请教,spring security 配置

发布网友发布时间：2022-07-18 01:18

共1个回答

热心网友时间：2023-10-09 01:11

1、原有框架springMVC+ hibernate+mysql，我想在此基础上添加spring security进行登录权限验证，首先想实现将用户名和密码写在配置文件中

2、添加jar

<dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>${org.springframework.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>${org.springframework.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>${org.springframework.version}</version>
        </dependency>

2、web.xml

……
<filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
……
<listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <listener>
        <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
    </listener>

3、login.jsp

<form id="form2" action="<c:url value='/j_spring_security_check' />" method="post">
            <spring:message code="message.login.email"/>
            <input type="text" id="j_username" name="j_username" value="${sessionScope['SPRING_SECURITY_LAST_USERNAME']}"/><br/>
            <spring:message code="message.login.password"/>:</label>
            <input type="password" id="j_password" name="j_password"/><br/>
            <input type="checkbox" name="_spring_security_remember_me" />
            <spring:message code="message.login.keepLogin"/><br/>
            <input type="submit" value="<spring:message code='message.login.login'/>" />
        </form>

4、springSecuritySimple-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    <http auto-config="true"
        access-denied-page="/403.jsp"
        >
        <intercept-url pattern="/**" access="ROLE_USER"/>
        <intercept-url pattern="/login.jsp" filters="none"/>
        <intercept-url pattern="/common/**" filters="none"/>
        <intercept-url pattern="/styles/**" filters="none"/>
        <form-login login-page="/login.jsp"
            login-processing-url="j_spring_security_check"
            always-use-default-target="true"
            default-target-url="/login.do"
            authentication-failure-url="/403.jsp" />
        <logout logout-url="/j_spring_security_logout"
            logout-success-url="/login.jsp"
            invalidate-session="true" />
        <session-management
            invalid-session-url="/sessionTimeout.do"
            session-fixation-protection="none">
            <concurrency-control max-sessions="1"
                error-if-maximum-exceeded="true"/>
        </session-management>
        <http-basic/>
    </http>
    <authentication-manager alias="authenticationManager">
        <authentication-provider>
            <user-service>
                <user name="hj@163.com" password="1111" authorities="ROLE_USER,ROLE_ADMIN"/>
                <user name="guest@163.com" password="1111" authorities="ROLE_ADMIN"/>
            </user-service>
        </authentication-provider>
    </authentication-manager>
</beans:beans>