pom依赖
<properties>
<spring.version>5.0.2.RELEASE</spring.version>
<slf4j.version>1.6.6</slf4j.version>
<log4j.version>1.2.12</log4j.version>
<shiro.version>1.2.3</shiro.version>
<mybatis.version>3.4.5</mybatis.version>
<spring.security.version>5.0.1.RELEASE</spring.security.version>
</properties>
<dependencies>
<!-- spring -->
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<version>1.6.8</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.6</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<!-- log start -->
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>${log4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>${slf4j.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
<version>${slf4j.version}</version>
</dependency>
<!-- log end -->
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis</artifactId>
<version>${mybatis.version}</version>
</dependency>
<dependency>
<groupId>org.mybatis</groupId>
<artifactId>mybatis-spring</artifactId>
<version>1.3.0</version>
</dependency>
<dependency>
<groupId>c3p0</groupId>
<artifactId>c3p0</artifactId>
<version>0.9.1.2</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>com.github.pagehelper</groupId>
<artifactId>pagehelper</artifactId>
<version>5.1.2</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.0.9</version>
</dependency>
<dependency>
<groupId>javax.annotation</groupId>
<artifactId>jsr250-api</artifactId>
<version>1.0</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.2</version>
</plugin>
</plugins>
</build>
web.xml配置
<!--配置Spring监听器--> 整合加上注意加上这个监听器
<listener>z
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:springSecurty.xml</param-value>
</context-param>
<!--配置过滤器链-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
SpringSecurity配置文件中配置
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!--注意细节:如果我们直接登录,默认会跳转到首页,如果从某个页面选择登录,那么SpringSecurity会自动重定向到你
想去的页面
401和403都是权限不足-->
<!--释放静态资源-->
<!--为什么要释放,因为在访问资源时必须要有我们设定的角色权限才可以,在访问首页时我们还没有登录
因此如果不释放会一直重定向到登录页面,登录失败也是如此,失败也是没有角色如果不释放到不了我们设定的
认证失败页面-->
<security:http pattern="/login.jsp" security="none"/>
<security:http pattern="/failer.jsp" security="none"/>
<!--配置springSecurity的基本配置
auto-config:有登录页面会使用有的登录页面,如果没有会找SpringSecurity自带的认证页面
将use-expressions改为false会使用SpringSecurity默认的认证页面
use-expression:开启对el表达式的支持-->
<security:http auto-config="true" use-expressions="true">
<!--配置认证角色 注意框架区分大小写-->
<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<!--配置认证相关信息login-page:认证页面
login-processing-url:认证处理器路径(必须写login)
default-target-url:认证成功后跳转的路径
authentication-failure-url:认证失败跳转的页面-->
<security:form-login login-page="/login.jsp"
login-processing-url="/login"
default-target-url="/sucess.jsp"
authentication-failure-url="/filter.jsp"
/>
<!--登出相关配置
invalidate-session:表示退出登录后清空session
logout-url:退出登录的处理器地址
logou-sucess-url:退出登录后跳转的页面-->
<security:logout invalidate-session="true"
logout-url="/logout"
logout-success-url="/login.jsp"
/>
<!--关闭csrf拦截器(必须拦截关闭拦截,springSecurity默认只要不是框架内部的请求,全都会被
当做csrf攻击,被拦截。所以使用SpringSecurity必须关闭csrf-->
<security:csrf disabled="true"/>
</security:http>
<!--
在内存中放置两个临时用户
一个用户名是user密码也是user,角色为ROLE_USER
一个用户名是admin密码也是admin,角色为ROLE_ADMIN
springsecurity默认就是加密认证,如果要不加密认证
需要加上{noop}
-->
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="user" password="{noop}user"
authorities="ROLE_USER" />
<security:user name="admin" password="{noop}admin"
authorities="ROLE_ADMIN" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
简单的认证页面
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>认证页面</title>
</head>
<body>
//主要是路径后的/login处理器
<form action="${pageContext.request.contextPath}/login" method="post">
用户名:<input type="text" name="username">
密码:<input type="password" name="password">
<input type="submit" value="登录">
</form>
</body>
</html>
认证成功页面
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>认证成功页面</title>
</head>
<body>
<a href="${pageContext.request.contextPath}/logout">退出登录</a>
</body>
</html>
认证失败页面
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>登录失败页面</title>
</head>
<body>
<h1>认证失败!!!!</h1>
</body>
</html>
默认Index页面(在没有指定页面时会默认跳转到此页面)
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>项目的首页</title>
</head>
<body>
<h1>项目的首页</h1>
<br>
<a href="${pageContext.request.contextPath}/logout">退出登录</a>
</body>
</html>