springSecurity得基本使用

引入坐标

	  <!-- security得依赖使用 坐标 -->
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-web</artifactId>
      <version>4.1.0.RELEASE</version>
    </dependency>
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-config</artifactId>
      <version>4.1.0.RELEASE</version>
    </dependency>
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-cas</artifactId>
      <version>4.1.0.RELEASE</version>
    </dependency>
  </dependencies>

编写配置文件

applicationContext-security.xml

	<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

	<!-- 设置页面不登陆也可以访问 -->
	<http pattern="/*.html" security="none"></http>
	<http pattern="/css/**" security="none"></http>
	<http pattern="/img/**" security="none"></http>
	<http pattern="/js/**" security="none"></http>
	<http pattern="/plugins/**" security="none"></http>


	<!-- 页面的拦截规格 use-expressions:默认启用SPEL表达式 需要将 access="hasRole('ROLE_USER')" -->
	<http use-expressions="false">
		<!-- 当前用户必须有ROLE_USER的角色才可以访问根目录及所属子目录的资源 ROLE_ -->
		<intercept-url pattern="/**" access="ROLE_USER" />
		<!-- 开启表单登录功能，会有默认登录页 login-page指定登录页  default-target-url=默认跳转页 always-use-default-target=-->
		<form-login login-page="/login.html"  default-target-url="/admin/index.html" always-use-default-target="true"/>

		<!--关闭跨站访问伪造-->
		<csrf disabled="true"/>
		<!-- 为了解决frame框架访问问题默认是deny不允许访问，改成同一域下可以进行访问-->
		<headers>
			<frame-options policy="SAMEORIGIN"/>
		</headers>
		<!-- 登出设置-->
		<logout />
	</http>

	<!-- 认证管理器 -->
	<authentication-manager>
		<!-- 认证提供者 -->
		<authentication-provider>
			<user-service>
				<!-- 配置当前系统的用户 authorities该用户属于哪个角色 -->
				<user name="admin" password="123456" authorities="ROLE_USER" />
				<user name="root" password="654321" authorities="ROLE_USER" />
			</user-service>
		</authentication-provider>
	</authentication-manager>
</beans:beans>

web.xml中配置

	<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
                      http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">
  <!--配置ServletContext初始化参数：当期应用的全局参数-->
  <context-param>
    <param-name>contextConfigLocation</param-name>
    <!-- 此处扫描俩个包  一个是spring 与 mybatis得整合
          另一个是和 Security 安全框架
     -->
    <param-value>classpath:spring/applicationContext*.xml</param-value>
  </context-param>
  <listener>
    <!--ServletContext初始化监听器：内部会初始化父spring容器-->
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>
  <!-- Security 安全框架得配置 -->
  <!--配置spring-security的过滤器时，filter-name的名称不能随意修改，只能为配置中所写的名称。-->
  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <!-- 解决post乱码 -->
  <filter>
    <filter-name>CharacterEncodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
      <param-name>encoding</param-name>
      <param-value>utf-8</param-value>
    </init-param>
    <init-param>
      <param-name>forceEncoding</param-name>
      <param-value>true</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>CharacterEncodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <servlet>
    <servlet-name>springmvc</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <!-- 指定加载的配置文件 ，通过参数contextConfigLocation加载-->
    <init-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>classpath:spring/springmvc.xml</param-value>
    </init-param>
  </servlet>

  <servlet-mapping>
    <servlet-name>springmvc</servlet-name>
    <url-pattern>*.do</url-pattern>
  </servlet-mapping>
  <!--设置默认打开页面-->
  <!--<welcome-file-list>-->
    <!--<welcome-file>admin/index.html</welcome-file>-->
  <!--</welcome-file-list>-->
</web-app>

模拟获取登陆用户得信息

	package com.zyjx.controller;

import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

import java.util.HashMap;
import java.util.Map;

@RestController
@RequestMapping("/login")
public class LoginController {

    @RequestMapping("/showName")
    public Map showName(){
        //springSecurity中获取用户信息
        String name = SecurityContextHolder.getContext().getAuthentication().getName();
        Map map = new HashMap();
        map.put("name",name);
        return map ;  

    }
}

前台页面请求

action=".login" method="post"  此处是重点  

	<form class="sui-form" action=".login" method="post" id="loginform">
							<div class="input-prepend"><span class="add-on loginname"></span>
								<input  name="username"  value="admin" type="text" placeholder="邮箱/用户名/手机号" class="span2 input-xfat">
							</div>
							<div class="input-prepend"><span class="add-on loginpwd"></span>
								<input name="password" value="123456" type="password" placeholder="请输入密码" class="span2 input-xfat">
							</div>
							<div class="logined">
								<a class="sui-btn btn-block btn-xlarge btn-danger" onclick="document:loginform.submit()" target="_blank">登&nbsp;&nbsp;录</a>
							</div>
						</form>

前台用户得退出

…/logout

		<a href="../logout"  class="btn btn-default btn-flat">注销</a>

小图标问题

img/assets/favicon.ico 图标名称 及 放置路径