Spring Security快速入门、自定义页面、退出-配置篇

java通关整理汇总-Java基础、计算机网络、数据库、设计模式、框架、算法模板、笔试

---

一、Spring Security快速入门

1、建立一个新的webapp项目

2、在pom.xml中导入依赖

<properties>
		<spring.version>5.0.2.RELEASE</spring.version>
		<spring.security.version>5.0.1.RELEASE</spring.security.version>
	</properties>
	<dependencies>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-core</artifactId>
			<version>${spring.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-web</artifactId>
			<version>${spring.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-webmvc</artifactId>
			<version>${spring.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-context-support</artifactId>
			<version>${spring.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-test</artifactId>
			<version>${spring.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-jdbc</artifactId>
			<version>${spring.version}</version>
		</dependency>
		
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-web</artifactId>
			<version>${spring.security.version}</version>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-config</artifactId>
			<version>${spring.security.version}</version>
		</dependency>
		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>javax.servlet-api</artifactId>
			<version>3.1.0</version>
			<scope>provided</scope>
		</dependency>
	</dependencies>
	<build>
		<plugins>
			<!-- java编译插件 -->
			<plugin>
				<groupId>org.apache.maven.plugins</groupId>
				<artifactId>maven-compiler-plugin</artifactId>
				<version>3.2</version>
				<configuration>
					<source>1.8</source>
					<target>1.8</target>
					<encoding>UTF-8</encoding>
				</configuration>
			</plugin>
			<plugin>
				<groupId>org.apache.tomcat.maven</groupId>
				<artifactId>tomcat7-maven-plugin</artifactId>
				<configuration>
					<!-- 指定端口 -->
					<port>8080</port>
					<!-- 请求路径 -->
					<path>/</path>
				</configuration>
			</plugin>
		</plugins>
	</build>
</project>

3、配置web.xml

• springSecurityFilterChain名字不能任意改变
• 需要一个spring-security.xml文件

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://java.sun.com/xml/ns/javaee"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         version="2.5">
  <display-name>SpringSecurity314</display-name>

  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:spring-security.xml</param-value>
  </context-param>
  <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>
  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <welcome-file-list>
    <welcome-file>index.html</welcome-file>
    <welcome-file>index.htm</welcome-file>
    <welcome-file>index.jsp</welcome-file>
    <welcome-file>default.html</welcome-file>
    <welcome-file>default.htm</welcome-file>
    <welcome-file>default.jsp</welcome-file>
  </welcome-file-list>
</web-app>

spring-security.xml文件

• 在main/resources文件下新创建 spring-security.xml文件

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security.xsd">

    <security:http auto-config="true"
                   use-expressions="false">        
         <!-- intercept-url定义一个过滤规则 pattern表示对哪些url进行权限控制，ccess属性表示在请求对应 的URL时需要什么权限，             
         默认配置时它应该是一个以逗号分隔的角色列表，请求的用户只需拥有其中的一个角色就能成功访问对应 的URL -->
        <security:intercept-url pattern="/**"
                                access="ROLE_USER"/>        
    <!-- auto-config配置后，不需要在配置下面信息 <security:form-login /> 定义登录表单信息 <security:http-basic             
    /> <security:logout /> -->
    </security:http>
    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <security:user name="user" password="{noop}user" authorities="ROLE_USER"/>
                <security:user name="admin" password="{noop}admin" authorities="ROLE_ADMIN"/>
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>
</beans>

4、tomcat启动

• pom.xml中已经嵌入了tomcat，所以可以简单的快速启动。
• ①在终端Terminal中输入：mvn tomcat7:run

• ②网页中输入：http://localhost:8080/
• 自动跳转页面：http://localhost:8080/login
  
• ③用户和密码输入：user
• 自动跳跳转默认页面或者请求页面：http://localhost:8080/
  

二、使用自定义登录页面

新建自定义的登录页面

• login.html
• failer.htm
• success.html

配置文件根据业务的实际需求更改具体位置

更改spring-security.xml文件配置

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:security="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security.xsd">


	<!-- 配置不过滤的资源（静态资源及登录相关） -->
	<security:http security="none" pattern="/login.html" />
	<security:http security="none" pattern="/failer.html" />
	<security:http auto-config="true" use-expressions="false" >
		<!-- 配置资料连接，表示任意路径都需要ROLE_USER权限 -->
		<security:intercept-url pattern="/**" access="ROLE_USER" />
		<!-- 自定义登陆页面，login-page 自定义登陆页面 authentication-failure-url 用户权限校验失败之后才会跳转到这个页面，如果数据库中没有这个用户则不会跳转到这个页面。
			default-target-url 登陆成功后跳转的页面。 注：登陆页面用户名固定 username，密码 password，action:login -->
		<security:form-login login-page="/login.html"
			login-processing-url="/login" username-parameter="username"
			password-parameter="password" authentication-failure-url="/failer.html"
			default-target-url="/success.html" authentication-failure-forward-url="/success.html"
			/>


		<!-- 关闭CSRF,默认是开启的 -->
		<security:csrf disabled="true" />
	</security:http>
	<security:authentication-manager>
		<security:authentication-provider>
			<security:user-service>
				<security:user name="user" password="{noop}user"
					authorities="ROLE_USER" />
				<security:user name="admin" password="{noop}admin"
					authorities="ROLE_ADMIN" />
			</security:user-service>
		</security:authentication-provider>
	</security:authentication-manager>
</beans>

三、退出登录

• 在spring-security.xml配置中添加配置
• 指定退出请求的路径/logout.do
• 指定退出成功后返回的页面/login.jsp

        <!-- 退出 -->
        <security:logout invalidate-session="true" logout-url="/logout.do" logout-success-url="/login.jsp" />

• 在（自定义页面）退出/注销的按钮上添加路径：绝对路径+/logout.do

• 然后在自定义页面中点击注销按钮，就完成退出操作
• 返回登录页面
  

四、运行过程中的报错

1.sql语句不要写错，不要多空格
2.配置完成时还不能登录成功时，需要把下面的配置注释掉

• 通俗说就是在数据库中直接添加的数据是未加密的

            <!-- 配置加密的方式 -->
<!--            <security:password-encoder ref="passwordEncoder"/>-->