
下面是代码:
[web.xml]
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<!-- 加载spring xml配置文件 -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:securityConfig.xml</param-value>
</context-param>
<!-- Spring SECURITY3.1的过滤链配置 -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring窗口启动监听器 -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- 系统欢迎页面 -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
[securityConfig.xml]
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation=
"http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- 登录页面不过滤 -->
<http pattern="/login.jsp" security="none"/>
<http access-denied-page="/accessDenied.jsp">
<form-login login-page="/login.jsp"/>
<!-- 访问/admin.jsp资源的用户必须具有ROLE_ADMIN的权限 -->
<intercept-url pattern="/admin.jsp" access="ROLE_USER"/>
<!-- 访问/**资源的用户必须具有ROLE_USER的权限 -->
<intercept-url pattern="/**" access="ROLE_USER"/>
<session-management>
<concurrency-control max-sessions="1" error-if-maximum-exceeded="false"/>
</session-management>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="root" password="123456" authorities="ROLE_USER"/>
<user name="zzj" password="123456" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
</b:beans>
[index.jsp]
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>My JSP 'index.jsp' starting page</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body style="font-size:12px">
这是首页,欢迎<sec:authentication property="name"/>!<br/>
<a href="admin.jsp">进入admin页面</a>
<a href="other.jsp">进入其他 页面</a>
</body>
</html>
[login.jsp]
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>登录</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body style="font-size:12px">
<form action="j_spring_security_check" method="POST">
<table>
<tr>
<td>用户:</td>
<td><input type="text" name='j_username'/></td>
</tr>
<tr>
<td>密码:</td>
<td><input type="password" name="j_password"/></td>
</tr>
<tr>
<td><input name="reset" type="reset"/></td>
<td><input name="submit" type="submit"/></td>
</tr>
</table>
</form>
</body>
</html>
[admin.jsp]
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>欢迎访问</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body style="font-size:12px">
欢迎来到[管理员页面]
</body>
</html>
[other.jsp]
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>其他页面</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body style="font-size:12px">
欢迎访问[其他页面]
</body>
</html>
[accessDenied.jsp]
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>访问拒绝</title>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<!--
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body style="font-size:12px">
您的访问被拒绝,无权访问该资源!<br/>
</body>
</html>
通上以上配置,一个基于Spring Security安全权限的XML配置DEMO就这样出来了!