想要调查、学习Spring的安全、权限控制框架,结果发现Spring官网上都不提供jar包的下载了,只提供了maven的pom依赖,
由于公司上网一直受到限制,公司内部也没有建maven私服,所以一直没有好好用过maven,
但是从Apache基金会把项目都搬上maven,到spring也推荐maven/gradle(没用过)的依赖配置,
意识到这种通过依赖配置,中央库来构建项目的方式,已经成为主流,本着不追随潮流,就要被淘汰的紧迫心情,现在开始努力改变思想。
言归正传,接下去就记录一下用maven构建spring_security的学习笔记,以备不时只需。
首先是安装maven和在eclipse中构建maven的动态web项目,这个实在是可参考的地方太多了,
一看就会,就不重复阐述了。
我是参考的这位仁兄,写的挺详细的,谢谢共享。
http://penghuaiyi.iteye.com/blog/1859799
由于自己习惯了struts2+spring3+mybatis3的框架组合来开发系统,
之前写过一篇配置ssm的博客,没有用maven,这次用maven构筑,配置好pom依赖后,相关包都自动下载,意想不到的顺利,不得不令人感叹maven的强大了。
配置文件的修改点没什么变化,可以参考:http://blog.csdn.net/ouitiken/article/details/8830505
pom.xml的依赖参考:
<dependencies>
<!-- Commons -->
<dependency>
<groupId>commons-dbcp</groupId>
<artifactId>commons-dbcp</artifactId>
<version>1.4</version>
</dependency>
<!-- Log -->
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.17</version>
</dependency>
<!-- Struts2 -->
<dependency>
<groupId>org.freemarker</groupId>
<artifactId>freemarker</artifactId>
<version>2.3.18</version>
</dependency>
<dependency>
<groupId>org.apache.struts</groupId>
<artifactId>struts2-core</artifactId>
<version>2.3.16.3</version>
</dependency>
<dependency>
<groupId>org.apache.struts</groupId>
<artifactId>struts2-spring-plugin</artifactId>
<version>2.3.16.3</version>
</dependency>
<!-- Spring -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>3.2.8.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>3.2.8.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>3.2.8.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>3.2.8.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>3.2.8.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
<version>3.2.8.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>3.2.8.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.2.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.2.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.2.4.RELEASE</version>
</dependency>
<!-- Mybatis -->
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis</artifactId>
<version>3.0.6</version>
</dependency>
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis-spring</artifactId>
<version>1.0.2</version>
</dependency>
<!-- Database -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.31</version>
</dependency>
</dependencies>
接下去就是spring-security的实现了
1. 修改web.xml
加入spring-security的过滤器,切忌必须加在struts2的过滤器前面。
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
2. 修改applicationContext.xml
根标签<beans>中需要修改命名空间,如下:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
其中:xmlns:security="http://www.springframework.org/schema/security"
和http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd是新追加的。
添加如下配置,增加权限验证和测试用户名
<!-- 测试用户 -->
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="jimi" password="jimispassword"
authorities="ROLE_USER, ROLE_ADMIN" />
<security:user name="bob" password="bobspassword"
authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<security:http auto-config='true'>
<security:intercept-url pattern="/login.jsp*"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/**" access="ROLE_USER" />
<security:form-login />
</security:http>
由于没有指定form-login的路径,spring-security会提供默认登录页面,登录成功后会跳转到目标路径。
这个时候,初步的配置已经完成,可以启动服务,访问任何路径,都会被拦截,跳转到登陆页面,然后用配置好的用户名,密码登录,则会成功跳转。
由于是入门文章,则写到此为止,接下去对spring-security的深入学习,则需要继续参照官方文档。