Spring MVC 结合Spring Security的最小配置
相关的maven坐标
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
上面配置中没有版本号的原因是使用了Spring IO做依赖配置管理。
spring web application context简单配置
SpringWebAppInitializer.java
public class SpringWebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class<?>[]{RootConfig.class};
//return null;
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class<?>[]{WebConfig.class};
}
@Override
protected String[] getServletMappings() {
return new String[]{"/"};
}
@Override
protected void customizeRegistration(ServletRegistration.Dynamic registration) {
registration.setLoadOnStartup(1);
}
}
WebConfig.java
@Configuration
@EnableWebMvc
@ComponentScan("cn.fruitd") /*启动组建扫描*/
public class WebConfig extends WebMvcConfigurerAdapter {
/**
* 配置JSP试图解析器
*
* @return
*/
@Bean
public ViewResolver viewResolver() {
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("/WEB-INF/views/");
resolver.setSuffix(".jsp");
resolver.setExposeContextBeansAsAttributes(true);
return resolver;
}
/**
* 配置静态资源处理
*
* @param configurer
*/
@Override
public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
}
RootConfig.class
@Configuration
@ComponentScan(basePackages = {"cn.fruitd"},
excludeFilters = {
@ComponentScan.Filter(type = FilterType.ANNOTATION, value = EnableWebMvc.class)
})
public class RootConfig {
}
1.注册DispatchServlet
2.注册相关的web配置(webConfig.java)
代码配置
/**
* 注册security filter chain
*/
public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic();
}
}
该类必须继承WebSecurityConfigurerAdapter
和覆盖configure
方法,configure
有三个不同的重载,有不同的作用,后面补充。
按照以上配置既可以使用Spring Security了EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.and()
.authorizeRequests()
.anyRequest()
.authenticated();
}
}
`
WebSecurityConfigurerAdapter
该类必须继承和覆盖
configure方法,
configure“有三个不同的重载,有不同的作用,后面补充。
按照以上配置既可以使用Spring Security了