[spring security] spring security 4 基础Demo
依赖包:
<properties> <junit.version>4.11</junit.version> <spring.version>4.1.6.RELEASE</spring.version> <spring-security.version>4.0.3.RELEASE</spring-security.version> <mysql.version>5.1.6</mysql.version> </properties> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>${junit.version}</version> </dependency> <!-- spring --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-core</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-beans</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aop</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context-support</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-web</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>${spring.version}</version> </dependency> <!-- spring security --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>${spring-security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${spring-security.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${spring-security.version}</version> </dependency> <!-- mysql Driver --> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>${mysql.version}</version> </dependency> <dependency> <groupId>jstl</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> </dependencies>
1.web.xml
<listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- Spring Security --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- Spring MVC --> <servlet> <servlet-name>mvc-dispatcher</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath*:spring-context.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>mvc-dispatcher</servlet-name> <url-pattern>*.htm</url-pattern> </servlet-mapping>
2.spring-security.xml:
<import resource="classpath:xwolf-datasource.xml"/> <!--静态资源过滤--> <security:http pattern="/**/*.css" security="none"></security:http> <security:http pattern="/**/*.js" security="none"></security:http> <security:http pattern="/**/*.jpg" security="none"></security:http> <security:http pattern="/**/*.gif" security="none"></security:http> <security:http pattern="/**/*.png" security="none"></security:http> <!-- 1.基础xml方式实现 --> <security:http auto-config="true"> <security:intercept-url pattern="/admin.htm" access="hasRole('ROLE_USER')" /> </security:http> <security:authentication-manager> <security:authentication-provider> <!-- 1.基础用户 <security:user-service> <security:user name="admin" password="123456" authorities="ROLE_USER"/> </security:user-service> --> <!-- 2.数据库查询用户--> <security:jdbc-user-service data-source-ref="dataSource" users-by-username-query="select name,pwd,status as enabled from user where name=? " authorities-by-username-query="select u.name ,r.auth as authority from user u join user_role ur on u.uid=ur.uid join role r on r.rid=ur.rid where u.name=?"/> </security:authentication-provider> </security:authentication-manager>
jdbc中用到的用户和权限认证表信息。
其中用到的表结构:
两个页面分别对应hello.htm和admin.htm:
每一个页面一句话:
hello.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <html> <head> <title>登录成功</title> </head> <body> <h3>登录成功!Hello World!</h3> </body> </html>
admin.jsp:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <html> <head> <title>admin</title> </head> <body> <h2>admin!</h2> </body> </html>
