springsecurity学习(一)

于 2014-04-15 23:00:33 发布
阅读量1k 收藏
点赞数
分类专栏: spring 文章标签: spring security
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/moneyzhong/article/details/23791623
版权
本文介绍了一个使用Spring MVC和Spring Security的项目结构,包括控制器、视图、配置文件等内容,并详细说明了如何通过Spring Security实现登录认证及权限控制。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

项目结构如下:

 

项目中使用到了springmvc和spring security,导入相关的jar包

一、创建控制器HelloController.java

        ①url="/welcome" 或 "/",跳转到hello.jsp

        ②url="/admin"  跳转到admin.jsp

代码如下:

package com.study.web.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class HelloController {
	@RequestMapping(value={"/","welcome**"},method = RequestMethod.GET)
	public ModelAndView welcomePage(){
		ModelAndView model = new ModelAndView();
		model.addObject("title","Spring Security Hello World.");
		model.addObject("message","This is welcome page.");
		model.setViewName("hello");
		return model;
	}
	@RequestMapping(value="/admin**",method=RequestMethod.GET)
	public ModelAndView adminPage(){
		ModelAndView model = new ModelAndView();
		model.addObject("title","Spring Security Hello World.");
		model.addObject("message","this is protected page");
		model.setViewName("admin");
		return model;
	}
}


 

二、hello.jsp和admin.jsp

hello.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
	pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
	<h1>Title:${title }</h1>
	<h1>Message:${message }</h1>
</body>
</html>


admin.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
    <%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
	<h1>Title:${title }</h1>
	<h1>Message:${message }</h1>
	<c:if test="${pageContext.request.userPrincipal.name != null }">
		<h2>Welcome:${pageContext.request.userPrincipal.name}</h2>
		<a href="<c:url value="/j_spring_security_logout"/>">logout</a>
	</c:if>
</body>
</html>


 

三、springmvc配置文件mvc-dispatcher-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="
        http://www.springframework.org/schema/beans     
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/context 
        http://www.springframework.org/schema/context/spring-context-3.0.xsd">
 
	<context:component-scan base-package="com.study.*" />
 
	<bean
	  class="org.springframework.web.servlet.view.InternalResourceViewResolver">
	  <property name="prefix">
		<value>/WEB-INF/pages/</value>
	  </property>
	  <property name="suffix">
		<value>.jsp</value>
	  </property>
	</bean>
 
</beans>

 

四、spring security配置文件spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" 
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-3.2.xsd">
 
	<http auto-config="true">
		<intercept-url pattern="/admin**" access="ROLE_USER" />
	</http>
 
	<authentication-manager>
	  <authentication-provider>
	    <user-service>
		<user name="moneyZhong" password="123456" authorities="ROLE_USER" />
	    </user-service>
	  </authentication-provider>
	</authentication-manager>
 
</beans:beans>

由文件可以看到只有“moneyZhong”允许访问/admin

 

 

五、在spring mvc 中集成spring security 只需要定义DelegatigFilterProxy 过滤器来拦截请求,web.xml代码如下:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
	id="WebApp_ID" version="3.0">
<display-name>Spring MVC Application</display-name>
 
	<!-- Spring MVC -->
	<servlet>
		<servlet-name>mvc-dispatcher</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet
		</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
		<servlet-name>mvc-dispatcher</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping>
 
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener
		</listener-class>
	</listener>
 
        <!-- Loads Spring Security config file -->
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/spring-security.xml
		</param-value>
	</context-param>
<!-- Spring Security -->
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy
		</filter-class>
	</filter>
 
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>


</web-app>


 


六、演示

       ①访问http://localhost:8080/springsecurity01/welcome

 

      ②访问admin.jsp,

这是spring security对请求进行了拦截,跳转至/spring_security_login,有spring security提供的登录界面

 

当输入错误的用户密码时,错误提示将显示

 

当用户输入正确的用户名密码 moneyZhong /123456时,将会跳转到admin.jsp

 

 

ps:

 1.在web.xml中配置spring security时是通过DelegatingFilterProxy过滤器进行,拦截了所有请求。在spring-security.xml配置文件中了,设置了哪些拦截拦截的ur需要相应的权限。/welcome进行了拦截但是它不需要权限,/admin需要ROLE_User权限。

2.当用户访问的url需要某种权限时,但用户未进行登录,会跳转到spring security提供的登录界面,该登录界面的源码如下:

 

<html><head><title>Login Page</title></head><body οnlοad='document.f.j_username.focus();'>
<h3>Login with Username and Password</h3><form name='f' action='/springsecurity01/j_spring_security_check' method='POST'>
 <table>
    <tr><td>User:</td><td><input type='text' name='j_username' value=''></td></tr>
    <tr><td>Password:</td><td><input type='password' name='j_password'/></td></tr>
    <tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td></tr>
  </table>
</form></body></html>

3.如何自定义登录界面?(见二)

 

 

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值