一、pom依赖引入
<properties> <security-version>4.2.3.RELEASE</security-version> </properties> <dependencies> <!-- ... other dependency elements ... --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${security-version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${security-version}</version> </dependency> <!-- https://mvnrepository.com/artifact/org.springframework/spring-webmvc --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>4.3.9.RELEASE</version> </dependency> <!-- https://mvnrepository.com/artifact/commons-logging/commons-logging --> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.1.1</version> </dependency> </dependencies>
二、配置spring-security.xml
<?xml version="1.0" encoding="UTF-8"?> <bean:beans xmlns="http://www.springframework.org/schema/security" xmlns:bean="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd"> <http pattern="/login.html" security="none"></http> <http pattern="/loginerror.html" security="none"></http> <http> <!-- 设置权限 --> <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/> <!-- 登出成功及失败访问页 --> <logout logout-url="/logout" logout-success-url="/login.html"/> <!-- 设置登录相关配置 --> <form-login always-use-default-target="true" login-page="/login.html" login-processing-url="/login" default-target-url="/success.html" authentication-failure-url="/login.html" /> <csrf disabled="true" /> </http> <!-- 静态用户名 --> <!-- <authentication-manager> <authentication-provider> <user-service> <user name="admin" password="123456" authorities="ROLE_USER"/> </user-service> </authentication-provider> </authentication-manager> --> <bean:bean id="userDetail" class="liuli.relam.UserDetailServiceImpl"></bean:bean> <!-- 动态用户名 --> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="userDetail"/> </authentication-manager> </bean:beans>
注:静态用户名用户名及密码在xml中配置,动态用户则为页面传输的用户名及密码(UserDetailServiceImpl需自己手动写)代码如下:
package liuli.relam; import java.util.ArrayList; import java.util.List; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; public class UserDetailServiceImpl implements UserDetailsService{ @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //可通过service层查出user,得到密码与权限 //为方便测试,此处省略持久层,直接加入数据 String password = ""; if(username.equals("admin")) password = "123456"; else password = "111111"; List<GrantedAuthority> list = new ArrayList<GrantedAuthority>(); //list包含该用户的所有权限 list.add(new SimpleGrantedAuthority("ROLE_USER")); //并得到user的密码,最终添加进User进行比对 User user = new User("username",password,list); return user; } }
三、配置spring-mvc.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> <!-- 注册映射器:BeanNameUrlHandlerMapping 通过设定的bean名称和url路径名称匹配 --> <!-- <bean class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping"></bean> --> <bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping"/> <!-- 注册适配器 --> <!-- <bean class="org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter"></bean> --> <!-- <bean class="org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter"></bean> --> <!-- 注解适配器:开发控制器采用注解的方式 --> <bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter"/> <!-- 配置后端处理器 --> <!-- <bean name="/user.do" class="com.project.controller.UserHandler"></bean> --> <!-- <bean name="/user2.do" class="com.project.controller.UserHandler2"></bean> --> <!-- <context:component-scan base-package="com.controller"/> --> <!-- 注册视图解析器 --> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"/> <!-- 避免拦截静态文件 --> <mvc:default-servlet-handler/> </beans>
四、自己写登录界面,授权失败界面及授权成功界面
注:用户名的name属性为"username",密码的name属性为"password",方法为"POST",具体可看UsernamePasswordAuthenticationFilter源码
public static final String SPRING_Security_FORM_USERNAME_KEY = "username"; public static final String SPRING_Security_FORM_PASSWORD_KEY = "password"; private String usernameParameter = SPRING_Security_FORM_USERNAME_KEY; private String passwordParameter = SPRING_Security_FORM_PASSWORD_KEY; private boolean postOnly = true;
五、web.xml的配置
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <!-- 启动springmvc的中央控制器 --> <servlet> <servlet-name>springmvc</servlet-name> <servlet-class>org.springframework.web.servlet.dispatcherServlet</servlet-class> <!-- 加载springmvc的配置文件 --> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-mvc.xml</param-value> </init-param> <!-- 设置tomcat启动就加载servlet --> <load-on-startup>0</load-on-startup> </servlet> <servlet-mapping> <servlet-name>springmvc</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <!-- 启动spring监听 --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-security.xml</param-value> </context-param> <!-- 配置security过滤器 --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
六、放入tomcat,启动即可
大功告成!!
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。