简单的SpringSecurity实例(⾃定义登录验证)
Spring Security是⼀个能够为基于Spring的企业应⽤系统提供声明式的安全访问控制解决⽅案的安全框架。它提供了⼀组可以在Spring应⽤上下⽂中配置的Bean,充分利⽤了Spring IoC,DI(控制反转Inversion of Control ,DI:Dependency Injection 依赖注⼊)和AOP(⾯向切⾯编程)功能,为应⽤系统提供声明式的安全访问控制功能,减少了为企业系统安全控制编写⼤量重复代码的⼯作。
⽬录结构
<project xmlns="/POM/4.0.0"xmlns:xsi="/2001/XMLSchema-instance"
xsi:schemaLocation="/POM/4.0.0 /maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId&</groupId>
<artifactId>spring.security</artifactId>
<packaging>war</packaging>
<version>1.0-SNAPSHOT</version>
<name>spring.security Maven Webapp</name>
<url></url>
<dependencies>
<!-- mvnrepository/artifact/org.springframework/spring-webmvc -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.3.2.RELEASE</version>
</dependency>
<!-- mvnrepository/artifact/org.springframework.security/spring-security-core -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>4.1.2.RELEASE</version>
</dependency>
<!-- mvnrepository/artifact/org.springframework.security/spring-security-web -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.1.2.RELEASE</version>
</dependency>
<!-- mvnrepository/artifact/org.springframework.security/spring-security-config -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.1.2.RELEASE</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<finalName>spring.security</finalName>
</build>
</project>
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="/schema/beans"
xmlns:xsi="/2001/XMLSchema-instance"
xmlns:context="/schema/context"
xmlns:mvc="/schema/mvc"
xsi:schemaLocation="/schema/beans /schema/beans/spring-beans.xsd www.sprin
<!-- 设置使⽤注解的类所在的jar包 -->
<context:component-scan base-package="spring.security"></context:component-scan>
<!-- 启⽤spring mvc 注解 -->
<mvc:annotation-driven/>
<!-- 对转向页⾯的路径解析。prefix:前缀, suffix:后缀 -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix"value="/WEB-INF/view/" />
<property name="suffix"value=".jsp" />
</bean>
</beans>
<beans xmlns="/schema/beans"
xmlns:security="/schema/security"
xmlns:xsi="/2001/XMLSchema-instance"
xsi:schemaLocation="/schema/beans
/schema/beans/spring-beans.xsd
/schema/security
/schema/security/spring-security.xsd">
<!--需要过滤不被拦截的请求-->
<security:http pattern="/user/loginPage"security="none" />
<security:http auto-config="true"use-expressions="true">
<security:intercept-url pattern="/**"access="hasRole('ROLE_USER')"/>
<security:form-login login-page="/user/loginPage"authentication-failure-url="/user/loginPage?error=error"default-target-url="/user/index"login-proces <security:logout invalidate-session="true"logout-success-url="/user/loginPage"logout-url="/logout"/>
<security:csrf disabled="true"/>
</security:http>
<bean id="loginUserDetailService"class="fig.impl.LoginUserDetailsServiceImpl"></bean>
<bean id="loginAuthenticationProvider"class="fig.LoginAuthenticationProvider">
<property name="userDetailsService"ref="loginUserDetailService"></property>
</bean>
<security:authentication-manager alias="myAuthenticationManager">
<security:authentication-provider ref="loginAuthenticationProvider">
</security:authentication-provider>
</security:authentication-manager>
</beans>
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"java.sun/dtd/web-app_2_3.dtd" >
<web-app xmlns:xsi="/2001/XMLSchema-instance"
xmlns="java.sun/xml/ns/javaee"
xsi:schemaLocation="java.sun/xml/ns/javaee
java.sun/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID"version="2.5">
<display-name>Spring Security</display-name>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<!-- Spring MVC配置 -->
<!-- ====================================== -->
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<!-- 可以⾃定义l配置⽂件的位置和名称,默认为WEB-INF⽬录下,名称为[<servlet-name>]-l,如l--> <init-param>
<param-name>contextConfigLocation</param-name>
<param-value>l</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security begin -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>l</param-value>
</context-param>
<listener>
<listener-class>org.t.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring Security end -->
</web-app>
LoginUser
ity;
/**
* Created by xyc on 2016/8/22 0022.
*/
public class LoginUser {
spring ioc注解private Long id;
private String username;
private String password;
public LoginUser() {
}
public LoginUser(Long id, String username, String password) {
this.id = id;
this.username = username;
this.password = password;
}
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
LoginAuthenticationProvider
fig;
/**
* Created by xyc on 2016/8/22 0022.
*/
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.authentication.dao.SaltSource;
import org.springframework.ding.PasswordEncoder;
import org.springframework.ding.PlaintextPasswordEncoder;
import org.AuthenticationException;
import org.userdetails.UserDetails;
import org.userdetails.UsernameNotFoundException;
import org.springframework.util.Assert;
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论