SpringSecurity入门案例

xiaoxiao2021-02-28  5

1.Spring Security简介

Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。它提供了一组可以在Spring应用上下文中配置的Bean,充分利用了Spring IoC,DI(控制反转Inversion of Control,DI:Dependency Injection 依赖注入)和AOP(面向切面编程)功能,为应用系统提供声明式的安全访问控制功能,减少了为企业系统安全控制编写大量重复代码的工作。

 2.Spring Security入门小Demo

2.1首先创建一个maven的web项目springsecurity-test

说明一下我这里使用的是maven项目。

2.2在pom.xml中添加依赖

<?xml version="1.0" encoding="UTF-8"?><project xmlns="http://maven.apache.org/POM/4.0.0"         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0        http://maven.apache.org/xsd/maven-4.0.0.xsd">    <modelVersion>4.0.0</modelVersion>    <artifactId>springsecurity-test</artifactId>    <packaging>war</packaging>    <name>springsecurity-test</name>    <!--配置依赖关系  -->    <dependencies>        <!--servlet-apijsp-apiel-api -->        <dependency>            <groupId>org.apache.tomcat.embed</groupId>            <artifactId>tomcat-embed-jasper</artifactId>            <version>8.5.16</version>            <scope>provided</scope>        </dependency>        <!--jstl -->        <dependency>            <groupId>jstl</groupId>            <artifactId>jstl</artifactId>            <version>1.2</version>        </dependency>        <!--Spring mvc-->        <dependency>            <groupId>org.springframework</groupId>            <artifactId>spring-webmvc</artifactId>            <version>4.3.10.RELEASE</version>        </dependency>        <!--Spring-Security 的主要两个依赖-->        <dependency>            <groupId>org.springframework.security</groupId>            <artifactId>spring-security-web</artifactId>            <version>4.2.3.RELEASE</version>        </dependency>        <dependency>            <groupId>org.springframework.security</groupId>            <artifactId>spring-security-config</artifactId>            <version>4.2.3.RELEASE</version>        </dependency>    </dependencies>    <!--项目构建部分 -->    <build>        <plugins>             <plugin>                <groupId>org.apache.tomcat.maven</groupId>                <artifactId>tomcat7-maven-plugin</artifactId>                <configuration>                    <!-- 指定端口 -->                    <port>9090</port>                    <!-- 请求路径 -->                    <path>/</path>                </configuration>            </plugin>        </plugins>    </build>

</project>

2.3在web.xml中配置spring加载文件,spring监听器和springsecurity委派过滤器

<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"          xmlns="http://java.sun.com/xml/ns/javaee"          xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"          xsi:schemaLocation="http://java.sun.com/xml/ns/javaee          http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"          version="3.0">   <!-- 配置Spring加载文件 -->   <context-param>      <param-name>contextConfigLocation</param-name>      <param-value>classpath:applicationContext*.xml</param-value>   </context-param>   <!-- 配置Spring的核心监听器 -->   <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>   </listener>   <!-- 配置SpringSecurity委派过滤器 -->   <filter>     <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  </filter>  <filter-mapping>    <filter-name>springSecurityFilterChain</filter-name>    <url-pattern>/*</url-pattern>  </filter-mapping>

</web-app>

2.4创建spring 配置文件applicationContext-security.xml

<?xml version="1.0" encoding="utf-8"?><beans xmlns="http://www.springframework.org/schema/beans"       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xmlns:security="http://www.springframework.org/schema/security"       xsi:schemaLocation="http://www.springframework.org/schema/beans      http://www.springframework.org/schema/beans/spring-beans.xsd       http://www.springframework.org/schema/security        http://www.springframework.org/schema/security/spring-security.xsd">    <!-- 配置请求拦截规则 -->    <security:http use-expressions="false">        <!--配置拦截的请求URL,通过什么角色或权限访问 -->        <security:intercept-url pattern="/**" access="ROLE_USER"/>        <!--配置开启表单登录 -->        <security:form-login/>    </security:http>    <!--配置认证管理器 -->    <security:authentication-manager>        <!--配置认证提供者 -->        <security:authentication-provider>            <!--配置用户服务 -->            <security:user-service>                <!-- 认证用户信息: 用户名、密码、角色或权限-->                <security:user name="admin" password="123456"                                  authorities="ROLE_USER"/>            </security:user-service>        </security:authentication-provider>    </security:authentication-manager></beans>
转载请注明原文地址: https://www.6miu.com/read-2350065.html

最新回复(0)