springsecurity4.2入门完整实例

1、构建maven项目，引入springsecurity相关依赖。

项目结构如下：

pom.xml配置文件主要部分：

<properties>         <spring.version>4.2.0.RELEASE</spring.version>  </properties>  <dependencies>         <dependency>                <groupId>org.springframework</groupId>                <artifactId>spring-beans</artifactId>                <version>${spring.version}</version>         </dependency>         <dependency>              <groupId>org.springframework</groupId>              <artifactId>spring-context</artifactId>              <version>${spring.version}</version>         </dependency>         <dependency>              <groupId>org.springframework</groupId>              <artifactId>spring-webmvc</artifactId>              <version>${spring.version}</version>         </dependency>         <dependency>            <groupId>org.springframework.security</groupId>            <artifactId>spring-security-web</artifactId>            <version>${spring.version}</version>         </dependency>         <dependency>             <groupId>org.springframework.security</groupId>             <artifactId>spring-security-config</artifactId>             <version>${spring.version}</version>         </dependency>         <dependency>             <groupId>jstl</groupId>             <artifactId>jstl</artifactId>             <version>1.2</version>         </dependency>  </dependencies>

2、配置web.xml。

<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">                <display-name>springsecurity</display-name>                <context-param>                           <param-name>contextConfigLocation</param-name>                           <param-value>classpath:spring-security.xml</param-value>                </context-param>                <servlet>                            <servlet-name>springmvc</servlet-name>                            <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>                            <init-param>                                  <param-name>contextConfigLocation</param-name>                                  <param-value>classpath:spring-mvc.xml</param-value>                            </init-param>                            <load-on-startup>1</load-on-startup>                </servlet>                <servlet-mapping>                           <servlet-name>springmvc</servlet-name>                           <url-pattern>/</url-pattern>                </servlet-mapping>                              <listener>                            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>                </listener>                <filter>                        <filter-name>springSecurityFilterChain</filter-name>                        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>                </filter>                                <filter-mapping>                         <filter-name>springSecurityFilterChain</filter-name>                         <url-pattern>/*</url-pattern>                </filter-mapping>                <welcome-file-list>                     <welcome-file>index.jsp</welcome-file>                </welcome-file-list></web-app>

3、书写AdminController.java类。

package com.xxx.web.controller;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RequestMethod;import org.springframework.web.servlet.ModelAndView;@Controllerpublic class AdminController {             @RequestMapping(value= {"/","/welcome**"},method=RequestMethod.GET)         public ModelAndView welcome() {             ModelAndView welcome = new ModelAndView();             welcome.addObject("title","welcome");             welcome.addObject("message","this is a security page");             welcome.setViewName("hello");             return welcome;         }                  @RequestMapping(value="/admin**",method=RequestMethod.GET)         public ModelAndView admin() {             ModelAndView welcome = new ModelAndView();             welcome.addObject("title","admin");             welcome.addObject("message","this is a admin page");             welcome.setViewName("admin");             return welcome;         }}

4、配置spring-mvc.xml。

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns:context="http://www.springframework.org/schema/context"xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.2.xsdhttp://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd">         <context:component-scan base-package="com.xxx.*"/>         <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">                <property name="prefix" >                           <value>/WEB-INF/views/</value>                </property>                <property name="suffix">                           <value>.jsp</value>                </property>         </bean></beans>

5、配置spring-security.xml。

<?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security"    xmlns:beans="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd    http://www.springframework.org/schema/beans     http://www.springframework.org/schema/beans/spring-beans-4.2.xsd"><http auto-config="true">       <intercept-url pattern="/admin**" access="hasRole('ROLE_USER')"/></http>       <authentication-manager>              <authentication-provider>                   <user-service>                                     <user name="admin" password="123456" authorities="ROLE_USER"/>                   </user-service>              </authentication-provider>       </authentication-manager></beans:beans>

<intercept-url pattern="/admin**" access="hasRole('ROLE_USER')"/>这句配置中，4.0以后版本都使用hasRole('ROLE_USER')取代原来的ROLE_USER。

6、准备页面。

admin.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"%><%@page session="true" %><%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %><!DOCTYPE html><html><head><meta charset="UTF-8"><title>hello</title></head><body>         <h2>title:${title }</h2>         <h2>message:${message }</h2>         <c:if test="${pageContext.request.userPrincipal.name != null  }">               <h2>welcome you ,${pageContext.request.userPrincipal.name }! | <a href="<c:url value='/j_spring_security_logout'/>">Logout</a></h2>         </c:if></body></html>

hello.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"%><!DOCTYPE html><html><head><meta charset="UTF-8"><title>hello</title></head><body>         <h2>title:${title }</h2>         <h2>message:${message }</h2></body></html>

这里并没有登录页面，我们会使用springsecurity给我们提供的默认的登录页面，这个登录页面可以自定义。

7、启动tomcat,访问项目http://localhost:8080/springsecurity/admin

直接访问首页，或者欢迎页，不会提示登录。直接进入页面。

欢迎页和admin.jsp在同一个目录下

初次访问http://localhost:8080/springsecurity/admin提示登录，这是springsecurity为我们提供的默认的登录页面

用户名或者密码错误，登录失败

登录成功，跳转欢迎页面