• spring security 入门案例


    Spring Security 是一个能够为基于 Spring 的企业应用系统提供声明式的安全
    访问控制解决方案的安全框架。它提供了一组可以在 Spring 应用上下文中配置
    的 Bean,充分利用了 Spring IoC,DI(控制反转 Inversion of Control ,DI:Dependency 
    Injection 依赖注入)和 AOP(面向切面编程)功能,为应用系统提供声明式的安
    全访问控制功能,减少了为企业系统安全控制编写大量重复代码的工作。 

    1. 创建工程

    2. 添加依赖

    <dependencies>
            <dependency>
                <groupId>org.springframework</groupId>
                <artifactId>spring-webmvc</artifactId>
                <version>5.0.2.RELEASE</version>
            </dependency>
            <dependency>
                <groupId>org.springframework.security</groupId>
                <artifactId>spring-security-web</artifactId>
                <version>5.0.0.RELEASE</version>
            </dependency>
            <dependency>
                <groupId>org.springframework.security</groupId>
                <artifactId>spring-security-config</artifactId>
                <version>5.0.0.RELEASE</version>
            </dependency>
        </dependencies>
    
        <build>
            <plugins>
                <plugin>
                    <groupId>org.apache.tomcat.maven</groupId>
                    <artifactId>tomcat7-maven-plugin</artifactId>
                    <configuration>
                        <path>/</path>
                        <port>8080</port>
                    </configuration>
                </plugin>
            </plugins>
        </build>

    3. 编写配置文件

    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
                 xmlns:beans="http://www.springframework.org/schema/beans"
                 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                 xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd">
    
        <!--需要放行的资源-->
        <http pattern="/login.html" security="none"/>
        <http pattern="/login_error.html" security="none"/>
    
        <!--角色访问权限-->
        <http use-expressions="false">
            <!--角色可以访问的资源-->
            <intercept-url pattern="/**" access="ROLE_USER"/>
            <!--设置登录表单-->
            <form-login login-page="/login.html" default-target-url="/index.html" authentication-failure-forward-url="/login_error.html"/>
            <!--退出-->
            <logout/>
            <!--禁止跨站请求伪造校验-->
            <csrf disabled="true"/>
        </http>
    
        <!--加密方式 明文-->
        <beans:bean id="passwordEncoder" class="org.springframework.security.crypto.password.NoOpPasswordEncoder"/>
    
        <!--认证管理器-->
        <authentication-manager>
            <authentication-provider>
                <!--设置密码加密方式-->
                <password-encoder ref="passwordEncoder"/>
                <!--拥有角色的用户名和密码-->
                <user-service>
                    <user name="orange" password="123456" authorities="ROLE_USER"/>
                </user-service>
            </authentication-provider>
        </authentication-manager>
    
    </beans:beans>

    4. 配置tomcat

    <?xml version="1.0" encoding="UTF-8"?>
    <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns="http://java.sun.com/xml/ns/javaee"
        xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
        version="2.5">
        
        <!--springSecurity监听器-->
        <listener>
            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>
        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>classpath:spring/spring-security.xml</param-value>
        </context-param>
    
        <!--springSecurity过滤器-->
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
    
    </web-app>

    5. 测试

    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta charset="UTF-8">
        <title>登录页面</title>
    </head>
    <body>
    <form action="/login" method="post">
        用户名:<input type="text" name="username"><br>
        密码:<input type="password" name="password"><br>
        <input type="submit" name="submit" value="登录">
    </form>
    </body>
    </html>
    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta charset="UTF-8">
        <title>spring security</title>
    </head>
    <body>
    欢迎使用 Spring Security
    
    <a href="/logout">退出</a>
    
    </body>
    </html>
    <!DOCTYPE html>
    <html lang="en">
    <head>
        <meta charset="UTF-8">
        <title>登录失败</title>
    </head>
    <body>
    密码或用户名错误
    </body>
    </html>
    
    
    
    
    
    
    
    
    
    
  • 相关阅读:
    Python Kivy 安装问题解决
    cisco asa5510 配置
    对于yum中没有的源的解决办法-EPEL
    python安装scrapy小问题总结
    win10 清理winsxs文件夹
    centos(7.0) 上 crontab 计划任务
    CentOS — MySQL备份 Shell 脚本
    python 2,3版本自动识别导入
    segmenter.go
    segment.go
  • 原文地址:https://www.cnblogs.com/pomelo-lemon/p/11558683.html
Copyright © 2020-2023  润新知