在我的小项目中,我使用了Spring Security去验证用户登陆。它会拦截特定的URL请求,并交由Spring Security自身去处理。要使用Spring Security,需要使用以下配置:
web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
并在web.xml注册spring security配置的xml文件
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-mvc.xml
/WEB-INF/spring-webflow.xml
/WEB-INF/spring-security.xml
</param-value>
</context-param>
spring-security.xml: 第一个配置为数据源的配置,定义了相应数据库的信息。第二个配置为拦截的具体操作,包括拦截的url,准入用户的身份(此处为admin),最后包括成功、失败登陆的相应操作。最后authentication-manager定义了具体spring security数据的提供商,此处为上述的datasource。
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<beans:bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<beans:property name="url" value="jdbc:mysql://localhost:3306/POEMGENERATOR"/>
<beans:property name="username" value="root"/>
<beans:property name="password" value="root"/>
</beans:bean>
<http auto-config="true">
<intercept-url pattern="/generating*" access="ROLE_ADMIN"/>
<form-login login-page="/login" default-target-url="/generating"
authentication-failure-url="/loginfailed"/>
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT username, password, enable FROM users where username=?"
authorities-by-username-query="SELECT username, authority FROM authorities WHERE username=?"/>
</authentication-provider>
</authentication-manager>
</beans:beans>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>Login Page</title>
<style>
.errorblock {
color: #ff0000;
background-color: #ffEEEE;
border: 3px solid #ff0000;
padding: 8px;
margin: 16px;
}
</style>
</head>
<body onload='document.f.j_username.focus();'>
<h3>Login with Username and Password (Authentication with Database)</h3>
<form name='f' action="<c:url value='j_spring_security_check' />"
method='POST'>
<table>
<tr>
<td>User:</td>
<!--j_username which will contain the name used for the authentication credentials.-->
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<!--j_password which will contain the password used for the authentication credentials.-->
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" />
</td>
</tr>
<tr>
<td colspan='2'><input name="reset" type="reset" />
</td>
</tr>
</table>
</form>
</body>
</html>
下面是数据库部分。在POEMGENERATOR数据库中,我创建了2个表,分别是users和authorities。
+-------------------------+
| Tables_in_poemgenerator |
+-------------------------+
| authorities |
| users |
+-------------------------+
users表中有
+----------+----------+--------+
| username | password | enable |
+----------+----------+--------+
| admin | admin | 1 |
+----------+----------+--------+
authorities表中有:
+----------+------------+
| username | authority |
+----------+------------+
| admin | ROLE_ADMIN |
+----------+------------+
以上就是Spring Security的讲解。