Spring 集成SpringSecurity
gitee项目地址:https://gitee.com/zxm7649/SSH-JSP-01/blob/master/pom.xml
导入依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>cn.java</groupId>
<artifactId>demo_java</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>war</packaging>
<name>demo_java Maven Webapp</name>
<!-- FIXME change it to the project's website -->
<url>http://www.example.com</url>
<!-- 版本锁定 -->
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<spring.version>5.0.2.RELEASE</spring.version>
<skipTests>true</skipTests> <!--mvn命令打包跳过test-->
<spring.security.version>3.2.3.RELEASE</spring.security.version>
<log4j.version>2.13.3</log4j.version>
</properties>
<dependencies>
<!-- springMVC依赖 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- 必备 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- 必备 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<!-- 必备 -->
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.0</version>
<scope>provided</scope>
</dependency>
<!-- 必备 -->
<dependency>
<groupId>net.officefloor.spring</groupId>
<artifactId>spring</artifactId>
<version>3.20.0</version>
<type>pom</type>
</dependency>
<!-- Servlet必备 -->
<dependency>
<groupId>tomcat</groupId>
<artifactId>servlet-api</artifactId>
<version>5.5.23</version>
</dependency>
<!--JavaWeb jstl 表达式 -->
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<!-- AOP事务 -->
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjrt</artifactId>
<version>1.6.11</version>
</dependency>
<dependency>
<groupId>org.aspectj</groupId>
<artifactId>aspectjweaver</artifactId>
<version>1.6.11</version>
</dependency>
<dependency>
<groupId>cglib</groupId>
<artifactId>cglib</artifactId>
<version>2.1</version>
</dependency>
<!-- mysql驱动必备 -->
<dependency>
<groupId>nl.demon.shadowland.freedumbytes.maven.dependencies</groupId>
<artifactId>mysql</artifactId>
<version>5.0.2</version>
<type>pom</type>
</dependency>
<!-- spring security安全框架 3.2.3.RELEASE -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<!-- springmvc文件上传组件包 -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.1</version>
</dependency>
<!-- hibernate开发包 -->
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>4.3.5.Final</version>
</dependency>
<!-- hibernate 缓存, 视情况添加-->
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-ehcache</artifactId>
<version>4.3.5.Final</version>
</dependency>
<dependency>
<groupId>com.gozefo.brahma</groupId>
<artifactId>brahma-hibernateutils</artifactId>
<version>1.0.1</version>
</dependency>
<!-- 日志与测试-->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>${log4j.version}</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>${log4j.version}</version>
</dependency>
<!-- dom4j 包 -->
<dependency>
<groupId>org.dom4j</groupId>
<artifactId>dom4j</artifactId>
<version>2.1.1</version>
</dependency>
<!-- 文件上传组件-->
<dependency>
<groupId>commons-fileupload</groupId>
<artifactId>commons-fileupload</artifactId>
<version>1.3.1</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
<version>2.4</version>
</dependency>
<!--要通过maven进行打包操作 需要这个插件-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<version>2.2.5.RELEASE</version>
</dependency>
<!-- OSS文件系统-->
<dependency>
<groupId>com.aliyun.oss</groupId>
<artifactId>aliyun-sdk-oss</artifactId>
<version>3.10.2</version>
</dependency>
<dependency>
<groupId>com.aliyun</groupId>
<artifactId>aliyun-java-sdk-core</artifactId>
<version>4.5.3</version>
</dependency>
<dependency>
<groupId>com.aliyun.oas</groupId>
<artifactId>aliyun-oas</artifactId>
<version>0.2.5</version>
</dependency>
</dependencies>
</project>
配置web.xml文件
tomcat配置文件
<web-app
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1">
<display-name>Archetype Created Web Application</display-name>
<!--———————————— 配置Spring监听器,默认只加载WEB-INF目录下的applicationContent.xml配置文件———————————— -->
<!-- 加载spring配置文件 -->
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:spring.xml
</param-value>
</context-param>
<!--—————————————————————————————— 配置spring security 安全框架过滤器 ——————————————————————————————-->
<filter>
<!-- 注意:springSecurityFilterChain这个名字不能变动,不然就会报错-->
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<!-- 注意:这里不能为/,必须为/*,否则会出现问题 -->
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--—————————————————————————— 解决乱码:增加spring编码过滤器配置 ——————————————————————————-->
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>
org.springframework.web.filter.CharacterEncodingFilter
</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/</url-pattern>
</filter-mapping>
<!--——————————————— 配置前端控制器,并加载springmvc配置文件,拦截任何请求 ——————————————————————————-->
<!-- Spring MVC 过滤器-->
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:springmvc.xml</param-value>
</init-param>
<!--配置容器在启动的时候就加载这个servlet并实例化-->
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
配置hibernate核心配置文件
hibernate.cfg.xml文件
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE hibernate-configuration PUBLIC
"-//Hibernate/Hibernate Configuration DTD//EN"
"http://www.hibernate.org/dtd/hibernate-configuration-3.0.dtd">
<hibernate-configuration>
<session-factory>
<!-- mysql账户名 -->
<property name="connection.username">root</property>
<!-- mysql密码 -->
<property name="connection.password">123456</property>
<!-- mysql驱动 -->
<property name="connection.driver_class">com.mysql.jdbc.Driver</property>
<!-- mysql连接URL -->
<property name="connection.url">
jdbc:mysql://192.168.56.106:3306/x_data?useUnicode=true&characterEncoding=UTF-8
</property>
<!-- 数据库方言 -->
<property name="dialect">org.hibernate.dialect.MySQLDialect</property>
<!-- 显示sql语句 -->
<property name="show_sql">true</property>
<!-- 格式化sql语句 -->
<property name="format_sql">true</property>
<!-- 表示每次hibernate容器操作后进行数据的更新 -->
<property name="hbm2ddl.auto">update</property>
<!-- 映射vojo对象添加刚刚生成的映射类-->
<mapping class="cn.mldn.lxh.vo.Student"/>
<mapping class="cn.mldn.lxh.vo.Teacher"/>
<mapping class="cn.mldn.lxh.vo.Stucls"/>
</session-factory>
</hibernate-configuration>
配置spring核心配置文件
配置spring.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-4.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.1.xsd">
<!-- —————————————————————————————————————————— spring配置:这里主要配置与业务逻辑有关的配置 —————————————————————————————————————————— -->
<!-- 开启注解扫描:spring容器需要扫描的包-->
<context:component-scan base-package="cn.mldn.lxh">
<!-- 配置不扫描哪些注解:不扫描@Controller注解,此注解交由SpringMVC进行管理-->
<context:exclude-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
</context:component-scan>
<!-- 开启spring对AOP注解的支持 只对扫描过的bean有效-->
<aop:aspectj-autoproxy proxy-target-class="true" />
<!--————————————————————————— 启动Spring的安全验证 —————————————————————————-->
<security:global-method-security
jsr250-annotations="enabled" secured-annotations="enabled"/>
<!-- 使用手工配置的安全操作,使用表单提交,如果出现了授权访问问题,则跳转到403.jsp页面 -->
<security:http access-denied-page="/403.jsp">
<security:form-login
login-page="/login.jsp"
login-processing-url="/login"
default-target-url="/pages/back/list.action"
authentication-failure-url="/login.jsp?errot=true"/>
<security:logout
logout-success-url="/login.jsp"
delete-cookies="JSESSIONID"/>
<!-- 配置spring安全框架访问数据库后的角色信息 -->
<security:intercept-url pattern="/**" access="ROLE_ADMIN,ROLE_USER"/>
<!-- 配置Session的管理操作,如果session失效跳转到login.jsp页面 -->
<security:session-management invalid-session-url="/login.jsp?ses=invalid">
<security:concurrency-control
max-sessions="1"
error-if-maximum-exceeded="true"
expired-url="/login.jsp?ses=destroy"/>
</security:session-management>
</security:http>
<!-- 配置认证登录信息 从数据库读取账户 -->
<security:authentication-manager>
<!--提供服务类 去数据库查询账户密码-->
<security:authentication-provider user-service-ref="teacherServiceImpl"/>
</security:authentication-manager>
</beans>
TeacherServiceImpl登录验证服务
登录验证服务,必须继承UserDetailsService类,并且实现 loadUserByUsername方法
package cn.mldn.lxh.service.impl;
@Service
public class TeacherServiceImpl extends UserDetailsService {
@Resource
private TeacherDAOimpl teaDao;
@Override
public UserDetails loadUserByUsername(String username) {
System.out.println("username: " + username);
// 根据用户名从数据库获取用户对象
List<Teacher> all = null;
try {
all = teaDao.fildS("tea_user", username);
} catch (Exception e) {
e.printStackTrace();
}
// 由于是根据用户名进行查询,返回的是一个集合,默认取第一个对象
Teacher tea = all.get(0);
// 判断用户是否存在
if (tea != null) {
Collection<GrantedAuthority> authorities = new ArrayList<>();
GrantedAuthority grantedAuthority = null;
// 判断用户名是否为admin,是的话赋予admin权限,否则赋予普通用户权限
if (tea.getTeaUser().trim() == "admin" || tea.getTeaUser().trim().equals("admin")) {
grantedAuthority = new SimpleGrantedAuthority("ROLE_ADMIN");
} else {
grantedAuthority = new SimpleGrantedAuthority("ROLE_USER");
}
System.out.println("用户名:" + tea.getTeaUser() + "----------密码:" + tea.getTeaPass());
authorities.add(grantedAuthority);
// 将用户名,密码,以及用户拥有的权限封装到security安全框架中并返回给安全框架进行管理。
User user = new User(tea.getTeaUser(), tea.getTeaPass(), authorities);
return user;
}
return null;
}
}
配置SpringMvc核心配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-4.1.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.1.xsd">
<!-- —————————————————————————————————————————— SpringMVC配置 —————————————————————————————————————————— -->
<!-- 1、开启注解扫描:SprigMVC需要扫描的包,并关闭默认的扫描方式-->
<context:component-scan base-package="cn.mldn.lxh" use-default-filters="false">
<!--配置扫描哪些注解:springMVC只需要管理,@Controller -->
<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
</context:component-scan>
<!-- 2、视图解析器 表示以后在ModelAndView中设置只要是跳转到jsp文件,不需要设置前缀,和后缀了,只需要定义中间路径即可-->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/pages/"/> <!-- 表示路径的前缀 -->
<property name="suffix" value=".jsp"/> <!-- 表示路径的后缀 -->
</bean>
<!-- 3、两个标准配置-->
<!-- 能支持springmvc更多的高级功能,如:JSR303校验,快捷AJAX。。。映射动态请求-->
<mvc:annotation-driven/>
<!-- 将springmvc不能处理的请求交给tomcat进行处理 -->
<mvc:default-servlet-handler/>
<!-- 4、 文件上传配置 -->
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="defaultEncoding" value="utf-8"/> <!--占用内存的最大值-->
<property name="maxUploadSize" value="#{1024*1024}"/><!--最大上传文件大小-->
</bean>
</beans>