SpringSecurity快速入门（仅仅是入门）

1、简介
Spring Security是 Spring提供的安全认证服务的框架。 使用Spring Security可以帮助我们来简化认证和授权的过程。官网：https://spring.io/projects/spring-security
2、对应的maven坐标

<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>5.0.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.0.5.RELEASE</version>
</dependency>

3、工程搭建

4、pom.xml

<?xml version="1.0" encoding="UTF-8"?>

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>

<groupId>com.demo</groupId>
<artifactId>spring-security</artifactId>
<version>1.0.0-SNAPSHOT</version>
<packaging>war</packaging>

<properties>
<spring.version>5.0.5.RELEASE</spring.version>
<spring.security.version>5.0.5.RELEASE</spring.security.version>
</properties>

<dependencies>

<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>

<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>

<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aspects</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jms</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>${spring.version}</version>
</dependency>

<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>

</dependencies>

<build>
<plugins>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<configuration>
<port>81</port>
<path>/</path>
</configuration>
</plugin>
</plugins>
</build>
</project>

5、web.xml

<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd" >

<web-app>
<display-name>Archetype Created Web Application</display-name>

<filter>
<!--
DelegatingFilterProxy用于整合第三方框架
整合springsecurity时过滤器的名称必须为springSecurityFilterChain
否则会抛出NoSuchBeanDefinitionException
-->
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<servlet>
<servlet-name>spring-security</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:spring-security.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
<servlet-name>spring-security</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
</web-app>

6、spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!--注解扫描-->

<!--配置不需要拦截的资源-->
<security:http pattern="/login.html" security="none"></security:http>

<!--
配置默认的登录页面
auto-config="true" 自动配置了一个默认的登录页面，配置了一系列的过滤器
-->
<security:http auto-config="true">
<!--
配置页面的拦截规则，需要什么样的权限
具体的拦截规则要配在前面

hasAuthority('新增检查项')  要访问这个页面需要有某个权限
isAuthenticated()           只要登录就可以
-->

<security:intercept-url pattern="/add.html" access="hasAuthority('新增')"></security:intercept-url>
<security:intercept-url pattern="/del.html" access="hasAuthority('删除')"></security:intercept-url>

<security:intercept-url pattern="/**" access="isAuthenticated()"></security:intercept-url>
<!--
配置自定义登录页面
login-page="/login.html"                         告诉框架我们的登录页面在哪里
authentication-failure-url="/login.html"         登录失败跳转到哪里
default-target-url="/index.html"                 登录成功跳转到哪里
-->
<security:form-login
login-page="/login.html"
authentication-failure-url="/login.html"
default-target-url="/index.html"
></security:form-login>

<!--禁用csrf-->
<security:csrf disabled="true"></security:csrf>

<!--配置退出的url-->
<security:logout logout-url="/logout" logout-success-url="/login.html"></security:logout>
</security:http>

<!--
配置认证（登录）管理器
-->

<security:authentication-manager>
<!--
配置认证（登录）提供者
-->
<security:authentication-provider>
<security:user-service>
<!--{noop}123代表明文密码-->
<security:user name="abc" password="{noop}123" authorities="查询,新增"></security:user>
<security:user name="efg" password="{noop}456" authorities="查询,删除"></security:user>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>

<!--开启springsecurity注解-->

</beans>

7、abc(查询、新增)登录




8、efg(查询、删除)登录




如图，非常简陋的权限管理功能已经实现！