SpringSecurity框架使用

web.xml进行拦截配置

<context-param>

<param-name>contextConfigLocation</param-name>

<param-value>classpath:spring-security.xml</param-value>

</context-param>

<listener-class>

org.springframework.web.context.ContextLoaderListener

</listener-class>

</listener>

拦截

<filter-name>springSecurityFilterChain</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>

</filter>

<filter-mapping>

<filter-name>springSecurityFilterChain</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

springecurity配置文件

security="none" 设置此资源不被拦截.

登录提交地址/login 该地址由 SpringSecurity 生成，提交方法必须是 POST

intercept-url 表示拦截页面

/* 表示的是该目录下的资源，只包括本级目录不包括下级目录

/** 表示的是该目录以及该目录下所有级别子目录的资源

form-login 为开启表单登陆

use-expressions 为是否使用使用 Spring 表达式语言（ SpEL ），默认为 true

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"

xmlns:beans="http://www.springframework.org/schema/beans"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://www.springframework.org/schema/beans

http://www.springframework.org/schema/beans/spring-beans.xsd

http://www.springframework.org/schema/security

http://www.springframework.org/schema/security/spring-security.xsd">

<intercept-url pattern="/**" access="ROLE_ADMIN" />

<form-login login-page="/login.html"

default-target-url="/admin/index.html"

authentication-failure-url="/login.html"always-use-default-target="true"/>

<frame-options policy="SAMEORIGIN"/>

</headers>

</http>

<authentication-manager>

<authentication-provider>

<user-service>

//直接配置

<user name="admin" password="123456"

authorities="ROLE_ADMIN"/>

<user name="sunny" password="offcn123"

authorities="ROLE_ADMIN"/>

</user-service>

</authentication-provider>

</authentication-manager>

</beans:beans>

获取名字

String name=SecurityContextHolder.getContext().getAuthentication().getName();

自定义认证类，实现 SpringSecurity 的 UserDetailsService 接口，重写 loadUserByUsername 方法

public class UserDetailsServiceImpl implements UserDetailsService {

@Override

public UserDetails loadUserByUsername(String username) throws

UsernameNotFoundException {

List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();

grantedAuths.add(new SimpleGrantedAuthority("ROLE_SELLER"));

//返回

//return new User(username,"123456", grantedAuths);

//或者道数据库查询

//得到对象

TbSeller seller = sellerService.findOne(username);

if(seller!=null){

if(seller.getStatus().equals("1")){

return new User(username,seller.getPassword(),grantAuths);

}else{

return null;

}

自定义认证springsecurity配置更改

<authentication-manager>

<authentication-provider user-service-ref="userDetailService">

</authentication-provider>

</authentication-manager>

<beans:bean id="userDetailService"

class="com.offcn.service.UserDetailsServiceImpl"></beans:bean>

<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"

xmlns:beans="http://www.springframework.org/schema/beans"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation="http://www.springframework.org/schema/beans

http://www.springframework.org/schema/beans/spring-beans.xsd

http://www.springframework.org/schema/security

http://www.springframework.org/schema/security/spring-security.xsd">

<intercept-url pattern="/**" access="ROLE_USER" />

<form-login/>

</http>

<authentication-manager>

<authentication-provider>

<user-service>

<user name="admin" password="123456"

authorities="ROLE_USER"/>

</user-service>

</authentication-provider>

</authentication-manager>

posted @ 2020-04-16 14:51 钟。意阅读(229) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

钟。意

SpringSecurity框架使用

公告