spring-Security-Demo

首先创建一个maven项目

在pom.xml导入包

 <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-core</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-web</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-context-support</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-test</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-jdbc</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>4.1.0.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>4.1.0.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>servlet-api</artifactId>
            <version>2.5</version>
            <scope>provided</scope>
        </dependency>
    </dependencies>
    <build>
        <plugins>
            <plugin>
                <artifactId>maven-compiler-plugin</artifactId>
                <configuration>
                    <source>1.8</source>
                    <target>1.8</target>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.apache.tomcat.maven</groupId>
                <artifactId>tomcat7-maven-plugin</artifactId>
                <configuration> <!-- 指定端口 -->
                    <port>9090</port> <!-- 请求路径 -->
                    <path>/</path>
                </configuration>
            </plugin>
        </plugins>
    </build>

 

然后配置web.xml文件:

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         version="2.5">
    <listener>
<!--        动态监听spring-Security.xml配置文件-->
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:spring-Security.xml</param-value>
    </context-param>

<!--    对每个文件进行安全校验过滤 -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
</web-app>

 

在resources文件下新建spring-Security.xml配置文件

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    <!--配置忽略规则-->
    <http pattern="/favicon.ico" security="none"></http>
    <http pattern="/login.html" security="none"></http>
    <http pattern="/login_out.html" security="none"></http>

    <http use-expressions="false" >
        <!--拦截地址以及需要的权限-->
        <!--use-expressions:指定是否使用表达式 26.2 Web Security Expressions-->
        <!--如果true：则access属性必须设置表达式：如access="hasRole('admin') and hasIpAddress('192.168.1.0/24')"-->
        <!--如果是false:则access必须使用"ROLE_"作为前缀 -->
        
<!--       access 授权标志-->
        <intercept-url pattern="/**" access="ROLE_ADMIN"></intercept-url> <!--如果不具备该角色，则跳转到登录页-->

<!--    always-use-default-target：总是使用默认的页面，不管你在网址后输入什么地址，最终都会访问默认的地址
        login-page：指定登录页面
        default-target-url：指定登录成功的默认页面
        authentication-failure-forward-url：指定登录失败的跳转页面
        csrf：关闭跨站攻击效验
    -->
        <form-login always-use-default-target="true"
                    login-page="/login.html"
                    default-target-url="/index.html"
                    authentication-failure-forward-url="/login_out.html"></form-login>
        <csrf disabled="true"></csrf>

    </http> <!--配置认证管理器-->
    <authentication-manager>
        <authentication-provider>
            <user-service>
<!--                指定用户 账号和密码 和授权状态   只是使用了授权标志的才能被成功授权-->
                <user name="admin" password="123456" authorities="ROLE_ADMIN"></user>
                <user name="test" password="123456" authorities="ROLE_TEST"></user>
            </user-service>
        </authentication-provider>
    </authentication-manager>


</beans:beans>

 

新建登录页面:login.html

<body>
<!--action：必须使用/login  请求方式必须是post-->
<form action="/login" method="post">
<!--    name 必须是username 和 password-->
   账号: <input type="text" placeholder="user" name="username">
   密码: <input type="password" placeholder="***" name="password">
    <input type="submit" value="提交">
</form>
</body>

新建登录失败跳转页面：login-out.html

页面就是一个简单的提示

新建登录成功后跳转页面:index.html

页面就是一个简单的提示

 

 

测试demo:

启动服务器测试就Ok了