在项目中集成SpringSecurity安全框架做拦截的用法
1.加入SpringSecurity的依赖:
</dependencies>
<!--安全框架开始-->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>5.0.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.0.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>5.0.1.RELEASE</version>
</dependency>
<!--安全框架结束-->
</dependencies>
2.配置security.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
">
<!--配置不拦截资源,对登录、失败和静态资源放行-->
<security:http pattern="/login.jsp" security="none"/>
<security:http pattern="/error.jsp" security="none"/>
<security:http pattern="/css/**" security="none"/>
<security:http pattern="/img/**" security="none"/>
<security:http pattern="/plugins/**" security="none"/>
<!--配置拦截的规则-->
<security:http auto-config="true" use-expressions="false">
<!-- 配置拦截的请求地址 -->
<security:intercept-url pattern="/**" access="ROLE_USER"/>
<!--指定安全框架的使用页面-->
<!--
login-page:指定登录页面
login-processing-url:登录请求路径-登录时必须使用该路径
default-target-url:登录成功后进入页面
authentication-failure-forward-url:认证失败后要进入的页面
-->
<security:form-login
login-page="/login.jsp"
login-processing-url="/login"
authentication-failure-url="/login.jsp"
default-target-url="/index.jsp"
/>
<!-- <security:form-login login-page="/login.jsp"
login-processing-url="/login"
default-target-url="/success.jsp"
authentication-failure-url="/error.jsp"
/>-->
<!--关闭跨域请求-->
<security:csrf disabled="true"></security:csrf>
<!-- 退出 -->
<security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/login.jsp"/>
</security:http>
<!-- 认证信息 -->
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<!--用户信息:是临时的账号和密码-->
<!--{noop}:不加密-->
<security:user name="123" password="{noop}123" authorities="ROLE_USER"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
3.配置web.xml:
<!--配置代理过滤器: filter-name必须是springSecurityFilterChain -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>
4.修改login.jsp: