正文

SpringSecurity入门demo

IP云
IP云V管理员/0 阅读
11/28
小程序:扫一扫查出行
【扫一扫了解最新限行尾号】
复制小程序

配置依赖: 

<properties>

        <spring.version>4.2.4.RELEASE</spring.version>

    </properties>

    <dependencies>

        <dependency>

            <groupId>org.springframework</groupId>

            <artifactId>spring-core</artifactId>

            <version>${spring.version}</version>

        </dependency>

        <dependency>

            <groupId>org.springframework</groupId>

            <artifactId>spring-web</artifactId>

            <version>${spring.version}</version>

        </dependency>

        <dependency>

            <groupId>org.springframework</groupId>

            <artifactId>spring-webmvc</artifactId>

            <version>${spring.version}</version>

        </dependency>

        <dependency>

            <groupId>org.springframework</groupId>

            <artifactId>spring-context-support</artifactId>

            <version>${spring.version}</version>

        </dependency>

        <dependency>

            <groupId>org.springframework</groupId>

            <artifactId>spring-test</artifactId>

            <version>${spring.version}</version>

        </dependency>

        <dependency>

            <groupId>org.springframework</groupId>

            <artifactId>spring-jdbc</artifactId>

            <version>${spring.version}</version>

        </dependency>

        <dependency>

            <groupId>org.springframework.security</groupId>

            <artifactId>spring-security-web</artifactId>

            <version>4.1.0.RELEASE</version>

        </dependency>

        <dependency>

            <groupId>org.springframework.security</groupId>

            <artifactId>spring-security-config</artifactId>

            <version>4.1.0.RELEASE</version>

        </dependency>

        <dependency>

            <groupId>javax.servlet</groupId>

            <artifactId>servlet-api</artifactId>

            <version>2.5</version>

            <scope>provided</scope>

        </dependency>

    </dependencies>

    <build>

      <plugins>

          <!-- java编译插件 -->

          <plugin>

                <groupId>org.apache.maven.plugins</groupId>

                <artifactId>maven-compiler-plugin</artifactId>

                <version>3.2</version>

                <configuration>

                    <source>1.7</source>

                    <target>1.7</target>

                    <encoding>UTF-8</encoding>

                </configuration>

          </plugin>

          <plugin>

                <groupId>org.apache.tomcat.maven</groupId>

                <artifactId>tomcat7-maven-plugin</artifactId>

                <configuration>

                    <!-- 指定端口 -->

                    <port>9090</port>

                    <!-- 请求路径 -->

                    <path>/</path>

                </configuration>

            </plugin>

       </plugins>

    </build>

配置/WEB-INF/web.xml 

<?xml version="1.0" encoding="UTF-8"?>

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xmlns="http://java.sun.com/xml/ns/javaee"

    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"

    version="2.5">

       <context-param>

        <param-name>contextConfigLocation</param-name>

        <param-value>classpath:spring-security.xml</param-value>

     </context-param>

     <!-- 配置监听器 -->

     <listener>

        <listener-class>

            org.springframework.web.context.ContextLoaderListener

        </listener-class>

     </listener>

     <!-- 配置过滤器代理 -->

     <filter>

        <filter-name>springSecurityFilterChain</filter-name>

        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

     </filter>

     <filter-mapping>

        <filter-name>springSecurityFilterChain</filter-name>

        <url-pattern>/*</url-pattern>

     </filter-mapping>

</web-app>

配置spring-security.xml 

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"

    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd

                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    <!-- 页面拦截规则 -->

    <http use-expressions="false">

        <intercept-url pattern="/**" access="ROLE_ADMIN" />

        <!-- 开启表单登录功能 -->

        <form-login/>

    </http>

    <!-- 认证管理器 -->

    <authentication-manager>

        <authentication-provider>

            <user-service>

                <user name="admin" password="123456" authorities="ROLE_USER"/>

                <user name="ztp" password="ztp" authorities="ROLE_ADMIN"/>

            </user-service>

        </authentication-provider>

    </authentication-manager>

</beans:beans>

任意index.html文件:略

启动

此处的登录时springSecurity内置。

自定义登录页面:

编写login.html 

<form action="/login" method="post">

    <table>

        <tr>

            <td>用户名:</td>

            <td><input type="text" id="username" name="username">

        </tr>

        <tr>

            <td>密码:</td>

            <td><input type="password" id="password" name="password">

        </tr>

        <tr>

            <td colspan="2"><input type="submit" value="登录">

        </tr>

    </table>

</form>

修改spring-security.xml文件 

<!-- 新规则  设置该页面不登录也能使用-->

    <http pattern="/login.html" security="none"/>

    <http pattern="/error.html" security="none"/>

    <!-- 页面拦截规则 -->

    <http use-expressions="false">

        <intercept-url pattern="/**" access="ROLE_ADMIN" />

        <!-- 开启表单登录功能  需要排除掉 /index.html-->

        <form-login login-page="/login.html" default-target-url="/index.html" authentication-failure-url="/login_error.html"/>

    </http>

    <!-- 认证管理器 -->

    <authentication-manager>

        <authentication-provider>

            <user-service>

                <user name="admin" password="123456" authorities="ROLE_USER"/>

                <user name="ztp" password="ztp" authorities="ROLE_ADMIN"/>

            </user-service>

        </authentication-provider>

    </authentication-manager>

</beans:beans>

就能普通跳转

登陆后出现该页面:

目的预防CSRF攻击

在spring-security.cml文件中选择<http>写入<csrf disabled="true"/>主动关闭csrf预防

相关阅读

目录[+]