Spring Security（二）

spring-security

配置匿名访问资源

第一步：在项目中创建js、css目录并在两个目录下提供任意一些测试文件,再创建登录和注册页面

第二步：在spring-security.xml文件中配置，指定哪些资源可以匿名访问

<!--0.配置匿名访问-->
<security:http pattern="/js/**" security="none"></security:http>
<security:http pattern="/img/**" security="none"></security:http>
<security:http pattern="/css/**" security="none"></security:http>
<security:http pattern="/login.html" security="none"></security:http>
<security:http pattern="/regist.html" security="none"></security:http>

那么使用指定的登录页面来完成
使用指定的登录页面
步骤如下：
1.准备自定义的登录页面

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>登录</title>
</head>
<body>
<h1>登录页面</h1>
<form action="/login.do" method="post">
    username：<input type="text" name="username"><br>
    password：<input type="password" name="password"><br>
    <input type="submit" value="submit">
</form>
</body>
</html>

2.配置spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:dubbo="http://code.alibabatech.com/schema/dubbo"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
                            http://www.springframework.org/schema/beans/spring-beans.xsd
                            http://www.springframework.org/schema/mvc
                            http://www.springframework.org/schema/mvc/spring-mvc.xsd
                            http://code.alibabatech.com/schema/dubbo
                            http://code.alibabatech.com/schema/dubbo/dubbo.xsd
                            http://www.springframework.org/schema/context
                            http://www.springframework.org/schema/context/spring-context.xsd
                            http://www.springframework.org/schema/security
                            http://www.springframework.org/schema/security/spring-security.xsd">
         <security:http security="none" pattern="/login.html" /> 
    <!--1.配置需要权限才能访问的资源
             auto-config属性: true 自动配置
             use-expressions属性: false 不使用表达式
    -->
<security:http auto-config="true" use-expressions="false">
       ...
    <!--配置自定义登录页面
            login-page: 登录页面; username-parameter:指定用户名的name;
            password-parameter:指定密码的name;login-processing-url:指定登录的action;
            authentication-failure-url:认证失败跳转的页面
            authentication-success-forward-url:指定登录成功跳转的页面【默认是之前访问什么页面,登录成功后就跳转什么页面】
   -->
   <security:http auto-config="true" use-expressions="false">
    ...
    <!--配置退出登录
            logout-url:配置退出登录的路径; logout-success-url:配置成功退出登录后,跳转的页面;
            invalidate-session:退出登录时销毁session
        -->
    <security:logout logout-url="/logout.do" logout-success-url="/login.html" invalidate-session="true"/>
</security:http>
    <security:form-login
                         login-page="/login.html"
                         username-parameter="username"
                         password-parameter="password"
                         login-processing-url="/login.do"
                         authentication-failure-url="/login.html"
                         authentication-success-forward-url="/index.html"
                         />
</security:http>
<!--关闭CsrfFilter过滤器-->
<security:http auto-config="true" use-expressions="false">
    <security:csrf disabled="true"/>
</security:http>
    <!--2.配置认证管理器-->
    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <!--配置账号密码，以及该账号的角色信息     name属性: 用户名; password属性:密码({noop}不加密方式);  authorities属性:赋予的角色     -->
                <security:user name="admin" authorities="ROLE_ADMIN" password="{noop}admin"></security:user>
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>
</beans>

配置web.xml

**<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         id="WebApp_ID" version="2.5">
    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
        <welcome-file>default.html</welcome-file>
        <welcome-file>default.htm</welcome-file>
        <welcome-file>default.jsp</welcome-file>
    </welcome-file-list>
    <servlet>
        <servlet-name>springmvc</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <!-- 指定加载的配置文件 ，通过参数contextConfigLocation加载 -->
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>classpath:spring-security.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>springmvc</servlet-name>
        <url-pattern>*.do</url-pattern>
    </servlet-mapping>
    <!--配置代理过滤器-->
    <filter>
        <!--DelegatingFilterProxy用于整合第三方框架整合Spring Security时过滤器的名称必须为springSecurityFilterChain，
          否则会抛出NoSuchBeanDefinitionException异常-->
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
</web-app>

运行maven的Tomcat插件即可。