Spring Security 4 Hello World XML Example(1)
来源:互联网 发布:qq记牌器源码 编辑:程序博客网 时间:2024/05/29 05:07
一、概述
Spring Security为基于Java EE的企业软件应用程序提供全面的安全服务。特别强调支持使用Spring Framework构建的项目,Spring Framework是企业软件开发的领先Java EE解决方案。如果你不使用Spring来开发企业应用程序,我们热烈地鼓励你仔细看看它。对Spring的一些熟悉 - 特别是依赖注入原则 - 将帮助你更容易地加快与Spring Security的速度。
人们使用Spring Security有很多原因,但是大多数人在发现Java EE的Servlet规范或EJB规范的安全特性缺乏典型企业应用程序场景所需的深度后,就会被吸引到该项目。虽然提到这些标准,重要的是要认识到它们在WAR或EAR级别不可移植。因此,如果切换服务器环境,通常需要在新目标环境中重新配置应用程序的安全性。使用Spring Security克服了这些问题,并为您带来了许多其他有用的可自定义的安全功能。
您可能知道应用程序安全性的两个主要领域是“身份验证”和“授权”(或“访问控制”)。这些是Spring Security目标的两个主要领域。 “认证”是建立委托人的过程,他们声称是委托人(“委托人”通常是指可以在您的应用程序中执行操作的用户,设备或其他系统)。“授权”是指决定是否允许主体在您的应用程序中执行操作。为了到达需要授权决定的点,认证过程已经建立了主体的身份。这些概念是常见的,而不是特定于Spring Security。
二、项目结构
1. 项目结构:
2. pom.xml文件如下:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.npf</groupId> <artifactId>spring-security-setup</artifactId> <packaging>war</packaging> <version>0.0.1-SNAPSHOT</version> <name>spring-security-setup Maven Webapp</name> <url>http://maven.apache.org</url> <properties><spring.version>4.1.6.RELEASE</spring.version><project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.10</version> <scope>test</scope> </dependency> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.10</version> <scope>test</scope> </dependency> <dependency><groupId>org.springframework</groupId><artifactId>spring-webmvc</artifactId><version>${spring.version}</version></dependency><dependency> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> <version>${spring.version}</version></dependency><dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.2</version></dependency><dependency> <groupId>jstl</groupId> <artifactId>jstl</artifactId> <version>1.2</version></dependency><dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis-spring</artifactId> <version>1.3.0</version></dependency><dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis</artifactId> <version>3.4.0</version></dependency><dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.30</version></dependency><dependency> <groupId>commons-dbcp</groupId> <artifactId>commons-dbcp</artifactId> <version>1.4</version></dependency><dependency> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> <version>2.5</version></dependency><dependency> <groupId>commons-fileupload</groupId> <artifactId>commons-fileupload</artifactId> <version>1.3.2</version></dependency><dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>4.0.1.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>4.0.1.RELEASE</version> </dependency> </dependencies> <profiles> <profile> <id>jdk-1.7</id> <activation> <activeByDefault>true</activeByDefault> <jdk>1.7</jdk> </activation> <properties> <maven.compiler.source>1.7</maven.compiler.source> <maven.compiler.target>1.7</maven.compiler.target> <maven.compiler.compilerVersion>1.7</maven.compiler.compilerVersion> </properties></profile> </profiles> <build> <finalName>spring-security-setup</finalName> </build></project>3. spring-security.xml文件如下:
<?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd"> <beans:bean id="securityContextLogoutHandle" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/><http auto-config="true" use-expressions="true"> <intercept-url pattern="/" access="permitAll" /> <intercept-url pattern="/home" access="permitAll" /> <intercept-url pattern="/admin/**" access="hasRole('ADMIN')" /> <intercept-url pattern="/dba/**" access="hasRole('ADMIN') and hasRole('DBA')" /> <access-denied-handler error-page="/accessDenied"/> </http> <authentication-manager > <authentication-provider> <user-service> <user name="jack" password="jack123" authorities="ROLE_USER" /> <user name="admin" password="admin123" authorities="ROLE_ADMIN" /> <user name="dba" password="dba123" authorities="ROLE_ADMIN,ROLE_DBA" /> </user-service> </authentication-provider> </authentication-manager></beans:beans>4. web.xml文件添加如下配置:
<filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping><filter-name>springSecurityFilterChain</filter-name><url-pattern>/*</url-pattern> </filter-mapping>5. HelloWorldController:
package com.npf.controller;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.core.Authentication;import org.springframework.security.core.context.SecurityContextHolder;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;import org.springframework.stereotype.Controller;import org.springframework.ui.ModelMap;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RequestMethod;@Controllerpublic class HelloWorldController {@Autowiredprivate SecurityContextLogoutHandler securityContextLogoutHandle;@RequestMapping(value = {"/home"}, method = RequestMethod.GET)public String homePage(ModelMap model) {model.addAttribute("greeting", "Hi, Welcome to mysite. ");return "welcome";}@RequestMapping(value = "/admin/index", method = RequestMethod.GET)public String adminPage(ModelMap model) {Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();String userName = principal instanceof UserDetails ? ((UserDetails) principal).getUsername() : principal.toString();model.addAttribute("user", userName);return "admin/index";}@RequestMapping(value = "/dba/index", method = RequestMethod.GET)public String dbaPage(ModelMap model) {Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();String userName = principal instanceof UserDetails ? ((UserDetails) principal).getUsername() : principal.toString();model.addAttribute("user", userName);return "dba/index";}@RequestMapping(value = "/logout", method = RequestMethod.GET)public String logoutPage(HttpServletRequest request,HttpServletResponse response) {Authentication auth = SecurityContextHolder.getContext().getAuthentication();if (auth != null) {securityContextLogoutHandle.logout(request, response, auth);}return "redirect:/home";}@RequestMapping(value = "/accessDenied", method = RequestMethod.GET)public String accessDeniedPage(ModelMap model) {Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();String userName = principal instanceof UserDetails ? ((UserDetails) principal).getUsername() : principal.toString();model.addAttribute("user", userName);return "accessDenied";}}
三、测试
1. 访问主页: http://localhost:8080/spring-security-setup/home
2. 点击第一个链接进入:
2.1 测试admin对admin相关页面的访问权限
2.1.1. 输入错误的用户名或者密码
你将会看到:
2.1.2. 输入正确的用户名和密码
3. 点击第二个链接进入:
3.1 测试dba对dba相关页面的访问权限
3.1.1. 输入错误的用户名或者密码
你将会看到:
3.1.2. 输入正确的用户名和密码
4. 点击第一个链接进入:
4.1用dba的身份去访问admin的相关页面
4.1.1. 输入正确的用户名和密码
你将会看到,dba可以访问admin的相关页面:
4. 点击第二个链接进入:
4.1 用admin的身份去访问dba的相关页面
4.1.1. 输入正确的用户名和密码
你将会看到,admin不可以访问dba的相关页面:
项目的源代码地址:https://github.com/spring-security/spring-security-setup
参考文献:
1. Spring Security 4 Hello World Annotation+XML Example
- Spring Security 4 Hello World XML Example(1)
- Spring Security hello world example
- Spring Security hello world example
- Spring Security hello world example
- Spring Security hello world example
- Spring Security hello world example
- Spring Security Hello World Annotation Example
- Spring Security XML Hello World
- Spring REST Hello World XML Example
- Spring 3 Hello World Example
- Spring MVC Hello World Example
- Spring MVC Hello World Example
- Maven + Spring hello world example
- Spring 3 hello world example
- Spring MVC hello world example
- Spring MVC hello world example
- Spring MVC hello world example
- Maven + Spring hello world example
- Retrofit2 @DELETE 不能使用@Body问题的解决办法
- 下拉刷新功能是怎么实现的?
- 模拟登陆web微信的流程和参数细节
- SecureCRT连接服务器教程(by Sessions)
- (四十九)socket编程——网络套接字函数及建立C/S模型(TCP)
- Spring Security 4 Hello World XML Example(1)
- Shell echo命令
- vld使用
- Codeforces Round #392 (Div. 2) A、B之我是zz
- html:特殊符号
- 使用Redis模拟简单分布式锁,解决单点故障的问题
- 404问题可能的原因
- gtest Test_F 和Test 区别
- Mapreduce中分布式缓存的使用注意点