Spring Security 4 基于角色的登录例子(带源码)

最新推荐文章于 2022-11-24 07:30:00 发布
最新推荐文章于 2022-11-24 07:30:00 发布
阅读量838 收藏
点赞数

一般来说,我们需要自定义一个Success-Handler 来根据用户角色处理登录用户的重定向到对应的url。

这个功能在Spring Security 里面已经提供了。

SimpleUrlAuthenticationSuccessHandler 含有常用的successhandler的常用逻辑。

我们仅需要拓展它,实现我们自己的逻辑即可。

一旦我们获得了successhandler(处理器),我们将通过formLogin()或loginPage()来注册它,

完整的例子如下:

--------------------------------------------------------

下面是用的技术

 

Dear  ${user} , Welcome to Home Page.  Dear ${user}, Welcome to Admin Page.  Dear ${user}, Welcome to DBA Page.  Dear ${user}, You are not authorized to access this page
  • Spring 4.1.6.RELEASE
  • Spring Security 4.0.1.RELEASE
  • Maven 3
  • JDK 1.7
  • Tomcat 8.0.21
  • Eclipse JUNO Service Release 2

 

让我们开始吧

 

第1步: 项目文件目录结构
下面是最终的项目目录结构
\


现在让我为你展示上面目录结构里面的内容和每个的详细介绍。

第2步: 更新 pom.xml 包含所需的依赖
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
<project xmlns= "http://maven.apache.org/POM/4.0.0" xmlns:xsi= "http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation= "http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" >
   <modelversion> 4.0 . 0 </modelversion>
  
   <groupid>com.websystique.springsecurity</groupid>
   SpringSecurityRoleBasedLoginExample</artifactid>
   <version> 1.0 . 0 </version>
   <packaging>war</packaging>
  
   <name>SpringSecurityRoleBasedLoginExample</name>
  
     <properties>
         <springframework.version> 4.1 . 6 .RELEASE</springframework.version>
         <springsecurity.version> 4.0 . 1 .RELEASE</springsecurity.version>
     </properties>
  
     <dependencies>
         <!-- Spring -->
         <dependency>
             <groupid>org.springframework</groupid>
             spring-core</artifactid>
             <version>${springframework.version}</version>
         </dependency>
         <dependency>
             <groupid>org.springframework</groupid>
             spring-web</artifactid>
             <version>${springframework.version}</version>
         </dependency>
         <dependency>
             <groupid>org.springframework</groupid>
             spring-webmvc</artifactid>
             <version>${springframework.version}</version>
         </dependency>
  
         <!-- Spring Security -->
         <dependency>
             <groupid>org.springframework.security</groupid>
             spring-security-web</artifactid>
             <version>${springsecurity.version}</version>
         </dependency>
         <dependency>
             <groupid>org.springframework.security</groupid>
             spring-security-config</artifactid>
             <version>${springsecurity.version}</version>
         </dependency>
  
         <dependency>
             <groupid>javax.servlet</groupid>
             javax.servlet-api</artifactid>
             <version> 3.1 . 0 </version>
         </dependency>
         <dependency>
             <groupid>javax.servlet.jsp</groupid>
             javax.servlet.jsp-api</artifactid>
             <version> 2.3 . 1 </version>
         </dependency>
         <dependency>
             <groupid>javax.servlet</groupid>
             jstl</artifactid>
             <version> 1.2 </version>
         </dependency>
     </dependencies>
  
     <build>
         <pluginmanagement>
             <plugins>
                 <plugin>
                     <groupid>org.apache.maven.plugins</groupid>
                     maven-compiler-plugin</artifactid>
                     <version> 3.2 </version>
                     <configuration>
                         <source> 1.7
                         <target> 1.7 </target>
                     </configuration><source><source><source><source>
                 </plugin><source><source><source><source><source><source><source><source><source><source>
                 <plugin>
                     <groupid>org.apache.maven.plugins</groupid>
                     maven-war-plugin</artifactid>
                     <version> 2.4 </version>
                     <configuration>
                         <warsourcedirectory>src/main/webapp</warsourcedirectory>
                         <warname>SpringSecurityRoleBasedLoginExample</warname>
                         <failonmissingwebxml> false </failonmissingwebxml>
                     </configuration>
                 </plugin>
             </plugins><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source>
         </pluginmanagement><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source>
         <finalname>SpringSecurityRoleBasedLoginExample</finalname>
     </build><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source>
</project>
第3步: 添加 Spring Security 配置类

添加spring security到我们应用中第一步是要创建Spring Security Java 配置类。

这个配置创建一个叫springSecurityFilterChain的Servlet过滤器,来对我们应用中所有的安全相关的事项(保护应用的所有url,验证用户名密码,表单重定向等)负责。

 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
package com.websystique.springsecurity.configuration;
  
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
  
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
  
     @Autowired
     CustomSuccessHandler customSuccessHandler;
  
     @Autowired
     public void configureGlobalSecurity(AuthenticationManagerBuilder auth) throws Exception {
         auth.inMemoryAuthentication().withUser( "bill" ).password( "abc123" ).roles( "USER" );
         auth.inMemoryAuthentication().withUser( "admin" ).password( "root123" ).roles( "ADMIN" );
         auth.inMemoryAuthentication().withUser( "dba" ).password( "root123" ).roles( "ADMIN" , "DBA" );
     }
  
     @Override
     protected void configure(HttpSecurity http) throws Exception {
       http.authorizeRequests()
         .antMatchers( "/" , "/home" ).access( "hasRole('USER')" )
         .antMatchers( "/admin/**" ).access( "hasRole('ADMIN')" )
         .antMatchers( "/db/**" ).access( "hasRole('ADMIN') and hasRole('DBA')" )
         .and().formLogin().loginPage( "/login" ).successHandler(customSuccessHandler)
         .usernameParameter( "ssoId" ).passwordParameter( "password" )
         .and().csrf()
         .and().exceptionHandling().accessDeniedPage( "/Access_Denied" );
     }
  
}

此类和前几篇文章类似,只是下面这点有区别:formLogin().loginPage("/login").successHandler(customSuccessHandler)

 

重点是successHandler,这个类定义了处理successHandler的逻辑。在本例中根据 角色USER/ADMIN/DBA重定向到home/admin/db

以上配置 对应的xml配置文件:

 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
<beans:beans xmlns= "http://www.springframework.org/schema/security" xmlns:beans= "http://www.springframework.org/schema/beans" xmlns:xsi= "http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans- 4.1 .xsd
     http: //www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd"><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source>
       
     <http auto-config= "true" >
         <intercept-url access= "hasRole('USER')" pattern= "/" >
         <intercept-url access= "hasRole('USER')" pattern= "/home" >
         <intercept-url access= "hasRole('ADMIN')" pattern= "/admin**" >
         <intercept-url access= "hasRole('ADMIN') and hasRole('DBA')" pattern= "/dba**" >
         <form-login authentication-failure-url= "/Access_Denied" authentication-success-handler-ref= "customSuccessHandler" login-page= "/login" password-parameter= "password" username-parameter= "ssoId" >
         <csrf>
     </csrf></form-login></intercept-url></intercept-url></intercept-url></intercept-url></http>
   
     
         
             <user-service>
                 <user authorities= "ROLE_USER" name= "bill" password= "abc123" >
                 <user authorities= "ROLE_ADMIN" name= "admin" password= "root123" >
                 <user authorities= "ROLE_ADMIN,ROLE_DBA" name= "dba" password= "root123" >
             </user></user></user></user-service>
         </authentication-provider>
     </authentication-manager>
       
     <beans:bean class = "com.websystique.springsecurity.configuration.CustomSuccessHandler" id= "customSuccessHandler" >
      
</beans:bean></beans:beans>

下面是 上面的类里面涉及的Success-Handler

 

 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
package com.websystique.springsecurity.configuration;
  
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
  
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
  
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.DefaultRedirectStrategy;
import org.springframework.security.web.RedirectStrategy;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.stereotype.Component;
  
@Component
public class CustomSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
  
     private RedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
  
     @Override
     protected void handle(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
             throws IOException {
         String targetUrl = determineTargetUrl(authentication);
  
         if (response.isCommitted()) {
             System.out.println( "Can't redirect" );
             return ;
         }
  
         redirectStrategy.sendRedirect(request, response, targetUrl);
     }
  
     /*
      * This method extracts the roles of currently logged-in user and returns
      * appropriate URL according to his/her role.
      */
     protected String determineTargetUrl(Authentication authentication) {
         String url = "" ;
  
         Collection<!--? extends GrantedAuthority--> authorities = authentication.getAuthorities();
  
         List<string><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source> roles = new ArrayList<string>();
  
         for (GrantedAuthority a : authorities) {
             roles.add(a.getAuthority());
         }
  
         if (isDba(roles)) {
             url = "/db" ;
         } else if (isAdmin(roles)) {
             url = "/admin" ;
         } else if (isUser(roles)) {
             url = "/home" ;
         } else {
             url = "/accessDenied" ;
         }
  
         return url;
     }
  
     private boolean isUser(List<string> roles) {
         if (roles.contains( "ROLE_USER" )) {
             return true ;
         }
         return false ;
     }
  
     private boolean isAdmin(List<string> roles) {
         if (roles.contains( "ROLE_ADMIN" )) {
             return true ;
         }
         return false ;
     }
  
     private boolean isDba(List<string> roles) {
         if (roles.contains( "ROLE_DBA" )) {
             return true ;
         }
         return false ;
     }
  
     public void setRedirectStrategy(RedirectStrategy redirectStrategy) {
         this .redirectStrategy = redirectStrategy;
     }
  
     protected RedirectStrategy getRedirectStrategy() {
         return redirectStrategy;
     }
  
}</string></string></string></string></string>

注意:我们是怎样拓展SimpleUrlAuthenticationSuccessHandler类的,重写了handle()方法,

 

简单的调用重定向使用配置的RedirectStrategy,其中通过determineTargetUrl方法返回对应的url。

此方法从Authentication 对象中提取角色然后根据 角色构建 对应的url.最后在Spring Security 负责所有重定向事务的RedirectStrategy (重定向策略)来重定向请求到指定的url

其余部分和以前的文章是一样的。

 

第4步: 注册springSecurityFilter
下面是定制初始化war包中的springSecurityFilter(第三步中的)注册类
?
1
2
3
4
5
6
7
package com.websystique.springsecurity.configuration;
  
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
  
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
  
}

上面配置对应的xml配置如下:

 

 

?
1
2
3
4
5
6
7
8
9
<filter><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source>
     <filter-name>springSecurityFilterChain</filter-name>
     <filter- class >org.springframework.web.filter.DelegatingFilterProxy</filter- class >
</filter>
  
<filter-mapping><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source><source>
     <filter-name>springSecurityFilterChain</filter-name>
     <url-pattern>/*</url-pattern>
</filter-mapping>

 

第5步: 添加 Controller(控制器)

 

 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
package com.websystique.springsecurity.controller;
  
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
  
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
  
@Controller
public class HelloWorldController {
  
      
     @RequestMapping (value = { "/" , "/home" }, method = RequestMethod.GET)
     public String homePage(ModelMap model) {
         model.addAttribute( "user" , getPrincipal());
         return "welcome" ;
     }
  
     @RequestMapping (value = "/admin" , method = RequestMethod.GET)
     public String adminPage(ModelMap model) {
         model.addAttribute( "user" , getPrincipal());
         return "admin" ;
     }
      
     @RequestMapping (value = "/db" , method = RequestMethod.GET)
     public String dbaPage(ModelMap model) {
         model.addAttribute( "user" , getPrincipal());
         return "dba" ;
     }
  
     @RequestMapping (value = "/Access_Denied" , method = RequestMethod.GET)
     public String accessDeniedPage(ModelMap model) {
         model.addAttribute( "user" , getPrincipal());
         return "accessDenied" ;
     }
  
     @RequestMapping (value = "/login" , method = RequestMethod.GET)
     public String loginPage() {
         return "login" ;
     }
  
     @RequestMapping (value= "/logout" , method = RequestMethod.GET)
     public String logoutPage (HttpServletRequest request, HttpServletResponse response) {
         Authentication auth = SecurityContextHolder.getContext().getAuthentication();
         if (auth != null ){   
             new SecurityContextLogoutHandler().logout(request, response, auth);
         }
         return "redirect:/login?logout" ;
     }
  
     private String getPrincipal(){
         String userName = null ;
         Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
  
         if (principal instanceof UserDetails) {
             userName = ((UserDetails)principal).getUsername();
         } else {
             userName = principal.toString();
         }
         return userName;
     }
  
}

 

第6步: 添加 SpringMVC 配置类

 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
package com.websystique.springsecurity.configuration;
  
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.ViewResolver;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import org.springframework.web.servlet.view.JstlView;
  
@Configuration
@EnableWebMvc
@ComponentScan (basePackages = "com.websystique.springsecurity" )
public class HelloWorldConfiguration extends WebMvcConfigurerAdapter{
      
     @Bean
     public ViewResolver viewResolver() {
         InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
         viewResolver.setViewClass(JstlView. class );
         viewResolver.setPrefix( "/WEB-INF/views/" );
         viewResolver.setSuffix( ".jsp" );
  
         return viewResolver;
     }
  
      /*
      * Configure ResourceHandlers to serve static resources like CSS/ Javascript etc...
      */
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
         registry.addResourceHandler( "/static/**" ).addResourceLocations( "/static/" );
     }
}

---------译者增加 start---明明如月--------
以上配置对应的xml配置如下:
?
1
2
3
4
5
6
<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
    <mvc:resources --= "" .jsp= "" by= "" controllers= "" directory= "" font-family:= "" for = "" in= "" location= "<span style=" mapping= "<span style=" open= "" rendering= "" resolves= "" resources= "" selected= "selected" the= "" to= "" views= "" ><source>
    <beans:bean class = "org.springframework.web.servlet.view.InternalResourceViewResolver" >
        <beans:property name= "prefix" value= "/WEB-INF/views/" >
        <beans:property name= "suffix" value= ".jsp" >
    </beans:property></beans:property></beans:bean></mvc:resources>
---------译者增加end---明明如月--------
第7: 添加Initializer(初始化器)类
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
package com.websystique.springsecurity.configuration;
  
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
  
public class SpringMvcInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
  
     @Override
     protected Class<!--?-->[] getRootConfigClasses() {
         return new Class[] { HelloWorldConfiguration. class };
     }
   
     @Override
     protected Class<!--?-->[] getServletConfigClasses() {
         return null ;
     }
   
     @Override
     protected String[] getServletMappings() {
         return new String[] { "/" };
     }
  
}

第8步: 添加视图
login.jsp
此视图为登录面板增加了css
?
1
2
<%@ page language= "java" contentType= "text/html; charset=ISO-8859-1" pageEncoding= "ISO-8859-1" %>
<%@ taglib prefix= "c" uri= "http://java.sun.com/jsp/jstl/core" %>
     注意:和CSRF 相关的是
?
1
 
这一行的目的是防止CSRF攻击。正如你所见jsp中CSRF参数使用EL表达式获取的。因此需要允许el表达式:
需要在jsp头添加如下一行:
?
1
<%@ page isELIgnored= "false" %>
  welcome.jsp
?
1
2
<%@ page language= "java" contentType= "text/html; charset=ISO-8859-1" pageEncoding= "ISO-8859-1" %>
<%@ taglib prefix= "c" uri= "http://java.sun.com/jsp/jstl/core" %>

admin.jsp
?
1
2
<%@ page language= "java" contentType= "text/html; charset=ISO-8859-1" pageEncoding= "ISO-8859-1" %>
<%@ taglib prefix= "c" uri= "http://java.sun.com/jsp/jstl/core" %>

dba.jsp
?
1
2
<%@ page language= "java" contentType= "text/html; charset=ISO-8859-1" pageEncoding= "ISO-8859-1" %>
<%@ taglib prefix= "c" uri= "http://java.sun.com/jsp/jstl/core" %>

accessDenied.jsp

 

 

?
1
2
<%@ page language= "java" contentType= "text/html; charset=ISO-8859-1" pageEncoding= "ISO-8859-1" %>
<%@ taglib prefix= "c" uri= "http://java.sun.com/jsp/jstl/core" %>

 

例子中所需的css文件

app.css

 

?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
html{
     background-color:#2F2F2F;
}
  
body, #mainWrapper {
     height: 100 %;
     background-image: -webkit-gradient(
     linear,
     right bottom,
     right top,
     color-stop( 0 , #EDEDED),
     color-stop( 0.08 , #EAEAEA),
     color-stop( 1 , #2F2F2F),
     color-stop( 1 , #AAAAAA)
);
background-image: -o-linear-gradient(top, #EDEDED 0 %, #EAEAEA 8 %, #2F2F2F 100 %, #AAAAAA 100 %);
background-image: -moz-linear-gradient(top, #EDEDED 0 %, #EAEAEA 8 %, #2F2F2F 100 %, #AAAAAA 100 %);
background-image: -webkit-linear-gradient(top, #EDEDED 0 %, #EAEAEA 8 %, #2F2F2F 100 %, #AAAAAA 100 %);
background-image: -ms-linear-gradient(top, #EDEDED 0 %, #EAEAEA 8 %, #2F2F2F 100 %, #AAAAAA 100 %);
background-image: linear-gradient(to top, #EDEDED 0 %, #EAEAEA 8 %, #2F2F2F 100 %, #AAAAAA 100 %);
}
  
body, #mainWrapper, .form-control{
     font-size:12px!important;
}
  
#mainWrapper {
     height: 100vh;
     padding-left:10px;
     padding-right:10px;
     padding-bottom:10px;
}
  
#authHeaderWrapper{
     clear:both;
     width: 100 %;
     height: 3 %;
     padding-top:5px;
     padding-bottom:5px;
}
  
.login-container {
     margin-top: 100px;
     background-color: floralwhite;
     width: 40 %;
     left: 30 %;
     position: absolute;
}
  
.login-card {
     width: 80 %;
     margin: auto;
}
.login-form {
     padding: 10 %;
}


 

第9步: 构建和部署应用
现在构建 war 包(通过eclipse或者myeclipse)或者通过maven 命令行( mvn clean install). 在一个Servlet 3.0 容器中发布本应用. 在这里我使用的是tomcat, 我将war 文件放到 tomcat webapps 文件夹然后点击tomcat安装目录的bin文件夹下的 start.bat. 启动应用
打开 浏览器  在地址栏输入localhost:8080/SpringSecurityRoleBasedLoginExample/并回车

 

\

输入DBA角色的账户

\

提交表单,因为当前登录的用户时DBA角色,登录后将被重定向到/db 页面。

\

退出后登录USER权限的用户

\

\

 

然后访问admin 页面,将看到 权限拒绝页面

\

退出后登录ADMIN 角色的账户

\

本文结束,下一篇文章我们精介绍基于Hibernate注解的数据库的Spring Security 权限验证。

项目下载地址:http://websystique.com/?smd_process_download=1&download_id=1495


hy_zzzzz
关注
SpringSecurity以及OAuth2源码分析——实现多登录方式
a602389093的博客
07-25 1768
版权声明:本文为博主ExcelMann的原创文章,未经博主允许不得转载。 作者:ExcelMann,转载需注明。 SpringSecurity的Oauth2源码分析 我们先来看下通过Oauth2获取token的源码流程: 一、获取token的接口是/oauth/token,在TokenEndpoint类中 public class TokenEndpoint extends AbstractEndpoint { @RequestMapping(value = "/oauth/token", meth
spring security 2.0 命名空间配置(例子)
03-14
通过SpringSecurityTest这个压缩包文件,你可以找到相关的示例代码和配置,以帮助你更好地理解这些概念。动手实践是学习Spring Security的最佳途径,你可以尝试修改配置,观察不同设置对应用程序安全行为的影响。 ...
基于springsecurity的用户角色权限
08-24
适合初学者使用,代码简单,未连接数据库,全部集成在.xml中。有注释,注释全面。可以进行二次开发。
Spring Security(4)
最新发布
分享专业、有用、有趣的技术、产品、运营和管理知识。
11-24 144
除了login()方法能成功,另外两个都失败,并不是因为代码问题,而是Spring Security默认是通过Web页面来实现页面逻辑跳转的。但在前后端分离的开发模式中,页面跳转的逻辑后端已经无法直接控制了,而是通过返回状态码由前端来执行跳转。因此,需要对应用进行改造。
Spring Security 4入门
qq_55917018的博客
12-26 374
Spring SecuritySpring框架中的独立项目,是一个安全框架,能够为基于Spring的Java EE应用提供声明式的安全访问控制解决方案。它提供了一组可以在Spring应用上下文中配置的安全对象,充分利用了Spring DI(依赖注入)和AOP(面向切面)功能,为应用系统提供声明式的访问控制机制,以减少了企业级开发中需要重复编写大量安全代码的工作。
Spring Security介绍(4)
风之影
02-05 418
7.4&nbsp; 保护Web应用程序 Spring Security对Web安全性的支持大量地依赖于Servlet过滤器。这些过滤器拦截进入请求,并且在你的应用程序处理该请求之前进行某些安全处理。 Spring Security提供有若干个过滤器,它们能够拦截Servlet请求,并将这些请求转给认证和访问决策管理器处理,从而增强安全性。根据自己的需要,你 可以使用表7.4中所列的几...
SpringSecurity4 学习笔记
愿你拥有大风与烈酒,也能享受孤独与自由
07-07 769
成结构 1. SpringSecurity 2. 入门案例 新建SpringBoot项目 添加Security和Web依赖即可 在resources–static新建登录和主页简单静态页面 启动项目 访问localhost:8080/login可以看到出现的 登录页(该页面为Security默认生成的) 在启动项目时 会在控制台输出一串登录密码 2.1 UserDetailsService接口 用户判断用户名是否存在 而UserDetailsService返回的Userdetails接口中实现了
Spring Security角色继承分析
08-25
Spring Security 角色继承分析 Spring Security 角色继承分析是 Spring Security 框架中的一项重要功能,它允许开发者定义角色之间的继承关系,从而实现权限的继承和复用。今天,我们将深入探讨 Spring Security ...
spring security2 例子
03-23
此外,Spring Security还支持基于Remember Me的功能,允许用户在一段时间内无须重新登录。这通常通过`remember-me`元素来配置: ```xml ... ... ``` 标签"源码"暗示我们将深入研究Spring Security的内部机制...
spring security与数据库交互实现简单例子
03-22
总的来说,这个例子展示了如何使用Spring Security与数据库配合,实现用户认证和基于角色的授权。通过调整配置和数据库结构,你可以根据具体需求扩展和定制这个基础框架,实现更复杂的安全策略。
spring security 4 多点登录
01-23
最近看了spring security 4的开发文档,登录权限拦截封装的相当好!!! 附件为简单的多点登录demo,给开发前后台的朋友们做参考,其中authentication-provider为框架自的user-service,后续会在整个自定义user-service和AccessDecisionManager、SecurityMetadataSource的demo。 demo放在web服务器根目录(不项目名)。 后台登录路径为http://localhost:8080/loginAdmin.html 后台登录后首页为http://localhost:8080/admin/home.html 账号密码为 admin:123456 前台登录路劲为http://localhost:8080/loginUser.html 后台登录后首页为http://localhost:8080/user/home.html 账号密码为 user:123456 希望对大家有帮助。
spring security4登陆例子
02-23
spring security4登陆
spring security4 实例(小菜完整版)
文艺的小菜也有BUG
07-01 2970
小菜第一次写博客,废话不多说直接开始上干货。主要面对security小白,大牛绕行 第一步:创建web maven工程,不会的可自行与度娘打招呼。 第二步:环境说明。 jdk:1.7  , 剩下可自行观看配置文件。 第三步:展示项目目录结构。 第四步:配置pom.xml文件 http://maven.apache.org/POM/4.0.0" xmlns:xsi="http:/
spring security4学习(一)
西楚小羽的专栏
05-24 666
本文将分别介绍注解和xml的方式来使用spring security ,通过一个人简单的demo来演示对url访问进行验证。 因为我用的是gradle来构建项目,先看一下gradle依赖项。 第一步:创建Spring Security Java 配置类。 @Configuration @EnableWebSecurity public class SecurityConfig e
Spring Security【四】微服务权限方案
博客
03-09 997
视频链接:SpringSecurity框架教程 文章源码:https://github.com/geyiwei-suzhou/spring-security 认证授权过程
Spring Security 4 (03)—— 资源信息
每日丶滴
08-13 695
序言 这一篇主要是讲资源的加载和认证 1.内存加载 <security:http auto-config="false" use-expressions="false" > <security:intercept-url pattern="/system/**" access="ROLE_ADMIN" /> <security:intercept-url patte
Spring Security4使用(一)
愿夜幕永不开启
11-03 6624
引入Spring Security4.0所需的jar包 org.springframework.security spring-security-core 4.0.3.RELEASE org.springframework.security spring-security-web
Spring Security 4 (01)—— 简介
每日丶滴
07-29 410
Spring Security 4本Markdown编辑器使用StackEdit修改而来,用它写博客,将会来全新的体验哦: Markdown和扩展Markdown简洁的语法 代码块高亮 图片链接和图片上传 LaTex数学公式 UML序列图和流程图 离线写博客 导入导出Markdown文件 丰富的快捷键 快捷键 加粗 Ctrl + B 斜体 Ctrl + I 引用 Ctrl +
Spring实战】----spring security4.1.3配置以及踩过的坑
honghailiang的专栏
12-08 9902
spring security完全可以作为一个专门的专题来说,有一个专题写的不错http://www.iteye.com/blogs/subjects/spring_security,我这里主要是针对4.1.3进行配置说明 一、所需的库文件 //spring-security compile 'org.springframework.security:spring-security-
Spring Boot与Spring Security集成示例及密码加密
首先,我们将在一个基于Spring Boot 1.4.4.RELEASE版本的项目中集成必要的依赖,如`spring-boot-starter-web`、`spring-boot-starter-security`、`spring-security-oauth2`以及`spring-boot-starter-thymeleaf`,...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值