Spring Security 安全认证简单入门

废话不说了，直接上代码   看注释应该丢会吧  到时候改下用户名  和密码即可

第一步：导包  pom.xml

<!--安全认证  -->

                     < dependency >

                     < groupId > org.springframework.security </ groupId >

                     < artifactId > spring-security-web </ artifactId >

              </ dependency >

              < dependency >

                     < groupId > org.springframework.security </ groupId >

                     < artifactId > spring-security- config </ artifactId >

              </ dependency >

           

第二步：编写安全认证的配置文件  spring-security.xml

security="none"  设置此资源不被拦截.  

login-page：指定登录页面。

 authentication-failure-url：指定了身份验证失败时跳转到的页面。

 default-target-url：指定了成功进行身份验证和授权后默认呈现给用户的页面。

csrf disabled="true"  关闭 csrf ,如果不加会出现错误

<? xml version = "1.0" encoding = "UTF-8" ?>

< bean:beans xmlns = "http://www.springframework.org/schema/security"

xmlns:bean = "http://www.springframework.org/schema/beans"

xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"

xsi:schemaLocation = "http://www.springframework.org/schema/beans

http://www.springframework.org/schema/beans/spring-beans.xsd

http://www.springframework.org/schema/security

http://www.springframework.org/schema/security/spring-security.xsd" >

<!-- 在权限认证之前访问资源需要放行   这里写不需要拦截认证的页面或者文件 -->

< http pattern = "/login.html" security = "none" ></ http >

< http pattern = "/error.html" security = "none" ></ http >

< http pattern = "/css/**" security = "none" ></ http >

< http pattern = "/js/**" security = "none" ></ http >

< http pattern = "/img/**" security = "none" ></ http >

< http pattern = "/plugins/**" security = "none" ></ http >

<!-- http 安全控制规则 -->

< http >

        < intercept-url pattern = "/**" access = "hasRole('ROLE_USER')" />

        <!-- 表单认证  login-page ：登录界面  default-target-url ：登录成功后跳转的地方       authentication-failure-url ：登录错误跳转的地方  -->

        < form-login login-page = "/login.html" default-target-url = "/admin/index.html"

              always-use-default-target = "true" authentication-failure-url = "/error.html"

        <!-- 登录方法路径 -->

              login-processing-url = "/login" />

        <!-- 屏蔽跨域 -->

        < csrf disabled = "true" />

        <!-- 配置 ifram 访问 -->

        < headers >

              < frame-options policy = "SAMEORIGIN" />

        </ headers >

        <!-- 推出登录配置 -->

        <!-- logout: spring security 安全框架自动生成退出地址:/logout -->

        < logout logout-success-url = "/login.html" />

</ http >

<!-- 配置认证管理器 -->

< authentication-manager >

        < authentication-provider >

              < user-service >

                     <!-- name：用户名   password：密码     -->

                     < user name = "admin" password = "admin" authorities = "ROLE_USER" />

              </ user-service >

        </ authentication-provider >  

</ authentication-manager >

</ bean:beans >

第三步：加载配置文件  web.xml

<? xml version = "1.0" encoding = "UTF-8" ?>

< web-app xmlns:xsi = " http://www.w3.org/2001/XMLSchema-instance "

        xmlns = " http://java.sun.com/xml/ns/javaee "

        xsi:schemaLocation = " http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd "

        version = "2.5" >

        < welcome-file-list >

              < welcome-file > login.html </ welcome-file >

        </ welcome-file-list >

        <!-- 解决post乱码 -->

        < filter >

              < filter-name > CharacterEncodingFilter </ filter-name >

               < filter-class > org.springframework.web.filter.CharacterEncodingFilter </ filter-class >

              < init-param >

                     < param-name > encoding </ param-name >

                     < param-value > utf -8 </ param-value >

              </ init-param >

              < init-param >

                     < param-name > forceEncoding </ param-name >

                     < param-value > true </ param-value >

              </ init-param >

        </ filter >

        < filter-mapping >

              < filter-name > CharacterEncodingFilter </ filter-name >

              < url-pattern > /* </ url-pattern >

        </ filter-mapping >

        < servlet >

              < servlet-name > springmvc </ servlet-name >

               < servlet-class > org.springframework.web.servlet.DispatcherServlet </ servlet-class >

              <!-- 指定加载的配置文件 ，通过参数contextConfigLocation加载 -->

              < init-param >

                     < param-name > contextConfigLocation </ param-name >

                     < param-value > classpath:spring/*. xml </ param-value > //这里写需要加载的配置文件名   我这里加载的时spring文件下的所有配置文件

              </ init-param >

              < load-on-startup > 1 </ load-on-startup >

        </ servlet >

        < servlet-mapping >

              < servlet-name > springmvc </ servlet-name >

              < url-pattern > / </ url-pattern >

        </ servlet-mapping >

        <!-- spring security 安全控制过滤器 -->

        <!-- 使用过滤器拦截请求,对这些请求进行安全验证 -->

        < filter >

              < filter-name > springSecurityFilterChain </ filter-name >

               < filter-class > org.springframework.web.filter.DelegatingFilterProxy </ filter-class >

        </ filter >

        < filter-mapping >

              < filter-name > springSecurityFilterChain </ filter-name >

              < url-pattern > /* </ url-pattern >

        </ filter-mapping >

</ web-app >

第四步：登录页面

<div id="profile" class="tab-pane  active">

                        <form class="sui-form"  id="loginform" action="/login" method="post">  //action=配置文件的登录方法路径

                            <div class="input-prepend"><span class="add-on loginname"></span>

                                <input id="prependedInput" type="text" name="username"  placeholder="邮箱/用户名/手机号" class="span2 input-xfat">

                            </div>

                            <div class="input-prepend"><span class="add-on loginpwd"></span>

                                <input id="prependedInput" type="password" name="password" placeholder="请输入密码" class="span2 input-xfat">

                            </div>

                            <div class="setting">

                                 <div id="slider">

                                    <div id="slider_bg"></div>

                                    <span id="label">>></span> <span id="labelTip">拖动滑块验证</span>

                                    </div>

                            </div>

                            <div class="logined">

                                <a class="sui-btn btn-block btn-xlarge btn-danger" href="javascript:void(0)" onclick="document:loginform.submit();" target="_blank">登&nbsp;&nbsp;录</a>

                            </div>

                        </form>

                    </div>