-
引入Spring Security4.0所需的jar包
<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>4.0.3.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>4.0.3.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>4.0.3.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> <version>4.0.3.RELEASE</version> </dependency>
-
在web.xml中新增下面的过滤器配置
<!-- spring security过滤器 --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
-
新增一个Spring Security的配置文件
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <http use-expressions="false"> <!-- 使登录页面可以匿名访问 --> <intercept-url pattern="/security/login*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <intercept-url pattern="/**" access="ROLE_USER" /> <!-- login-page:自定义登录界面的url为 /security/login default-target-url:登录成功后跳转url always-use-default-target:登录成功后是否总是跳转到default-target-url,如果为false,则只有是主动访问登录页面时才跳转到default-target-url, 访问受保护的资源而登录则不跳转到default-target-url --> <form-login login-page='/security/login' default-target-url='/home.htm' always-use-default-target='false' authentication-failure-url="/security/login?error=1"/> <logout /> </http> <authentication-manager> <authentication-provider> <h3><pre name="code" class="html"> <!--配置用户名、密码、角色,有多种配置方式,此处采用固定配置进行测试--> <user-service> <user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" /> <user name="bob" password="bobspassword" authorities="ROLE_USER" /> </user-service> </authentication-provider> </authentication-manager> </beans:beans>
-
上面的配置除了/security/login这个url外,访问其他url都将自动跳转到/security/login进行登录,登录页面表单名称默认如下:
<form action="/login" method="post"> <sec:csrfInput /> <!--需要引入<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>--> <input type="text" name="username" placeholder="输入用户名"> <input type="password" name="password" placeholder="输入密码"> <button type="submit" name="submit" class="btn btn-primary" id="login-submit-btn">登录</button> </form>
Spring Security4使用(一)
最新推荐文章于 2024-03-31 12:06:58 发布