一个简单的spring security +hibernate的简单demo
环境 Spring Security 3.x
hibernate 3
tomcat6
1.新建一个web工程名称为spring-security
导入所需jar
以上之列出来spring及security相关jar包
2.配置web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>spring</display-name>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/log4j.properties</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<filter>
<filter-name>struts2Filter</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/config/spring.xml,/WEB-INF/config/spring/spring-security.xml</param-value>
</context-param>
<filter>
<filter-name>encoding</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- <filter-mapping>
<filter-name>struts2Filter</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping> -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
一个简单的spring security +hibernate的简单demo
环境 Spring Security 3.x
hibernate 3
tomcat6
1.新建一个web工程名称为spring-security
导入所需jar
以上之列出来spring及security相关jar包
2.配置web.xml
- <?xml version="1.0" encoding="UTF-8"?>
- <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
- <display-name>spring</display-name>
- <context-param>
- <param-name>log4jConfigLocation</param-name>
- <param-value>/WEB-INF/log4j.properties</param-value>
- </context-param>
- <listener>
- <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
- </listener>
- <filter>
- <filter-name>struts2Filter</filter-name>
- <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
- </filter>
- <listener>
- <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
- </listener>
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>/WEB-INF/config/spring.xml,/WEB-INF/config/spring/spring-security.xml</param-value>
- </context-param>
- <filter>
- <filter-name>encoding</filter-name>
- <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
- <init-param>
- <param-name>encoding</param-name>
- <param-value>UTF-8</param-value>
- </init-param>
- <init-param>
- <param-name>forceEncoding</param-name>
- <param-value>true</param-value>
- </init-param>
- </filter>
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <filter-mapping>
- <filter-name>encoding</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
- <!-- <filter-mapping>
- <filter-name>struts2Filter</filter-name>
- <url-pattern>*.action</url-pattern>
- </filter-mapping> -->
- <welcome-file-list>
- <welcome-file>index.jsp</welcome-file>
- </welcome-file-list>
- </web-app>
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>spring</display-name>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/log4j.properties</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<filter>
<filter-name>struts2Filter</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/config/spring.xml,/WEB-INF/config/spring/spring-security.xml</param-value>
</context-param>
<filter>
<filter-name>encoding</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- <filter-mapping>
<filter-name>struts2Filter</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping> -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
3.配置spring.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
<bean id="propertyConfigurer"
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<list>
<value>WEB-INF/config/jdbc.properties</value><!--数据库配置存放-->
</list>
</property>
</bean>
<!-- 以下配置数据源, 使用连接池 -->
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName" value="${jdbc.driverClassName}" />
<property name="url" value="${jdbc.url}" />
<property name="username" value="${jdbc.username}" />
<property name="password" value="${jdbc.password}" />
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate3.LocalSessionFactoryBean">
<property name="dataSource">
<ref bean="dataSource" />
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect"> org.hibernate.dialect.OracleDialect
</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.format_sql">true</prop>
</props>
</property>
<property name="mappingLocations">
<list>
<value>classpath:/com/common/dm/*.hbm.xml</value>
</list>
</property>
</bean>
<bean id="usersDao" class="com.common.dao.UsersDaoImpl">
<property name="sessionFactory" ref="sessionFactory"></property>
</bean>
</beans>
3.spring- security.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<global-method-security pre-post-annotations="enabled" />
<http auto-config="true" access-denied-page="/403.jsp"><!-- 自定义无权限页面 -->
<!-- 自定义登录页面,若不定义则spring自动生成 -->
<form-login login-page="/login.jsp" />
<intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY" /><!--不进行拦截 -->
<intercept-url pattern="/index.jsp*" access="ROLE_ADMIN,ROLE_VISIT" />
<intercept-url pattern="/admin.jsp*" access="ROLE_ADMIN" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="myAuthenticationProvider">
</authentication-provider>
<!-- <authentication-provider> <user-service> <user name="WJL" password="WJL"
authorities="ROLE_ADMIN"/> </user-service> </authentication-provider> -->
</authentication-manager>
<beans:bean id="myAuthenticationProvider"
class="com.common.security.MyhAuthenticationProvider">
<beans:property name="usersDao" ref="usersDao"></beans:property>
</beans:bean>
</beans:beans>
在MyhauthenticationProvider中进行与数据库的交互;
代码如下
package com.common.security;
import java.util.ArrayList;
import java.util.Collection;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import com.common.dao.UsersDao;
import com.common.dm.Users;
/**
* <p>
* mailto: reven_wjl@163.com
* </p>
*
* @author reven
* @date 2012-9-23
* @version 1.0.1
*/
public class MyhAuthenticationProvider implements UserDetailsService {
private UsersDao usersDao;
public UsersDao getUsersDao() {
return usersDao;
}
public void setUsersDao(UsersDao usersDao) {
this.usersDao = usersDao;
}
public UserDetails loadUserByUsername(String userName)
throws UsernameNotFoundException {
// TODO Auto-generated method stub
Collection<GrantedAuthority> auths = new ArrayList<GrantedAuthority>();
Users user = usersDao.getUserByUserName(userName);
if(user != null){
String password = user.getPassword();
String limit = user.getLimits();
if (limit.equals("1")) {
GrantedAuthorityImpl auth = new GrantedAuthorityImpl("ROLE_ADMIN");
auths.add(auth);
}
if (limit.equals("0")) {
GrantedAuthorityImpl auth = new GrantedAuthorityImpl("ROLE_VISIT");
auths.add(auth);
}
User userspring = new User(userName, password, true, true, true, true,
auths);
return userspring;
}else{
return null;
}
}
}
与数据库交互的方法就不列举了,很简单
login.jsp格式
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>用户登录</title>
<script>
</script>
</head>
<body>
<h3>用户登录</h3>
<form action='/spring-security/j_spring_security_check' method='POST'>
用户名:<input type="text" name="j_username"/>
密码:<input type="password" name="j_password"/>
<input type="submit">
<label style="color: red">${sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message}</label>//错误信息
</form>
</body>
</html>