Spring Security(一)初识Spring Security

一、 Spring Security概念

Spring Security是spring采用AOP思想,基于servlet过滤器实现的安全框架。它提供了完善的认证机制和方法级的授权功能。是一款非常优秀的权限管理框架。

二、Spring Security简单入门

1、 创建web工程并导入jar包

Spring Security主要jar包功能介绍
① spring-security-core.jar
核心包,任何Spring Security功能都需要此包。
② spring-security-web.jar
web工程必备,包含过滤器和相关的Web安全基础结构代码。
③ spring-security-config.jar
用于解析xml配置文件,用到Spring Security的xml配置文件的就要用到此包。
④ spring-security-taglibs.jar
Spring Security提供的动态标签库,jsp页面可以用。
因为使用Maven管理依赖,MAVEN具有依赖传递的特性,实质上只需要引入最后两个依赖即可

<dependency> 
	<groupId>org.springframework.security</groupId>
	<artifactId>spring-security-taglibs</artifactId>
	<version>5.1.5.RELEASE</version>  				  		      
</dependency>
<dependency> 
	 <groupId>org.springframework.security</groupId> 
	 <artifactId>spring-security-config</artifactId> 
	 <version>5.1.5.RELEASE</version>                            
</dependency>

Spring Security(一)初识Spring Security_第1张图片
可以看到spring-security-config依赖包含了spring-security-core依赖和spring-security-web依赖

2、配置web.xml

加入Spring Security过滤器链

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
          http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         version="3.0">
	<display-name>Archetype Created Web Applicationdisplay-name>

    
    <filter>
        <filter-name>encodingFilterfilter-name>
        <filter-class>org.springframework.web.filter.CharacterEncodingFilterfilter-class>
        <init-param>
            <param-name>encodingparam-name>
            <param-value>UTF-8param-value>
        init-param>
    filter>
    <filter-mapping>
        <filter-name>encodingFilterfilter-name>
        <url-pattern>/*url-pattern>
    filter-mapping>

    
    <servlet>
        <servlet-name>springmvcservlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServletservlet-class>
        <init-param>
            <param-name>contextConfigLocationparam-name>
            <param-value>classpath:spring-mvc.xmlparam-value>
        init-param>
    servlet>
    <servlet-mapping>
        <servlet-name>springmvcservlet-name>
        <url-pattern>/url-pattern>
    servlet-mapping>


    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListenerlistener-class>
    listener>
    <context-param>
        <param-name>contextConfigLocationparam-name>
        <param-value>classpath:applicationContext.xmlparam-value>
    context-param>

    
    
    <filter>
        <filter-name>springSecurityFilterChainfilter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxyfilter-class>
    filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChainfilter-name>
        <url-pattern>/*url-pattern>
    filter-mapping>


web-app>
3、配置spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:http="http://www.springframework.org/schema/c"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
			    http://www.springframework.org/schema/beans/spring-beans.xsd
			    http://www.springframework.org/schema/context
			    http://www.springframework.org/schema/context/spring-context.xsd
			    http://www.springframework.org/schema/aop
			    http://www.springframework.org/schema/aop/spring-aop.xsd
			    http://www.springframework.org/schema/tx
			    http://www.springframework.org/schema/tx/spring-tx.xsd
			    http://www.springframework.org/schema/mvc
			    http://www.springframework.org/schema/mvc/spring-mvc.xsd
                http://www.springframework.org/schema/security
                http://www.springframework.org/schema/security/spring-security.xsd">
    <!--tx:事务管理 context:注解支持  mvc:支持mvc注解驱动    aop:切面   增加的security:支持Spring-Security-->

    <!--
   auto-config="true"  表示自动加载springsecurity的配置文件
   use-expressions="true" 表示使用spring的el表达式来配置springsecurity
   -->
    <security:http auto-config="true" use-expressions="true">
        <!--拦截资源-->
        <!--
        pattern="/**" 表示拦截所有资源
        access="hasAnyRole('ROLE_USER')" 表示只有ROLE_USER角色才能访问资源
        hasAnyRole可以设置多个,hasRole只能设置一个角色,表示只有角色ROLE_USER才有权限
        -->
        <security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER')"/>
    </security:http>

    <!--设置Spring Security认证用户信息的来源
    Spring-Security默认是加密的,{noop}设置为不加密-->
    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <security:user name="user" password="{noop}user" authorities="ROLE_USER" />
                <security:user name="admin" password="{noop}admin" authorities="ROLE_ADMIN" />
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>
    
</beans>
将spring-security.xml配置文件引入到applicationContext.xml中
 

<import resource="classpath:spring-security.xml"/>
运行结果

运行tomcat
Spring Security(一)初识Spring Security_第2张图片
我们在这个登录页面上输入用户名user,密码user,点击Sign in,就可以看到首页了!

你可能感兴趣的:(spring,java,web安全)