• SpringSecurity框架使用


                                               web.xml进行拦截配置

    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:spring-security.xml</param-value>
    </context-param>
    <listener>
    <listener-class>
    org.springframework.web.context.ContextLoaderListener
    </listener-class>
    </listener>
    拦截
    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

    springecurity配置文件

    security="none" 设置此资源不被拦截.
    登录提交地址/login 该地址由 SpringSecurity 生成,提交方法必须是 POST
     
    intercept-url 表示拦截页面
    /* 表示的是该目录下的资源,只包括本级目录不包括下级目录
    /** 表示的是该目录以及该目录下所有级别子目录的资源
    form-login 为开启表单登陆
    use-expressions 为是否使用使用 Spring 表达式语言( SpEL ),默认为 true 
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd">
    <!-- 配置 favicon.ico 不进行安全拦截-->
    <http pattern="/favicon.ico" security="none"/>
    <!-- 以下页面不被拦截 -->
    <http pattern="/login.html" security="none"></http>
    <http pattern="/css/**" security="none"></http>
    <http pattern="/img/**" security="none"></http>
    <http pattern="/js/**" security="none"></http>
    <http pattern="/plugins/**" security="none"></http>
    <!-- 页面拦截规则 -->
    <http use-expressions="false">
    <intercept-url pattern="/**" access="ROLE_ADMIN" />
    <form-login login-page="/login.html"
    default-target-url="/admin/index.html"
    authentication-failure-url="/login.html"always-use-default-target="true"/>
    <csrf disabled="true"/>
    <headers>
    <frame-options policy="SAMEORIGIN"/>
    </headers>
    </http>
    <!-- 认证管理器 -->
    <authentication-manager>
    <authentication-provider>
    <user-service>
    //直接配置
     
    <user name="admin" password="123456"
    authorities="ROLE_ADMIN"/>
    <user name="sunny" password="offcn123"
    authorities="ROLE_ADMIN"/>
    </user-service>
    </authentication-provider>
    </authentication-manager>
    </beans:beans

                                                                                               获取名字

    String name=SecurityContextHolder.getContext().getAuthentication().getName();
     自定义认证类,实现 SpringSecurity UserDetailsService 接口,重写 loadUserByUsername 方法
    public class UserDetailsServiceImpl implements UserDetailsService {
    @Override
    public UserDetails loadUserByUsername(String username) throws
    UsernameNotFoundException {
    List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();
    grantedAuths.add(new SimpleGrantedAuthority("ROLE_SELLER"));
    //返回
     
    //return new User(username,"123456", grantedAuths);
     
    //或者道数据库查询
    //得到对象
    TbSeller seller = sellerService.findOne(username);
    if(seller!=null){
    if(seller.getStatus().equals("1")){
    return new User(username,seller.getPassword(),grantAuths);
    }else{
    return null;
    }
    }
    自定义认证springsecurity配置更改
    <!-- 认证管理器 -->
    <authentication-manager>
    <authentication-provider user-service-ref="userDetailService">
    </authentication-provider>
    </authentication-manager>
    <!-- 定义自定义认证类 -->
    <beans:bean id="userDetailService"
    class="com.offcn.service.UserDetailsServiceImpl"></beans:bean>
     
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd">
    <!-- 配置 favicon.ico 不进行安全拦截-->
    <http pattern="/favicon.ico" security="none"/>
    <!-- 页面拦截规则 -->
    <http use-expressions="false">
    <intercept-url pattern="/**" access="ROLE_USER" />
    <form-login/>
    </http>
    <!-- 认证管理器 -->
    <authentication-manager>
    <authentication-provider>
    <user-service>
    <user name="admin" password="123456"
    authorities="ROLE_USER"/>
    </user-service>
    </authentication-provider>
    </authentication-manager>
  • 相关阅读:
    pycharm中启动Django方法
    Python ——selenium报错 'chromedriver.exe' executable needs to be in PATH
    软件测试
    C#&.Net干货分享- 构建PrinterHelper直接调用打印机相关操作
    C#&.Net干货分享- iTextSharp导出数据源到PDF
    C#&.Net干货分享-构建Aocr_ImageHelper读取图片文字做解析
    C#&.Net干货分享-构建后台自动定时任务的源码
    SQL Server清理数据库日志的脚本-干货
    SQL Server通过函数把逗号分隔的字符串拆分成数据列表的脚本-干货
    SQL Server通过定义函数返回字段数据列表模板-干货
  • 原文地址:https://www.cnblogs.com/meani/p/12712870.html
Copyright © 2020-2023  润新知