spring-security
配置匿名访问资源
第一步:在项目中创建js、css目录并在两个目录下提供任意一些测试文件,再创建登录和注册页面
第二步:在spring-security.xml文件中配置,指定哪些资源可以匿名访问
<!--0.配置匿名访问-->
<security:http pattern="/js/**" security="none"></security:http>
<security:http pattern="/img/**" security="none"></security:http>
<security:http pattern="/css/**" security="none"></security:http>
<security:http pattern="/login.html" security="none"></security:http>
<security:http pattern="/regist.html" security="none"></security:http>
那么使用指定的登录页面来完成
使用指定的登录页面
步骤如下:
1.准备自定义的登录页面
<!DOCTYPE html>
<html lang="en">
<head>
<Meta charset="UTF-8">
<title>登录</title>
</head>
<body>
<h1>登录页面</h1>
<form action="/login.do" method="post">
username:<input type="text" name="username"><br>
password:<input type="password" name="password"><br>
<input type="submit" value="submit">
</form>
</body>
</html>
2.配置spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:dubbo="http://code.alibabatech.com/schema/dubbo"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://code.alibabatech.com/schema/dubbo
http://code.alibabatech.com/schema/dubbo/dubbo.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:http security="none" pattern="/login.html" />
<!--1.配置需要权限才能访问的资源
auto-config属性: true 自动配置
use-expressions属性: false 不使用表达式
-->
<security:http auto-config="true" use-expressions="false">
...
<!--配置自定义登录页面
login-page: 登录页面; username-parameter:指定用户名的name;
password-parameter:指定密码的name;login-processing-url:指定登录的action;
authentication-failure-url:认证失败跳转的页面
authentication-success-forward-url:指定登录成功跳转的页面【默认是之前访问什么页面,登录成功后就跳转什么页面】
-->
<security:http auto-config="true" use-expressions="false">
...
<!--配置退出登录
logout-url:配置退出登录的路径; logout-success-url:配置成功退出登录后,跳转的页面;
invalidate-session:退出登录时销毁session
-->
<security:logout logout-url="/logout.do" logout-success-url="/login.html" invalidate-session="true"/>
</security:http>
<security:form-login
login-page="/login.html"
username-parameter="username"
password-parameter="password"
login-processing-url="/login.do"
authentication-failure-url="/login.html"
authentication-success-forward-url="/index.html"
/>
</security:http>
<!--关闭CsrfFilter过滤器-->
<security:http auto-config="true" use-expressions="false">
<security:csrf disabled="true"/>
</security:http>
<!--2.配置认证管理器-->
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<!--配置账号密码,以及该账号的角色信息 name属性: 用户名; password属性:密码({noop}不加密方式); authorities属性:赋予的角色 -->
<security:user name="admin" authorities="ROLE_ADMIN" password="{noop}admin"></security:user>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
配置web.xml
**<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.dispatcherServlet</servlet-class>
<!-- 指定加载的配置文件 ,通过参数contextConfigLocation加载 -->
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-security.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<!--配置代理过滤器-->
<filter>
<!--DelegatingFilterProxy用于整合第三方框架整合Spring Security时过滤器的名称必须为springSecurityFilterChain,
否则会抛出NoSuchBeanDeFinitionException异常-->
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
运行maven的Tomcat插件即可。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。