spring security 入门讲解
2018-10-21 22:47
176 查看
登录 图解
1.添加依赖项目 spring-security-web和spring-security-config
pom.xml
[code]<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.itcast</groupId> <artifactId>spring_security_login</artifactId> <version>1.0-SNAPSHOT</version> <packaging>war</packaging> <name>spring_security_login</name> <!-- FIXME change it to the project's website --> <url>http://www.example.com</url> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> <spring.version>5.0.2.RELEASE</spring.version> <spring.security.version>5.0.1.RELEASE</spring.security.version> </properties> <dependencies> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context-support</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${spring.security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${spring.security.version}</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> <scope>provided</scope> </dependency> </dependencies> <build> <finalName>spring_security</finalName> <pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) --> <plugins> <!-- java编译插件 --> <!-- <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>3.2</version> <configuration> <source>1.8</source> <target>1.8</target> <encoding>UTF-8</encoding> </configuration> </plugin>--> <!-- 配置tomcat7插件 --> <plugin> <groupId>org.apache.tomcat.maven</groupId> <artifactId>tomcat7-maven-plugin</artifactId> <version>2.2</version> <configuration> <port>8080</port> <uriEncoding>utf-8</uriEncoding><!-- 解决get请求乱码问题 --> </configuration> </plugin> </plugins> </pluginManagement> </build> </project>
在web.xml中添加springSecurity的filter
[code]<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> <display-name>SpringSecurity</display-name> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring_security.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
- 添加配置文件spring-security.xml
- 内存中用户名 和 密码
[code]<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- 配置不过滤的资源(静态资源及登录相关) --> <security:http security="none" pattern="/login.html"/> <security:http security="none" pattern="/failer.html"/> <security:http security="none" pattern="/success.html"/> <!-- auto-config配置后,不需要在配置下面信息 <security:form-login /> 定义登录表单信息 <security:http-basic/> <security:logout /> --> <security:http auto-config="true" use-expressions="false"> <!-- intercept-url定义一个过滤规则 pattern表示对哪些url进行权限控制, access属性表示在请求对应 的URL时需要什么权限, 默认配置时它应该是一个以逗号分隔的角色列表,请求的用户只需拥有其中的一个角色就能成功访问对应 的URL --> <!-- 配置资料连接,表示任意路径都需要ROLE_USER权限 --> <security:intercept-url pattern="/**" access="ROLE_USER"/> <!-- 自定义登陆页面 login-page="/login.html" 自定义登陆页面 login-processing-url="/login" 登录页面路径 action:login authentication-failure-url 用户权限(对用户所能访问的资源进行控制)校验失败(403表示权限不够)之 后才会跳转到这个页面,如果数据库中没有这个用户则不会跳转到这个页面。 authentication-success-forward-url="" 认证(验证用户名密码是否正确的过程)成功后跳转页面 default-target-url 登陆成功后跳转的页面。 注:登陆页面用户名固定 username,密码 password, --> <security:form-login login-page="/login.html" login-processing-url="/login" username-parameter="username" password-parameter="password" authentication-failure-url="/failer.html" default-target-url="/success.html" authentication-success-forward-url="/success.html" /> <!-- 登出 invalidate-session 是否删除session logout-url:登出处理链接 logout-success-url:登出成功页面 注:登出操作 只需要链接到 logout即可登出当前用户 --> <security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/login.jsp" /> <!-- 关闭CSRF,默认是开启的 --> <security:csrf disabled="true" /> </security:http> <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user name="user" password="{noop}user" authorities="ROLE_USER"/> <security:user name="admin" password="{noop}admin" authorities="ROLE_ADMIN"/> </security:user-service> </security:authentication-provider> </security:authentication-manager> </beans>
数据库中用户名 和 密码
[code]<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- 配置不拦截的资源 --> <security:http pattern="/login.jsp" security="none"/> <security:http pattern="/failer.jsp" security="none"/> <security:http pattern="/css/**" security="none"/> <security:http pattern="/img/**" security="none"/> <security:http pattern="/plugins/**" security="none"/> <!-- 配置具体的规则 auto-config="true" 不用自己编写登录的页面,框架提供默认登录页面 use-expressions="false" 是否使用SPEL表达式(没学习过) --> <security:http auto-config="true" use-expressions="false"> <!-- 配置具体的拦截的规则 pattern="请求路径的规则" access="访问系统的人,必须有ROLE_USER的角色. 角色不匹配 可以登录成功 但访问不了资源" --> <security:intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN"/> <!-- 定义跳转的具体的页面 --> <security:form-login login-page="/login.jsp" login-processing-url="/login" default-target-url="/index.jsp" authentication-failure-url="/failer.jsp" authentication-success-forward-url="/pages/main.jsp" /> <!-- 关闭跨域请求 --> <security:csrf disabled="true"/> <!-- 退出 --> <security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/login.jsp"/> </security:http> <!-- 切换成数据库中的用户名和密码 --> <security:authentication-manager> <security:authentication-provider user-service-ref="userService"> <!-- 配置加密的方式--> <security:password-encoder ref="passwordEncoder"/> </security:authentication-provider> </security:authentication-manager> <!-- 配置加密类 --> <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/> <!-- 提供了入门的方式,在内存中存入用户名和密码 <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user name="admin" password="{noop}admin" authorities="ROLE_USER"/> </security:user-service> </security:authentication-provider> </security:authentication-manager> --> </beans>
业务层 实现类
[code]package com.itheima.service.impl; import com.itheima.dao.UserInfoDao; import com.itheima.domain.Role; import com.itheima.domain.UserInfo; import com.itheima.service.UserService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; import javax.servlet.http.HttpServletRequest; import java.util.ArrayList; import java.util.List; @Service("userService") @Transactional public class UserService 2fa2e Impl implements UserService { @Autowired private UserInfoDao userInfoDao; @Autowired //对密码加密的类 private BCryptPasswordEncoder bCryptPasswordEncoder; /** * spring security 登录验证 * * @param username * @return * @throws UsernameNotFoundException */ public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { UserInfo userInfo = userInfoDao.findByUsername(username); List<Role> roles = userInfo.getRoles(); List<SimpleGrantedAuthority> authoritys = getAuthority(roles); //User implements UserDetails User user = new User(userInfo.getUsername(), userInfo.getPassword(), userInfo.getStatus() == 0 ? false : true, true, true, true, authoritys); return user; } //返回集合 集合中都是角色描述 private List<SimpleGrantedAuthority> getAuthority(List<Role> roles) { List<SimpleGrantedAuthority> authoritys = new ArrayList(); for (Role role : roles) { authoritys.add(new SimpleGrantedAuthority("ROLE_" + role.getRoleName())); } return authoritys; } }
业务串 接口
[code]package com.itheima.service; import com.itheima.domain.UserInfo; import org.springframework.security.core.userdetails.UserDetailsService; import java.util.List; //继承UserDetailsService public interface UserService extends UserDetailsService { }
阅读更多
相关文章推荐
- Spring Security 从配置入门 学习讲解。万恶之源------------web.xml
- Spring Security 从配置入门 学习讲解
- Spring Security 从配置入门 学习讲解。刽子手------------securityConfig.xml
- Spring Security资源配置入门讲解
- 想在美国找CS软件工作?Warald提供需要学习的书籍和课程名单,绝对从入门级讲解!
- SpringMVC入门实例及详细讲解
- AngularJS入门讲解2:过滤器和双向绑定
- AngularJS入门讲解4:多视图,事件绑定,$resource服务讲解
- Spring入门实例讲解(1)
- MySQL 5.6分区表 入门例子讲解
- Spring笔记之一 -- 简单入门讲解HelloWorld
- 详细讲解Quartz如何从入门到精通(3)
- Spring Security 安全认证简单入门
- JavaWeb开发入门第二篇Tomcat服务器配置讲解
- 爬虫入门讲解:基础篇
- Call指令和Ret指令讲解05 - 零基础入门学习汇编语言52
- Docker入门与实战讲解
- Spring Security的使用(入门)
- 实例讲解mysql入门基本操作语句
- zookeeper 入门讲解实例