springsecurity-servlet 在项目中应用

最新推荐文章于 2022-04-13 10:34:22 发布

大数据球球

最新推荐文章于 2022-04-13 10:34:22 发布

阅读量662

点赞数

分类专栏： springsecurity 文章标签： springsecurity

本文链接：https://blog.csdn.net/Q1059081877Q/article/details/46654625

版权

springsecurity 专栏收录该内容

1 篇文章 0 订阅

订阅专栏

1，首先在项目导入springsecurity-servlet的三个基本包，。

2，配置springsecurity-servlet.xml，内容如下。

<?xml version="1.0" encoding="UTF-8" ?>

<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
	xmlns:security="http://www.springframework.org/schema/security"

	xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- 创建数据连接源 -->
	<bean id="dataSource"
		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
		<property name="driverClassName" value="com.mysql.jdbc.Driver" />
		<property name="url" value="jdbc:mysql://localhost:3306/security" />
		<property name="username" value="root" />
		<property name="password" value="moma" />
	</bean>
<!-- 通过使用DbUtil类初始化数据库 这个可以没有 -->
	<bean id="dbUtil" class="com.form.springsecuritydb.DbUtil" init-method="initialize">
		<property name="dataSource" ref="dataSource" />
	</bean>
	<!-- 这里设置哪些文件是在任何情况下都可以访问的-->
<!-- 	<security:http pattern="/admin/login.jsp" security="none" /> -->
<!-- 	<security:http pattern="/admin/**.css" security="none" /> -->
<!-- 	<security:http pattern="/admin/**.js" security="none" /> -->
	
	<!-- 配置 Spring Security 的 security:http 标签 -->
	<security:http auto-config="true">
	<--这里也是设置哪些文件在任何请款都可以被访问，上面写了这里就不需要了-->
		<security:intercept-url pattern="/admin/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
		
		<security:form-login login-page="/admin/login.jsp" default-target-url="/admin/user_main.jsp" authentication-failure-url="/admin/login.jsp?login_error=1"/>
		
		<!-- 指定的所有 URL 应该由 Spring Security 截获, 同时指定接入应仅限于那些谁拥有 ROLE_ADMIN 角色的用户 -->
		
		<security:intercept-url pattern="/admin/user_**.jsp" access="ROLE_admin,ROLE_user" />
		<security:intercept-url pattern="/admin/**" access="ROLE_admin" />
		<--这里设置logout后到那个页面-->
		<security:logout invalidate-session="true" logout-success-url="/admin/login.jsp"/>
	</security:http>
	
	<!-- 指定有效的用户身份验证和授权证书 -->
	<security:authentication-manager>
		<security:authentication-provider>
<!-- 			<security:password-encoder hash="md5"/> -->
			<security:jdbc-user-service
				data-source-ref="dataSource"
				users-by-username-query="select username,password,enabled from user_authentication where username=?"
				authorities-by-username-query="select u1.username, u2.role from user_authentication u1, user_authorization u2 where u1.user_id = u2.user_id and u1.username =?" />
		</security:authentication-provider>
	</security:authentication-manager>

</beans>

3,在wenb.xml里配置springsecurity配置文件的加载。

<!-- 配置spring配置文件加载的位置 -->
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>classpath:beans.xml,/WEB-INF/springsecurity-servlet.xml</param-value>
	</context-param>

<!-- 定义过滤器映射和过滤器的DelegatingFilterProxy,委托调用实现类 javax.servlet.Filter接口 并注册为Spring bean -->
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
<!-- 配置的ContextLoadListener -->
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
<!-- 注册Spring的DispatcherServlet用于注册处理程序处理Web请求 -->
	<servlet>
		<servlet-name>springsecurity</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>

	<servlet-mapping>
		<servlet-name>springsecurity</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping>

4,在login页面对form设置

<form name='loginForm' action="${pageContext.request.contextPath}/j_spring_security_check" method='POST'>

		<table>
			<tr>
				<td>User:</td>
				<td><input type='text' name='j_username' value="${sessionScope['SPRING_SECURITY_LAST_USERNAME']}"></td>
			</tr>
			<tr>
				<td>Password:</td>
				<td><input type='password' name='j_password' /></td>
			</tr>
			<tr>
				<td><label><input type="checkbox" name="_spring_security_remember_me" />Remember me</label></td>
				<td><input name="submit" type="submit" value="submit" /></td>
			</tr>
		</table>

	</form>

name和密码一定要和他们的命名一样。

另外文件中有el表达式要在头部加上<%@ page language="java" contentType="text/html; charset=UTF-8" isELIgnored="false" pageEncoding="UTF-8"%> isELIgnored="false" 让页面不忽略el表达式。

5，获取当前用户的name和logout

<%@ page language="java" contentType="text/html; charset=UTF-8" isELIgnored="false" pageEncoding="UTF-8"%>
<html>
<body>
	<h2>main page</h2>

	<span class="message">Welcome <%= request.getUserPrincipal().getName()%></span><br/>
	<a href="${pageContext.request.contextPath}/j_spring_security_logout"> Logout</a>
</body>
</html>

这样就可以了。