Spring Security2.0的自带DEMO浅析

最新推荐文章于 2023-07-18 23:09:48 发布
最新推荐文章于 2023-07-18 23:09:48 发布
阅读量2.8k 收藏
点赞数
分类专栏: Java相关 文章标签: security spring access encoding class returning
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/kunshan_shenbin/article/details/3721069
版权

下载地址:http://www.springsource.org/download

如下图所示建立工程:

所需Jar包:

aopalliance-1.0.jar
aspectjrt-1.5.4.jar
aspectjweaver.jar
commons-codec-1.3.jar
commons-collections-3.2.jar
commons-logging-1.1.1.jar
jstl-1.1.2.jar
log4j-1.2.14.jar
spring-aop-2.0.8.jar
spring-beans-2.0.8.jar
spring-context-2.0.8.jar
spring-core-2.0.8.jar
spring-dao-2.0.8.jar
spring-jdbc-2.0.8.jar
spring-security-acl-2.0.4.jar
spring-security-core-2.0.4.jar
spring-security-core-tiger-2.0.4.jar
spring-security-taglibs-2.0.4.jar
spring-support-2.0.8.jar
spring-web-2.0.8.jar
spring-webmvc-2.0.8.jar
standard-1.1.2.jar

代码如下:

ListAccounts.java

  1. package bigbank.web;
  3. import javax.servlet.http.HttpServletRequest;
  4. import javax.servlet.http.HttpServletResponse;
  6. import org.springframework.util.Assert;
  7. import org.springframework.web.servlet.ModelAndView;
  8. import org.springframework.web.servlet.mvc.Controller;
  10. import bigbank.BankService;
  12. public class ListAccounts implements Controller {
  14.     private BankService bankService;
  16.     public ListAccounts(BankService bankService) {
  18.         Assert.notNull(bankService);
  19.         this.bankService = bankService;
  20.     }
  22.     public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
  24.         ModelAndView mav = new ModelAndView("listAccounts");
  25.         mav.addObject("accounts", bankService.findAccounts());
  26.         return mav;
  27.     }
  28. }

PostAccounts.java

  1. package bigbank.web;
  3. import javax.servlet.http.HttpServletRequest;
  4. import javax.servlet.http.HttpServletResponse;
  6. import org.springframework.util.Assert;
  7. import org.springframework.web.bind.ServletRequestUtils;
  8. import org.springframework.web.servlet.ModelAndView;
  9. import org.springframework.web.servlet.mvc.Controller;
  11. import bigbank.Account;
  12. import bigbank.BankService;
  14. public class PostAccounts implements Controller {
  16.     private BankService bankService;
  18.     public PostAccounts(BankService bankService) {
  20.         Assert.notNull(bankService);
  21.         this.bankService = bankService;
  22.     }
  24.     public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
  26.         Long id = ServletRequestUtils.getRequiredLongParameter(request, "id");
  27.         Double amount = ServletRequestUtils.getRequiredDoubleParameter(request, "amount");
  28.         Account a = bankService.readAccount(id);
  29.         bankService.post(a, amount);
  31.         return new ModelAndView("redirect:listAccounts.html");
  32.     }
  33. }

Account.java

  1. package bigbank;
  3. public class Account {
  5.     private long id = -1;
  6.     private String holder;
  7.     private double balance;
  9.     public Account(String holder) {
  10.         super();
  11.         this.holder = holder;
  12.     }
  14.     public long getId() {
  15.         return id;
  16.     }
  18.     public void setId(long id) {
  19.         this.id = id;
  20.     }
  22.     public String getHolder() {
  23.         return holder;
  24.     }
  26.     public void setHolder(String holder) {
  27.         this.holder = holder;
  28.     }
  30.     public double getBalance() {
  31.         return balance;
  32.     }
  34.     public void setBalance(double balance) {
  35.         this.balance = balance;
  36.     }
  38.     public String toString() {
  39.         return "Account[id=" + id + ",balance=" + balance +",holder=" + holder + "]";
  40.     }
  41. }
BankDao.java
  1. package bigbank;
  3. public interface BankDao {
  5.     public Account readAccount(Long id);
  6.     public void createOrUpdateAccount(Account account);
  7.     public Account[] findAccounts();
  8. }

BankDaoStub.java

  1. package bigbank;
  3. import java.util.HashMap;
  4. import java.util.Map;
  6. public class BankDaoStub implements BankDao {
  7.     
  8.     private long id = 0;
  9.     private Map<Long, Account> accounts = new HashMap<Long, Account>();
  10.     
  11.     public void createOrUpdateAccount(Account account) {
  12.         if (account.getId() == -1) {
  13.             id++;
  14.             account.setId(id);
  15.         }
  16.         accounts.put(new Long(account.getId()), account);
  17.         System.out.println("SAVE: " + account);
  18.     }
  20.     public Account[] findAccounts() {
  21.         Account[] a = (Account[]) accounts.values().toArray(new Account[] {});
  22.         System.out.println("Returning " + a.length + " account(s):");
  23.         for (int i = 0; i < a.length; i++) {
  24.             System.out.println(" > " + a[i]);
  25.         }
  26.         return a;
  27.     }
  29.     public Account readAccount(Long id) {
  30.         return (Account) accounts.get(id);
  31.     }
  32. }

BankService.java

  1. package bigbank;
  3. import org.springframework.security.annotation.Secured;
  5. public interface BankService {
  6.     
  7.     @Secured("IS_AUTHENTICATED_ANONYMOUSLY")
  8.     public Account readAccount(Long id);
  9.         
  10.     @Secured("IS_AUTHENTICATED_ANONYMOUSLY")
  11.     public Account[] findAccounts();
  12.     
  13.     @Secured("ROLE_TELLER")
  14.     public Account post(Account account, double amount);
  15. }

BankServiceImpl.java

  1. package bigbank;
  3. import org.aspectj.lang.annotation.Pointcut;
  4. import org.springframework.util.Assert;
  6. public class BankServiceImpl implements BankService {
  7.     
  8.     private BankDao bankDao;
  10.     // Not used unless you declare a <protect-pointcut>
  11.     @Pointcut("execution(* bigbank.BankServiceImpl.*(..))")
  12.     public void myPointcut() {}
  14.     public BankServiceImpl(BankDao bankDao) {
  15.         Assert.notNull(bankDao);
  16.         this.bankDao = bankDao;
  17.     }
  19.     public Account[] findAccounts() {
  20.         return this.bankDao.findAccounts();
  21.     }
  23.     public Account post(Account account, double amount) {
  24.         Assert.notNull(account);
  25.         Assert.notNull(account.getId());
  26.         
  27.         // We read account bank from DAO so it reflects the latest balance
  28.         Account a = bankDao.readAccount(account.getId());
  29.         if (account == null) {
  30.             throw new IllegalArgumentException("Couldn't find requested account");
  31.         }
  32.         
  33.         a.setBalance(a.getBalance() + amount);
  34.         bankDao.createOrUpdateAccount(a);
  35.         return a;
  36.     }
  38.     public Account readAccount(Long id) {
  39.         return bankDao.readAccount(id);
  40.     }
  41. }

SeedData.java

  1. package bigbank;
  3. import org.springframework.beans.factory.InitializingBean;
  4. import org.springframework.util.Assert;
  6. public class SeedData implements InitializingBean {
  7.     
  8.     private BankDao bankDao;
  10.     public void afterPropertiesSet() throws Exception {
  11.         
  12.         Assert.notNull(bankDao);
  13.         bankDao.createOrUpdateAccount(new Account("rod"));
  14.         bankDao.createOrUpdateAccount(new Account("dianne"));
  15.         bankDao.createOrUpdateAccount(new Account("scott"));
  16.         bankDao.createOrUpdateAccount(new Account("peter"));
  17.     }
  18.     
  19.     public void setBankDao(BankDao bankDao) {
  20.         this.bankDao = bankDao;
  21.     }
  22. }

applicationContext-business.xml

  1. <?xml version="1.0" encoding="UTF-8"?>
  3. <beans xmlns="http://www.springframework.org/schema/beans"
  4.     xmlns:security="http://www.springframework.org/schema/security"
  5.     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  6.     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
  7. http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
  9.     <bean id="bankDao" class="bigbank.BankDaoStub" />
  11.     <bean id="seedData" class="bigbank.SeedData">
  12.         <property name="bankDao" ref="bankDao" />
  13.     </bean>
  15.     <bean id="bankService" class="bigbank.BankServiceImpl">
  16.         <constructor-arg ref="bankDao" />
  17.         <security:intercept-methods>
  18.             <security:protect method="bigbank.BankService.*" access="IS_AUTHENTICATED_REMEMBERED" />
  19.             <security:protect method="bigbank.BankService.post" access="ROLE_TELLER" />
  20.         </security:intercept-methods>
  21.     </bean>
  23. </beans>

log4j.properties

  1. # Global logging configuration
  2. log4j.rootLogger=WARN, stdout, fileout
  4. log4j.logger.org.springframework.security=DEBUG, stdout, fileout
  6. # Console output...
  7. log4j.appender.stdout=org.apache.log4j.ConsoleAppender
  8. log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
  9. log4j.appender.stdout.layout.conversionPattern=[%p,%c{1},%t] %m%n
  11. # Rolling log file output...
  12. log4j.appender.fileout=org.apache.log4j.RollingFileAppender
  13. log4j.appender.fileout.File=spring-security-tutorial.log
  14. #log4j.appender.fileout.File=${webapp.root}/WEB-INF/log4j.log
  15. log4j.appender.fileout.MaxFileSize=1024KB
  16. log4j.appender.fileout.MaxBackupIndex=1
  17. log4j.appender.fileout.layout=org.apache.log4j.PatternLayout
  18. log4j.appender.fileout.layout.conversionPattern=%d{ABSOLUTE} %5p %c{1},%t:%L - %m%n

/secure/extreme/index.jsp

  1. <%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%>
  2. <html>
  3.     <body>
  4.         <h1>VERY Secure Page</h1>
  5.         This is a protected page. You can only see me if you are a supervisor.
  6.         <authz:authorize ifAllGranted="ROLE_SUPERVISOR">
  7.             You have "ROLE_SUPERVISOR" (this text is surrounded by <authz:authorize> tags).
  8.         </authz:authorize>
  9.         <p>
  10.         <a href="../../">Home</a>
  11.         <p>
  12.         <a href="../../j_spring_security_logout">Logout</a>
  13.     </body>
  14. </html>

/secure/index.jsp

  1. <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags"%>
  2. <html>
  3.     <body>
  4.         <h1>Secure Page</h1>
  5.         <p>
  6.             This is a protected page. You can get to me if you've been
  7.             remembered, or if you've authenticated this session.
  8.         </p>
  9.         <sec:authorize ifAllGranted="ROLE_SUPERVISOR">
  10.             You are a supervisor! You can therefore see the 
  11.             <a href="extreme/index.jsp">extremely secure page</a>.<br />
  12.             <br />
  13.         </sec:authorize>
  14.         <h3>Properties obtained using <sec:authentication /> tag</h3>
  15.         <table border="1">
  16.             <tr>
  17.                 <th>Tag</th>
  18.                 <th>Value</th>
  19.             </tr>
  20.             <tr>
  21.                 <td><sec:authentication property='name' /></td>
  22.                 <td><sec:authentication property="name" /></td>
  23.             </tr>
  24.             <tr>
  25.                 <td><sec:authentication property='principal.username' /></td>
  26.                 <td><sec:authentication property="principal.username" /></td>
  27.             </tr>
  28.             <tr>
  29.                 <td><sec:authentication property='principal.enabled' /></td>
  30.                 <td><sec:authentication property="principal.enabled" /></td>
  31.             </tr>
  32.             <tr>
  33.                 <td><sec:authentication property='principal.accountNonLocked' /></td>
  34.                 <td><sec:authentication property="principal.accountNonLocked" /></td>
  35.             </tr>
  36.         </table>
  37.         <p>
  38.         <a href="../">Home</a>
  39.         <p>
  40.         <a href="../j_spring_security_logout">Logout</a>
  41.     </body>
  42. </html>

listAccounts.jsp

  1. <%@ taglib prefix="c" uri="http://java.sun.com/jstl/core_rt"%>
  2. <h1>
  3.     Accounts
  4. </h1>
  5. <a href="index.jsp">Home3</a>
  6. <br>
  7. <br>
  8. <table>
  9.     <c:forEach var="account" items="${accounts}">
  10.         <tr>
  11.             <td>
  12.                 <c:out value="${account.id}" />
  13.             </td>
  14.             <td>
  15.                 <c:out value="${account.holder}" />
  16.             </td>
  17.             <td>
  18.                 <c:out value="${account.balance}" />
  19.             </td>
  20.             <td>
  21.                 <a href="post.html?id=<c:out value="${account.id}"/>amount=-20.00">-$20</a>
  22.                 <a href="post.html?id=<c:out value="${account.id}"/>amount=-5.00">-$5</a>
  23.                 <a href="post.html?id=<c:out value="${account.id}"/>amount=5.00">+$5</a>
  24.                 <a href="post.html?id=<c:out value="${account.id}"/>amount=20.00">+$20</a>
  25.             </td>
  26.         </tr>
  27.     </c:forEach>
  28. </table>

applicationContext-security.xml

  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <beans:beans xmlns="http://www.springframework.org/schema/security"
  3.     xmlns:beans="http://www.springframework.org/schema/beans"
  4.     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  5.     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
  6.                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
  8.     <global-method-security secured-annotations="enabled">
  9.         <protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
  10.     </global-method-security>
  11.     
  12.     <http auto-config="true">
  13.         <intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
  14.         <intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
  15.         <!-- Disable web URI authorization, as we're using <global-method-security> and have @Secured the services layer instead
  16.             <intercept-url pattern="/listAccounts.html" access="IS_AUTHENTICATED_REMEMBERED" />
  17.             <intercept-url pattern="/post.html" access="ROLE_TELLER" />
  18.         -->
  19.         <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />   
  20.     </http>
  22.     <!--
  23.     Usernames/Passwords are
  24.         rod/koala
  25.         dianne/emu
  26.         scott/wombat
  27.         peter/opal
  28.     -->
  29.     <authentication-provider>
  30.         <password-encoder hash="md5"/>
  31.         <user-service>
  32.             <user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
  33.             <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
  34.             <user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
  35.             <user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
  36.         </user-service>
  37.     </authentication-provider>
  39. </beans:beans>

bank-servlet.xml

  1. <?xml version="1.0" encoding="UTF-8"?>
  3. <beans xmlns="http://www.springframework.org/schema/beans"
  4.     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  5.     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
  7.     <bean name="/listAccounts.html" class="bigbank.web.ListAccounts">
  8.         <constructor-arg ref="bankService"/>
  9.     </bean>
  10.     
  11.     <bean name="/post.html" class="bigbank.web.PostAccounts">
  12.         <constructor-arg ref="bankService"/>
  13.     </bean>
  14.     
  15.     <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
  16.         <property name="prefix" value="/WEB-INF/jsp/"/>
  17.         <property name="suffix" value=".jsp"/>
  18.     </bean>
  20. </beans>

web.xml

  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
  3.     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  4.     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
  5.     http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
  7. <display-name>Spring Security Tutorial Application</display-name>
  9.     <context-param>
  10.         <param-name>contextConfigLocation</param-name>
  11.         <param-value>
  12.             classpath:applicationContext-business.xml
  13.             /WEB-INF/applicationContext-security.xml
  14.         </param-value>
  15.     </context-param>
  16.     
  17.     <context-param>
  18.         <param-name>log4jConfigLocation</param-name>
  19.         <param-value>/WEB-INF/classes/log4j.properties</param-value>
  20.     </context-param>    
  22.     <filter>
  23.         <filter-name>springSecurityFilterChain</filter-name>
  24.         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  25.     </filter>
  27.     <filter-mapping>
  28.       <filter-name>springSecurityFilterChain</filter-name>
  29.       <url-pattern>/*</url-pattern>
  30.     </filter-mapping>
  32.     <listener>
  33.         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  34.     </listener>
  36.     <listener>
  37.       <listener-class>org.springframework.security.ui.session.HttpSessionEventPublisher</listener-class>
  38.     </listener>
  39.     
  40.     <listener>
  41.         <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
  42.     </listener>    
  44.     <servlet>
  45.         <servlet-name>bank</servlet-name>
  46.         <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
  47.         <load-on-startup>1</load-on-startup>
  48.     </servlet>
  50.     <servlet-mapping>
  51.         <servlet-name>bank</servlet-name>
  52.         <url-pattern>*.html</url-pattern>
  53.     </servlet-mapping>
  55.      <welcome-file-list>
  56.         <welcome-file>index.jsp</welcome-file>
  57.     </welcome-file-list>
  59. </web-app>

index.jsp

  1. <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags"%>
  2. <html>
  3.     <body>
  4.         <h1>Home Page</h1>
  5.         <p>Anyone can view this page.</p>
  6.         <p>
  7.             If you're logged in, you can
  8.             <a href="listAccounts.html">list accounts</a>.
  9.         </p>
  10.         <p>
  11.             Your principal object is....:
  12.             <%=request.getUserPrincipal()%>
  13.         </p>
  14.         <p><a href="secure/index.jsp">Secure page</a></p>
  15.         <p><a href="secure/extreme/index.jsp">Extremely secure page</a></p>
  16.     </body>
  17. </html>

login.jsp

  1. <%@ taglib prefix='c' uri='http://java.sun.com/jstl/core_rt'%>
  2. <html>
  3.     <head>
  4.         <title>CUSTOM SPRING SECURITY LOGIN</title>
  5.     </head>
  7.     <body onload="document.f.j_username.focus();">
  8.         <h1>
  9.             CUSTOM SPRING SECURITY LOGIN
  10.         </h1>
  12.         <P>
  13.             Valid users:
  14.         <P>
  15.         <P>
  16.             username
  17.             <b>rod</b>, password
  18.             <b>koala</b>
  19.             <br>
  20.             username
  21.             <b>dianne</b>, password
  22.             <b>emu</b>
  23.             <br>
  24.             username
  25.             <b>scott</b>, password
  26.             <b>wombat</b>
  27.             <br>
  28.             username
  29.             <b>peter</b>, password
  30.             <b>opal</b>
  31.         <p>
  33.             <%-- this form-login-page form is also used as the
  34.          form-error-page to ask for a login again.
  35.          --%>
  36.             <c:if test="${not empty param.login_error}">
  37.                 <font color="red"> Your login attempt was not successful, try
  38.                     again.<br />
  39.                     <br /> Reason: <c:out
  40.                         value="${SPRING_SECURITY_LAST_EXCEPTION.message}" /></font>
  41.             </c:if>
  42.         <form name="f" action="<c:url value='j_spring_security_check'/>"
  43.             method="POST">
  44.             <table>
  45.                 <tr>
  46.                     <td>
  47.                         User:
  48.                     </td>
  49.                     <td>
  50.                         <input type='text' name='j_username'
  51.                             value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>' />
  52.                     </td>
  53.                 </tr>
  54.                 <tr>
  55.                     <td>
  56.                         Password:
  57.                     </td>
  58.                     <td>
  59.                         <input type='password' name='j_password'>
  60.                     </td>
  61.                 </tr>
  62.                 <tr>
  63.                     <td>
  64.                         <input type="checkbox" name="_spring_security_remember_me">
  65.                     </td>
  66.                     <td>
  67.                         Don't ask for my password for two weeks
  68.                     </td>
  69.                 </tr>
  71.                 <tr>
  72.                     <td colspan='2'>
  73.                         <input name="submit" type="submit">
  74.                     </td>
  75.                 </tr>
  76.                 <tr>
  77.                     <td colspan='2'>
  78.                         <input name="reset" type="reset">
  79.                     </td>
  80.                 </tr>
  81.             </table>
  83.         </form>
  85.     </body>
  86. </html>

注意:

<!--
    Usernames/Passwords are
        rod/koala
        dianne/emu
        scott/wombat
        peter/opal
-->

其他资源:

http://www.blogjava.net/redhatlinux/archive/2008/08/20/223148.html

http://www.blogjava.net/redhatlinux/archive/2008/09/01/226010.html

昆山人在上海
关注
专栏目录
盘点:Spring全家桶各类历史RCE漏洞浅析,没你想的难
lt_xiaodou的博客
10-10 415
Spring mvc就是spring中的一个MVC框架,主要用来开发web应用和网络接口,但是其使用之前需要配置大量的xml文件,比较繁琐,所以出现springboot,其内置tomcat并且内置默认的XML配置信息,从而方便了用户的使用。下图就直观表现了他们之间的关系。其实都用了SpEL表达式,不过addModelBindings方法传入的参数的是上面提到的binder,是写死在xml文件中的,无法去更改,所以这里面就考虑当没配置binder的情况下走进addDefaultMapping方法的情况。
SpringBoot整合Shiro之认证流程浅析
weixin_40598838的博客
06-15 315
在权限控制中,通常使用的框架有Shiro和Spring Security,大型项目中Shiro较常用,Spring Security通常用在中小型项目中,在权限控制中又分为认证和授权两种,现在就认证流程做个浅析
spring2.0 security
03-16
NULL 博文链接:https://zw7534313.iteye.com/blog/436316
Spring Security-2.0入门教程(基础篇)
xyz20003的专栏
06-04 158
欢迎阅读咱们写的Spring Security教程,咱们既不想写一个简单的入门教程,也不想翻译已有的国外教程。咱们这个教程就是建立在咱们自己做的OA的基础上,一点一滴总结出来的经验和教训。首先必须一提的是,Spring Security出身名门,它是Spring的一个子项目http://static.springsource.org/spring-security/site/index.html。...
Spring Security 2.0学习笔记
The Program World
07-05 138
    spring 2.5也发布了,Acegi 2.0也出来了,发现里面也多了很多新特性,不过好多都是英文的,所以就到处看看,记些东西,谓之笔记也,呵呵。废话不多说,配置文件当然要从web.xml开始啊。看代码。     使用安全框架第一步就是需要在web.xml文件中声明要使用的过滤器&lt;filter&gt;&lt;/filter&gt;&lt;!--&lt;br /&gt; &lt;br...
Spring Security2.0
精致-简洁-唯美
03-10 115
[url]http://www.iteye.com/topic/319965[/url] [url]http://java.chinaitlab.com/Spring/762022.html[/url]
Spring Security-2.0入门教程
shangchm
06-05 249
Spring Security-2.0入门教程 欢迎阅读咱们写的Spring Security教程,咱们既不想写一个简单的入门教程,也不想翻译已有的国外教程。咱们这个教程就是建立在咱们自己做的OA的基础上,一点一滴总结出来的经验和教训。 首先必须一提的是,Spring Security出身名门,它是Spring的一个子项目http://static.springsource.or...
JBPM源码浅析
ReeBoo
04-24 380
当前我指的JBPM是3.2版本,因为从JBPM2.0到3.0,其API从package到class都完全重新设计了,以及其背后的建模思想和架构。 在2.0版本里,是按照Spring+Hibernate那种Transaction Script方式组织的,OO的概念比较弱,里面是大量的interface、impl、service。而3.0版本,完全按Domain Model方式组织,Hibern...
各大官网 排名不分先后 持续更新
热门推荐
计算机学习园
04-11 1万+
http://www.xuanyusong.com/archives/950 http://blog.csdn.net/boyjimeking/article/details/6707743 http://www.cnblogs.com/liutianwen/archive/2012/04/18/cocos2d-xD.html http://www.cocoachina.com/
神秘的java
stay hungry,stay foolish!
11-02 1613
1.单元测试不再怕!一文学会SpringBoot单元测试2.一文搞懂🔥SpringBoot自动配置原理3.封装属于自己的Spring-Boot-Starter4.爽!🔥自定义SpringBoot的@EnableXXX注解1.灰度发布是什么?
spring-security-2.0.5
09-02
支持一大堆的权限功能,然后它又和Spring 这个当今超流行的 框架整合的很紧密,所以我们选择它
spring-security-2.0.3
07-23
spring-security-2.0.3
Spring Security Auth2.0的快速实现
云想的博客
01-12 357
Spring Security Auth2.0的快速实现 3.加入配置文件 JwtAuthencationTokenFilter RestAuthorizationEntryPoint RestfulAccessDeniedHandler JwtTokenUtil SecurityConfig 注: ResultBody是返回体,可替换,UserService是用户服务访问时在Headers里面带上key为Authorization,value则是Bearer+token 返回
spring-security2.0.2初步配置
wmj2003
07-01 143
使用了spring security之后,网页的显示速度明显变慢,看来spring security的使用还是需要优化配置的。 在web.xml中配置 &lt;!-- 配置spring acegi 使用的 和com.work.core.QxglConstants.USE_ACEGI=true 配合使用 &lt;filter&gt; &lt;fil...
[spring security笔记]2.0,web权限方案--用户认证
m0_60707623的博客
10-18 286
尚硅谷spring security 笔记二
Spring Security OAuth2.0 认证协议【1】- 基本概念
LawssssCat的博客
03-24 491
人生苦短,用新技术,及时行乐。 [x] shiro [√] spring Security [x] cas Server [√] OAuth2.0 标题解释 用 Spring Security 实现认证和授权 OAuth 2.0 一种协议,支持第三方认证(分布式) 认证方式 (单体应用)基于 session 的认证方式 客户端:要求把授权信息放在cookie里 服务端:登录信息存 se...
Spring Security OAuth2.0(3):Spring Security简单入门
不积跬步,无以至千里
07-06 675
Spring Security 快速入门。\qquadSpring Secutiry 是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。由于它是Spring生态系统的一员,因此它伴随着整个Spring生态系统不断修正、升级,在Springboot项目中加入spring security 更是十分简单,使用Spring Security 减少了为企业系统安全控制编写大量重复代码的工作。
Spring Security OAuth2.0(5):Spring Security工作原理
最新发布
不积跬步,无以至千里
07-18 378
FilterChainProxy是一个代理,真正起作用的是FilterChainProxy中SecurityFilterChain所包含的各个Filter,同时这些Filter作为Bean被管理,它们是Spring Security核心,各有各的职责,但他们并不直接处理用户的认证,也不直接处理用户的授权,而是把它们交给认证管理器(AuthenticationManager)和决策管理器(AccessDecisionManager)进行处理,下图是FilterChainProxy相关类的UML图示。
评论 4
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值