Spring Security java配置与XML配置的对应和转换
来源:互联网 发布:手机恢复数据免费 编辑:程序博客网 时间:2024/05/20 06:08
先放官网文档 http://docs.spring.io/spring-security/site/docs/current/reference/html/ (最值得看!!!)
然后是别人写的spring mvc 以及spring security的java,xml配置对比的文档。http://hanqunfeng.iteye.com/blog/2114980
java配置代码如下
public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private MySavedRequestAwareAuthenticationSuccessHandler authenticationSuccessHandler; @Autowired private MyAuthenticationFailureHandler myAuthenticationFailureHandler; // @Override protected void configure(HttpSecurity http) throws Exception { http.formLogin() .successHandler(authenticationSuccessHandler) .failureHandler(myAuthenticationFailureHandler).and() .requiresChannel() .antMatchers("/login").requiresSecure() .antMatchers("/system1/**").requiresSecure() .antMatchers("/system2/**").requiresSecure().and() .authorizeRequests() .antMatchers("/login", "/myresource/**").permitAll() .antMatchers("/system1/**").hasRole("USER1") .antMatchers("/system2/**").hasRole("USER2") .antMatchers("/system3/**").hasAnyRole("USER1", "USER2") .anyRequest().authenticated();//.and() } ///这个函数主要说明需要认证的用户,密码,以及权限 @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(new MyUserDetailService()); }}
XML配置代码如下
web.xml如下
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0"> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <listener> <listener-class>config.MyServerInit</listener-class> </listener> <context-param> <param-name>contextConfigLocation</param-name> <param-value> classpath:applicationContext.xml, classpath:spring-security.xml </param-value> </context-param> <servlet> <servlet-name>mvc-dispatcher</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:mvc-dispatcher-servlet.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>mvc-dispatcher</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping></web-app>
mvc-dipatcher-servlet.xml 如下
<?xml version="1.0" encoding="UTF-8"?><beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans" xmlns:p="http://www.springframework.org/schema/p" xmlns:c="http://www.springframework.org/schema/c" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> <!-- 静态资源(js、image等)的访问 --> <mvc:default-servlet-handler/> <!-- 开启注解 --> <mvc:annotation-driven/> <!--指明 controller 所在包,并扫描其中的注解 <context:component-scan base-package="evss.controller"/> --> <bean id="baseController" class="web.BaseController" /> <!--ViewResolver 视图解析器--> <!--用于支持Servlet、JSP视图解析--> <bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/> <property name="prefix" value="/WEB-INF/pages/"/> <property name="suffix" value=".jsp"/> </bean></beans>
applicationContext.xml的内容也是为空
<?xml version="1.0" encoding="UTF-8"?><beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans" xmlns:p="http://www.springframework.org/schema/p" xmlns:c="http://www.springframework.org/schema/c" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:task="http://www.springframework.org/schema/task" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"></beans>
最最关键代码来了。
spring-security.xml代码如下
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans-3.0.xsdhttp://www.springframework.org/schema/securityhttp://www.springframework.org/schema/security/spring-security.xsd"> <beans:bean id="myUserDetailService" class ="config.MyUserDetailService"/> <beans:bean id="mySavedRequestAwareAuthenticationSuccessHandler" class ="config.MySavedRequestAwareAuthenticationSuccessHandler"/> <beans:bean id="myAuthenticationFailureHandler" class ="config.MyAuthenticationFailureHandler"/> <beans:bean id="myMatcher" class ="config.MyMatcher"/> <http> <intercept-url pattern="/system1/**" requires-channel="https" access="hasRole('USER1')" /> <intercept-url pattern="/system2/**" requires-channel="https" access="hasRole('USER2')" /> <intercept-url pattern="/system3/**" requires-channel="https" access="hasRole('USER1','USER2')" /> <intercept-url pattern="/login" requires-channel="https" access="permitAll"/> <intercept-url pattern="/myresource" access="permitAll"/> <intercept-url request-matcher-ref="myMatcher" access="authenticated" /> <!--<intercept-url pattern="/**" access="authenticated"/>--> <!-- 如果需要定义自己的类实现角色和路径的判定 <intercept-url request-matcher-ref="myMatcher"/>--> <form-login authentication-success-handler-ref="mySavedRequestAwareAuthenticationSuccessHandler" authentication-failure-handler-ref="myAuthenticationFailureHandler" /> </http> <authentication-manager> <authentication-provider user-service-ref='myUserDetailService'/> </authentication-manager></beans:beans>
其中的MyMatcher的代码如下
import org.springframework.security.web.util.matcher.RequestMatcher;import javax.servlet.http.HttpServletRequest;import java.util.List;import java.util.regex.Pattern;/** * Created by zhangjiasong on 2016/12/14. */public class MyMatcher implements RequestMatcher { private Pattern allowedMethods = Pattern .compile("^(GET|HEAD|TRACE|OPTIONS)$"); public boolean matches(HttpServletRequest request) { if (execludeUrls != null && execludeUrls.size() > 0) { String servletPath = request.getServletPath(); for (String url : execludeUrls) { if (servletPath.contains(url)) { return false; } } } return !allowedMethods.matcher(request.getMethod()).matches(); } /** * 需要排除的url列表 */ private List<String> execludeUrls; public List<String> getExecludeUrls() { return execludeUrls; } public void setExecludeUrls(List<String> execludeUrls) { this.execludeUrls = execludeUrls; }}
正在的对应就是spring-security.xml 借助官网文档。翻译还是很容易。
0 0
- Spring Security java配置与XML配置的对应和转换
- xml :spring-security 配置
- Spring Security的配置
- spring security的配置
- java的方式配置spring security
- spring security的配置和使用
- oracle 时间类型 与java mybatis.xml 文件配置 resultMap 对应时间类型 JsonConfig 转换oracle里的时间类型
- Spring Security学习与配置
- spring security配置与分析
- SPRING SECURITY JAVA配置:Web Security
- SPRING SECURITY JAVA配置:Web Security
- spring security xml配置官方详解
- 有关Spring Security 的配置
- Spring Security的配置使用
- activeMQ优点与和spring整合的xml配置
- Spring Security无xml配置开发中的若干个配置
- Spring Security 3.1配置与使用
- Spring Security 3.1配置与使用
- scroll家族
- win下C/C++调用python
- 安卓开发技术:监听软键盘的显示与隐藏
- 软件工程笔记整理
- spring中配置DBCP BasicDataSource的方式
- Spring Security java配置与XML配置的对应和转换
- 【常用模板】 混合背包
- codesmart在vs6中似乎只有vb6的版本,那就用Visual Assist做补充吧。其实mztools
- JVM内存管理基础
- 数据库连接奇葩错误
- MySql四舍五入
- 栅格服务封装
- 多重背包
- Faster RCNN详解:从region proposal到bounding box回归