Spring Securty 应用（1）-- 基于内存的认证

来源：互联网发布：淘宝卖家怎样实名认证编辑：程序博客网时间：2024/06/16 19:30

完成功能：

1.welcome界面不进行认证，可以直接访问
2.admin界面需要进行认证才能进行访问

具体实现：

1.配置 Spring Security pom.xml
2.配置 Spring Security web.xml 中的拦截器
3.配置 spring-security.xml 进行安全配置
4.定义JSP页面 hello.jsp 和 admin.jsp

配置pom.xml Spring Security的依赖包

<properties>    <spring.security.version>3.2.3.RELEASE</spring.security.version></properties><!-- Spring Security --><dependency>    <groupId>org.springframework.security</groupId>    <artifactId>spring-security-core</artifactId>    <version>${spring.security.version}</version></dependency><dependency>    <groupId>org.springframework.security</groupId>    <artifactId>spring-security-web</artifactId>    <version>${spring.security.version}</version></dependency><dependency>    <groupId>org.springframework.security</groupId>    <artifactId>spring-security-config</artifactId>    <version>${spring.security.version}</version></dependency>

配置 web.xml 进行安全拦截

<!-- Spring Security --><filter>    <filter-name>springSecurityFilterChain</filter-name>    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping>    <filter-name>springSecurityFilterChain</filter-name>    <url-pattern>/*</url-pattern></filter-mapping>

配置spring-security.xml

此处为Spring Security安全认证的核心配置。
次例为当访问admin.jsp页面的时候，进行安全拦截，由于使用默认配置，spring Security会自动跳转到Spring Security 的登录页面 http://localhost:8080/spring_security_login，然后输入用户名和密码，认证通过之后即可访问页面admin.jsp

<http auto-config="true"> 表示使用Spring Security的默认配置<intercept-url pattern="/admin" access="ROLE_USER" /> 表示拦截路劲为/admin，且具有ROLE_USER 访问权限才能通过user-service 为可以认证通过的用户，且局用的访问权限<beans:beans xmlns="http://www.springframework.org/schema/security"         xmlns:beans="http://www.springframework.org/schema/beans"         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"         xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans-3.0.xsdhttp://www.springframework.org/schema/securityhttp://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">    <!-- 只对Admin 进行拦截 -->    <http auto-config="true">        <intercept-url pattern="/admin" access="ROLE_USER" />    </http>    <!-- 基于内存的认证 -->    <authentication-manager>        <authentication-provider>            <user-service>                <user name="admin" password="123456" authorities="ROLE_USER"/>            </user-service>        </authentication-provider>    </authentication-manager></beans:beans>

hello.jsp页面

<%@ page language="java" contentType="text/html; charset=UTF-8"    pageEncoding="UTF-8" session="false"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head>    <meta name="_csrf" content="${_csrf.token}"/>    <meta name="_csrf_header" content="X-CSRF-TOKEN" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>${title}</title></head><body>    <h1>Title:${title}</h1>    <h1>Message:${message}</h1></body></html>

admin.jsp页面

<%@ page language="java" contentType="text/html; charset=UTF-8"         pageEncoding="UTF-8" session="true" %><%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head>    <meta name="_csrf" content="${_csrf.token}"/>    <meta name="_csrf_header" content="X-CSRF-TOKEN"/>    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">    <title>${title}</title></head><body><h1>Title : ${title}</h1><h1>Message : ${message}</h1><c:if test="${pageContext.request.userPrincipal.name != null}">    <h2>        Welcome : ${pageContext.request.userPrincipal.name} | <a            href="<c:url value="/j_spring_security_logout" />"> Logout</a>    </h2></c:if></body></html>

控制器代码

package com.cnblogs.duoduo;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.servlet.ModelAndView;@Controllerpublic class HelloController {    @RequestMapping(value = {"/", "/welcome"})    public ModelAndView welcome() {        ModelAndView model = new ModelAndView();        model.addObject("title", "Welcome - Spring Security Hello World");        model.addObject("message", "This is welcome page!");        model.setViewName("hello");        return model;    }    @RequestMapping(value = "/admin")    public ModelAndView admin() {        ModelAndView model = new ModelAndView();        model.addObject("title", "Admin - Spring Security Hello World");        model.addObject("message", "This is protected page!");        model.setViewName("admin");        return model;    }}

0 0