在这个例子中,我们将看到如何在 Java Servlet 和 JSP 应用程序中使用 Spring 安全性。我们将使用 Spring Web Security 进行内存身份验证。由于此 Web 应用程序将在 servlet 容器中运行,因此可以照常使用 JSP 和 Servlet。在这个例子中我们不会使用 Spring MVC。
Maven 依赖项
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.logicbig.example</groupId>
<artifactId>spring-security-and-servlet-example</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>war</packaging>
<dependencies>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.2</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<configuration>
<failOnMissingWebXml>false</failOnMissingWebXml>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.3</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.2</version>
<configuration>
<path>/</path>
</configuration>
</plugin>
</plugins>
</build>
</project>
Java 配置类
package com.logicbig.example;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
public class AppConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(AuthenticationManagerBuilder builder)
throws Exception {
builder.inMemoryAuthentication()
.withUser("alexa")
.password("123")
.roles("USER");
}
}
初始化 Java 配置
package com.logicbig.example;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class AppSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
public AppSecurityInitializer() {
super(AppConfig.class);
}
}
一个 JSP 页面
src/main/webapp/index.jsp
<html>
<body>
<h2>Welcome to App</h2>
<p>
<%=request.getUserPrincipal().getName().toString()%>
</p>
<a href="/example">Go to Example Servlet</a>
</body>
</html>
一个小服务程序
package com.logicbig.example;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
@WebServlet(name = "exampleServlet", urlPatterns = {"/example"})
public class ExampleServlet extends HttpServlet {
@Override
protected void doGet(HttpServletRequest req,
HttpServletResponse resp) throws ServletException, IOException {
resp.setContentType("text/html");
PrintWriter writer = resp.getWriter();
String servletName = getServletConfig().getServletName();
writer.println("handling request, servlet name: " + servletName);
writer.println("<br/>");
writer.println("user: " + req.getUserPrincipal().getName());
writer.println("<br/><a href=\"/index.jsp\">Main Page</a>");
}
}
要尝试示例,请运行嵌入式 tomcat(在下面示例项目的 pom.xml 中配置):
mvn tomcat7:run-war
输出
第一次访问任何资源都会显示 Spring 认证表单:
按照我们在 AppConfig 类中设置的方式提交用户名和密码后:
单击“转到示例 Servlet”链接: