Spring+Spring Security+Maven 实现的一个Hello World例子
来源:互联网 发布:淘宝的返现怎么使用 编辑:程序博客网 时间:2024/05/21 09:16
Spring Security允许开发人员轻松地将安全功能集成到J2EE Web应用程序中,它通过Servlet过滤器实现“用户自定义”安全检查。
在本教程中,我们将向您展示如何在Spring MVC中集成Spring Security 3.0并安全访问。在集成成功后,当我们查看页面的内容时用户需要先输入正确的“用户名”和“密码”。
本教程的开发环境为:
1.Spring 3.0.5.RELEASE
2.Spring Security 3.0.5.RELEASE
3.Eclipse 3.6
4.JDK 1.6
5.Maven 3
注意:Spring Security 3.0 至少需要java 5.0或更高的运行环境。
1.目录结构
本教程的最终目录如下所示:
2.Spring Security依赖关系
为了正常运行 Spring security 3.0, 你需要加入 “spring-security-core.jar“, “spring-security-web.jar” and “spring-security-config.jar“. 在Maven库中你需要加入Spring配置库
pom.xml
<
properties
>
<
spring.version
>3.0.5.RELEASE</
spring.version
>
</
properties
>
<
dependencies
>
<!-- Spring 3 -->
<
dependency
>
<
groupId
>org.springframework</
groupId
>
<
artifactId
>spring-core</
artifactId
>
<
version
>${spring.version}</
version
>
</
dependency
>
<
dependency
>
<
groupId
>org.springframework</
groupId
>
<
artifactId
>spring-web</
artifactId
>
<
version
>${spring.version}</
version
>
</
dependency
>
<
dependency
>
<
groupId
>org.springframework</
groupId
>
<
artifactId
>spring-webmvc</
artifactId
>
<
version
>${spring.version}</
version
>
</
dependency
>
<!-- Spring Security -->
<
dependency
>
<
groupId
>org.springframework.security</
groupId
>
<
artifactId
>spring-security-core</
artifactId
>
<
version
>${spring.version}</
version
>
</
dependency
>
<
dependency
>
<
groupId
>org.springframework.security</
groupId
>
<
artifactId
>spring-security-web</
artifactId
>
<
version
>${spring.version}</
version
>
</
dependency
>
<
dependency
>
<
groupId
>org.springframework.security</
groupId
>
<
artifactId
>spring-security-config</
artifactId
>
<
version
>${spring.version}</
version
>
</
dependency
>
</
dependencies
>
</
project
>
3.Spring MVC Web应用程序
本教程是一个简单的Spring MVC 应用程序,即访问“/welcome”跳转到“hello.jsp”页面,稍后用Spring Security安全访问这个链接。
HelloController.java
package
com.mkyong.common.controller;
import
org.springframework.stereotype.Controller;
import
org.springframework.ui.ModelMap;
import
org.springframework.web.bind.annotation.RequestMapping;
import
org.springframework.web.bind.annotation.RequestMethod;
@Controller
@RequestMapping
(
"/welcome"
)
public
class
HelloController {
@RequestMapping
(method = RequestMethod.GET)
public
String printWelcome(ModelMap model) {
model.addAttribute(
"message"
,
"Spring Security Hello World"
);
return
"hello"
;
}
}
hello.jsp
<
html
>
<
body
>
<
h1
>Message : ${message}</
h1
>
</
body
>
</
html
>
mvc-dispatcher-servlet.xml
<
beans
xmlns
=
"http://www.springframework.org/schema/beans"
xmlns:context
=
"http://www.springframework.org/schema/context"
xmlns:xsi
=
"http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<
context:component-scan
base-package
=
"com.mkyong.common.controller"
/>
<
bean
class
=
"org.springframework.web.servlet.view.InternalResourceViewResolver"
>
<
property
name
=
"prefix"
>
<
value
>/WEB-INF/pages/</
value
>
</
property
>
<
property
name
=
"suffix"
>
<
value
>.jsp</
value
>
</
property
>
</
bean
>
</
beans
>
4.Spring Secuity:用户验证
创建一个单独的Spring配置文件去定义Spring Security相关的东西。它要实现的是:只有用户输入了正确的用户名“mkyong”和密码“123456”才可以访问“/welcome” 。
下面的Spring配置文件你应该明白是什么意思。
spring-security.xml:
<
beans:beans
xmlns
=
"http://www.springframework.org/schema/security"
xmlns:beans
=
"http://www.springframework.org/schema/beans"
xmlns:xsi
=
"http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
<
http
auto-config
=
"true"
>
<
intercept-url
pattern
=
"/welcome*"
access
=
"ROLE_USER"
/>
</
http
>
<
authentication-manager
>
<
authentication-provider
>
<
user-service
>
<
user
name
=
"mkyong"
password
=
"123456"
authorities
=
"ROLE_USER"
/>
</
user-service
>
</
authentication-provider
>
</
authentication-manager
>
</
beans:beans
>
5.整合Spring Security
想要在Web应用程序中整合Spring Security,只需加入“DelegatingFilterProxy”作为Servlet过滤器拦截到来的请求即可。
web.xml
<
web-app
id
=
"WebApp_ID"
version
=
"2.4"
xmlns
=
"http://java.sun.com/xml/ns/j2ee"
xmlns:xsi
=
"http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<
display-name
>Spring MVC Application</
display-name
>
<!-- Spring MVC -->
<
servlet
>
<
servlet-name
>mvc-dispatcher</
servlet-name
>
<
servlet-class
>
org.springframework.web.servlet.DispatcherServlet
</
servlet-class
>
<
load-on-startup
>1</
load-on-startup
>
</
servlet
>
<
servlet-mapping
>
<
servlet-name
>mvc-dispatcher</
servlet-name
>
<
url-pattern
>/</
url-pattern
>
</
servlet-mapping
>
<
listener
>
<
listener-class
>
org.springframework.web.context.ContextLoaderListener
</
listener-class
>
</
listener
>
<
context-param
>
<
param-name
>contextConfigLocation</
param-name
>
<
param-value
>
/WEB-INF/mvc-dispatcher-servlet.xml,
/WEB-INF/spring-security.xml
</
param-value
>
</
context-param
>
<!-- Spring Security -->
<
filter
>
<
filter-name
>springSecurityFilterChain</
filter-name
>
<
filter-class
>
org.springframework.web.filter.DelegatingFilterProxy
</
filter-class
>
</
filter
>
<
filter-mapping
>
<
filter-name
>springSecurityFilterChain</
filter-name
>
<
url-pattern
>/*</
url-pattern
>
</
filter-mapping
>
</
web-app
>
6.Demo
就是以上这些配置了,登陆页面在哪儿呢?不要着急,如果你不知道怎么创建登陆页面,我们将会创建一个简单的登陆页面去验证。
(登陆验证页面请访问:Spring Security实现的表单登陆的例子)
当我们访问“http://localhost:8080/SpringMVC/welcome”时,Spring Security 将会自动拦截到“http://localhost:8080/SpringMVC/spring_security_login”登陆页面验证身份。
http://localhost:8080/SpringMVC/spring_security_login页面如下所示:
如果输错了用户名和密码则页面会显示错误的消息,如下所示:
http://localhost:8080/SpringMVC/spring_security_login?login_error
如果我们输对了用户名和密码,Spring Security则会跳转到欢迎页面,如下所示:
http://localhost:8080/SpringMVC/welcome
本文为原创文章,转载请注明出处,首发于http://www.it161.com/article/javaDetail?articleid=140107223703
更多IT文章,请访问http://www.it161.com/
- Spring+Spring Security+Maven 实现的一个Hello World例子
- Spring Security hello world example
- Spring Security hello world example
- Spring Security hello world example
- Spring Security hello world example
- Spring Security hello world example
- Spring Security XML Hello World
- spring mvc Hello World 的例子
- Spring Boot系列01-Spring Boot + maven 实现Hello World
- Spring MVC Hello World 例子
- Maven + Spring hello world example
- Maven + Spring hello world example
- Spring Security oAuth学习之Hello World
- Spring Security Hello World Annotation Example
- Spring Security 系列教程-Hello World
- Spring Security 系列教程-Hello World
- Spring Security 入门教程 -01- Hello World
- Spring 的Hello world
- linux(ubuntu12.04)安装Twisted、Scrapy爬虫框架
- sql server触发器
- 数据库的内联,外联查询
- phpcms v9导航栏子栏目调用方法
- 无法访问网站,IIS重启无效,一定要重启服务器才正常? Connections_Refused引起的
- Spring+Spring Security+Maven 实现的一个Hello World例子
- 一般巡检的操作
- Android中的forceStopPackage—应用中关闭其他应用程序
- BindException、ConnectException和SocketException
- 全面拥抱 Qt 4.6 + 让Qt应用程序支持换肤(Skin)功能
- gcc下.a库文件的编译生成和使用
- 黑马程序员-----类加载器与委托机制总结*
- 最近要看的书
- 广州传智播客.Net基础班你还没有参加吗?