spring security 示例

最新推荐文章于 2023-03-27 17:36:18 发布
最新推荐文章于 2023-03-27 17:36:18 发布
阅读量3.4k 收藏 2
点赞数 1
分类专栏: 安全框架-SpringSecurity
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/z69183787/article/details/38536705
版权

jar包:pom.xml :

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>org.zhoushun</groupId>
	<artifactId>mvc-parent</artifactId>
	<packaging>war</packaging>
	<version>0.0.1-SNAPSHOT</version>
	<name>mvc-parent Maven Webapp</name>
	<url>http://maven.apache.org</url>

	<!-- 定义相关属性 <properties> <jdk-version>1.6</jdk-version> <junit-version>4.11</junit-version> 
		<spring-version>3.2.2.RELEASE</spring-version> </properties> -->

	<dependencies>
		<dependency>
			<groupId>junit</groupId>
			<artifactId>junit</artifactId>
			<version>3.8.1</version>
			<scope>test</scope>
		</dependency>

		<!-- oracle driver -->
		<dependency>
			<groupId>com.oracle</groupId>
			<artifactId>ojdbc14</artifactId>
			<version>10.2.0.4.0</version>
		</dependency>

		<!-- oracle driver -->

		<!-- slf4j -->
		<dependency>
			<groupId>org.slf4j</groupId>
			<artifactId>slf4j-api</artifactId>
			<version>1.7.7</version>
		</dependency>
		<!-- slf4j -->

		<!-- logback -->
		<dependency>
			<groupId>ch.qos.logback</groupId>
			<artifactId>logback-core</artifactId>
			<version>1.1.2</version>
		</dependency>

		<dependency>
			<groupId>ch.qos.logback</groupId>
			<artifactId>logback-classic</artifactId>
			<version>1.1.2</version>
		</dependency>
		<!-- logback -->

		<!-- log4j <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> 
			<version>1.2.17</version> </dependency> log4j -->

		<!-- jstl -->
		<dependency>
			<groupId>jstl</groupId>
			<artifactId>jstl</artifactId>
			<version>1.2</version>
		</dependency>
		<!-- jstl -->

		<!-- servlet api -->
		<dependency>
			<groupId>org.mortbay.jetty</groupId>
			<artifactId>servlet-api</artifactId>
			<version>3.0.20100224</version>
			<scope>provided</scope>
		</dependency>
		<!-- servlet api -->

		<!-- spring -->
		<dependency>
			<groupId>javax.inject</groupId>
			<artifactId>javax.inject</artifactId>
			<version>1</version>
		</dependency>

		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-context</artifactId>
			<version>3.2.9.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-core</artifactId>
			<version>3.2.9.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-web</artifactId>
			<version>3.2.9.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-webmvc</artifactId>
			<version>3.2.9.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-aop</artifactId>
			<version>3.2.9.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-orm</artifactId>
			<version>3.2.9.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-jdbc</artifactId>
			<version>3.2.9.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-tx</artifactId>
			<version>3.2.9.RELEASE</version>
		</dependency>
		<!-- spring -->

		<!-- spring jpa -->
		<dependency>
			<groupId>org.springframework.data</groupId>
			<artifactId>spring-data-jpa</artifactId>
			<version>1.6.0.RELEASE</version>
		</dependency>
		<!-- spring jpa -->

		<!--spring - security -->
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-core</artifactId>
			<version>3.2.4.RELEASE</version>
		</dependency>

		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-config</artifactId>
			<version>3.2.4.RELEASE</version>
		</dependency>

		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-web</artifactId>
			<version>3.2.4.RELEASE</version>
		</dependency>

		<!--spring - security -->

		<!-- -->
		<!-- jackson 2.0 -->
		<dependency>
			<groupId>com.fasterxml.jackson.core</groupId>
			<artifactId>jackson-databind</artifactId>
			<version>2.4.0</version>
		</dependency>
		<dependency>
			<groupId>com.fasterxml.jackson.datatype</groupId>
			<artifactId>jackson-datatype-hibernate4</artifactId>
			<version>2.4.0</version>
		</dependency>
		<!-- jackson 2.0 -->


		<!-- common -->
		<dependency>
			<groupId>commons-io</groupId>
			<artifactId>commons-io</artifactId>
			<version>2.4</version>
		</dependency>
		<dependency>
			<groupId>commons-fileupload</groupId>
			<artifactId>commons-fileupload</artifactId>
			<version>1.3</version>
		</dependency>
		<dependency>
			<groupId>commons-pool</groupId>
			<artifactId>commons-pool</artifactId>
			<version>1.6</version>
		</dependency>
		<dependency>
			<groupId>org.apache.commons</groupId>
			<artifactId>commons-lang3</artifactId>
			<version>3.3.2</version>
		</dependency>
		<dependency>
			<groupId>commons-beanutils</groupId>
			<artifactId>commons-beanutils</artifactId>
			<version>1.9.2</version>
		</dependency>

		<!-- common 工具类 -->

		<!-- common-dbcp -->
		<dependency>
			<groupId>commons-dbcp</groupId>
			<artifactId>commons-dbcp</artifactId>
			<version>1.4</version>
		</dependency>
		<!-- common-dbcp -->

		<!-- hibernate jpa 2.0 -->
		<dependency>
			<groupId>org.hibernate.javax.persistence</groupId>
			<artifactId>hibernate-jpa-2.1-api</artifactId>
			<version>1.0.0.Final</version>
		</dependency>

		<!-- hibernate jpa 2.0 -->

		<!-- hibernate -->
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-core</artifactId>
			<version>4.3.5.Final</version>
		</dependency>
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-entitymanager</artifactId>
			<version>4.3.5.Final</version>
		</dependency>
		<dependency>
			<groupId>org.hibernate</groupId>
			<artifactId>hibernate-validator</artifactId>
			<version>5.1.1.Final</version>
		</dependency>

		<!-- hibernate -->

	</dependencies>
	<build>
		<finalName>mvc-parent</finalName>
	</build>
</project>


web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns="http://java.sun.com/xml/ns/javaee" 
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" 
id="WebApp_ID" version="3.0">
 
  <display-name>Archetype Created Web Application</display-name>
  
  
  <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
<listener> 
	     <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> 
	</listener> 
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>classpath:applicationContext*.xml</param-value>
	</context-param>
	
   	<!-- The front controller of this Spring Web application, responsible for handling all application requests -->
	<servlet>
		<servlet-name>springDispatcherServlet</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<init-param>
			<param-name>contextConfigLocation</param-name>
			<param-value>classpath:springmvc-servlet.xml</param-value>
		</init-param>
		<load-on-startup>1</load-on-startup>
	</servlet>

	<!-- Map all requests to the DispatcherServlet for handling -->
	<servlet-mapping>
		<servlet-name>springDispatcherServlet</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping> 

    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
  
  
  <!-- spring security 	-->
  <filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
  <filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

  	<filter>
		<filter-name>characterEncodingFilter</filter-name>
		<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
		<init-param>
			<param-name>encoding</param-name>
			<param-value>UTF-8</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>characterEncodingFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
</web-app>


applicationContext-security.xml:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
	<global-method-security pre-post-annotations="enabled" />
	<http pattern="/js/**" security="none"/>
	<http pattern="/images/**" security="none" />
	<http pattern="/widgets/**" security="none" />
	<http pattern="/css/**" security="none" />
	<http pattern="/style/**" security="none" />
	<http pattern="**/*.js" security="none" />
	<http pattern="**/*.swf" security="none" />
	<http pattern="/jsp/login.jsp" security="none" />
	<http pattern="/jsp/403.html" security="none" />
	<http pattern="/jsp/session-timeout.jsp" security="none" />
	<http use-expressions="true" auto-config="true"
		access-denied-page="/jsp/403.html"><!-- 当访问被拒绝时,会转到403.jsp -->
		<intercept-url pattern="/**" access="isAuthenticated()" />

		<form-login login-page='/jsp/login.jsp'
			authentication-success-handler-ref="authSuccessHandler"
			authentication-failure-handler-ref="authFailureHandler" />
		<!-- default-target-url="/secure/index"/> -->

		<logout logout-success-url="/login.jsp" delete-cookies="JSESSIONID" />

		<remember-me />
		<session-management invalid-session-url="/timeout.jsp">
			<!-- <concurrency-control max-sessions="10" error-if-maximum-exceeded="true" 
				/> -->
		</session-management>

	</http>

	<authentication-manager alias="authenticationManager">
		<authentication-provider user-service-ref="userService">
			<password-encoder hash="md5" />
		</authentication-provider>
	</authentication-manager>

</beans:beans>


userservice(重写loadUserByUsername方法,登陆后首先进入该方法,

返回的UserDetails将会与登陆界面中获取的用户名及密码锁构成的对象相比较,进而判断登陆成功与否。

若成功登陆:authSuccessHandle;若登陆失败:authFailureHandle;)

package test.service;

import java.util.Collections;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.stereotype.Service;
import org.springframework.util.DigestUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletWebRequest;
import org.springframework.web.context.request.ServletRequestAttributes;

@Service
public class UserService implements UserDetailsService {

	@Autowired
	private HttpServletRequest request;
	
	public UserDetails loadUserByUsername(String arg0){
		//HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
		
		if("zhoushun".equals(arg0)){
			String pwd = "";
			try {
				pwd = request.getParameter(UsernamePasswordAuthenticationFilter.SPRING_SECURITY_FORM_PASSWORD_KEY);
			} catch (Exception e) {
				e.printStackTrace();
			}
			System.out.println(pwd);
			
		}
		org.springframework.security.core.userdetails.User tmpUser = 
		new org.springframework.security.core.userdetails.User(arg0, "4f3edd6c1dcd46df67f19b91f977854b", Collections.EMPTY_SET);
		return tmpUser;
	}
	
	public static void main(String[] args){
		System.out.println(DigestUtils.md5DigestAsHex(("zhoushun").getBytes()));
	}
}

authSuccessHandler:

package test.service;

import java.io.IOException;

import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
@Named
public class AuthSuccessHandler implements AuthenticationSuccessHandler {
	public void onAuthenticationSuccess(HttpServletRequest request,
			HttpServletResponse response, Authentication authentication) throws IOException {
			
//		response.setContentType("text/json; charset=UTF-8");
//		response.getWriter().print("{success: true}");
		 response.sendRedirect(request.getContextPath() + "/test");
	}
}


authFailureHandler:

package test.service;

import java.io.IOException;

import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
@Named
public class AuthFailureHandler implements AuthenticationFailureHandler {
	public void onAuthenticationFailure(HttpServletRequest request,
			HttpServletResponse response, AuthenticationException exception) throws IOException {

//		response.setContentType("text/json; charset=UTF-8");
//		response.getWriter().print("{success: false}");
		 response.sendRedirect(request.getContextPath() + "/jsp/login.jsp?login_error=1");
	}

}


OkidoGreen
关注
专栏目录
Spring Security示例
09-29
**Spring Security概述** Spring Security是Java领域中一个强大的安全框架,专为Web和企业应用程序提供安全解决方案。它提供了丰富的功能,包括用户认证、授权、访问控制、加密以及CSRF(跨站请求伪造)防护等,...
wicket-spring-security-example:Wicket SpringSecurity 示例
07-05
Wicket SpringSecurity 示例 ###如何开始 mvn 全新安装 mvn 码头:运行 在浏览器中打开 ###做什么的 证明 Wicket 可以与 Spring Security 一起使用。 ### 演示 使用硬编码登录密码进行身份验证、角色授权、URL ...
Spring Security 官方快速案例指南翻译
月夜归醉
01-11 613
Securing a Web ApplicationSecuring a Web ApplicationWhat You Will BuildWhat You NeedHow to complete this guide功能快捷键合理的创建标题,有助于目录的生成如何改变文本的样式插入链接与图片如何插入一段漂亮的代码片生成一个适合你的列表创建一个表格设定内容居中、居左、居右SmartyPants创建一个自定义列表如何创建一个注脚注释也是必不可少的KaTeX数学公式新的甘特图功能,丰富你的文章UML 图表FLo
spring security 使用示例
weixin_43931625的博客
09-25 381
spring security 使用示例
SpringSecurity+Jwt+Aouth2实现前后端分离的登录认证(有源码)
最新发布
qq_44993268的博客
03-27 3504
基于springSecurity的简易登录系统
Spring Security Web 5.1.2 源码解析 -- SimpleUrlAuthenticationFailureHandler
Details Inside Spring
12-24 5663
概述 AuthenticationFailureHandler接口定义了Spring Security Web在遇到认证错误时所使用的处理策略。 典型做法一般是将用户重定向到认证页面(比如认证机制是用户名表单认证的情况)让用户再次认证。当然具体实现类可以根据需求实现更复杂的逻辑,比如根据异常做不同的处理等等。举个例子,如果遇到CredentialsExpiredException异常(Authen...
Spring security登录授权验证的简单例子
Zhang Phil
01-20 1664
实现一个简单的使用spring security完成的登录验证。登录成功后,自动跳转到index页面。不同的用户,授予不同访问页面路径的权限。权限基于角色管控。admin权限角色最高。user角色为普通角色。 import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.Authentica
spring security简单示例
03-20
在本示例中,我们将探讨如何使用Spring Security为简单的Web应用程序添加安全功能。首先,让我们了解一下Spring Security的核心概念和主要组件。 1. **核心概念**: - **Authentication(身份验证)**:确认用户的...
五.Spring Security-认证结果处理
qq_32115993的博客
10-22 643
五.认证结果处理 一.认证成功处理 1.1.解决方案 自定义类实现AuthenticationSuccessHandler接口复写 onAuthenticationSuccess方法,该方法其中一个参数是Authentication ,他里面封装了认证信息,用户信息UserDetails等,我们需要在这个方法中使用Response写出json数据即可 1.2.认证成功结果处理 1.定义AuthenticationSuccessHandler 定义类实现AuthenticationSuccessHandler
spring boot 单体项目 集成 spring security 实现 登录认证 权限认证 jwt token认证
weixin_40773253的博客
05-06 1762
这篇博文讲述的是不集成oath,通过自己编写jwt 的 token 生成器 实现 spring security 的 登录权限token认证的实现方法。 目录结构如下: pom文件 加入 springsecurity 和 JWT的引用包 <!-- spring security --> <dependency> <groupId&gt...
SpringBoot + SpringSecurity + Mybatis-Plus + JWT实现分布式系统认证和授权
C3Stones
07-13 1905
1. 简介   Spring Security是一个功能强大且易于扩展的安全框架,主要用于为Java程序提供用户认证(Authentication)和用户授权(Authorization)功能。   用户认证指的是验证某个用户是否合法,即验证用户名密码是否正确;用户授权指的是验证用户是否拥有访问资源的权限。在一个系统中,用户认证和授权是分不开的,既要保证用户能合法登录系统,也要保住用户再...
spring security 采用 数据库配置检测用户登录,并跳转不同页面
z69183787的专栏
03-16 3689
applicationContext-security.xml <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSc
SpringSecurity(认证和授权)&权限控制
weixin_61300833的博客
10-14 1311
认证和授权: 用户登录系统---认证: 系统提供的用于识别用户身份的功能,通常提供用户名和密码进行登录,其实就是在进行认证 用户登录后拥有不同的权限操作---授权: 用户认证成功后需要为用户授权,就是指定当前用户能够操作那些功能 权限模块数据模型: 要实现最终的权限控制,需要有一套表结构支撑: 用户表t_user、权限表t_permission、角色表...
spring-security配置 handle
u013008898的博客
05-16 828
SecurityConfig: package com.sdkj.security.oauth.config; import com.sdkj.security.oauth.handle.MyAccessDeniedHandler; import com.sdkj.security.oauth.handle.MyAuthenticationFailureHandler; import com.sdkj.security.oauth.handle.MyAuthenticationSuccessHandl
SpringBoot集成SpringSecurity(一) 初识SpringSecurity
ChauncyTan的博客
03-09 546
因项目需要以及“局势”所逼,从而捣鼓起了SpringSecuritySpringSecurity功能强大上手有点难度,学习了几天勉勉入了门道,故此整理了这篇文章,以供自己再次回顾也希望能帮助到后来者(本文末尾处附带源码地址,如觉得本文对你有帮助还请留下你的脚印) 文章目录 @[TOC]环境介绍 一、环境介绍 本文中记录的项目为gradle构建的SpringBoot项目,数据存储在M...
Spring Security 自定义登录成功和登录失败的处理
热门推荐
愿风裁尽尘中沙
07-14 2万+
一、前言 spring security 默认情况下登录成功会跳转到引发登录的请求上去,但是有些登录并不是同步访问的,而是ajax异步请求来访问登录,那么前端希望拿到的是登录用户的用户信息。 二、自定义登录成功和登录失败的返回方式 在/src/main/resources的resources目录新建index.html: &amp;lt;!DOCTYPE html&amp;gt; &amp;lt;html&amp;gt;...
spring security 登录、权限管理配置
Abel.lin的专栏
04-24 1万+
登录流程 1)容器启动(MySecurityMetadataSource:loadResourceDefine加载系统资源与权限列表)  2)用户发出请求  3)过滤器拦截(MySecurityFilter:doFilter)  4)取得请求资源所需权限(MySecurityMetadataSource:getAttributes)  5)匹配用户拥有权限和请求权限(MyAcce
spring-boot整合spring-security实现简单登录(ajax登录实现)
会飞的老王博客
10-24 1万+
个人技术网站 欢迎关注 平常再做一些项目时,有些项目并不需要复杂的登录权限验证 只需要简单登录权限验证(保证安全可靠的前提下),找来找去只有spring-security最适合不过了,在spring-boot下配置简单 便捷 快速 能满足基本的登录权限控制需求。 第一步:引入spring-security maven依赖 &lt;!-- 整合spring security --&gt; &...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值