spring security学习笔记1
最简单的SS模型,一个SS的Hello World~
使用SS需要用到的JAR是:spring,spring security;
一,概要
1,使用maven构建项目,下载JAR包,如果不用maven也可以自己下载JAR包以及依赖包;
2,配置applicationContext.xml文件;
3,修改web.xml;
4,编写测试JSP页面;
二,具体代码
1,maven仓库的配置开源参考开源中国的教程:http://maven.oschina.net/help.html
参考:仓库配置好以后,配置JAR包:http://my.oschina.net/acitiviti/blog/342331
使用maven3.2.3版本,POM.XML,如下:
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>ss01</groupId>
<artifactId>ss01</artifactId>
<packaging>war</packaging>
<version>0.0.1-SNAPSHOT</version>
<name>ss01 Maven Webapp</name>
<url>http://maven.apache.org</url>
<!-- 添加版本信息 -->
<properties>
<springsecurity.version>3.1.0.RELEASE</springsecurity.version>
<spring.version>3.1.1.RELEASE</spring.version>
</properties>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>servlet-api</artifactId>
<version>6.0.39</version>
</dependency>
<!--spring-security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-acl</artifactId>
<version>${springsecurity.version}</version>
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-asm</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-aspects</artifactId>
<version>${springsecurity.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${springsecurity.version}</version>
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${springsecurity.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${springsecurity.version}</version>
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${springsecurity.version}</version>
<exclusions>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
</exclusion>
<exclusion>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
<version>1.2.12</version>
</dependency>
</dependencies>
<build>
<finalName>ss01</finalName>
</build>
</project>
2,配置applicationContext.xml文件;
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:s="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!--s:开头是因为在上面的xmlns里面定义了security的标签使用s:xmlns:s="http://www.springframework.org/schema/security"--> <!--权限设置:1,auto-config='true':使用http过滤器,自动加载,11个过滤器;2,权限是从上至下匹配,最上面的权限最大,下面设置的意思是ROLE_ADMIN才能进入/admin.jsp,ROLE_USER只能进入/admin.jsp以外的所有页面--> <s:http auto-config='true'> <s:intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" /> <s:intercept-url pattern="/**" access="ROLE_USER" /> </s:http> <!--权限分配:一般是纳入数据库管理,这里是XML直接管理--> <s:authentication-manager > <s:authentication-provider> <s:user-service> <s:user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" /> <s:user name="user" password="user" authorities="ROLE_USER" /> </s:user-service> </s:authentication-provider> </s:authentication-manager> </beans>
根目录commons-logging.properties:
##set Log as Log4J org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger
根目录log4j.properties(spring要用到的):
## LOGGERS ##
#define a logger
#log4j.rootLogger=DEBUG,console,file
log4j.rootLogger=INFO,console,file
## APPENDERS ##
# define an appender named console, which is set to be a ConsoleAppender
log4j.appender.console=org.apache.log4j.ConsoleAppender
# define an appender named file, which is set to be a RollingFileAppender
log4j.appender.file=org.apache.log4j.RollingFileAppender
log4j.appender.file.File=C\:\\Documents and Settings\\Administrator\\My Documents\\LOG.txt
#set the log's size
log4j.appender.file.MaxFileSize=1000KB
log4j.appender.file.MaxBackupIndex=20
## LAYOUTS ##
# assign a SimpleLayout to console appender
log4j.appender.console.layout=org.apache.log4j.SimpleLayout
# assign a PatternLayout to file appender
log4j.appender.file.layout=org.apache.log4j.PatternLayout
# For debug
# log4j.appender.file.layout.ConversionPattern=[%-5p][%t][%C][%d{yyyy-MM-dd HH:mm:ss}] %m%n
# For deployment
log4j.appender.file.layout.ConversionPattern=[%-5p][%d{yyyy-MM-dd HH:mm:ss}] %m%n
3,修改web.xml:
<?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <display-name>spring security</display-name> <!--SS过滤器--> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!--文件加载路径--> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:applicationContext.xml</param-value> </context-param> <!--spring监听器--> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> </web-app>
4,建立两个JSP页面:admin.jsp index.jsp
5,开启服务器TOMCAT,访问index.jsp,出现登录界面:
成功。SS最简单的模型完成。
三、总结
1,SS经过配置,会保护程序所有文件,任何访问都要经过SS的过滤,但凡没有权限的访问都会进入登录界面,如果用户没有指定登录界面,SS会进入自己默认的一个登录界面,上面第五步的界面。
2,SS原理是:任何访问进入,经过默认的11个过滤器出或者入。