SpringSecurity的使用(入门Demo)
概述:Spring Security的前身是Acegi Security,是Spring项目组中用来提供安全认证服务的框架
认证: 验证用户名密码是否正确的过程,authentication
授权: 对用户所能访问的资源进行控制,authority
tip:
1.SpringSecurity默认情况下不允许使用数据库明文密码,因此当删除
2.将web项目发布到tomcat上,tomcat启动报错:java.lang.ClassNotFoundException: org.springframework.web.context.ContextLoaderListener===>File–>Project Structure–>左键点击war包,右键点击war包对应的工程–>Put into Output Root
UserDetailsServiceImpl
package com.hitalk.service.security;
import com.hitalk.dao.IUserDao;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
import java.util.Collection;
@Service("userServiceImpl")
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private IUserDao userDao;
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
String password = userDao.findPasswordByUsername(s);
if (password != null && password.trim().length() > 0) {
Collection<GrantedAuthority> authorities = new ArrayList<>();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
User user = new User(s, password, true, true, true, true, authorities);
return user;
}
return null;
}
}
spring-security.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<security:http pattern="/login.jsp" security="none"/>
<security:http pattern="/failure.jsp" security="none"/>
<security:http pattern="/css/**" security="none"/>
<security:http pattern="/js/**" security="none"/>
<security:http pattern="/img/**" security="none"/>
<security:http pattern="/plugins/**" security="none"/>
<security:http auto-config="false" use-expressions="false">
<security:intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN"/>
<security:form-login login-page="/login.jsp"
username-parameter="username"
password-parameter="password"
login-processing-url="/login.do"
default-target-url="/login.jsp"
authentication-success-forward-url="/success.jsp"
authentication-failure-url="/failure.jsp">
security:form-login>
<security:csrf disabled="true"/>
<security:logout invalidate-session="true" logout-url="/logout.do"
logout-success-url="/login.jsp">security:logout>
security:http>
<security:authentication-manager>
<security:authentication-provider user-service-ref="userServiceImpl">
<security:password-encoder ref="passwordEncoder">security:password-encoder>
security:authentication-provider>
security:authentication-manager>
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">bean>
beans>
身份认证html
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>logintitle>
head>
<body>
<form action="/login.do" method="post">
用户名:<input type="text" name="username"/><br/>
密码:<input type="text" name="password"/><br/>
提交:<input type="submit" value="提交"/><br/>
form>
body>
html>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>successtitle>
head>
<body>
<h1>login success...h1>
<a href="/logout.do">退出a>
body>
html>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>failuretitle>
head>
<body>
<h1>login failure ...h1>
body>
html>
web.xml
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListenerlistener-class>
listener>
<context-param>
<param-name>contextConfigLocationparam-name>
<param-value>classpath:applicationContext.xml,classpath:spring-security.xmlparam-value>
context-param>
<filter>
<filter-name>springSecurityFilterChainfilter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxyfilter-class>
filter>
<filter-mapping>
<filter-name>springSecurityFilterChainfilter-name>
<url-pattern>/*url-pattern>
filter-mapping>
<filter>
<filter-name>CharacterEncodingFilterfilter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilterfilter-class>
<init-param>
<param-name>encodingparam-name>
<param-value>utf-8param-value>
init-param>
filter>
<filter-mapping>
<filter-name>CharacterEncodingFilterfilter-name>
<url-pattern>/*url-pattern>
filter-mapping>
数据库sql
# 创建数据库
create database if not exists test_db character set utf8;
# 使用数据库
use test_db;
# 创建表
create table user(
id int primary key auto_increment,
username varchar(20),
password varchar(60)
);
# 插入一条记录,password=123456
insert into user values(null,'zhangsan','$10$pfEJ45.dKRdWBTu3ogakD.jYLN7R0A2RN9d.9a9mMuJHB6fcAZYSa');
pom.xml
<properties>
<spring.version>5.0.2.RELEASEspring.version>
<spring.security.version>5.0.1.RELEASEspring.security.version>
<project.build.sourceEncoding>UTF-8project.build.sourceEncoding>
properties>
<dependencies>
<dependency>
<groupId>org.springframeworkgroupId>
<artifactId>spring-coreartifactId>
<version>${spring.version}version>
dependency>
<dependency>
<groupId>org.springframeworkgroupId>
<artifactId>spring-webartifactId>
<version>${spring.version}version>
dependency>
<dependency>
<groupId>org.springframeworkgroupId>
<artifactId>spring-webmvcartifactId>
<version>${spring.version}version>
dependency>
<dependency>
<groupId>org.springframeworkgroupId>
<artifactId>spring-context-supportartifactId>
<version>${spring.version}version>
dependency>
<dependency>
<groupId>org.springframeworkgroupId>
<artifactId>spring-testartifactId>
<version>${spring.version}version>
dependency>
<dependency>
<groupId>org.springframeworkgroupId>
<artifactId>spring-jdbcartifactId>
<version>${spring.version}version>
dependency>
<dependency>
<groupId>org.springframework.securitygroupId>
<artifactId>spring-security-webartifactId>
<version>${spring.security.version}version>
dependency>
<dependency>
<groupId>org.springframework.securitygroupId>
<artifactId>spring-security-configartifactId>
<version>${spring.security.version}version>
dependency>
<dependency>
<groupId>javax.servletgroupId>
<artifactId>javax.servlet-apiartifactId>
<version>3.1.0version>
<scope>providedscope>
dependency>
<dependency>
<groupId>junitgroupId>
<artifactId>junitartifactId>
<version>4.12version>
dependency>
<dependency>
<groupId>mysqlgroupId>
<artifactId>mysql-connector-javaartifactId>
<version>5.1.17version>
dependency>
<dependency>
<groupId>log4jgroupId>
<artifactId>log4jartifactId>
<version>1.2.17version>
dependency>
dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.tomcat.mavengroupId>
<artifactId>tomcat7-maven-pluginartifactId>
<version>2.2version>
plugin>
plugins>
build>