SSH + Spring Security3.2例子（一）

最新推荐文章于 2024-04-23 10:33:06 发布

落叶上的秋

最新推荐文章于 2024-04-23 10:33:06 发布

阅读量1.3k

点赞数

分类专栏： spring 文章标签： spring security 登陆验证 ssh

本文链接：https://blog.csdn.net/huanglgln/article/details/42024171

版权

spring 专栏收录该内容

6 篇文章 0 订阅

订阅专栏

Security之环境搭建

1.web.xml配置

    <!-- spring的监听器，以便在启动时就自动加载spring的配置 --> 
    <listener>  
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>  
    </listener>  
    
    <!-- spring要加载的配置文件-->
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>classpath:/applicationContext*.xml</param-value>
	</context-param>
    
    <!-- spring-security -->
    <filter>  
        <filter-name>springSecurityFilterChain</filter-name>  
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
    </filter>  
    <filter-mapping>  
        <filter-name>springSecurityFilterChain</filter-name>  
        <url-pattern>/*</url-pattern>  
    </filter-mapping>

2.applicationContext-security.xml配置

<?xml version="1.0" encoding="UTF-8"?>  
 <beans:beans xmlns="http://www.springframework.org/schema/security"  
    xmlns:beans="http://www.springframework.org/schema/beans"  
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:aop="http://www.springframework.org/schema/aop"  
	xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans   
    http://www.springframework.org/schema/beans/spring-beans-3.2.xsd   
    http://www.springframework.org/schema/security   
    http://www.springframework.org/schema/security/spring-security-3.2.xsd    
    http://www.springframework.org/schema/aop 
    http://www.springframework.org/schema/aop/spring-aop-3.2.xsd
	http://www.springframework.org/schema/context 
	http://www.springframework.org/schema/context/spring-context-3.2.xsd">  
    
    <!-- 不需要过滤的URL -->
    <http pattern="/jsp/login.jsp" security="none"/> 
    <http pattern="/login.jsp" security="none"/> 
    <http pattern="/test/main!goLogin.action" security="none"/> 
    <http pattern="/jsp/error403.jsp" security="none"/> 
    <http pattern="/jsp/sessionTimeOut.jsp" security="none"/> 
    <http pattern="/css/**" security="none"/> 
    <http pattern="/images/**" security="none"/> 
    <http pattern="/js/**" security="none"/> 
    
    <!-- 配置登陆页面的切入点 -->
	<!-- entry-point-ref：安全退出后,再次请求受限资源时所跳转的URL -->
	<http use-expressions="true" entry-point-ref="authenticationEntryPoint" access-denied-page="/jsp/error403.jsp">
		
		<!-- 安全退出 处理 -->
		<logout invalidate-session="true" logout-url="/logout.do" success-handler-ref="logoutFilter" />
    
    	<!-- 配置session超时后跳转的页面，以及一个用户只能登陆一次 -->
		<session-management invalid-session-url="/jsp/sessionTimeOut.jsp">
			<concurrency-control max-sessions="1" />
		</session-management>
		
		<!-- 配置Cookies自动登录 -->
		<remember-me services-ref="rememberMeServices" key="TEST_REMEMBER" />
		
		<!-- 替换默认的登陆验证Filter -->
		<custom-filter ref="loginFilter" position="FORM_LOGIN_FILTER" />
		
		<!-- 替换默认的验证过滤Filter -->
		<custom-filter ref="FilterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR" />
           
    </http>  
  
  <!-- ====================================================模块分割线==================================================== -->

	<!-- 安全退出后,再次请求受限资源时所跳转的URL -->
	<beans:bean id="authenticationEntryPoint" class="com.test.security.login.MultipleAuthenticationEntryPoint">
		<beans:property name="directUrl" value="/jsp/login.jsp"></beans:property>
	</beans:bean>
	
  <!-- ====================================================模块分割线==================================================== -->

	<!-- 配置登出页面 -->
	<beans:bean id="logoutFilter" class="com.test.security.logout.MultipleLogoutSuccessHandler">
		<beans:property name="directUrl" value="/jsp/login.jsp"></beans:property>
	</beans:bean>

  <!-- ====================================================模块分割线==================================================== -->

	<!-- 配置Cookies自动登录 -->
	<beans:bean id="rememberMeServices"
		class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
		<!-- Cookies保存的属性名 -->
		<beans:property name="key" value="TEST_REMEMBER" />
		<!-- 页面多选框标签的属性名 -->
		<beans:property name="parameter" value="rememberMe" />
		<!-- Cookies时间(秒) 12天-->
		<beans:property name="tokenValiditySeconds" value="1209600"></beans:property>
		<beans:property name="userDetailsService" ref="myUserDetailsService" />
	</beans:bean>
	
  <!-- ====================================================模块分割线==================================================== -->

	<!-- 配置身份验证管理器 -->
	<authentication-manager alias="authenticationManager">
		<authentication-provider ref="multipleAuthenticationProvider"></authentication-provider>
	</authentication-manager>


	<!-- 配置身份验证器 -->
	<beans:bean id="multipleAuthenticationProvider"
		class="com.test.security.authentication.provider.MultipleAuthenticationProvider">
		<beans:property name="authenticationProviders">
			<beans:list>
				<beans:ref bean="myAuthenticationProvider" />
			</beans:list>
		</beans:property>
	</beans:bean>

	<!-- 身份验证 -->
	<beans:bean id="myUserDetailsService"
		class="com.test.security.authentication.details.MyUserDetailsService">
	</beans:bean>

	<!-- 配置加密策略 -->
	<beans:bean id="shaPasswordEncoder"
		class="org.springframework.security.authentication.encoding.Md5PasswordEncoder">
		<beans:property name="encodeHashAsBase64" value="false"></beans:property>
	</beans:bean>

	<!-- 配置密码的盐值 -->
	<beans:bean id="saltSource"
		class="org.springframework.security.authentication.dao.ReflectionSaltSource">
		<!-- 以用户名作为加密盐值 -->
		<beans:property name="userPropertyToUse" value="username"></beans:property>
	</beans:bean>

	<!-- 验证器并构建新用户凭证 -->
	<beans:bean id="myAuthenticationProvider"
		class="com.test.security.authentication.provider.MyAuthenticationProvider">
		<beans:property name="userDetailsService" ref="myUserDetailsService"></beans:property>
		<beans:property name="passwordEncoder" ref="shaPasswordEncoder"></beans:property>
		<beans:property name="saltSource" ref="saltSource"></beans:property>
	</beans:bean>

  <!-- ====================================================模块分割线==================================================== -->

	<!-- 自定义登陆验证过滤器 -->
	<beans:bean id="loginFilter"
		class="com.test.security.authentication.filter.MultipleUsernamePasswordAuthenticationFilter">
		<!-- 登陆页面URL 
		<beans:property name="filterProcessesUrl" value="/login.do" /> 过期 -->
		<beans:property name="requiresAuthenticationRequestMatcher" ref="loginUrl" />
		<!-- 注入用户凭证 -->
		<beans:property name="tokenResolver" ref="myAuthenticationTokenResolver"/>
		<!-- 校验用户名及密码，并对用户授权 -->
		<beans:property name="authenticationManager" ref="authenticationManager" />
		<!-- 验证通过所执行的请求 -->
		<beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
		<!-- 验证未通过所执行的请求 -->
		<beans:property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
		<!-- 自动登录 -->
		<beans:property name="rememberMeServices" ref="rememberMeServices"/>
	</beans:bean>
	
	<!-- 登陆页面URL -->
	<beans:bean id="loginUrl" class="org.springframework.security.web.util.matcher.AntPathRequestMatcher">
		<beans:constructor-arg type="java.lang.String" value="/login.do"/>
	</beans:bean>
	
  <!-- ====================================================模块分割线==================================================== -->

	<!-- 构建登陆用户凭证 -->
	<beans:bean id="myAuthenticationTokenResolver"
		class="com.test.security.authentication.filter.MyAuthenticationTokenResolver">
	</beans:bean>

	<!-- 登陆验证成功后的处理结果 -->
	<beans:bean id="authenticationSuccessHandler"
		class="com.test.security.authentication.handler.MultipleAuthenticationSuccessHandler">
		<beans:property name="directUrl" value="/test/main!goMain.action"/>
	</beans:bean>

	<!-- 登陆验证失败后的处理结果 -->
	<beans:bean id="authenticationFailureHandler"
		class="com.test.security.authentication.handler.MultipleAuthenticationFailureHandler">
		<beans:property name="directUrl" value="/test/main!goLogin.action" />
		<!-- <beans:property name="useForward" value="true" /> -->
	</beans:bean>

  <!-- ====================================================模块分割线==================================================== -->

	<!-- 自定义权限认证过滤器 -->
	<beans:bean id="FilterSecurityInterceptor"
		class="com.test.security.manage.filter.MultipleFilterSecurityInterceptor">
		<beans:property name="authenticationManager" ref="authenticationManager" />
		<beans:property name="securityMetadataSource" ref="multipleSecurityMetadataSource" />
		<beans:property name="accessDecisionManager" ref="multipleAccessDecisionManager" />

	</beans:bean>

	<!-- 配置访问的资源属性 -->
	<beans:bean id="multipleSecurityMetadataSource"
		class="com.test.security.manage.metadata.MultipleFilterInvocationSecurityMetadataSource">
		<beans:property name="metadataSource" ref="mySecurityMetadataSource" />
	</beans:bean>

	<!-- 资源 -->
	<beans:bean id="mySecurityMetadataSource" 
		class="com.test.security.manage.metadata.MySecurityMetadataSource">
	</beans:bean>

	<!-- 配置访问决策器 -->
	<beans:bean id="multipleAccessDecisionManager"
		class="com.test.security.manage.decide.MultipleAccessDecisionManager" />
		
</beans:beans>

3.spring security资源

security的资源主要分为三种：非过滤资源、公有资源、受权限保护的资源。
非过滤资源：不会经过security权限认证过滤器的处理，该资源不需要登陆就可以直接访问。（如

<http pattern="/jsp/login.jsp" security="none"/>

公有资源：未定义权限的资源，该资源不需要登陆就可以直接访问。（没有定义的默认资源都是公有资源）

受权限保护的资源：登陆用户拥有该资源的权限，该资源才能被访问。（如

<!-- 本例子中 该资源通过数据库加载 -->	
<intercept-url pattern="/test1.jsp" access="ROLE_USER" />

完整下载例子下载：http://download.csdn.net/detail/huanglgln/8276525

落叶上的秋

关注

0
点赞
踩
1

收藏

觉得还不错? 一键收藏
0
评论
SSH + Spring Security3.2例子（一）

Spring Security3.2例子Spring Security3.2配置
复制链接

扫一扫

专栏目录