【Spring Security】之一：Eclipse搭建Spring Security项目

写在前面的话：本人小白，仅供参考。

一、原材料

1、Eclipse软件，直接从官网下载；

2、SpringFramework的全套jar包：spring-framework-4.1.7.RELEASE-dist.zip；

3、Spring Security的全套jar包：spring-security-4.0.1.RELEASE-dist.zip；

4、SpringFramework依赖的jar包：commons-logging-4.0.6.jar，log4j-1.2.16.jar；

二、工序

1、Eclipse建立Dynamic Web类型（动态网页）的工程，注意自动生成web.xml文件（当然创建工程的时候不生成也可以后续手动添加）。

工程目录如下：

将（一）中2、3、4项包含的jar包全部拷贝到WebContent/WEB-INF/lib下；

2、配置web.xml文件

<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" 

<span></span>xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" 

<span></span>id="WebApp_ID" version="3.1">    <display-name>security</display-name>      <!--      - Location of the XML file that defines the root application context      - Applied by ContextLoaderListener.      -->    <context-param>        <param-name>contextConfigLocation</param-name>        <param-value>            classpath:applicationContext.xml            /WEB-INF/config-security.xml        </param-value>    </context-param>        <!-- 配置Security -->    <filter><filter-name>springSecurityFilterChain</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping><filter-name>springSecurityFilterChain</filter-name><url-pattern>/*</url-pattern></filter-mapping>      <!-- 配置Spring的Web应用 -->    <!--      - Loads the root application context of this web app at startup.      - The application context is then available via      - WebApplicationContextUtils.getWebApplicationContext(servletContext).    -->    <listener>        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>    </listener>  </web-app>

3、配置config-security.xml

<?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security"    xmlns:beans="http://www.springframework.org/schema/beans"    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"    xsi:schemaLocation="http://www.springframework.org/schema/beans         http://www.springframework.org/schema/beans/spring-beans-4.1.xsd        http://www.springframework.org/schema/security         http://www.springframework.org/schema/security/spring-security-4.0.xsd">             <http><span></span><intercept-url pattern="/**" access="hasRole('USER')" /><span></span><form-login /><span></span><logout />    </http>    <!-- koala: koala   emu:emu   wombat:wombat -->    <authentication-manager>        <authentication-provider>            <password-encoder hash="md5"/>            <user-service>                <user name="koala" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />                <user name="emu" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />                <user name="wombat" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />            </user-service>        </authentication-provider>    </authentication-manager>                        </beans:beans>                       

4、配置applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"     xmlns:context="http://www.springframework.org/schema/context"    xsi:schemaLocation="http://www.springframework.org/schema/beans         http://www.springframework.org/schema/beans/spring-beans-3.2.xsd        http://www.springframework.org/schema/context        http://www.springframework.org/schema/context/spring-context-3.2.xsd        http://www.springframework.org/schema/tx         http://www.springframework.org/schema/tx/spring-tx-3.2.xsd">    <!-- Root Context: defines shared resources visible to all other web components -->     </beans>

5、编辑index.xml

<!doctype html><html><head>    <title>Spring Security</title></head><body>    <h1>Hello Sprig Security!</h1>    <hr></body></html>

三、验收

至此，我们并没有写任何的java代码，只是配置了Spring Security到我们的web工程中来并配置了简单的登录验证。我们可以看到如下效果：

                           

                                     图1 在tomcat服务器运行index.xml文件                                                                  图2 用户名/密码不匹配时

                                  图2 用户名/密码匹配时