• SSM整合SpringSecurity


    1.pom.xml配置

    <project xmlns="http://maven.apache.org/POM/4.0.0"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    	<modelVersion>4.0.0</modelVersion>
    	<groupId>com.qingfeng</groupId>
    	<artifactId>SpringSecurity</artifactId>
    	<version>0.0.1-SNAPSHOT</version>
    	<packaging>war</packaging>
    
    	<properties>
    		<spring.security.version>5.1.3.RELEASE</spring.security.version>
    	</properties>
    
    	<dependencies>
    
    
    		<!--引入Servlet支持 -->
    		<dependency>
    			<groupId>javax.servlet</groupId>
    			<artifactId>javax.servlet-api</artifactId>
    			<version>3.1.0</version>
    			<scope>provided</scope>
    		</dependency>
    
    
    		<!--引入Spring Security支持 -->
    		<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-core -->
    		<dependency>
    			<groupId>org.springframework.security</groupId>
    			<artifactId>spring-security-core</artifactId>
    			<version>${spring.security.version}</version>
    		</dependency>
    
    		<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-web -->
    		<dependency>
    			<groupId>org.springframework.security</groupId>
    			<artifactId>spring-security-web</artifactId>
    			<version>${spring.security.version}</version>
    		</dependency>
    
    		<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-config -->
    		<dependency>
    			<groupId>org.springframework.security</groupId>
    			<artifactId>spring-security-config</artifactId>
    			<version>${spring.security.version}</version>
    		</dependency>
    	</dependencies>	
    	
    	<build>
            <plugins>
                <plugin>
                    <groupId>org.apache.tomcat.maven</groupId>
                    <artifactId>tomcat7-maven-plugin</artifactId>
                    <configuration>
                        <!-- 指定端口 -->
                        <port>9001</port>
                        <!-- 请求路径 -->
                        <path>/</path>
                    </configuration>
                </plugin>
            </plugins>
        </build>
    
    </project>
    

      

    2.web.xml配置

    <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns="http://java.sun.com/xml/ns/javaee"
             xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
             version="2.5">
        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>classpath:spring-security.xml</param-value>
        </context-param>
        
        <listener>
            <listener-class>
                org.springframework.web.context.ContextLoaderListener
            </listener-class>
        </listener>
        
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
    </web-app>
    

      

    3.spring-security.xml配置

    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans
    	xmlns="http://www.springframework.org/schema/security"
    	xmlns:beans="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
    
    	<!--以下页面不被拦截 -->
    	<http pattern="/login.html" security="none"></http>
    	<http pattern="/login_error.html" security="none"></http> 
    
    	<!--页面拦截规则 -->
    	<http>
    		<!-- intercept-url:表示拦截规则 pattern:页码的匹配规则,在webapp下面的 access:资源的控制规则,需要什么的条件 -->
    		<!-- 所有的资源都需要是ROLE_ADMIN的角色可以访问 -->
    		<intercept-url pattern="/**"
    			access="hasRole('ROLE_ADMIN')" />
    		<!-- 表单登录 
    				login-page:登录页面
    				default-target-url:默认跳转页面
    				authentication-failure-url:登录错误,跳转错误页面
    		-->
    		<form-login  login-page="/login.html"  default-target-url="/index.html"  authentication-failure-url="/login_error.html"/>
    		<!-- 退出登录 -->
    		<logout />
    		<!--  关闭跨域请求伪造控制。因为静态页无法动态生成token,所以将此功能关闭。一般静态页采用图形验证码的方式实现防止跨域请求伪造的功能。-->
    		<csrf  disabled="true" />
    	</http>
    
    	<!-- 认证管理器 -->
    	<!-- <authentication-manager> 认证管理器 <authentication-provider> 认证的提供者,就是用来配置用户名和密码 
    		<user-service> 用户的服务 <user /> 配置用户和密码 -->
    	<authentication-manager>
    		<authentication-provider   user-service-ref="userDetailsService">
    			<!-- <user-service>
    				name:用户名,password:用户密码 authorities:指定用户的角色
    				<user name="admin"
    					password="$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga"
    					authorities="ROLE_ADMIN" />
    			</user-service> -->
    
    			<!-- 密码使用bcrypt加密 -->
    			<password-encoder ref="bcryptEncoder" />
    		</authentication-provider>
    	</authentication-manager>
    
    	<!-- bcrypt加密 -->
    	<beans:bean id="bcryptEncoder"
    		class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></beans:bean>
    
    	<beans:bean id="userDetailsService"  class="com.qingfeng.service.UserDetailsServiceImpl"></beans:bean>
    
    </beans:beans>
    

      

    4.UserDetailsServiceImpl.java类

    package com.qingfeng.service;
    
    import java.util.ArrayList;
    import java.util.List;
    
    import org.springframework.security.core.GrantedAuthority;
    import org.springframework.security.core.authority.SimpleGrantedAuthority;
    import org.springframework.security.core.userdetails.User;
    import org.springframework.security.core.userdetails.UserDetails;
    import org.springframework.security.core.userdetails.UserDetailsService;
    import org.springframework.security.core.userdetails.UsernameNotFoundException;
    
    public class UserDetailsServiceImpl implements UserDetailsService {
    
    	@Override
    	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    		//构建角色集合 ,项目中此处应该是根据用户名查询用户的角色列表
    		List<GrantedAuthority> geAuthorities = new ArrayList<GrantedAuthority>();
    		//添加角色ROLE_ADMIN
    		geAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
    		/**
    		 * 第一参数:username
    		 * 第二参数:"$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga"是BCrypt加密的密码
    		 * 第三参数:geAuthorities是它的角色
    		 */
    		return new User(username,"$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga",geAuthorities);
    	}
    
    }
    

      

    5.编写登录login.html页面

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>登录</title>
    </head>
    <body>
    
    	<form action="/login" method="post">
    		<table>
    			<tr>
    				<td>用户名
    				<td />
    				<td><input name="username" />
    				<td />
    			<tr />
    			<tr>
    				<td>密码
    				<td />
    				<td><input type="password" name="password" />
    				<td />
    			<tr />
    		</table>
    		<button>登录</button>
    	</form>
    
    </body>
    </html>
    

      

    6.编写登录login_error.html页面

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>登录错误</title>
    </head>
    <body>
    <h1 >用户名和密码错误!</h1>
    </body>
    </html>
    

      

    7.编写登录index.html页面

    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>欢迎来到 SpringSecurity</title>
    </head>
    <body>
    	<h1>欢迎来到 SpringSecurity</h1>
    </body>
    </html>
    

      

    8.运行项目,输入http://localhost:9001/地址,用户随便填写,密码:123456

  • 相关阅读:
    MongoDb 快速入门教程
    读书应该是件快乐的事
    图灵机 快速入门教程
    开源项目 —— 中国行政区划数据
    MySQL用户管理:添加用户、授权、删除用户
    Java 图片处理解决方案:ImageMagick 快速入门教程
    FTP弱口令猜解【python脚本】
    Telnet弱口令猜解【Python脚本】
    PHPMyAdmin弱口令猜解【Python脚本】
    WebLogic口令猜解工具【Python脚本】
  • 原文地址:https://www.cnblogs.com/Amywangqing/p/13362484.html
Copyright © 2020-2023  润新知