本文介绍如何使用 Spring Security 进行安全配置,包括基于注解的安全控制、HTTP 安全设置、密码编码方式、数据库认证管理等,并提供用户注册、登录页面实现及权限验证的应用示例。
1、配置
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.4.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
">
<!-- 使用注解 -->
<global-method-security pre-post-annotations="enabled">
</global-method-security>
<http use-expressions="true" auto-config="true" >
<intercept-url pattern="/**/*" access="permitAll" />
<form-login login-page="/user/login.page" default-target-url="/index.page" authentication-failure-url="/user/login.page?login_error=1"/>
<http-basic/>
<logout logout-success-url="/user/logout.page"/>
<remember-me />
</http>
<!-- 密码编码 -->
<b:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"></b:bean>
<!-- 认证管理,基于数据库 -->
<authentication-manager>
<authentication-provider>
<!-- <password-encoder hash="md5"/> -->
<password-encoder ref="passwordEncoder" >
<salt-source user-property="username" />
</password-encoder>
<jdbc-user-service data-source-ref="oracleDataSource"/>
</authentication-provider>
</authentication-manager>
</b:beans>
2、数据库Schema
create table users( username varchar_ignorecase(50) not null primary key, password varchar_ignorecase(50) not null, enabled boolean not null); create table authorities ( username varchar_ignorecase(50) not null, authority varchar_ignorecase(50) not null, constraint fk_authorities_users foreign key(username) references users(username)); create unique index ix_auth_username on authorities (username,authority);
3、使用
3.1用户注册
//密码进行编码保存
password = passwordEncoder.encodePassword(password, username);
Vector<GrantedAuthority> authList = new Vector<GrantedAuthority>();
//一定要加Authority,不然登陆不了
authList.add(new GrantedAuthorityImpl("ROLE_USERS"));
User user = new User(username, password, true, true, true, true, authList);
userDetailsManager.createUser(user);
return "redirect:" + referer;
3.2登陆页面
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%@ taglib prefix='c' uri='http://java.sun.com/jstl/core_rt' %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
<c:if test="${not empty param.login_error}">
<font color="red">
Your login attempt was not successful, try again.<br/><br/>
Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>.
</font>
</c:if>
<form name="f" action="<c:url value='/j_spring_security_check'/>" method="POST">
<table>
<tr><td>User:</td><td><input type='text' name='j_username' value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/></td></tr>
<tr><td>Password:</td><td><input type='password' name='j_password'></td></tr>
<tr><td><input type="checkbox" name="_spring_security_remember_me"></td><td>Don't ask for my password for two weeks</td></tr>
<tr><td colspan='2'><input name="submit" type="submit"></td></tr>
<tr><td colspan='2'><input name="reset" type="reset"></td></tr>
</table>
</form>
</body>
</html>
3.3应用
<sec:authorize access="hasRole('ROLE_USERS')"><a href="#fast_pub">发表文章</a> <a href="./content/editcatalog.page">管理分类</a> <a href="<c:url value="/j_spring_security_logout"/>">注销</a> </sec:authorize>
上面代码写在jsp页面里面,意思是拥有ROLE_USERS角色的用户才能访问
扫一扫
828
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
