spring security 登录验证感想

最新推荐文章于 2023-02-19 16:26:58 发布

less_cold

最新推荐文章于 2023-02-19 16:26:58 发布

阅读量999

点赞数

分类专栏： java tomcat mysql jsp

本文链接：https://blog.csdn.net/less_cold/article/details/53158428

版权

java tomcat mysql jsp 专栏收录该内容

3 篇文章 0 订阅

订阅专栏

这里只是我自己的一点感想，等会会放上别人的博客地址，写的很好

首先在jsp中使用表格

<form id="loginForm" action="<%=path%>/j_spring_security_check" method="post">
</form>

然后在applicationContext-security.xml中进行配置

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:beans="http://www.springframework.org/schema/beans"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security.xsd">

    <security:http security="none" pattern="/public/**"/>
    <security:http security="none" pattern="/common/**"/>
    <security:http security="none" pattern="/login*"/>
    <security:http security="none" pattern="/home/*"/>
    <security:http security="none" pattern="/register*"/>
    <security:http security="none" pattern="/index.jsp"/>
    <security:http security="none" pattern="/maxSessionError*"/>
    <security:http security="none" pattern="/forbidden*"/>
    <security:http security="none" pattern="/userFile*"/>
    <security:http security="none" pattern="/fileStatus*"/>
    <security:http security="none" pattern="/tools*"/>

    <security:http auto-config="true" use-expressions="true">
        <security:intercept-url pattern="/user/*" access="hasRole('LOGIN_ROLE')"/>
        <security:intercept-url pattern="/notification/*" access="hasRole('LOGIN_ROLE')"/>
        <security:intercept-url pattern="/favorite/*" access="hasRole('LOGIN_ROLE')"/>
        <security:intercept-url pattern="/transaction/*" access="hasRole('LOGIN_ROLE')"/>
        <security:intercept-url pattern="/enquiry/*" access="hasRole('LOGIN_ROLE')"/>
        <security:intercept-url pattern="/demand/new/*" access="hasRole('LOGIN_ROLE')"/>
        <security:intercept-url pattern="/demand/getlist/*" access="hasRole('LOGIN_ROLE')"/>
        <security:form-login
                login-processing-url="/j_spring_security_check"
                login-page="/login"
                authentication-failure-url="/login?error=1"
                password-parameter="j_password"
                username-parameter="j_username"
                authentication-success-handler-ref="loginSuccessHandler"
        ></security:form-login>
        <security:logout invalidate-session="true" logout-url="/logout" delete-cookies="true"
                         success-handler-ref="logoutSuccessHandler"/>
        <security:access-denied-handler error-page="/forbidden"/>
        <security:session-management session-fixation-protection="newSession">
            <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="false"
                                          expired-url="/maxSessionError"/>
        </security:session-management>

        <!--<security:custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" />-->
    </security:http>

    <!--用户管理-->
    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider user-service-ref="userInfoProvider">
            <security:password-encoder hash="md5" base64="true"/>
        </security:authentication-provider>
    </security:authentication-manager>

    <beans:bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>
    <beans:bean id="authorizationListener" class="org.springframework.security.access.event.LoggerListener"/>

    <!--过滤器-->
    <!--  <beans:bean id="myFilter" class="com.authority.filter.MyFilterSecurityInterceptor">
          <beans:property name="authenticationManager" ref="authenticationManager"/>
          <beans:property name="accessDecisionManager"  ref="myAccessDesisionmanager"/>
          <beans:property name="securityMetadataSource" ref="mySecurityMetadataSource"/>
      </beans:bean>-->

    <!--用户信息Provider-->
    <bean id="userInfoProvider" class="com.qingneng.service.Impl.AuthenticationServiceImpl"/>

    <!--登陆成功-->
    <bean id="loginSuccessHandler" class="com.qingneng.handler.LoginSuccessHandler"/>
    <!--退出登录-->
    <bean id="logoutSuccessHandler" class="com.qingneng.handler.LogoutSuccessHandlerImpl"/>
    <!--登陆失败-->
    <bean id="loginFailHandler" class="com.qingneng.handler.LoginFailHandler"/>

</beans>

在<security:form-login 中进行了一些基本的登录跳转配置等，

下面还有很多登出、session等配置

重点！

在中，进行了自定义UserdetailsServer的配置

在之后extends Userdetails时调用的是这里的这个配置。

然后在applicationContext-hibernate.xml中

进行了数据库的一些配置等等，我现在还不是完全明白这个构造，所以先这么记着

放一个别人写的的网址，这个哥们写的很不错

http://blog.csdn.net/yin380697242/article/details/51959422

less_cold

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
spring security 登录验证感想

这里只是我自己的一点感想，等会会放上别人的博客地址，写的很好首先在jsp中使用表格/j_spring_security_check" method="post">然后在applicationContext-security.xml中进行配置<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xs
复制链接

扫一扫