spring security3入门级

   此教程为新手入门级教程...

  使用Spring Security3在网上也提供了四种使用配置方法：

   1.全部利用配置文件，将用户、权限、资源(url)硬编码在xml文件中，已经实现过，并经过验证；

   2.用户和权限用数据库存储，而资源(url)和权限的对应采用硬编码配置，目前这种方式已经实现，并经过验证。    

   3.细分角色和权限，并将用户、角色、权限和资源均采用数据库存储，并且自定义过滤器，代替原有的FilterSecurityInterceptor过滤器，并分别实现AccessDecisionManager、InvocationSecurityMetadataSourceService和UserDetailsService，并在配置文件中进行相应配置。   

    4.修改spring security的源代码，主要是修改InvocationSecurityMetadataSourceService和UserDetailsService两个类。  

    前者是将配置文件或数据库中存储的资源(url)提取出来加工成为url和权限列表的Map供Security使用，后者提取用户名和权限组成一个完整的(UserDetails)User对象，该对象可以提供用户的详细信息供AuthentationManager进行认证与授权使用。

    由于只是对spring security3进行了入门级的学习，所以今天给大家展示的是第一种方法。以助未接触过Spring security更好的同学能简单地理解

    后面第三种方法将在日后的学习陆续给大家发出来
    =================================================================================================================

    现在我们开始配置这个简单的DEMO。

    [先看一下项目的目录结构吧....]

    

    [下载架包--spring-security-3.1.0.RELEASE.zip]   因为在spring官网上面已经找不到相关下载页面，所以可以上百度直接搜索该文件

    zip目录解压出来的目录

  

  

  再解压spring-security-3.1.0.RELEASE\dist\spring-security-samples-contacts-3.1.0.RELEASE.war

  再把WEB-INF\lib 所有的架包复制到DEMO项目中去，这样子架包这部分就算完成了

  下面是代码：

  [web.xml]

<?xml version="1.0" encoding="UTF-8"?><web-app version="2.5"     xmlns="http://java.sun.com/xml/ns/javaee"     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee     http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">  <welcome-file-list>    <welcome-file>index.jsp</welcome-file>  </welcome-file-list>    <!-- 加载spring xml配置文件 -->  <context-param>    <param-name>contextConfigLocation</param-name>    <param-value>classpath:securityConfig.xml</param-value>  </context-param>    <!-- Spring SECURITY3.1的过滤链配置 -->  <filter>    <filter-name>springSecurityFilterChain</filter-name>    <filter-class>        org.springframework.web.filter.DelegatingFilterProxy    </filter-class>  </filter>    <filter-mapping>    <filter-name>springSecurityFilterChain</filter-name>    <url-pattern>/*</url-pattern>  </filter-mapping>    <!-- Spring窗口启动监听器 -->  <listener>    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>  </listener>      <!--  系统欢迎页面 -->  <welcome-file-list>    <welcome-file>index.jsp</welcome-file>  </welcome-file-list></web-app>

  [securityConfig.xml]

<?xml version="1.0" encoding="UTF-8"?><b:beans xmlns="http://www.springframework.org/schema/security"       xmlns:b="http://www.springframework.org/schema/beans"       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xsi:schemaLocation=               "http://www.springframework.org/schema/beans                 http://www.springframework.org/schema/beans/spring-beans-3.1.xsd                http://www.springframework.org/schema/security                http://www.springframework.org/schema/security/spring-security-3.1.xsd">               <!-- 登录页面不过滤 -->     <http pattern="/login.jsp" security="none"/>     <http access-denied-page="/accessDenied.jsp">        <form-login login-page="/login.jsp"/>        <!-- 访问/admin.jsp资源的用户必须具有ROLE_ADMIN的权限 -->        <intercept-url pattern="/admin.jsp" access="ROLE_USER"/>        <!-- 访问/**资源的用户必须具有ROLE_USER的权限 -->        <intercept-url pattern="/**" access="ROLE_USER"/>        <session-management>            <concurrency-control max-sessions="1" error-if-maximum-exceeded="false"/>        </session-management>     </http>          <authentication-manager>        <authentication-provider>            <user-service>                <user name="root" password="123456" authorities="ROLE_USER"/>                <user name="zzj" password="123456" authorities="ROLE_USER"/>            </user-service>        </authentication-provider>     </authentication-manager></b:beans>

 [index.jsp]

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>  <head>    <base href="<%=basePath%>">        <title>My JSP 'index.jsp' starting page</title>    <meta http-equiv="pragma" content="no-cache">    <meta http-equiv="cache-control" content="no-cache">    <meta http-equiv="expires" content="0">        <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">    <meta http-equiv="description" content="This is my page">    <!--    <link rel="stylesheet" type="text/css" href="styles.css">    -->  </head>    <body style="font-size:12px">    这是首页，欢迎<sec:authentication property="name"/>!<br/>    <a href="admin.jsp">进入admin页面</a>    <a href="other.jsp">进入其他 页面</a>  </body></html>

 [login.jsp]

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>  <head>    <base href="<%=basePath%>">        <title>登录</title>        <meta http-equiv="pragma" content="no-cache">    <meta http-equiv="cache-control" content="no-cache">    <meta http-equiv="expires" content="0">        <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">    <meta http-equiv="description" content="This is my page">    <!--    <link rel="stylesheet" type="text/css" href="styles.css">    -->  </head>    <body style="font-size:12px">    <form action="j_spring_security_check" method="POST">        <table>            <tr>                <td>用户:</td>                <td><input type="text" name='j_username'/></td>            </tr>            <tr>                <td>密码:</td>                <td><input type="password" name="j_password"/></td>            </tr>            <tr>                <td><input name="reset" type="reset"/></td>                <td><input name="submit" type="submit"/></td>            </tr>        </table>    </form>  </body></html>

 [admin.jsp]

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>  <head>    <base href="<%=basePath%>">        <title>欢迎访问</title>        <meta http-equiv="pragma" content="no-cache">    <meta http-equiv="cache-control" content="no-cache">    <meta http-equiv="expires" content="0">        <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">    <meta http-equiv="description" content="This is my page">    <!--    <link rel="stylesheet" type="text/css" href="styles.css">    -->  </head>    <body style="font-size:12px">    欢迎来到[管理员页面]  </body></html>

 [other.jsp]

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>  <head>    <base href="<%=basePath%>">        <title>其他页面</title>        <meta http-equiv="pragma" content="no-cache">    <meta http-equiv="cache-control" content="no-cache">    <meta http-equiv="expires" content="0">        <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">    <meta http-equiv="description" content="This is my page">    <!--    <link rel="stylesheet" type="text/css" href="styles.css">    -->  </head>    <body style="font-size:12px">   欢迎访问[其他页面]  </body></html>

  [accessDenied.jsp]

<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html>  <head>    <base href="<%=basePath%>">        <title>访问拒绝</title>        <meta http-equiv="pragma" content="no-cache">    <meta http-equiv="cache-control" content="no-cache">    <meta http-equiv="expires" content="0">        <meta http-equiv="keywords" content="keyword1,keyword2,keyword3">    <meta http-equiv="description" content="This is my page">    <!--    <link rel="stylesheet" type="text/css" href="styles.css">    -->  </head>    <body style="font-size:12px">    您的访问被拒绝，无权访问该资源！<br/>  </body></html>

   通上以上配置，一个基于Spring Security安全权限的XML配置DEMO就这样出来了！