SpringSecurity入门例子及遇到的问题解决

最近学习《Spring 实战》学习到了SpringSecurity，觉得书本上的例子过于复杂，而且不喜欢它基于java配置，更喜欢用xml文件进行配置

于是在极客学院网上学习，感觉挺不错的，由浅入深，推荐，附上网址：http://wiki.jikexueyuan.com/project/spring-security/first-experience.html

 

我的例子是看上面了，自己在进行了简单的配置。

我的项目是基于maven的，所以添加依赖成为了关键

spring security需要spring-security-config,spring-security-web即可，肯能是例子过于简单，并没有用到spring security的另外两个常用jar包spring-security-taglibs和spring-security-core

另外，还需要加入commons-logging，这是spring需要的jar包，否则将会报错：错误如下

 At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.

 

具体的pom.xml文件如下：

 1 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 2   xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 3   <modelVersion>4.0.0</modelVersion>
 4   <groupId>SpringSecurity</groupId>
 5   <artifactId>SpringSecurity</artifactId>
 6   <packaging>war</packaging>
 7   <version>1.0-SNAPSHOT</version>
 8   <name>SpringSecurity Maven Webapp</name>
 9   <url>http://maven.apache.org</url>
10 
11   <!--classpath-->
12   <build>
13     <resources>
14       <resource>
15         <directory>src/main/java</directory>
16       </resource>
17       <resource>
18         <directory>src/main/resources</directory>
19         <includes>
20           <include>**/*.xml</include>
21           <include>**/*.properties</include>
22         </includes>
23       </resource>
24     </resources>
25   </build>
26 
27   <dependencies>
28 
29     <dependency>
30       <groupId>org.springframework.security</groupId>
31       <artifactId>spring-security-web</artifactId>
32       <version>3.1.0.RELEASE</version>
33     </dependency>
34 
35     <dependency>
36       <groupId>org.springframework.security</groupId>
37       <artifactId>spring-security-config</artifactId>
38       <version>3.1.0.RELEASE</version>
39     </dependency>
40 
41 
42     <dependency>
43       <groupId>commons-logging</groupId>
44       <artifactId>commons-logging</artifactId>
45       <version>1.1.1</version>
46     </dependency>
47 
48     <dependency>
49       <groupId>javax.servlet</groupId>
50       <artifactId>servlet-api</artifactId>
51       <version>2.5</version>
52     </dependency>
53 
54     <dependency>
55       <groupId>junit</groupId>
56       <artifactId>junit</artifactId>
57       <version>4.12</version>
58       <scope>test</scope>
59     </dependency>
60 
61 
62   </dependencies>
63 
64 </project>

 

　　

更重要的还有spring security的配置文件和web.xml

先讲web.xml

spring配置文件需要加载spring security的配置文件，一般是在web.xml中指定它为spring的初始配置文件，通过<context-param/>元素

还需要定义filter用来拦截需要给spring security处理的请求，注意，该filter一定要定义在其他拦截器之前

<listener>用来加载spring的配置文件

完整的web.xml代码如下：

 1 <?xml version="1.0" encoding="UTF-8"?>
 2 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 3          xmlns="http://xmlns.jcp.org/xml/ns/javaee"
 4          xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
 5          id="WebApp_ID" version="3.1">
 6     <context-param>
 7         <param-name>contextConfigLocation</param-name>
 8         <param-value>classpath:spring-security.xml</param-value>
 9     </context-param>
10 
11     <filter>
12         <filter-name>springSecurityFilterChain</filter-name>
13         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
14     </filter>
15     <filter-mapping>
16         <filter-name>springSecurityFilterChain</filter-name>
17         <url-pattern>/*</url-pattern>
18     </filter-mapping>
19 
20     <listener>
21         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
22     </listener>
23 </web-app>

在讲一下spring-security.xml配置文件
spring-security配置文件需要配置两样东西
1)配置权限控制的规则
里面的元素简介
security：是用命名空间的一个前缀
intercept-ref:定义权限控制的柜子
pattern：表示对哪些url进行权限控制
access：表示在请求对应url时需要什么权限
role前缀：提示spring是用基于角色的检查的标记
2)配置认证
user-service用于获取用户信息
里面配置一些登陆的用户密码和用户名

具体的spring-security配置文件如下

 1 <beans xmlns="http://www.springframework.org/schema/beans"
 2        xmlns:security="http://www.springframework.org/schema/security"
 3        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 4        xsi:schemaLocation="http://www.springframework.org/schema/beans
 5           http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
 6           http://www.springframework.org/schema/security
 7           http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 8     <security:http auto-config="true">
 9         <security:intercept-url pattern="/**" access="ROLE_USER"/>
10     </security:http>
11 
12     <security:authentication-manager>
13         <security:authentication-provider>
14             <security:user-service>
15                 <security:user name="user" password="user" authorities="ROLE_USER"/>
16                 <security:user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN"/>
17             </security:user-service>
18         </security:authentication-provider>
19     </security:authentication-manager>
20 
21 </beans>

当指定 http 元素的 auto-config=”true” 时，就相当于如下内容的简写:

1  <security:http>
2       <security:form-login/>
3       <security:http-basic/>
4       <security:logout/>
5    </security:http>

<security:form-login/>的优先级高于<security:http-basic/>，所以两者都存在时会采用<security:form-login/>

<security:http-basic/>是弹窗效果的表单验证

转载于:https://www.cnblogs.com/Hdaydayup/p/6805425.html