Spring Security 01

时间 2019-11-16

原文原文链接

环境搭建

maven依赖jar包

<!-- spring-security -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>4.2.3.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>4.2.3.RELEASE</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>4.2.3.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <version>4.2.3.RELEASE</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
            <version>4.2.3.RELEASE</version>
        </dependency>

note: spring security jar的具体解析见https://blog.csdn.net/sun_Leaf/article/details/78954501css

applicationContext-security.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:sec="http://www.springframework.org/schema/security"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/context
                        http://www.springframework.org/schema/context/spring-context-3.1.xsd
                        http://www.springframework.org/schema/tx
                        http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
                        http://www.springframework.org/schema/security
                        http://www.springframework.org/schema/security/spring-security.xsd">
 
 
    <!-- 配置不过滤的资源（静态资源及登陆相关）.是忽略拦截某些资源的意思，主要是针对静态资源 -->
    <http pattern="/**/*.css" security="none"></http>
    <http pattern="/**/*.jpg" security="none"></http>
    <http pattern="/**/*.jpeg" security="none"></http>
    <http pattern="/**/*.gif" security="none"></http>
    <http pattern="/**/*.png" security="none"></http>
    <http pattern="/js/*.js" security="none"></http>
 
    <http pattern="/login.jsp" security="none"></http>
    <http pattern="/getCode" security="none" /><!-- 不过滤验证码 -->
    <http pattern="/test/**" security="none"></http><!-- 不过滤测试内容 -->
 
    <http auto-config="true">
        <!-- 表示访问app.jsp时，须要ROLE_SERVICE权限 -->
        <intercept-url pattern="/adminpage.jsp" access="hasRole('ROLE_ADMIN')"></intercept-url>
        <!--表示访问任何资源都须要ROLE_ADMIN权限。-->
        <intercept-url pattern="/**" access="hasRole('ROLE_USER')"></intercept-url>
    </http>
 
    <authentication-manager>
        <authentication-provider>
            <!-- 用户的权限控制 -->
            <user-service>
                <user name="admin" password="123" authorities="ROLE_USER, ROLE_ADMIN" />
                <user name="user" password="123" authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>
</beans:beans>

web.xml配置

<!-- 加载配置文件 -->
  <context-param>
    <!-- 配置文件的路径 -->
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath*:applicationContext-security.xml</param-value>
  </context-param>

<!-- 先由web容器加载为k-v，在经过spring security监听器监听获取 -->
  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

定义访问页面

adminpage.jsp

<html>
<body>
<h2>this is admin page!</h2>
</body>
</html>

index.jsp

<html>
<body>
<h2>this is index page!</h2>
</body>
</html>

adminpage.jsp，须要具备ROLE_ADMIN权限的用户才能访问 index.jsp，须要具备ROLE_USER权限的用户才能访问