Spring Security入门Demo如何快速搭建?
- 内容介绍
- 文章标签
- 相关推荐
本文共计1730个文字,预计阅读时间需要7分钟。
Spring Security 简介:Spring Security 是一种基于 Spring AOP 和 Servlet 过滤器的安全框架。它提供全面的安全性解决方案,处理 Web 请求级别和方法调用级别的身份验证和授权。在 Spring Framework 中,Spring Security 负责身份认证和授权。
一、Spring Security简介
SpringSecurity,这是一种基于Spring AOP和Servlet过滤器的安全框架。它提供全面的安全性解决方案,同时在Web请求级和方法调用级处理身份确认和授权。在Spring Framework基础上,Spring Security充分利用了依赖注入(DI,Dependency Injection)和面向切面技术。
二、建立工程
用第二种方法创建名为spring-security-demo的Maven工程。
工程的最终目录结构为
三、源代码
1 pom.xml里引入所需要的包
<modelVersion>4.0.0</modelVersion>
<groupId>spring-security-demo</groupId>
<artifactId>spring-security-demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<name>spring-security-demo</name>
<description/>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencies>
<dependency>
<groupId>javax</groupId>
<artifactId>javaee-api</artifactId>
<version>7.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>3.2.9.RELEASE</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>3.2.9.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.1.6.RELEASE</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.1.6.RELEASE</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.15</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
</dependencies>
</project>
2 web.xml
<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="www.w3.org/2001/XMLSchema-instance" xmlns="xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="xmlns.jcp.org/xml/ns/javaee xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
<display-name>spring-security-demo</display-name>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
/WEB-INF/applicationContext.xml
</param-value>
</context-param>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
</web-app>
这里两处关于springsecurity的配置表示项目中所有路径的资源都要经过Spring Security。
注意:最好是将DelegatingFilterProxy写在DispatcherServlet之前,否则Spring Security可能不会正常工作。
3 spring-servlet.xml
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="www.springframework.org/schema/beans"
xmlns:xsi="www.w3.org/2001/XMLSchema-instance" xmlns:p="www.springframework.org/schema/p"
xsi:schemaLocation="www.springframework.org/schema/beans
www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<!-- 定义一个视图解析器 -->
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:prefix="/WEB-INF/jsp/" p:suffix=".jsp" />
</beans>
这个XML配置声明一个视图解析器.在控制器中会根据JSP名映射到/WEB-INF/jsp中相应的位置。
4 applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="www.springframework.org/schema/beans"
xmlns:xsi="www.w3.org/2001/XMLSchema-instance"
xmlns:context="www.springframework.org/schema/context"
xmlns:mvc="www.springframework.org/schema/mvc"
xsi:schemaLocation="www.springframework.org/schema/beans
www.springframework.org/schema/beans/spring-beans-3.0.xsd
www.springframework.org/schema/context
www.springframework.org/schema/context/spring-context-3.0.xsd
www.springframework.org/schema/mvc
www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">
<!-- 激活spring的注解. -->
<context:annotation-config />
<!-- 扫描注解组件并且自动的注入spring beans中.
例如,他会扫描@Controller 和@Service下的文件.所以确保此base-package设置正确. -->
<context:component-scan base-package="com.demo" />
<!-- 配置注解驱动的Spring MVC Controller 的编程模型.注:次标签只在 Servlet MVC工作! -->
<mvc:annotation-driven />
</beans>
5 spring-security.xml
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="www.springframework.org/schema/beans"
xmlns:xsi="www.w3.org/2001/XMLSchema-instance"
xmlns:security="www.springframework.org/schema/security"
xsi:schemaLocation="www.springframework.org/schema/beans
www.springframework.org/schema/beans/spring-beans-3.0.xsd
www.springframework.org/schema/security
www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- Spring-Security 的配置 -->
<!-- 注意use-expressions=true.表示开启表达式,否则表达式将不可用.
see:www.family168.com/tutorial/springsecurity3/html/el-access.html
-->
<security:java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ taglib uri="www.springframework.org/tags/form" prefix="form"%>
<%@ taglib uri="www.springframework.org/tags" prefix="spring"%>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta localhost:8080/spring-security-demo/auth/login
3 输入用户名admin密码admin后,点击“Login”按纽
4 点击“Go AdminPage”链接,因为有权限,所以可看到管理员页面
5 点击“退出登录”,返回登录页
6 输入用户名user密码user并登录
7 点击Go AdminPage链接,因为没有权限,所以看到权限不够的提示
8 退出登录,返回登录页
五、源码下载地址
Github: github.com/zhenghaishu/Spring-Security-Demo
本文共计1730个文字,预计阅读时间需要7分钟。
Spring Security 简介:Spring Security 是一种基于 Spring AOP 和 Servlet 过滤器的安全框架。它提供全面的安全性解决方案,处理 Web 请求级别和方法调用级别的身份验证和授权。在 Spring Framework 中,Spring Security 负责身份认证和授权。
一、Spring Security简介
SpringSecurity,这是一种基于Spring AOP和Servlet过滤器的安全框架。它提供全面的安全性解决方案,同时在Web请求级和方法调用级处理身份确认和授权。在Spring Framework基础上,Spring Security充分利用了依赖注入(DI,Dependency Injection)和面向切面技术。
二、建立工程
用第二种方法创建名为spring-security-demo的Maven工程。
工程的最终目录结构为
三、源代码
1 pom.xml里引入所需要的包
<modelVersion>4.0.0</modelVersion>
<groupId>spring-security-demo</groupId>
<artifactId>spring-security-demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<name>spring-security-demo</name>
<description/>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencies>
<dependency>
<groupId>javax</groupId>
<artifactId>javaee-api</artifactId>
<version>7.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>3.2.9.RELEASE</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>3.2.9.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.1.6.RELEASE</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.1.6.RELEASE</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.15</version>
<type>jar</type>
<scope>compile</scope>
</dependency>
</dependencies>
</project>
2 web.xml
<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="www.w3.org/2001/XMLSchema-instance" xmlns="xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="xmlns.jcp.org/xml/ns/javaee xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
<display-name>spring-security-demo</display-name>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
/WEB-INF/applicationContext.xml
</param-value>
</context-param>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
</web-app>
这里两处关于springsecurity的配置表示项目中所有路径的资源都要经过Spring Security。
注意:最好是将DelegatingFilterProxy写在DispatcherServlet之前,否则Spring Security可能不会正常工作。
3 spring-servlet.xml
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="www.springframework.org/schema/beans"
xmlns:xsi="www.w3.org/2001/XMLSchema-instance" xmlns:p="www.springframework.org/schema/p"
xsi:schemaLocation="www.springframework.org/schema/beans
www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<!-- 定义一个视图解析器 -->
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:prefix="/WEB-INF/jsp/" p:suffix=".jsp" />
</beans>
这个XML配置声明一个视图解析器.在控制器中会根据JSP名映射到/WEB-INF/jsp中相应的位置。
4 applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="www.springframework.org/schema/beans"
xmlns:xsi="www.w3.org/2001/XMLSchema-instance"
xmlns:context="www.springframework.org/schema/context"
xmlns:mvc="www.springframework.org/schema/mvc"
xsi:schemaLocation="www.springframework.org/schema/beans
www.springframework.org/schema/beans/spring-beans-3.0.xsd
www.springframework.org/schema/context
www.springframework.org/schema/context/spring-context-3.0.xsd
www.springframework.org/schema/mvc
www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">
<!-- 激活spring的注解. -->
<context:annotation-config />
<!-- 扫描注解组件并且自动的注入spring beans中.
例如,他会扫描@Controller 和@Service下的文件.所以确保此base-package设置正确. -->
<context:component-scan base-package="com.demo" />
<!-- 配置注解驱动的Spring MVC Controller 的编程模型.注:次标签只在 Servlet MVC工作! -->
<mvc:annotation-driven />
</beans>
5 spring-security.xml
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="www.springframework.org/schema/beans"
xmlns:xsi="www.w3.org/2001/XMLSchema-instance"
xmlns:security="www.springframework.org/schema/security"
xsi:schemaLocation="www.springframework.org/schema/beans
www.springframework.org/schema/beans/spring-beans-3.0.xsd
www.springframework.org/schema/security
www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- Spring-Security 的配置 -->
<!-- 注意use-expressions=true.表示开启表达式,否则表达式将不可用.
see:www.family168.com/tutorial/springsecurity3/html/el-access.html
-->
<security:java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ taglib uri="www.springframework.org/tags/form" prefix="form"%>
<%@ taglib uri="www.springframework.org/tags" prefix="spring"%>
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta localhost:8080/spring-security-demo/auth/login
3 输入用户名admin密码admin后,点击“Login”按纽
4 点击“Go AdminPage”链接,因为有权限,所以可看到管理员页面
5 点击“退出登录”,返回登录页
6 输入用户名user密码user并登录
7 点击Go AdminPage链接,因为没有权限,所以看到权限不够的提示
8 退出登录,返回登录页
五、源码下载地址
Github: github.com/zhenghaishu/Spring-Security-Demo