• SpringSecurity 在MVC 中的简单使用(翻译的,稍加改动)

    Spring Security允许开发人员轻松地将安全功能集成到J2EE Web应用程序中,它通过Servlet过滤器实现“用户自定义”安全检查。

    在本教程中,我们将向您展示如何在Spring MVC中集成Spring Security 3.0并安全访问。在集成成功后,当我们查看页面的内容时用户需要先输入正确的“用户名”和“密码”。

    1.目录结构

    项目最终目录如下所示:

    2.Spring Security依赖关系

    为了正常运行 Spring security , 你需要加入 “spring-security-core.jar“, “spring-security-web.jar” and “spring-security-config.jar“. 在Maven库中你需要加入Spring配置库

    pom.xml

            <!-- Spring Security -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>${org.springframework-version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>${org.springframework-version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>${org.springframework-version}</version>
        </dependency>

    3.Spring MVC Web应用程序

    当访问“/welcome”跳转到“home.jsp”页面,稍后用Spring Security安全访问这个链接。

    HomeController.java

    package com.jd.vicapp;

import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;


@Controller
@RequestMapping("/welcome")
public class HomeController {
    @RequestMapping(method = RequestMethod.GET)
    public String printWelcome(Model model) {
        model.addAttribute("message", "Spring Security Hello World");
        return "home";
    }

}

    home.jsp

    <html>
<body>
    <h1>Message : ${message}</h1> 
</body>
</html>

    4.Spring Secuity:用户验证

    创建一个单独的Spring配置文件去定义Spring Security相关的东西。它要实现的是:只有用户输入了正确的用户名“mkyong”和密码“123456”才可以访问“/welcome” 。

    下面的Spring配置文件你应该明白是什么意思。

    spring-security.xml

    <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.1.xsd">
  
    <http auto-config="true">
        <intercept-url pattern="/" access="ROLE_USER" />        
    </http>
  
    <authentication-manager>
      <authentication-provider>
        <user-service>
        <user name="victorruan" password="123456" authorities="ROLE_USER" />
        </user-service>
      </authentication-provider>
    </authentication-manager>
  
</beans:beans>

    5.整合Spring Security

    想要在Web应用程序中整合Spring Security,只需加入“DelegatingFilterProxy”作为Servlet过滤器拦截到来的请求即可。

    web.xml

    <?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

    <!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/spring/root-context.xml,
            /WEB-INF/spring/spring-security.xml        </param-value>
    </context-param>
    
    <!-- Creates the Spring Container shared by all Servlets and Filters -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <!-- Processes application requests -->
    <servlet>
        <servlet-name>appServlet</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>
            /WEB-INF/spring/appServlet/servlet-context.xml    
            </param-value>
            
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>
        
    <servlet-mapping>
        <servlet-name>appServlet</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    
       <!-- Spring Security -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>
                  org.springframework.web.filter.DelegatingFilterProxy
                </filter-class>
    </filter>
  
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
  

</web-app>

    6.Demo

    就是以上这些配置了

    当我们访问“http://localhost:8080/welcome”时,Spring Security 将会自动拦截到“http://localhost:8080/spring_security_login”登陆页面验证身份。

    http://localhost:8080/spring_security_login页面如下所示:

    如果输错了用户名和密码则页面会显示错误的消息,如下所示:

    http://localhost:8080/spring_security_login?login_error

    如果我们输对了用户名和密码,Spring Security则会跳转到欢迎页面,如下所示:

    http://localhost:8080/welcome

    源代码
  • 相关阅读:
    线程池ThreadPoolExcecutor介绍
    java类初始化顺序
    CountDownLatch,CyclicBarrier,Semaphore的使用
    设计模式UML图
    windows10磁盘分区后,如何恢复分区,回到未分区之前
    神州战神U盘安装windows10系统,启动项制作好后,在bios中识别不到自己的u盘问题
    项目报错:Invalid bound statement (not found):
    在docker安装tomcat的时候,报错:Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true
    PowerDesigner逆向生成MYSQL数据库表结构总结
    mysql导出word的表结构操作
  • 原文地址:https://www.cnblogs.com/victorruan/p/3797100.html
Copyright © 2020-2023  润新知