01Hello Spring Security例子--spring最小配置

来源：互联网发布：北大青鸟c语言教程编辑：程序博客网时间：2024/05/23 00:09

一.Hello Spring Security例子(在chapter02.00-calendar项目的基础上进行修改).
1.在pom.xml添加依赖:

    <dependency>      <groupId>org.springframework.security</groupId>      <artifactId>spring-security-config</artifactId>      <version>3.1.0.RELEASE</version>      <scope>runtime</scope>    </dependency>    <dependency>      <groupId>org.springframework.security</groupId>      <artifactId>spring-security-core</artifactId>      <version>3.1.0.RELEASE</version>      <scope>compile</scope>    </dependency>    <dependency>      <groupId>org.springframework.security</groupId>      <artifactId>spring-security-web</artifactId>      <version>3.1.0.RELEASE</version>      <scope>compile</scope>    </dependency>

2.添加security配置文件src/main/webapp/WEB-INF/spring/security.xml(这些命名空间直接从官方Reference直接Copy,不同的版本还是有差别的)

<?xml version="1.0" encoding="UTF-8"?> <bean:beans    xmlns:bean="http://www.springframework.org/schema/beans"    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"    xmlns="http://www.springframework.org/schema/security"    xsi:schemaLocation="http://www.springframework.org/schema/beans    http://www.springframework.org/schema/beans/spring-beans-3.1.xsd    http://www.springframework.org/schema/security    http://www.springframework.org/schema/security/spring-security-3.1.xsd">   <http auto-config="true">     <intercept-url pattern="/**" access="ROLE_USER"/>   </http>  <authentication-manager>     <authentication-provider>       <user-service>         <user name="user1@example.com"            password="user1"            authorities="ROLE_USER"/>       </user-service>     </authentication-provider>   </authentication-manager></bean:beans>

这里的auto-config可以看成是

<http>
<form-login />
<http-basic />
<logout />
</http>
的缩写.
http元素创建一个filter来确保当前登录的用户与适当的角色相关联.此例子,确保用户与ROLE_USER相关联.重要的是,理解角色的名字是随意的.
authentication-manager元素就是如何对用户进行验证。此例子，我们使用内存中的数据存储来比较用户名和密码.更进一步,
user-service元素也创建了一个UserDetailsManager的o.s.s.provisioning.InMemoryUserDetailsManager实现Bean(也就是可以使用@Autowired的类型装配可以注入此bean),
当然也可以使用UserDetailsService,因为UserDetailsManager继承UserDetailsService接口.刚入门时,user元素配置就是创建了一个内存用户,不必深入了解,大概知这么回事.

3.在web.xml
在<context-param>--><param-value>下添加/WEB-INF/spring/security.xml

<context-param>   <param-name>contextConfigLocation</param-name>   <param-value>     /WEB-INF/spring/services.xml    /WEB-INF/spring/i18n.xml    /WEB-INF/spring/security.xml  </param-value> </context-param> <listener>   <listener-class>    org.springframework.web.context.ContextLoaderListener  </listener-class> </listener>

使用ContextLoaderListener来初始化上面指定的配置组件到spring容器去.

添加springSecurityFilterChain(一般将这个filter放在第一个filter)

<filter>  <filter-name>springSecurityFilterChain</filter-name>   <filter-class>    org.springframework.web.filter.DelegatingFilterProxy  </filter-class> </filter> <filter-mapping>   <filter-name>springSecurityFilterChain</filter-name>   <url-pattern>/*</url-pattern> </filter-mapping>

4.启动测试输入地址,马上会弹出登录页面.输入上面配置的用户名和密码登录.

0 0