spring-security 4.x简单实现(持续更新)
2016-03-30 12:35
525 查看
(前提:项目中已经引入spring和springmvc,并且可以正常访问web)
1.pom文件引入spring-security依赖:
2.web.xml中配置spring-security的过滤器:
3.web.xml中配置需要加载的所有spring配置文件:
4.新建spring-security配置文件 applicationContext-security.xml,配置内容如下:
5.action(用到了springmvc):
6.jsp页面 login.jsp
登录成功后将用户名存入session
下面是这个bean的实现:
1.pom文件引入spring-security依赖:
<!-- spring security --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>4.0.2.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>4.0.2.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>4.0.2.RELEASE</version> </dependency>
2.web.xml中配置spring-security的过滤器:
<filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class> org.springframework.web.filter.De 4000 legatingFilterProxy </filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
3.web.xml中配置需要加载的所有spring配置文件:
<context-param> <param-name>contextConfigLocation</param-name> <param-value> classpath*:spring/applicationContext*.xml </param-value> </context-param>
4.新建spring-security配置文件 applicationContext-security.xml,配置内容如下:
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!--配置不需要进行安全校验的资源 --> <http pattern="/static/**" security="none" /> <http pattern="/login" security="none" /> <http> <intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> <form-login login-page="/login" password-parameter="password" username-parameter="userName" login-processing-url="/j_spring_security_check" default-target-url="/login/index" always-use-default-target="true"/> <logout invalidate-session="true" logout-success-url="/login" logout-url="/j_spring_security_logout"/> <session-management invalid-session-url="/login" session-authentication-error-url="/login"/> <csrf disabled="true" /> </http> <authentication-manager> <authentication-provider> <user-service> <user name="admin" password="123456" authorities="ROLE_USER, ROLE_ADMIN" /> <user name="bob" password="bobspassword" authorities="ROLE_USER" /> </user-service> </authentication-provider> </authentication-manager> </beans:beans>
5.action(用到了springmvc):
@Controller @RequestMapping("/login") public class LoginController { @RequestMapping("") public String login(){ return "login"; } @RequestMapping("/index") public String index(){ return "index"; } }
6.jsp页面 login.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>首页</title> <body> <div class="layout-middle login-box"> <div class="login-main"> <div class="login-logo"></div> <div class="login-form"> <form action="${ctx}/j_spring_security_check" method="POST"> <ul> <li class="inp-li"> <span class="title-sp"><i class="iconBL user"></i><em>用户名:</em></span> <span class="cont-sp"><input name="userName" type="text" class="text-inp" autocorrect="off" autocapitalize="off" /></span> </li> <li class="inp-li"> <span class="title-sp"><i class="iconBL password"></i><em>密码:š</em></span> <span class="cont-sp"><input name="password" type="password" class="text-inp" autocorrect="off" autocapitalize="off" /></span> </li> <li class="btn-li"> <span class="cont-sp"><input type="submit" value="登录" class="login-btn" onclick="window.location.href='login_password.html'; "></span> </li> </ul> </form> </div> </div> </div> </body> </html>
以上是最简配置
添加 登录成功之后的处理方法:登录成功后将用户名存入session
<http> <intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> <form-login login-page="/login" password-parameter="password" username-parameter="userName" login-processing-url="/j_spring_security_check" default-target-url="/login/index" always-use-default-target="true" <!-- 这里加上一条属性,并指向aleiyeAuthenticationSuccessHandler这个bean --> authentication-success-handler-ref="aleiyeAuthenticationSuccessHandler"/> <logout invalidate-session="true" logout-success-url="/login" logout-url="/j_spring_secur 9a73 ity_logout"/> <session-management invalid-session-url="/login" session-authentication-error-url="/login"/> <csrf disabled="true" /> </http> <!-- 上面引用的bean在这 --> <!--登陆成功的处理类,可以进行session的封装等--> <beans:bean id="aleiyeAuthenticationSuccessHandler" class="com.chartdemo.system.AleiyeAuthenticationSuccessHandler"> <beans:constructor-arg name="defaultTargetUrl" value="/login/index"/> </beans:bean>
下面是这个bean的实现:
public class AleiyeAuthenticationSuccessHandler extends AbstractAuthenticationTargetUrlRequestHandler implements AuthenticationSuccessHandler { public AleiyeAuthenticationSuccessHandler(String defaultTargetUrl) { setDefaultTargetUrl(defaultTargetUrl); } @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException { //登录成功后将用户名存入session HttpSession session = request.getSession(); session.setAttribute("userName", authentication.getName()); handle(request, response, authentication); } }
相关文章推荐
- 欢迎使用CSDN-markdown编辑器
- 通过dubbo暴露接口调用方法,及基于zookeeper的dubbo涉及配置文件
- [置顶] RxJava之并发处理(SerializedSubject)
- Java集合源码之路-List分析(一)续
- Java中如何将以byte数组给出的数据转换为double数组形式
- Java环境配置无法加载主类问题
- springmvc 部分加密通信
- Java多线程编程基础之线程对象
- java大数相乘
- JAVA中使用Scanner连续输入int和String错误的解决方案
- 关于Class.getResource和ClassLoader.getResource的路径问题
- JAVA中的Scanner类(IO)[JAVA][译]
- Java中Synchronized的用法
- 关于springmvc的controller返回页面无法跳转,使用ajax
- EL操作符
- spring4整合hibernate5.1
- l.ExecException: Process 'command 'C:\Java\jdk1.8.0_45\bin\java.exe'' 错误
- 针对异常java.lang.IllegalStateException onMeasure() did not set the measured dimension解决方法
- java学习笔记(四)
- Eclipse编译apk提示Unable to execute dex: Multiple dex files define 解决方法