在ssm项目上添加security安全登录系统
-
在原来项目web层上添加spring-security.xml配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!--不拦截的内容 登录页面 错误页面-->
<security:http pattern="/login.jsp" security="none"/>
<security:http pattern="/failer.jsp" security="none"/>
<security:http pattern="/favicon.ico" security="none"/>
<!--配置拦截的规则
auto-config 使用自带页面
use-expressions 是否使用spel表达式
-->
<security:http auto-config="true" use-expressions="false">
<!--配置:拦截地址-->
<security:intercept-url pattern="/**" access="ROLE_USER"/>
<!--配置你想跳转的具体页面-->
<security:form-login
login-page="/login.jsp"
login-processing-url="/login"
default-target-url="/pages/main.jsp"
authentication-failure-forward-url="/failer.jsp"/>
<!--是否允许跨域-->
<security:csrf disabled="true"/>
<!--退出-->
<security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/login.html"></security:logout>
</security:http>
<!--配置登录认证管理器-->
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<!--临时账户密码 不加密-->
<security:user name="admin" password="{noop}admin" authorities="ROLE_USER"></security:user>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
-
form-login属性详解
- form-login是spring security命名空间配置登录相关信息的标签,它包含如下属性:
1. login-page 自定义登录页url,默认为/login
2. login-processing-url 登录请求拦截的url,也就是form表单提交时指定的action
3. default-target-url 默认登录成功后跳转的url
4. always-use-default-target 是否总是使用默认的登录成功后跳转url
5. authentication-failure-url 登录失败后跳转的url
6. username-parameter 用户名的请求字段 默认为userName
7. password-parameter 密码的请求字段 默认为password
8. authentication-success-handler-ref 指向一个AuthenticationSuccessHandler用于处理认证成功的请求,不能和default-target-url还有always-use-default-target同时使用
9. authentication-success-forward-url 用于authentication-failure-handler-ref
10. authentication-failure-handler-ref 指向一个AuthenticationFailureHandler用于处理失败的认证请求
11. authentication-failure-forward-url 用于authentication-failure-handler-ref
12. authentication-details-source-ref 指向一个AuthenticationDetailsSource,在认证过滤器中使用
---------------------
原文:https://blog.csdn.net/yin380697242/article/details/51893397
-
web.xml配
- 在配置文件中添加security的核心过滤器SpringSecurityFilterChain,该过滤器链在整个认证授权过程中起着举足轻重的地位,每个请求到来,都会经过该过滤器链
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
- 登录表单一定要填写name="username" name="password"