spring-security(1)
这里简单介绍下spring security的使用
添加依赖
<org.springframework.security-version>4.1.0.RELEASE</org.springframework.security-version>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${org.springframework.security-version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>${org.springframework.security-version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${org.springframework.security-version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${org.springframework.security-version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-crypto</artifactId>
<version>${org.springframework.security-version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${org.springframework.security-version}</version>
</dependency>
spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true">
<!--intercept-url定义了一个权限控制的规则。
pattern:进行权限控制的url
access:需要什么权限,以逗号分隔的角色列表,只需拥有其中的一个角色就能成功访问
-->
<intercept-url pattern="/**" access="hasRole('role1')"/>
</http>
<beans:bean id="userService" class="com.yitop.feng.service.UserService"/>
<!--
authentication-manager元素指定了一个AuthenticationManager,其需要一个AuthenticationProvider来进行真正的认证,
默认情况下authentication-provider对应一个UserDetailsService来获取用户信息(即查询数据库)。
-->
<authentication-manager>
<authentication-provider user-service-ref="userService">
<!-- 指定密码加密方式 -->
<password-encoder hash="md5"/>
</authentication-provider>
</authentication-manager>
</beans:beans>
web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
userService
/**
* @author fengzp
* @date 2017/3/23下午5:52
* @email fengzp@gzyitop.com
* @company 广州易站通计算机科技有限公司
*/
public class UserService implements UserDetailsService {
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
username = "fengzp";
String password = "E10ADC3949BA59ABBE56E057F20F883E";//123456
List<GrantedAuthority> rolenames = new ArrayList<GrantedAuthority>();
rolenames.add(new SimpleGrantedAuthority("role1"));
//这里要注意,密码要小写
User user = new User(username,password.toLowerCase(),rolenames );
return user;
}
}
测试
打开首页可以看到一个登录页面,但是我并没有写这个登录页面,这个页面是当我们没有指定登录页面时,spring自动帮我们生成的。
这里我写死了一个用户/密码:fengzp/123456,当用别的用户或者密码不正确的时候,页面就会报错。
