SSM整合SpringSecurity
1.pom.xml配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 | <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.qingfeng</groupId> <artifactId>SpringSecurity</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>war</packaging> <properties> <spring.security.version>5.1.3.RELEASE</spring.security.version> </properties> <dependencies> <!--引入Servlet支持 --> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> <scope>provided</scope> </dependency> <!--引入Spring Security支持 --> <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-core --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>${spring.security.version}</version> </dependency> <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-web --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${spring.security.version}</version> </dependency> <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-config --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${spring.security.version}</version> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.apache.tomcat.maven</groupId> <artifactId>tomcat7-maven-plugin</artifactId> <configuration> <!-- 指定端口 --> <port>9001</port> <!-- 请求路径 --> <path>/</path> </configuration> </plugin> </plugins> </build></project> |
2.web.xml配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | <?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-security.xml</param-value> </context-param> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping></web-app> |
3.spring-security.xml配置
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 | <?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!--以下页面不被拦截 --> <http pattern="/login.html" security="none"></http> <http pattern="/login_error.html" security="none"></http> <!--页面拦截规则 --> <http> <!-- intercept-url:表示拦截规则 pattern:页码的匹配规则,在webapp下面的 access:资源的控制规则,需要什么的条件 --> <!-- 所有的资源都需要是ROLE_ADMIN的角色可以访问 --> <intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" /> <!-- 表单登录 login-page:登录页面 default-target-url:默认跳转页面 authentication-failure-url:登录错误,跳转错误页面 --> <form-login login-page="/login.html" default-target-url="/index.html" authentication-failure-url="/login_error.html"/> <!-- 退出登录 --> <logout /> <!-- 关闭跨域请求伪造控制。因为静态页无法动态生成token,所以将此功能关闭。一般静态页采用图形验证码的方式实现防止跨域请求伪造的功能。--> <csrf disabled="true" /> </http> <!-- 认证管理器 --> <!-- <authentication-manager> 认证管理器 <authentication-provider> 认证的提供者,就是用来配置用户名和密码 <user-service> 用户的服务 <user /> 配置用户和密码 --> <authentication-manager> <authentication-provider user-service-ref="userDetailsService"> <!-- <user-service> name:用户名,password:用户密码 authorities:指定用户的角色 <user name="admin" password="$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga" authorities="ROLE_ADMIN" /> </user-service> --> <!-- 密码使用bcrypt加密 --> <password-encoder ref="bcryptEncoder" /> </authentication-provider> </authentication-manager> <!-- bcrypt加密 --> <beans:bean id="bcryptEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></beans:bean> <beans:bean id="userDetailsService" class="com.qingfeng.service.UserDetailsServiceImpl"></beans:bean></beans:beans> |
4.UserDetailsServiceImpl.java类
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | package com.qingfeng.service;import java.util.ArrayList;import java.util.List;import org.springframework.security.core.GrantedAuthority;import org.springframework.security.core.authority.SimpleGrantedAuthority;import org.springframework.security.core.userdetails.User;import org.springframework.security.core.userdetails.UserDetails;import org.springframework.security.core.userdetails.UserDetailsService;import org.springframework.security.core.userdetails.UsernameNotFoundException;public class UserDetailsServiceImpl implements UserDetailsService { @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //构建角色集合 ,项目中此处应该是根据用户名查询用户的角色列表 List<GrantedAuthority> geAuthorities = new ArrayList<GrantedAuthority>(); //添加角色ROLE_ADMIN geAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN")); /** * 第一参数:username * 第二参数:"$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga"是BCrypt加密的密码 * 第三参数:geAuthorities是它的角色 */ return new User(username,"$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga",geAuthorities); }} |
5.编写登录login.html页面
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | <!DOCTYPE html><html><head><meta charset="UTF-8"><title>登录</title></head><body> <form action="/login" method="post"> <table> <tr> <td>用户名 <td /> <td><input name="username" /> <td /> <tr /> <tr> <td>密码 <td /> <td><input type="password" name="password" /> <td /> <tr /> </table> <button>登录</button> </form></body></html> |
6.编写登录login_error.html页面
1 2 3 4 5 6 7 8 9 10 | <!DOCTYPE html><html><head><meta charset="UTF-8"><title>登录错误</title></head><body><h1 >用户名和密码错误!</h1></body></html> |
7.编写登录index.html页面
1 2 3 4 5 6 7 8 9 10 | <!DOCTYPE html><html><head><meta charset="UTF-8"><title>欢迎来到 SpringSecurity</title></head><body> <h1>欢迎来到 SpringSecurity</h1></body></html> |
标签:
SpringSecurity
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· SQL Server 2025 AI相关能力初探
· AI编程工具终极对决:字节Trae VS Cursor,谁才是开发者新宠?
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南