Spring Security --- 許可權控制安全框架入門簡 介
Spring Security --- 許可權控制安全框架入門簡 介2018年09月20日 20:54:42 sunny2429 閱讀數:17
Spring Security是一個能夠為基於Spring的企業應用系統提供宣告式的安全訪問控制解決方案的安全框架。它提供了一組可以在Spring應用上下文中配置的Bean,充分利用了Spring IoC,DI(控制反轉Inversion of Control ,DI:Dependency Injection 依賴注入)和AOP(面向切面程式設計)功能,為應用系統提供宣告式的安全訪問控制功能,減少了為企業系統安全控制編寫大量重複程式碼的工作。
二、入門案例
1、引入Jar
org.springframework.security spring-security-web 4.1.0.RELEASE
org.springframework.security spring-security-config 4.1.0.RELEASE 2、web.xml配置
contextConfigLocation classpath:spring/spring-security.xml
org.springframework.web.context.ContextLoaderListener
springSecurityFilterChain org.springframework.web.filter.DelegatingFilterProxy springSecurityFilterChain /* 1 2 3 4 5 6 7 8 3、spring-security.xml配置 <?xml version="1.0" encoding="UTF-8"?>
<!-- 開啟表達登入功能 --> <!-- 引數說明: login-processing-url : 配置登入提交的action,預設/login login-page : 配置登入的頁面 default-target-url : 登入成功後的訪問頁 authentication-failure-url : 登入失敗的跳轉頁 username-parameter : 指定使用者名稱<input>的name屬性值,預設username password-parameter : 指定密碼<input>的name屬性值,預設password 注意:頁面上的form表單的method必須是post --> <form-login login-page="/shoplogin.html" default-target-url="/admin/index.html" authentication-failure-url="/shoplogin.html" always-use-default-target="true"/> <!-- 關閉csrf驗證 --> <csrf disabled="true"/> <!--spring security預設攔截內建框架頁,如iframe,需要如下配置取消攔截 --> <headers> <frame-options policy="SAMEORIGIN"/> </headers> <!-- 退出 引數說明; logout-url退出地址,預設/logout logout-success-url退出成功的訪問地址 --> <logout/>
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
<beans:bean id=“userDetailService” class=“com.xxx.shop.service.UserDetailsServiceImpl”> <beans:property name=“sellerService” ref=“sellerService”></beans:property> </beans:bean>
<dubbo:application name=“xxx-shop-web” /> <dubbo:registry address=“zookeeper://192.168.25.128:2181”/>
<dubbo:reference id=“sellerService” interface=“com.xxx.sellergoods.service.SellerService”></dubbo:reference>
<beans:bean id=“bCryptPasswordEncoder” class=“org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder”></beans:bean> </beans:beans>
4、UserDetailsServiceImpl實現類 package com.xxx.shop.service;
import com.xxx.pojo.TbSeller; import com.xxx.sellergoods.service.SellerService; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException;
import java.util.ArrayList; import java.util.List;
public class UserDetailsServiceImpl implements UserDetailsService{
private SellerService sellerService;
public void setSellerService(SellerService sellerService) { this.sellerService = sellerService; }
@Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { System.out.println(“UserDetailsServiceImpl”);
// 構建角色列表
List<GrantedAuthority> grantAuths = new ArrayList<>();
grantAuths.add(new SimpleGrantedAuthority("ROLE_SELLER"));
TbSeller seller = sellerService.findOne(username);
if (seller != null)
if (seller.getStatus().equals("1"))
return new User(username,seller.getPassword(),grantAuths);
return null;
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
}