SSM整合SpringSecurity
1.pom.xml配置
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.qingfeng</groupId> <artifactId>SpringSecurity</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>war</packaging> <properties> <spring.security.version>5.1.3.RELEASE</spring.security.version> </properties> <dependencies> <!--引入Servlet支持 --> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> <scope>provided</scope> </dependency> <!--引入Spring Security支持 --> <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-core --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>${spring.security.version}</version> </dependency> <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-web --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${spring.security.version}</version> </dependency> <!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-config --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${spring.security.version}</version> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.apache.tomcat.maven</groupId> <artifactId>tomcat7-maven-plugin</artifactId> <configuration> <!-- 指定端口 --> <port>9001</port> <!-- 请求路径 --> <path>/</path> </configuration> </plugin> </plugins> </build> </project>
2.web.xml配置
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-security.xml</param-value> </context-param> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
3.spring-security.xml配置
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!--以下页面不被拦截 --> <http pattern="/login.html" security="none"></http> <http pattern="/login_error.html" security="none"></http> <!--页面拦截规则 --> <http> <!-- intercept-url:表示拦截规则 pattern:页码的匹配规则,在webapp下面的 access:资源的控制规则,需要什么的条件 --> <!-- 所有的资源都需要是ROLE_ADMIN的角色可以访问 --> <intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" /> <!-- 表单登录 login-page:登录页面 default-target-url:默认跳转页面 authentication-failure-url:登录错误,跳转错误页面 --> <form-login login-page="/login.html" default-target-url="/index.html" authentication-failure-url="/login_error.html"/> <!-- 退出登录 --> <logout /> <!-- 关闭跨域请求伪造控制。因为静态页无法动态生成token,所以将此功能关闭。一般静态页采用图形验证码的方式实现防止跨域请求伪造的功能。--> <csrf disabled="true" /> </http> <!-- 认证管理器 --> <!-- <authentication-manager> 认证管理器 <authentication-provider> 认证的提供者,就是用来配置用户名和密码 <user-service> 用户的服务 <user /> 配置用户和密码 --> <authentication-manager> <authentication-provider user-service-ref="userDetailsService"> <!-- <user-service> name:用户名,password:用户密码 authorities:指定用户的角色 <user name="admin" password="$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga" authorities="ROLE_ADMIN" /> </user-service> --> <!-- 密码使用bcrypt加密 --> <password-encoder ref="bcryptEncoder" /> </authentication-provider> </authentication-manager> <!-- bcrypt加密 --> <beans:bean id="bcryptEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></beans:bean> <beans:bean id="userDetailsService" class="com.qingfeng.service.UserDetailsServiceImpl"></beans:bean> </beans:beans>
4.UserDetailsServiceImpl.java类
package com.qingfeng.service; import java.util.ArrayList; import java.util.List; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; public class UserDetailsServiceImpl implements UserDetailsService { @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //构建角色集合 ,项目中此处应该是根据用户名查询用户的角色列表 List<GrantedAuthority> geAuthorities = new ArrayList<GrantedAuthority>(); //添加角色ROLE_ADMIN geAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN")); /** * 第一参数:username * 第二参数:"$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga"是BCrypt加密的密码 * 第三参数:geAuthorities是它的角色 */ return new User(username,"$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga",geAuthorities); } }
5.编写登录login.html页面
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>登录</title> </head> <body> <form action="/login" method="post"> <table> <tr> <td>用户名 <td /> <td><input name="username" /> <td /> <tr /> <tr> <td>密码 <td /> <td><input type="password" name="password" /> <td /> <tr /> </table> <button>登录</button> </form> </body> </html>
6.编写登录login_error.html页面
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>登录错误</title> </head> <body> <h1 >用户名和密码错误!</h1> </body> </html>
7.编写登录index.html页面
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>欢迎来到 SpringSecurity</title> </head> <body> <h1>欢迎来到 SpringSecurity</h1> </body> </html>