SpringSecurity實現最簡單的登錄
阿新 • • 發佈:2019-03-18
auth extc -name handler class 控制 測試 sse att
一、pom依賴引入
<properties> <security-version>4.2.3.RELEASE</security-version> </properties> <dependencies> <!-- ... other dependency elements ... --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${security-version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${security-version}</version> </dependency> <!-- https://mvnrepository.com/artifact/org.springframework/spring-webmvc --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>4.3.9.RELEASE</version> </dependency> <!-- https://mvnrepository.com/artifact/commons-logging/commons-logging --> <dependency> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> <version>1.1.1</version> </dependency> </dependencies>
二、配置spring-security.xml
<?xml version="1.0" encoding="UTF-8"?> <bean:beans xmlns="http://www.springframework.org/schema/security" xmlns:bean="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd"> <http pattern="/login.html" security="none"></http> <http pattern="/loginerror.html" security="none"></http> <http> <!-- 設置權限 --> <intercept-url pattern="/**" access="hasRole(‘ROLE_USER‘)"/> <!-- 登出成功及失敗訪問頁 --> <logout logout-url="/logout" logout-success-url="/login.html"/> <!-- 設置登錄相關配置 --> <form-login always-use-default-target="true" login-page="/login.html" login-processing-url="/login" default-target-url="/success.html" authentication-failure-url="/login.html" /> <csrf disabled="true" /> </http> <!-- 靜態用戶名 --> <!-- <authentication-manager> <authentication-provider> <user-service> <user name="admin" password="123456" authorities="ROLE_USER"/> </user-service> </authentication-provider> </authentication-manager> --> <bean:bean id="userDetail" class="liuli.relam.UserDetailServiceImpl"></bean:bean> <!-- 動態用戶名 --> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="userDetail"/> </authentication-manager> </bean:beans>
註:靜態用戶名用戶名及密碼在xml中配置,動態用戶則為頁面傳輸的用戶名及密碼(UserDetailServiceImpl需自己手動寫)代碼如下:
package liuli.relam; import java.util.ArrayList; import java.util.List; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; public class UserDetailServiceImpl implements UserDetailsService{ @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //可通過service層查出user,得到密碼與權限 //為方便測試,此處省略持久層,直接加入數據 String password = ""; if(username.equals("admin")) password = "123456"; else password = "111111"; List<GrantedAuthority> list = new ArrayList<GrantedAuthority>(); //list包含該用戶的所有權限 list.add(new SimpleGrantedAuthority("ROLE_USER")); //並得到user的密碼,最終添加進User進行比對 User user = new User("username",password,list); return user; } }
三、配置spring-mvc.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd"> <!-- 註冊映射器:BeanNameUrlHandlerMapping 通過設定的bean名稱和url路徑名稱匹配 --> <!-- <bean class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping"></bean> --> <bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping"/> <!-- 註冊適配器 --> <!-- <bean class="org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter"></bean> --> <!-- <bean class="org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter"></bean> --> <!-- 註解適配器:開發控制器采用註解的方式 --> <bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter"/> <!-- 配置後端處理器 --> <!-- <bean name="/user.do" class="com.project.controller.UserHandler"></bean> --> <!-- <bean name="/user2.do" class="com.project.controller.UserHandler2"></bean> --> <!-- <context:component-scan base-package="com.controller"/> --> <!-- 註冊視圖解析器 --> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"/> <!-- 避免攔截靜態文件 --> <mvc:default-servlet-handler/> </beans>
四、自己寫登錄界面,授權失敗界面及授權成功界面
註:用戶名的name屬性為"username",密碼的name屬性為"password",方法為"POST",具體可看UsernamePasswordAuthenticationFilter源碼
public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "username"; public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "password"; private String usernameParameter = SPRING_SECURITY_FORM_USERNAME_KEY; private String passwordParameter = SPRING_SECURITY_FORM_PASSWORD_KEY; private boolean postOnly = true;
五、web.xml的配置
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <!-- 啟動springmvc的中央控制器 --> <servlet> <servlet-name>springmvc</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <!-- 加載springmvc的配置文件 --> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-mvc.xml</param-value> </init-param> <!-- 設置tomcat啟動就加載servlet --> <load-on-startup>0</load-on-startup> </servlet> <servlet-mapping> <servlet-name>springmvc</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <!-- 啟動spring監聽 --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-security.xml</param-value> </context-param> <!-- 配置security過濾器 --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
六、放入tomcat,啟動即可
大功告成!!
SpringSecurity實現最簡單的登錄