博客开发笔记四——Spring Secruity 3最小系统-CSDN博客

1、配置

<?xml version="1.0" encoding="UTF-8"?>

< b:beans xmlns = "http://www.springframework.org/schema/security"

xmlns:b = "http://www.springframework.org/schema/beans"

xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation = "http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.4.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd

" >

< global-method-security pre-post-annotations = "enabled" >

</ global-method-security >

< http use-expressions = "true" auto-config = "true" >

< intercept-url pattern = "/**/*" access = "permitAll" />

< form-login login-page = "/user/login.page" default-target-url = "/index.page" authentication-failure-url = "/user/login.page?login_error=1" />

< http-basic />

< logout logout-success-url = "/user/logout.page" />

< remember-me />

</ http >

< b:bean id = "passwordEncoder" class = "org.springframework.security.authentication.encoding.Md5PasswordEncoder" ></ b:bean >

< authentication-manager >

< authentication-provider >

< password-encoder ref = "passwordEncoder" >

< salt-source user-property = "username" />

</ password-encoder >

< jdbc-user-service data-source-ref = "oracleDataSource" />

</ authentication-provider >

</ authentication-manager >

</ b:beans >

2、数据库Schema

create table users(      username varchar_ignorecase(50) not null primary key,      password varchar_ignorecase(50) not null,      enabled boolean not null);  create table authorities (      username varchar_ignorecase(50) not null,      authority varchar_ignorecase(50) not null,      constraint fk_authorities_users foreign key(username) references users(username));      create unique index ix_auth_username on authorities (username,authority);

3、使用

3.1用户注册

//密码进行编码保存

password = passwordEncoder .encodePassword(password, username);

Vector<GrantedAuthority> authList = new Vector<GrantedAuthority>();

//一定要加Authority，不然登陆不了

authList.add( new GrantedAuthorityImpl( "ROLE_USERS" ));

User user = new User(username, password, true , true , true , true , authList);

userDetailsManager .createUser(user);

return "redirect:" + referer;

3.2登陆页面

<%@ page language = "java" contentType = "text/html; charset=ISO-8859-1"

pageEncoding = "ISO-8859-1" %>

<%@ taglib prefix = 'c' uri = 'http://java.sun.com/jstl/core_rt' %>

<! DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd" >

< html >

< head >

< meta http-equiv = "Content-Type" content = "text/html; charset=ISO-8859-1" >

< title > Insert title here </ title >

</ head >

< body >

< c:if test = " ${ not empty param.login_error} " >

< font color = "red" >

Your login attempt was not successful, try again. < br />< br />

Reason: < c:out value = " ${SPRING_SECURITY_LAST_EXCEPTION.message} " /> .

</ font >

</ c:if >

< form name = "f" action = " < c:url value = '/j_spring_security_check' /> " method = "POST" >

< table >

< tr >< td > User: </ td >< td >< input type = 'text' name = 'j_username' value = ' < c:if test = " ${ not empty param.login_error} " >< c:out value = " ${SPRING_SECURITY_LAST_USERNAME} " /></ c:if > ' /></ td ></ tr >

< tr >< td > Password: </ td >< td >< input type = 'password' name = 'j_password' ></ td ></ tr >

< tr >< td >< input type = "checkbox" name = "_spring_security_remember_me" ></ td >< td > Don't ask for my password for two weeks </ td ></ tr >

< tr >< td colspan = '2' >< input name = "submit" type = "submit" ></ td ></ tr >

< tr >< td colspan = '2' >< input name = "reset" type = "reset" ></ td ></ tr >

</ table >

</ form >

</ body >

</ html >

3.3应用

< sec:authorize access = "hasRole('ROLE_USERS')" >< a href = "#fast_pub" > 发表文章 </ a > < a href = "./content/editcatalog.page" > 管理分类 </ a > < a href = " < c:url value = "/j_spring_security_logout" /> " > 注销 </ a > </ sec:authorize >

上面代码写在jsp页面里面，意思是拥有ROLE_USERS角色的用户才能访问