spring security整合spring mvc

最新推荐文章于 2024-02-25 19:15:11 发布
最新推荐文章于 2024-02-25 19:15:11 发布
阅读量1k 收藏
点赞数
分类专栏: spring mvc spring security

感谢原文出处:http://liukai.iteye.com/blog/982088/


该项目为maven项目,请先学习maven


pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>com.wyc</groupId>
  <artifactId>SpringSecurity</artifactId>
  <packaging>war</packaging>
  <version>0.0.1-SNAPSHOT</version>
  <name>SpringSecurity Maven Webapp</name>
  <url>http://maven.apache.org</url>
  <dependencies>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>4.10</version>
      <scope>test</scope>
    </dependency>
     <!-- http://mvnrepository.com/artifact/jstl/jstl -->
	<dependency>
	    <groupId>jstl</groupId>
	    <artifactId>jstl</artifactId>
	    <version>1.1.2</version>
	</dependency>
    <!-- http://mvnrepository.com/artifact/taglibs/standard -->
	<dependency>
	    <groupId>taglibs</groupId>
	    <artifactId>standard</artifactId>
	    <version>1.1.2</version>
	</dependency>
    <!-- http://mvnrepository.com/artifact/org.springframework/spring-core -->
	<dependency>
	    <groupId>org.springframework</groupId>
	    <artifactId>spring-core</artifactId>
	    <version>4.2.6.RELEASE</version>
	</dependency>
	<!-- http://mvnrepository.com/artifact/org.springframework/spring-context -->
	<dependency>
	    <groupId>org.springframework</groupId>
	    <artifactId>spring-context</artifactId>
	    <version>4.2.6.RELEASE</version>
	</dependency>
	<!-- http://mvnrepository.com/artifact/org.springframework/spring-webmvc -->
	<dependency>
	    <groupId>org.springframework</groupId>
	    <artifactId>spring-webmvc</artifactId>
	    <version>4.2.6.RELEASE</version>
	</dependency>
	<dependency>
	    <groupId>org.springframework</groupId>
	    <artifactId>spring-jdbc</artifactId>
	    <version>4.2.6.RELEASE</version>
	</dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>4.1.0.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>4.1.0.RELEASE</version>
    </dependency>
    <!-- https://mvnrepository.com/artifact/org.springframework/spring-aspects -->
<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-aspects</artifactId>
    <version>4.3.2.RELEASE</version>
</dependency>
    <!-- https://mvnrepository.com/artifact/org.springframework/spring-aop -->
<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-aop</artifactId>
    <version>4.3.2.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.aspectj/aspectjweaver -->
<dependency>
    <groupId>org.aspectj</groupId>
    <artifactId>aspectjweaver</artifactId>
    <version>1.8.9</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.aspectj/aspectjrt -->
<dependency>
    <groupId>org.aspectj</groupId>
    <artifactId>aspectjrt</artifactId>
    <version>1.8.9</version>
</dependency>

    <dependency>
	    <groupId>javax.servlet</groupId>
	    <artifactId>javax.servlet-api</artifactId>
	    <version>3.0.1</version>
	    <!-- 只在编译和测试时运行 -->
	    <scope>provided</scope>
	</dependency>
	<dependency>
	    <groupId>mysql</groupId>
	    <artifactId>mysql-connector-java</artifactId>
	    <version>5.1.28</version>
	</dependency>
  </dependencies>
  <build>
    <finalName>SpringSecurity</finalName>
     <plugins>
        <plugin>
            <groupId>org.apache.tomcat.maven</groupId>
	          <artifactId>tomcat7-maven-plugin</artifactId>
	          <version>2.2</version>
        </plugin>
    </plugins>
  </build>
</project>

web.xml 

<!DOCTYPE web-app PUBLIC
 "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
 "http://java.sun.com/dtd/web-app_2_3.dtd" >

<web-app>
  <display-name>Archetype Created Web Application</display-name>
   <filter>  
        <filter-name>springSecurityFilterChain</filter-name>  
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
    </filter>  
  
    <filter-mapping>  
        <filter-name>springSecurityFilterChain</filter-name>  
        <url-pattern>/*</url-pattern>  
    </filter-mapping>
  <context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/spring-security.xml
			/WEB-INF/applicationContext.xml
			/WEB-INF/spring-servlet.xml
		</param-value>
	</context-param>
   <servlet>  
        <servlet-name>spring</servlet-name>  
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>  
        <load-on-startup>1</load-on-startup>  
    </servlet>  
  
    <servlet-mapping>  
        <servlet-name>spring</servlet-name>  
        <url-pattern>/</url-pattern>  
    </servlet-mapping> 
 <listener>
      <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>
 
</web-app>

要想启用spring security,必须在web.xml中加入以下filter 

<filter>  
        <filter-name>springSecurityFilterChain</filter-name>  
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
    </filter>  
  
    <filter-mapping>  
        <filter-name>springSecurityFilterChain</filter-name>  
        <url-pattern>/*</url-pattern>  
    </filter-mapping>

加载配置文件,其中,spring-security.xml为spring security的配置文件,applicationContext.xml为spring配置文件 

<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/spring-security.xml
			/WEB-INF/applicationContext.xml
			/WEB-INF/spring-servlet.xml
		</param-value>
	</context-param>


spring-security.xml 

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
		http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
		http://www.springframework.org/schema/context
		http://www.springframework.org/schema/context/spring-context-3.0.xsd
		http://www.springframework.org/schema/security
		http://www.springframework.org/schema/security/spring-security.xsd">
		<!-- <beans:import resource="/spring-database.xml"/> -->
		<http use-expressions="true" auto-config="true">
		    <intercept-url pattern="/auth/login" access="permitAll"/>
		    <intercept-url pattern="/test/admin" access="hasRole('ROLE_ADMIN')"/>
		    <intercept-url pattern="/test/common" access="hasRole('ROLE_USER')"/>
		    <form-login login-page="/auth/login"
		        authentication-failure-url="/auth/login?error=true"
		        login-processing-url="/check_action"
		        default-target-url="/test/common"
		        always-use-default-target="true"
		        username-parameter="username"
		        password-parameter="password"/>
		    <logout logout-success-url="/auth/login"
		        invalidate-session="true"
		        logout-url="/auth/logout"/>
		    <!-- <access-denied-handler error-page="/auth/denied"/> -->
		    <!-- <session-management>
		        <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
		    </session-management> -->
		</http>
		<authentication-manager>
		    <authentication-provider user-service-ref="customerUserDetailService">
				<!-- <jdbc-user-service data-source-ref="dataSource" 
				    users-by-username-query="select username username,password password,enabled enabled from _user where username=?"
				    authorities-by-username-query="select username username,role role from _user_role where username=?"/> -->
		    </authentication-provider>
		</authentication-manager>
		
		<beans:bean id="customerUserDetailService" class="com.wyc.service.CustomerUserDetailsService"></beans:bean>
</beans:beans>


控制访问权限: 
<intercept-url pattern="/auth/login" access="permitAll"/>
<intercept-url pattern="/test/admin" access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/test/common" access="hasRole('ROLE_USER')"/>
需要注意的是我们使用了 SpringEL表达式 来指定角色的访问. 
以下是表达式对应的用法.

表达式 说明 
hasRole([role]) 返回 true 如果当前主体拥有特定角色。 
hasAnyRole([role1,role2]) 返回 true 如果当前主体拥有任何一个提供的角色 (使用逗号分隔的字符串队列) 
principal 允许直接访问主体对象,表示当前用户 
authentication 允许直接访问当前 Authentication对象 从SecurityContext中获得 
permitAll 一直返回true 
denyAll 一直返回false 
isAnonymous() 如果用户是一个匿名登录的用户 就会返回 true 
isRememberMe() 如果用户是通过remember-me 登录的用户 就会返回 true 
isAuthenticated() 如果用户不是匿名用户就会返回true 
isFullyAuthenticated() 如果用户不是通过匿名也不是通过remember-me登录的用户时, 就会返回true。


自定义登录页面配置

<form-login login-page="/auth/login"
		        authentication-failure-url="/auth/login?error=true"
		        login-processing-url="/check_action"
		        default-target-url="/test/common"
		        always-use-default-target="true"
		        username-parameter="username"
		        password-parameter="password"/>

其中,login-page属性配置自定义的登录界面url,此处url指向所有人均可访问的/auth/login,这是controller中方法,指向登录页面,详情可看后文

authentication-failure属性配置的是登录失败的处理结果url,此处登录失败跳转至登录页面,并且附加error参数

login-proccessing-url属性对应登录页面表单的form中的action属性值

default-target-url属性配置默认的登录成功后的页面

always-use-default-target属性可能配置的是无论用户从哪个页面进入登录界面,最后的结果都是到达default-target-url的界面(有时候从某个页面进入登录界面,登录成功后会跳转至登录前的页面),以上俩个属性的作用纯属个人理解,文档中原文如下:

If a form login isn’t prompted by an attempt to access a protected resource, the default-target-url option comes into play. 
This is the URL the user will be taken to after successfully logging in, and defaults to "/". 
You can also configure things so that the user always ends up at this page (regardless of whether the login was "on-demand" 
or they explicitly chose to log in) by setting the always-use-default-target attribute to "true". 
This is useful if your application always requires that the user starts at a "home" page
username-parameter对应表单中用户名输入框的name属性值

同理,password-parameter对应表单中密码输入框的name属性值


配置注销账户:

<logout logout-success-url="/auth/login"
		        invalidate-session="true"
		        logout-url="/auth/logout"/>
invalidate-session配置的是 开启了session失效功能. 

配置默认无权限页面

<access-denied-handler error-page="/auth/denied"/>


配置单点登录,前一个用户登录之后,同一个账户无法再次登录 
<session-management>
		        <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
		    </session-management>


一个自定义的CustomUserDetailsService,是实现SpringSecurity的UserDetailsService接口,但我们重写了他即便于我们进行数据库操作.  
<authentication-manager>
		    <authentication-provider user-service-ref="customerUserDetailService">
				<!-- <jdbc-user-service data-source-ref="dataSource" 
				    users-by-username-query="select username username,password password,enabled enabled from _user where username=?"
				    authorities-by-username-query="select username username,role role from _user_role where username=?"/> -->
		    </authentication-provider>
		</authentication-manager>


spring-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
	xmlns="http://www.springframework.org/schema/beans"
	xmlns:beans="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:mvc="http://www.springframework.org/schema/mvc"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
	http://www.springframework.org/schema/context
	http://www.springframework.org/schema/context/spring-context-3.1.xsd
	http://www.springframework.org/schema/mvc
	http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd">
	<beans:bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
	    <property name="prefix" value="/"></property>
	    <property name="suffix" value=".jsp"></property>
	</beans:bean>
</beans:beans>
配置jsp页面的访问路径及后缀(因为我们在controller中只返回jsp页面的名称)


applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
	xmlns="http://www.springframework.org/schema/beans"
	xmlns:beans="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:mvc="http://www.springframework.org/schema/mvc"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
	http://www.springframework.org/schema/context
	http://www.springframework.org/schema/context/spring-context-3.1.xsd
	http://www.springframework.org/schema/mvc
	http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd">
	<context:annotation-config/>
	<context:component-scan base-package="com.wyc"></context:component-scan>
	<mvc:annotation-driven/>
</beans:beans>
context:annotation-config开启注解配置

context:component-scan配置需要扫描的包

mvc:annotation-driven开启注解驱动


TestController.java

package com.wyc.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;

@RequestMapping("/test")
@Controller
public class TestController {

	@RequestMapping(value = "/common",method = RequestMethod.GET)
	public String common(){
		return "common";
	}
	
	@RequestMapping(value = "/admin",method = RequestMethod.GET)
	public String admin(){
		return "admin";
	}
	
}
此处勿加上responseBody注解,加入后的结果:

以tom身份登录的结果:



LoginLogoutController.java

package com.wyc.controller;

import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;

@RequestMapping("/auth")
@Controller
public class LoginLogoutController {

	@RequestMapping(value ="/login",method = RequestMethod.GET)
	public String login(@RequestParam(value= "error",required = false) boolean error,ModelMap model){
		if(error){
			model.put("error", "用户名或密码错误");
		}else{
			model.put("error","");
		}
		return "login";
	}
	
	@RequestMapping(value = "denied" , method = RequestMethod.GET)
	public String denied(){
		return "accessDenied";
	}
}

DbUser.java 

package com.wyc.model;

public class DbUser {

	private String username;
	private String password;
	private Integer access;
	public String getUsername() {
		return username;
	}
	public void setUsername(String username) {
		this.username = username;
	}
	public String getPassword() {
		return password;
	}
	public void setPassword(String password) {
		this.password = password;
	}
	public Integer getAccess() {
		return access;
	}
	public void setAccess(Integer access) {
		this.access = access;
	}
	
	
}

UserDao.java 

package com.wyc.dao;

import java.util.ArrayList;
import java.util.List;

import org.springframework.stereotype.Repository;

import com.wyc.model.DbUser;

@Repository("userDao")
public class UserDao {

	public DbUser getDatabase(String username){
		List<DbUser> dbUsers = internalDb();
		for(DbUser dbUser : dbUsers){
			if(dbUser.getUsername().equals(username)){
				return dbUser;
			}
		}
		
		throw new RuntimeException("user is not exist");
	}

	private List<DbUser> internalDb() {
		List<DbUser> dbUsers = new ArrayList<DbUser>();
		DbUser dbUser = new DbUser();
		dbUser.setUsername("tom");
		dbUser.setPassword("tom");
		dbUser.setAccess(1);
		dbUsers.add(dbUser);
		
		dbUser = new DbUser();
		dbUser.setUsername("mike");
		dbUser.setPassword("mike");
		dbUser.setAccess(2);
		dbUsers.add(dbUser);
		return dbUsers;
	}
	
}
CustomerUserDetailsService.java 

package com.wyc.service;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import com.wyc.dao.UserDao;
import com.wyc.model.DbUser;

public class CustomerUserDetailsService implements UserDetailsService{

	@Autowired
	private UserDao userDao;
	@Override
	public UserDetails loadUserByUsername(String username)
			throws UsernameNotFoundException {
		UserDetails userDetails = null;
		try{
			DbUser dbUser = userDao.getDatabase(username);
			userDetails = new User(dbUser.getUsername(), dbUser.getPassword().toLowerCase(), 
					true, true, true, true, getAuthorities(dbUser.getAccess()));
			
		}catch(Exception e){
			throw new UsernameNotFoundException("Error in retrieving user");
		}
		return userDetails;
	}
	private Collection<GrantedAuthority> getAuthorities(Integer access) {
		List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
		//每个用户都具有ROLE_USER权限
		authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
		 // 如果参数access为1.则拥有ROLE_ADMIN权限  
        if (access.compareTo(1) == 0) {  
            authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));  
        }  
  
        return authorities; 
	}

}


login.jsp

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"  isELIgnored="false"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core"  prefix="c"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'login.jsp' starting page</title>
    
  </head>
  
  <body>
    <form method="post" action="<c:url value='check_action' />">
    	<input type="text" name="username">
    	<input type="password" name="password">
    	<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
    	<input type="submit" value="提交">
    </form>
  </body>
</html>


common.jsp 

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'success.jsp' starting page</title>
    
	
  </head>
  
  <body>
    每个人都可以访问的页面
    <a href = "<%=basePath %>test/admin">管理员界面</a>
    <a href = "<%=basePath %>auth/login">退出登录</a>
  </body>
</html>

admin.jsp 

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'success.jsp' starting page</title>
    
	
  </head>
  
  <body>
    管理员界面
    <a href = "<%=basePath %>auth/login">退出登录</a>
  </body>
</html>

accessDenied.jsp 

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
  <head>
    <base href="<%=basePath%>">
    
    <title>My JSP 'success.jsp' starting page</title>
    
	
  </head>
  
  <body>
    权限不足
    <a href= "<%=basePath %>auth/login">退出登录</a>
  </body>
</html>

至此,代码完毕

以下是结果:

使用tom登录:


点击管理员界面:

mike登录后点击管理员界面(此处无权限配置被注释):




公羽土成
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
SpringMVC + security模块 框架整合详解
abcd_d_的专栏
01-08 1万+
最近整理一个二手后台管理项目,整体大体可分为 : Springmvc + mybatis + tiles + easyui + security 这几个模块,再用maven做管理。刚拿到手里面东西实在太多,所以老大让重新整一个,只挑出骨架。不可否认,架构整体规划得还是很好的,尤其是前端界面用tiles+easyui ,开发很高效!其实,之前虽然听说过security,但做过的项目都没用过secur
基本的spring mvc + spring security实现的登录(无数据库)
01-01
在本项目中,我们主要探讨的是如何利用Spring MVCSpring Security框架构建一个基本的无数据库登录系统。Spring MVCSpring框架的一部分,用于处理Web应用程序的请求-响应模型,而Spring Security则是一个强大的...
Spring Security 详解
热门推荐
qq_22075913的博客
06-06 11万+
Spring SecuritySpring家族中的一个安全管理框架。相比与另外一个安全框架Shiro,它提供了更丰富的功能,社区资源也比Shiro丰富。一般来说中大型的项目都是使用SpringSecurity来做安全框架。小项目有Shiro的比较多,因为相比与SpringSecurity,Shiro的上手更加的简单。​ 一般Web应用的需要进行认证和授权。​ 而认证和授权也是SpringSecurity作为安全框架的核心功能。视频地址:​ 我们先要搭建一个简单的SpringBoot工程① 设置父工
springsecurity详解
baidu_37366055的博客
11-23 9万+
1.springsecurity springsecurity底层实现为一条过滤器链,就是用户请求进来,判断有没有请求的权限,抛出异常,重定向跳转。 2.登录页 springsecurity自带一个登录页。 从登陆入手,登录页替换成我们自己的,对输入的账号密码进行验证 /** * 表单登陆security * 安全 = 认证 + 授权 */ @Configuration public class SecurityConfig extends WebSecurityConfigur
spring-security
最新发布
migo_的专栏
02-25 1226
Spring Security是一个框架,致力于为Java应用程序提供身份验证和授权。像所有Spring项目一样,Spring Security的真正强大之处在于它可以轻松扩展以满足定制需求的能力。Spring SecuritySpring采用 `AOP`思想,基于 `servlet过滤器`实现的安全框架。它提供了完善的认证机制和方法级的授权功能。Spring Security是一个功能强大且高度可定制的身份验证和访问控制框架。它是用于保护基于Spring的应用程序的事实上的标准。
Spring Security详细介绍使用
书启鸿蒙知秋枫
03-08 4477
Spring 是非常流行和成功的 Java 应用开发框架,Spring Security 正是 Spring 家族中的成员。Spring Security 基于 Spring 框架,提供了一套 Web 应用安全性的完整解决方案。正如你可能知道的关于安全方面的两个核心功能是“
spring mvcspring security自定义登录
05-14
Spring MVCSpring Security是两个非常流行的Java框架,它们分别用于构建强大的MVC(Model-View-Controller)应用和提供强大的安全防护。本文将深入探讨如何结合Spring MVCSpring Security来实现自定义登录功能。...
spring整合security4.2完整实例
08-08
Spring Security 4.2更倾向于使用Java配置,这样可以更好地融入到Spring Boot或Spring MVC项目中。 6. **Remember Me** 功能:允许用户在关闭浏览器后仍保持登录状态,通过在Cookie中存储一个持久化的凭据。 7. **...
SpringSecurity+MVC入门Demo
06-10
通过这个"SpringSecurity+MVC入门Demo",初学者可以了解如何在Spring MVC应用中集成Spring Security,实现用户认证和授权的基本流程,为后续深入学习和实践打下基础。这个Demo应该包含了配置文件、控制器、视图和...
swagger和spring mvc整合
05-13
Swagger 和 Spring MVC整合是现代 Web 应用开发中常用的一种技术组合,它使得开发者能够快速构建具有高质量API文档的应用程序。Swagger 是一个强大的开源工具,用于设计、构建、记录和使用 RESTful 风格的 Web ...
springmvc4+spring4+mybatis3+spring-security3的环境搭建
11-23
springmvc4+spring4+mybatis3+spring-security3的环境搭建
基于springsecurity+springmvc+spring+hibernate的权限管理系统(免积分)
01-16
基于springsecurity+springmvc+spring+hibernate的权限管理系统,实现资源、用户、权限、角色的增删改查,角色-资源管理,用户-角色管理等基础功能,可以作为springmvc+spring+hibernate的增删改查入门项目,也可以对spring-security简单了解,界面使用bootstrap3,非常简洁,免积分
Spring security + mybatis + springMVC整合权限管理
04-04
本项目采用Spring security + mybatis +springMVC进行整合,里面涉及到的知识点比较多,仔细阅读,不懂得地方可在网上查找资料,保证你会受益匪浅。
Spring Security最简单全面教程(带Demo)
qq_37771475的博客
01-09 5万+
一、Spring Security简介        Spring Security是为基于Spring的应用程序提供声明式安全保护的安全性框架,它提供了完整的安全性解决方案,能够在web请求级别和方法调用级别处理身份证验证和授权。因为基于Spring框架,所以Spring Security充分利用了依赖注入和面向切面的技术。   Spring Security主要是从两个方面解决安全性问...
spring security (史上最全)
架构师尼恩
04-21 5651
一般意义来说的应用访问安全性,都是围绕认证(Authentication)和授权(Authorization)这两个核心概念来展开的。即:认证这块的解决方案很多,主流的有、、等(不巧这几个都用过-_-),我们常说的单点登录方案(SSO)说的就是这块,授权的话主流的就是spring security和shiro。shiro比较轻量级,相比较而言spring security确实架构比较复杂。但是shiro与 ss,掌握一个即可。这里尼恩给大家做一下系统化、体系化的梳理,供后面的小伙伴参考,提升大家的 3高 架
SpringBoot整合SpringSecurity
qq_44749491的博客
06-28 8753
SpringSecurity整合基础
安全框架Spring Security基本用法
ABestRookie的博客
08-12 844
一.入门案列 1.在pom.xml中导入maven坐标 <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>5.0.5.RELEASE</version> </dependency> <dependency> <grou
SpringSecurity在maven项目中的应用
mycsdnhh的博客
05-31 1732
1.导入坐标 <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> </dependency> <version>5.0.5.RELEASE</version> <dependency> <groupId>
springsecurity 整合 gateway
09-12
Spring Security可以与Spring Cloud Gateway进行整合,但是在配置方式上有一些差异。在Gateway中,需要使用WebFlux的配置方式来整合Spring Security。通常会在SecurityConfig类上使用@EnableWebFluxSecurity注解来启用WebFlux Security,并使用@EnableGlobalMethodSecurity(prePostEnabled = true)注解来启用全局方法级安全性。 在配置SecurityWebFilterChain时,可以使用ServerHttpSecurity来进行配置。通过authorizeExchange().pathMatchers(HttpMethod.OPTIONS).permitAll()可以配置允许所有OPTIONS请求,.pathMatchers("/**").permitAll()可以配置允许所有请求,同时可以使用.csrf().disable()来禁用CSRF保护。最后通过return httpSecurity.build()返回SecurityWebFilterChain。 需要注意的是,由于Spring Cloud Gateway基于WebFlux并且不兼容Spring MVC,因此它的安全配置方式与普通Spring Boot项目中的配置方式有所不同。 在整合Spring SecuritySpring Cloud Gateway时,可以结合微服务框架和Redis来获取登录的用户信息。

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值