初识Spring security-添加security
2017-03-07 18:23
246 查看
请先查看 初识Spring security-无Security的SpringMVC
在pom.xml文件中添加包
在web.xml文件中添加配置
在HelloController文件中添加代码
添加模板文件admin.html,内容与hello.html一致
关键配置在spring-security.xml文件中
表明系统中添加一个用户名是hongxf,密码是123456,角色是ROLE_USER的用户,并配置访问/admin路径及其子路径必须含有角色ROLE_USER。
启动应用,访问http://localhost:8080/admin,则会跳转到http://localhost:8080/login,默认登录页
输入错误的用户名和密码,则会显示
输入正确的用户名和密码则会跳转到admin.html页面,说明简单的权限控制已经完成
在pom.xml文件中添加包
<!-- Spring Security --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${spring.security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${spring.security.version}</version> </dependency>
在web.xml文件中添加配置
<!-- Spring Security --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
在HelloController文件中添加代码
@RequestMapping(value = "/admin**", method = RequestMethod.GET) public ModelAndView adminPage() { ModelAndView model = new ModelAndView(); model.addObject("title", "Spring Security Hello World"); model.addObject("message", "This is protected page!); model.setViewName("admin"); return model; }
添加模板文件admin.html,内容与hello.html一致
关键配置在spring-security.xml文件中
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <security:http auto-config="true"> <security:intercept-url pattern="/admin**" access="hasRole('ROLE_USER')"/> </security:http> <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user name="hongxf" password="123456" authorities="ROLE_USER" /> </security:user-service> </security:authentication-provider> </security:authentication-manager> </beans>
表明系统中添加一个用户名是hongxf,密码是123456,角色是ROLE_USER的用户,并配置访问/admin路径及其子路径必须含有角色ROLE_USER。
启动应用,访问http://localhost:8080/admin,则会跳转到http://localhost:8080/login,默认登录页
输入错误的用户名和密码,则会显示
输入正确的用户名和密码则会跳转到admin.html页面,说明简单的权限控制已经完成
相关文章推荐
- Spring Security教程第二部分-工程里添加spring-security
- 初识Spring security-无Security的SpringMVC
- 初识Spring security-无Security的SpringMVC
- 初识Spring security-无Security的SpringMVC
- Spring Security3 - MVC 整合教程 (初识Spring Security3)
- spring security 下web应用安全的关键Filter:FilterSecurityInterceptor
- Spring Security 初识(一)
- spring security 添加SwitchUser配置
- Spring Security学习(二)Spring Security Guides 定制登录界面
- Spring Web Flow 2简化页面流的开发,结合Spring MVC更俊,Spirng Security 3添加安全机制
- [spring security] - Spring security LDAP configuration - Search approach
- Spring Security3 - MVC 整合教程 (初识Spring Security3)
- Spring Security学习记录(一) -- 初识Spring Security
- Spring Security 初识(三)--配置自定义的用户存储
- 第十二篇 Spring Web Flow 2简化页面流的开发,结合Spring MVC更俊,Spirng Security 3添加安全机制
- spring security之httpSecurity详细使用示例
- spring security之httpSecurity使用示例
- Spring Security 自定义资源访问权限过滤器Fliter ,参考FilterSecurityInteceptor
- Spring Security(初识)
- 初识Devexpress ChartControl 之 动态添加stepline及TextAnnotation