Spring Security 4 Hello World XML Example(1)

来源：互联网发布：qq记牌器源码编辑：程序博客网时间：2024/05/29 05:07

一、概述

Spring Security为基于Java EE的企业软件应用程序提供全面的安全服务。特别强调支持使用Spring Framework构建的项目，Spring Framework是企业软件开发的领先Java EE解决方案。如果你不使用Spring来开发企业应用程序，我们热烈地鼓励你仔细看看它。对Spring的一些熟悉 - 特别是依赖注入原则 - 将帮助你更容易地加快与Spring Security的速度。

人们使用Spring Security有很多原因，但是大多数人在发现Java EE的Servlet规范或EJB规范的安全特性缺乏典型企业应用程序场景所需的深度后，就会被吸引到该项目。虽然提到这些标准，重要的是要认识到它们在WAR或EAR级别不可移植。因此，如果切换服务器环境，通常需要在新目标环境中重新配置应用程序的安全性。使用Spring Security克服了这些问题，并为您带来了许多其他有用的可自定义的安全功能。
您可能知道应用程序安全性的两个主要领域是“身份验证”和“授权”（或“访问控制”）。这些是Spring Security目标的两个主要领域。 “认证”是建立委托人的过程，他们声称是委托人（“委托人”通常是指可以在您的应用程序中执行操作的用户，设备或其他系统）。“授权”是指决定是否允许主体在您的应用程序中执行操作。为了到达需要授权决定的点，认证过程已经建立了主体的身份。这些概念是常见的，而不是特定于Spring Security。

二、项目结构

1. 项目结构：

2. pom.xml文件如下：

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">  <modelVersion>4.0.0</modelVersion>  <groupId>com.npf</groupId>  <artifactId>spring-security-setup</artifactId>  <packaging>war</packaging>  <version>0.0.1-SNAPSHOT</version>  <name>spring-security-setup Maven Webapp</name>  <url>http://maven.apache.org</url>  <properties><spring.version>4.1.6.RELEASE</spring.version><project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>  </properties>    <dependencies>    <dependency>      <groupId>junit</groupId>      <artifactId>junit</artifactId>      <version>4.10</version>      <scope>test</scope>    </dependency>        <dependency>      <groupId>junit</groupId>      <artifactId>junit</artifactId>      <version>4.10</version>      <scope>test</scope>    </dependency>    <dependency><groupId>org.springframework</groupId><artifactId>spring-webmvc</artifactId><version>${spring.version}</version></dependency><dependency>    <groupId>org.springframework</groupId>    <artifactId>spring-jdbc</artifactId>    <version>${spring.version}</version></dependency><dependency>    <groupId>commons-logging</groupId>    <artifactId>commons-logging</artifactId>    <version>1.2</version></dependency><dependency>    <groupId>jstl</groupId>    <artifactId>jstl</artifactId>    <version>1.2</version></dependency><dependency>    <groupId>org.mybatis</groupId>    <artifactId>mybatis-spring</artifactId>    <version>1.3.0</version></dependency><dependency>    <groupId>org.mybatis</groupId>    <artifactId>mybatis</artifactId>    <version>3.4.0</version></dependency><dependency>    <groupId>mysql</groupId>    <artifactId>mysql-connector-java</artifactId>    <version>5.1.30</version></dependency><dependency>    <groupId>commons-dbcp</groupId>    <artifactId>commons-dbcp</artifactId>    <version>1.4</version></dependency><dependency>    <groupId>commons-io</groupId>    <artifactId>commons-io</artifactId>    <version>2.5</version></dependency><dependency>    <groupId>commons-fileupload</groupId>    <artifactId>commons-fileupload</artifactId>    <version>1.3.2</version></dependency><dependency>        <groupId>org.springframework.security</groupId>        <artifactId>spring-security-web</artifactId>        <version>4.0.1.RELEASE</version>    </dependency>        <dependency>        <groupId>org.springframework.security</groupId>        <artifactId>spring-security-config</artifactId>        <version>4.0.1.RELEASE</version>    </dependency>  </dependencies>    <profiles>  <profile>    <id>jdk-1.7</id>    <activation>        <activeByDefault>true</activeByDefault>        <jdk>1.7</jdk>    </activation>    <properties>        <maven.compiler.source>1.7</maven.compiler.source>        <maven.compiler.target>1.7</maven.compiler.target>        <maven.compiler.compilerVersion>1.7</maven.compiler.compilerVersion>    </properties></profile>   </profiles>  <build>    <finalName>spring-security-setup</finalName>  </build></project>

3. spring-security.xml文件如下：

<?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security"    xmlns:beans="http://www.springframework.org/schema/beans"    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"    xsi:schemaLocation="http://www.springframework.org/schema/beans     http://www.springframework.org/schema/beans/spring-beans-4.1.xsd    http://www.springframework.org/schema/security     http://www.springframework.org/schema/security/spring-security-4.0.xsd">        <beans:bean id="securityContextLogoutHandle"     class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/><http auto-config="true" use-expressions="true">        <intercept-url pattern="/" access="permitAll" />        <intercept-url pattern="/home" access="permitAll" />        <intercept-url pattern="/admin/**" access="hasRole('ADMIN')" />        <intercept-url pattern="/dba/**" access="hasRole('ADMIN') and hasRole('DBA')" />        <access-denied-handler error-page="/accessDenied"/>    </http>      <authentication-manager >        <authentication-provider>            <user-service>                <user name="jack"  password="jack123"  authorities="ROLE_USER" />                <user name="admin" password="admin123" authorities="ROLE_ADMIN" />                <user name="dba" password="dba123" authorities="ROLE_ADMIN,ROLE_DBA" />            </user-service>        </authentication-provider>    </authentication-manager></beans:beans>

4. web.xml文件添加如下配置：

<filter> <filter-name>springSecurityFilterChain</filter-name>  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>    </filter>    <filter-mapping><filter-name>springSecurityFilterChain</filter-name><url-pattern>/*</url-pattern>    </filter-mapping>

5. HelloWorldController：

package com.npf.controller;import javax.servlet.http.HttpServletRequest;import javax.servlet.http.HttpServletResponse;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.security.core.Authentication;import org.springframework.security.core.context.SecurityContextHolder;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;import org.springframework.stereotype.Controller;import org.springframework.ui.ModelMap;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RequestMethod;@Controllerpublic class HelloWorldController {@Autowiredprivate SecurityContextLogoutHandler securityContextLogoutHandle;@RequestMapping(value = {"/home"}, method = RequestMethod.GET)public String homePage(ModelMap model) {model.addAttribute("greeting", "Hi, Welcome to mysite. ");return "welcome";}@RequestMapping(value = "/admin/index", method = RequestMethod.GET)public String adminPage(ModelMap model) {Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();String userName = principal instanceof UserDetails ? ((UserDetails) principal).getUsername() : principal.toString();model.addAttribute("user", userName);return "admin/index";}@RequestMapping(value = "/dba/index", method = RequestMethod.GET)public String dbaPage(ModelMap model) {Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();String userName = principal instanceof UserDetails ? ((UserDetails) principal).getUsername() : principal.toString();model.addAttribute("user", userName);return "dba/index";}@RequestMapping(value = "/logout", method = RequestMethod.GET)public String logoutPage(HttpServletRequest request,HttpServletResponse response) {Authentication auth = SecurityContextHolder.getContext().getAuthentication();if (auth != null) {securityContextLogoutHandle.logout(request, response, auth);}return "redirect:/home";}@RequestMapping(value = "/accessDenied", method = RequestMethod.GET)public String accessDeniedPage(ModelMap model) {Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();String userName = principal instanceof UserDetails ? ((UserDetails) principal).getUsername() : principal.toString();model.addAttribute("user", userName);return "accessDenied";}}