spring-security3配置—学习笔记《一》
来源:互联网 发布:centos 6.5 安装nfs 编辑:程序博客网 时间:2024/05/21 20:24
一、添加jar
pom.xml中配置:
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-acl</artifactId><version>3.1.3.RELEASE</version></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-core</artifactId><version>3.1.3.RELEASE</version></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-taglibs</artifactId><version>3.1.3.RELEASE</version></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-web</artifactId><version>3.1.3.RELEASE</version></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-config</artifactId><version>3.1.3.RELEASE</version></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-crypto</artifactId><version>3.1.3.RELEASE</version></dependency>
二、添加配置
web.xml添加filter:
<!-- security过滤器必须放在struts前 --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
新建applicationContext-security.xml 并引入
<?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security"xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"><!-- 开启debug模式 在控制台输出security处理 --><debug /><!-- 开启注解 --><global-method-security pre-post-annotations="enabled" /><!-- 排除的资源 --><http pattern="/images/**" security="none" /><http pattern="/plugins/**" security="none" /><http pattern="/scripts/**" security="none" /><http pattern="/styles/**" security="none" /><http pattern="/login.jsp" security="none" /><http pattern="/loggedout.jsp" security="none" /><!-- 支持表达式 --><http use-expressions="true"> <intercept-url pattern="/admin/**" access="hasRole('supervisor')"/> <intercept-url pattern="/**" access="hasRole('user')" /> <!-- 四个参数:登录页面|登录失败跳到|登录成功页面|登录action --> <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp" default-target-url="/index.jsp" login-processing-url="/j_security_check"/> <logout logout-success-url="/index.jsp" delete-cookies="JSESSIONID"/> <remember-me /><!-- Uncomment to enable X509 client authentication support <x509 />--> <!-- Uncomment to limit the number of sessions a user can have --> <session-management invalid-session-url="/timeout.jsp"> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" /> </session-management> </http> <!-- Usernames/Passwords are rod/koala dianne/emu scott/wombat peter/opal --> <beans:bean id="encoder" class="org.springframework.security.crypto.password.StandardPasswordEncoder"/> <authentication-manager> <authentication-provider> <password-encoder ref="encoder"/> <user-service> <user name="rod" password="4efe081594ce25ee4efd9f7067f7f678a347bccf2de201f3adf2a3eb544850b465b4e51cdc3fcdde" authorities="supervisor, user, teller" /> <user name="dianne" password="957ea522524a41cbfb649a3e293d56268f840fd5b661b499b07858bc020d6d223f912e3ab303b00f" authorities="user,teller" /> <user name="scott" password="fb1f9e48058d30dc21c35ab4cf895e2a80f2f03fac549b51be637196dfb6b2b7276a89c65e38b7a1" authorities="user" /> <user name="peter" password="e175750688deee19d7179d444bfaf92129f4eea8b4503d83eb8f92a7dd9cda5fbae73638c913e420" authorities="user" /> </user-service> </authentication-provider> </authentication-manager> </beans:beans><!-- 引入其它spring配置文件 -->
<import resource="classpath:applicationContext-*.xml" />
三、新建登录页面
login.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8"pageEncoding="UTF-8"%><%@ taglib prefix="s" uri="/struts-tags" %><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>登录系统</title></head><body><form action="${pageContext.request.contextPath}/j_security_check" method="post">Account:<Input name="j_username" /><br />Password:<input name="j_password" type="password" /><br /> <input value="submit" type="submit" /></form><s:debug></s:debug></body></html>
四、试用
rod/koala dianne/emu scott/wombat peter/opal
使用这些帐号测试登录 登录错误密码应该会跳到login.jsp页面,正确密码跳到index.jsp
登录表单的action 对应配置文件中
login-processing-url="/j_security_check"
可以自定义名称。
用户名和密码 name 是固定的 j_username/j_password
对应spring-security-web-3.1.3.jar下 org.springframework.security.web.authentication 包中 UsernamePasswordAuthenticationFilter
public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "j_username";//line:51public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "j_password";
- spring-security3配置—学习笔记《一》
- Spring Security3学习笔记
- Spring Security3学习笔记
- spring security3的学习笔记
- spring security3.x学习笔记
- Spring Security3 入门一
- Spring Security3配置使用
- Spring Security3配置使用
- Spring Security3配置使用
- Spring Security3 + CAS 配置
- Spring Security3配置使用
- Spring-security3配置笔录
- Spring Security3配置使用说明
- Spring Security3配置使用
- spring security3 笔记
- 学习spring-Security3.0
- Spring Security3初步学习
- Spring Security3学习
- 《Effective Java》读书笔记
- la5092
- android 量产软件改动信息(持续更新)
- 《Java Thread Programming》读书笔记
- SOA and web services 新手入门
- spring-security3配置—学习笔记《一》
- 适配器模式
- 黑马程序员----JAVA----抽象类----
- 比较Perl、PHP、Python、Java和Ruby
- 总结的电脑技巧
- java对象序列化
- squid限速
- 动画演示JAVA并发包用法的项目
- DOS命令大全--详解