Spring Security XML示例

Spring Security XML示例

在本教程中,我们将使用Spring MVC 框架实现 Spring Security。所有示例都是Spring MVC,并且是使用Maven项目创建的。

我们使用的是 Spring Security 5.0.0.RELEASE 版本,以下是maven依赖项,我们在所有示例中都使用了。(web core config)

<dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>5.0.0.RELEASE</version>
</dependency>
<dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-core</artifactId>
        <version>5.0.0.RELEASE</version>
</dependency>
<dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>5.0.0.RELEASE</version>
</dependency>

要在Spring应用程序中实现Spring Security,我们可以使用XML或基于Java的配置对其进行配置。

我们来看一个示例,其中将使用XML来配置Spring Security。

 

最初,它是空的。因此,让我们创建一个Spring MVC应用程序并与Spring Security集成。

这是我们的项目布局。它包含一个控制器,三个XML文件和两个JSP文件。

 

Spring Security Project源代码

我们的项目名称为 springsecurity ,其中包含以下源文件。

控制器

HomeController。 Java

package com.nhooo.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@Controller
public class HomeController {
    
    @RequestMapping(value="/", method=RequestMethod.GET)
    public String home() {
        return "home";
    }
    
    @RequestMapping(value="/admin", method=RequestMethod.GET)
    public String privateHome() {
        return "privatePage";
    }
}

Spring security配置

spring-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd">
    <http auto-config="true">
        <intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')" />
    </http>
    <authentication-manager>
      <authentication-provider>
        <user-service>
        <user name="admin" password="1234" authorities="hasRole(ROLE_ADMIN)" />
        </user-service>
      </authentication-provider>
    </authentication-manager>
</beans:beans>

Servlet调度程序

spring-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context 
http://www.springframework.org/schema/context/spring-context.xsd">
<mvc:annotation-driven />
   <context:component-scan base-package="com.nhooo.controller">
   </context:component-scan>
   <context:annotation-config></context:annotation-config>
   <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
      <property name="prefix" value="/WEB-INF/views/"></property>
      <property name="suffix" value=".jsp"></property>
   </bean>
</beans>

Web描述符

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE xml>
    <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
         http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">
        
        <!-- Spring Configuration -->
        <servlet>
            <servlet-name>spring</servlet-name>
            <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
            <load-on-startup>1</load-on-startup>
        </servlet>
        <servlet-mapping>
            <servlet-name>spring</servlet-name>
            <url-pattern>/</url-pattern>
        </servlet-mapping>
        
        <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
        
        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>
                /WEB-INF/spring-servlet.xml
                /WEB-INF/spring-security.xml
            </param-value>
        </context-param>
</web-app>

项目依赖项

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>com.nhooo</groupId>
  <artifactId>springsecurity</artifactId>
  <version>0.0.1-SNAPSHOT</version>
  <packaging>war</packaging>   
<properties>
    <maven.compiler.target>1.8</maven.compiler.target>
    <maven.compiler.source>1.8</maven.compiler.source>
</properties>
<dependencies>
  <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>5.0.2.RELEASE</version>
        </dependency>
        <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>5.0.0.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-core</artifactId>
        <version>5.0.0.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>5.0.0.RELEASE</version>
    </dependency>
        
<dependency>
    <groupId>javax.servlet</groupId>
    <artifactId>javax.servlet-api</artifactId>
    <version>3.1.0</version>
    <scope>provided</scope>
</dependency>
</dependencies>
<build>
    <plugins>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-war-plugin</artifactId>
            <version>2.6</version>
            <configuration>
                <failOnMissingWebXml>false</failOnMissingWebXml>
            </configuration>
        </plugin>
    </plugins>
</build>
</project>

查看页面

home.jsp

<html>
<head>
<meta content="text/html; charset=UTF-8">
<title>Home</title>
</head>
<body>
<h2>Welcome to Nhooo spring tutorial!</h2>
</body>
</html>

privatePage.jsp

home.jsp

<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Admin</title>
</head>
<body>
Hello Admin
</body>
</html>

输出

此示例使用Apache Tomcat v9.0执行。运行后,它会向浏览器产生以下输出。

最初,它将呈现 home.jsp 页面,其中显示以下输出。

 

如果我们在管理页面中输入/ admin ,则会在管理页面中添加spring security。浏览器,应用程序将产生以下输出。

请求URL: http: //localhost: 8080/springsecurity/admin

 

现在,这是Spring Security提供的保护资源的真正魔力。

此是spring security提供的模块,我们没有创建它。还会验证用户输入。

提供错误的凭据。

 

如果我们提供了错误的登录凭据,它将使用我们在 spring-security.xml 文件中提到的用户名和密码进行验证。

验证后,如果登录凭据不正确,则会引发错误消息。

 

 

 

 

 

在这个示例中,我们已经看到了Spring Security的登录模块,并且它如何验证与所提供的用户名和密码相对应。

接下来,我们将实现主题进一步的逻辑,例如: 成功登录后呈现用户。

 

 

 

 

 
posted @ 2023-01-19 22:34  cnetsa  阅读(237)  评论(0编辑  收藏  举报