spring mvc的spring security配置步骤
1.引入相关的jar包 pom.xml
<!-- Spring Security --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>5.4.2</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>5.4.2</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>5.4.2</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> <version>5.4.2</version> </dependency>
2.在web.xml配置 spring security的过滤器链
<!-- Spring security filter start --> <!-- Spring Security过滤器链,注意过滤器名称必须是springSecurityFilterChain --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- Spring security filter end -->
3.在applicationContext.xml里面进行相关的配置
<!-- 10. Spring security认证权限配置--> <!-- ======== Spring security start ======== --> <import resource="classpath:applicationContext-security.xml"/> <!-- ====== Spring security end ======== -->
4.新建的文件为 applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context" xmlns:jdbc="http://www.springframework.org/schema/jdbc" xmlns:jms="http://www.springframework.org/schema/jms" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:mybatis-spring="http://mybatis.org/schema/mybatis-spring" xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:util="http://www.springframework.org/schema/util" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc.xsd http://www.springframework.org/schema/jms https://www.springframework.org/schema/jms/spring-jms.xsd http://www.springframework.org/schema/mvc https://www.springframework.org/schema/mvc/spring-mvc.xsd http://mybatis.org/schema/mybatis-spring http://mybatis.org/schema/mybatis-spring.xsd http://www.springframework.org/schema/tx https://www.springframework.org/schema/tx/spring-tx.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- 10. Spring security认证权限配置--> <!-- ================ Spring security start ================ --> <!-- 1).配置springSecurity --> <!-- auto-config="true" 表示自动加载springsecurity的配置文件 use-expressions="true" 表示使用spring的el表达式来配置springsecurity --> <security:http auto-config="true" use-expressions="true"> <!-- 2).拦截资源 --> <!-- pattern="/**" 表示拦截所有资源 access="hasAnyRole('ROLE_USER')" 表示只有ROLE_USER角色才能访问资源 --> <security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER')" /> </security:http> <!-- 3).模拟用户(测试,不用连接数据库),设置spring security认证用户信息的来源 --> <!-- springsecurity默认的认证必须加密,加上{noop}表示不加密认证 --> <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user name="user" password="{noop}user" authorities="ROLE_USER"/> <security:user name="admin" password="{noop}admin" authorities="ROLE_ADMIN"/> </security:user-service> </security:authentication-provider> </security:authentication-manager> <!-- ================ Spring security end ================ --> </beans>