spring security3入门级
来源:互联网 发布:淘宝橱窗推荐位置 编辑:程序博客网 时间:2024/05/16 17:19
此教程为新手入门级教程...
使用Spring Security3在网上也提供了四种使用配置方法:
1.全部利用配置文件,将用户、权限、资源(url)硬编码在xml文件中,已经实现过,并经过验证;
2.用户和权限用数据库存储,而资源(url)和权限的对应采用硬编码配置,目前这种方式已经实现,并经过验证。
3.细分角色和权限,并将用户、角色、权限和资源均采用数据库存储,并且自定义过滤器,代替原有的FilterSecurityInterceptor过滤器,并分别实现AccessDecisionManager、InvocationSecurityMetadataSourceService和UserDetailsService,并在配置文件中进行相应配置。
4.修改spring security的源代码,主要是修改InvocationSecurityMetadataSourceService和UserDetailsService两个类。
前者是将配置文件或数据库中存储的资源(url)提取出来加工成为url和权限列表的Map供Security使用,后者提取用户名和权限组成一个完整的(UserDetails)User对象,该对象可以提供用户的详细信息供AuthentationManager进行认证与授权使用。
由于只是对spring security3进行了入门级的学习,所以今天给大家展示的是第一种方法。以助未接触过Spring security更好的同学能简单地理解
后面第三种方法将在日后的学习陆续给大家发出来
=================================================================================================================
现在我们开始配置这个简单的DEMO。
[先看一下项目的目录结构吧....]
[下载架包--spring-security-3.1.0.RELEASE.zip] 因为在spring官网上面已经找不到相关下载页面,所以可以上百度直接搜索该文件
zip目录解压出来的目录
再解压spring-security-3.1.0.RELEASE\dist\spring-security-samples-contacts-3.1.0.RELEASE.war
再把WEB-INF\lib 所有的架包复制到DEMO项目中去,这样子架包这部分就算完成了
下面是代码:
[web.xml]
<?xml version="1.0" encoding="UTF-8"?><web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <!-- 加载spring xml配置文件 --> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:securityConfig.xml</param-value> </context-param> <!-- Spring SECURITY3.1的过滤链配置 --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy </filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- Spring窗口启动监听器 --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- 系统欢迎页面 --> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list></web-app>
[securityConfig.xml]
<?xml version="1.0" encoding="UTF-8"?><b:beans xmlns="http://www.springframework.org/schema/security" xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation= "http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <!-- 登录页面不过滤 --> <http pattern="/login.jsp" security="none"/> <http access-denied-page="/accessDenied.jsp"> <form-login login-page="/login.jsp"/> <!-- 访问/admin.jsp资源的用户必须具有ROLE_ADMIN的权限 --> <intercept-url pattern="/admin.jsp" access="ROLE_USER"/> <!-- 访问/**资源的用户必须具有ROLE_USER的权限 --> <intercept-url pattern="/**" access="ROLE_USER"/> <session-management> <concurrency-control max-sessions="1" error-if-maximum-exceeded="false"/> </session-management> </http> <authentication-manager> <authentication-provider> <user-service> <user name="root" password="123456" authorities="ROLE_USER"/> <user name="zzj" password="123456" authorities="ROLE_USER"/> </user-service> </authentication-provider> </authentication-manager></b:beans>
[index.jsp]<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head> <base href="<%=basePath%>"> <title>My JSP 'index.jsp' starting page</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> </head> <body style="font-size:12px"> 这是首页,欢迎<sec:authentication property="name"/>!<br/> <a href="admin.jsp">进入admin页面</a> <a href="other.jsp">进入其他 页面</a> </body></html>
[login.jsp]<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head> <base href="<%=basePath%>"> <title>登录</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> </head> <body style="font-size:12px"> <form action="j_spring_security_check" method="POST"> <table> <tr> <td>用户:</td> <td><input type="text" name='j_username'/></td> </tr> <tr> <td>密码:</td> <td><input type="password" name="j_password"/></td> </tr> <tr> <td><input name="reset" type="reset"/></td> <td><input name="submit" type="submit"/></td> </tr> </table> </form> </body></html>
[admin.jsp]<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head> <base href="<%=basePath%>"> <title>欢迎访问</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> </head> <body style="font-size:12px"> 欢迎来到[管理员页面] </body></html>
[other.jsp]
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head> <base href="<%=basePath%>"> <title>其他页面</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> </head> <body style="font-size:12px"> 欢迎访问[其他页面] </body></html>
[accessDenied.jsp]<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head> <base href="<%=basePath%>"> <title>访问拒绝</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> </head> <body style="font-size:12px"> 您的访问被拒绝,无权访问该资源!<br/> </body></html>
通上以上配置,一个基于Spring Security安全权限的XML配置DEMO就这样出来了!
- spring security3入门级
- <Spring Security3>入门级详细配置
- Spring Security3 入门一
- Spring Security3 入门二
- spring security3 demo入门
- Spring Security3.0入门
- spring security3入门
- spring security3 demo入门
- spring security3入门
- Spring Security3
- Spring Security3
- Spring Security3
- Spring Security3
- Spring Security3
- spring-security3.*幾點體會
- 《Spring Security3》第一章
- Spring Security3 实践
- 学习spring-Security3.0
- float(单精度)在内存中的存储格式
- 用CRT调试内存泄露
- 变量声明和定义的区别
- 黑马程序员——强制类型转换
- 可以获得高排名的B2B平台大全
- spring security3入门级
- 团购行业的新课题,如何释放商家余量价值
- 程序猿养成--谈谈必须的好习惯
- C#中导出PDF格式文档
- target...action和delegate的异同之处
- C++中,float double区别
- RTCP和RTP协议
- java实现网页的验证码的改良版(火狐可点击刷新)
- linux-kernel调试技术大全<一>上海嵌入式索漫科技培训教材