spring-security3 入门篇

1.下载spring security的最新版本,工程下载的是3.1

2. 新建工程,结构如下:


spring-security3 入门篇_第1张图片
 其中,涉及到的jar包可以在spring-security包中的例子中获取

3、配置spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
	xsi:schemaLocation="http://www.springframework.org/schema/beans 
	   		http://www.springframework.org/schema/beans/spring-beans.xsd
			http://www.springframework.org/schema/security 
			http://www.springframework.org/schema/security/spring-security.xsd">

	<!-- 保护应用程序的所有URL,只有拥有ROLE_USER才可以访问 -->
	<security:http auto-config="true">
		<security:intercept-url pattern="/**" access="ROLE_USER" />
	</security:http>
	
	<!--配置认证管理器,只有用户名为user,密码为user的用户,角色为ROLE_USER可访问指定的资源 -->
	<security:authentication-manager>
		<security:authentication-provider>
			<security:user-service>
				<security:user name="user"  password="user" authorities="ROLE_USER"/>
			</security:user-service>
		</security:authentication-provider>
	</security:authentication-manager>
</beans>

 4.配置web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
  <display-name>springSecurity</display-name>
	<!--******************************** -->
	<!--*******log4j日志信息的配置****** -->
	<!--******************************* -->
	<context-param>
		<param-name>log4jConfigLocation</param-name>
		<param-value>classpath:log4j.xml</param-value>
	</context-param>
	<!--Spring默认刷新Log4j配置文件的间隔,单位为millisecond,可以不设置 -->
	<context-param>
		<param-name>log4jRefreshInterval</param-name>
		<param-value>60000</param-value>
	</context-param>

	<!--******************************** -->
	<!--*******spring bean的配置******** -->
	<!--******************************* -->
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>classpath:applicationContext.xml</param-value>
	</context-param>
	
	<listener>
		<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
	</listener>
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	<listener>
		<listener-class>org.springframework.web.util.IntrospectorCleanupListener</listener-class>
	</listener>
	<!--******************************** -->
	<!--*******字符集 过滤器************ -->
	<!--******************************* -->
	<filter>
		<filter-name>CharacterEncodingFilter</filter-name>
		<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
		<init-param>
			<param-name>encoding</param-name>
			<param-value>UTF-8</param-value>
		</init-param>
		<init-param>
			<param-name>forceEncoding</param-name>
			<param-value>true</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>CharacterEncodingFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<!--******************************** -->
	<!--*******session的配置************ -->
	<!--******************************* -->
	<session-config>
		<session-timeout>30</session-timeout>
	</session-config>
	
  	<!-- SpringSecurity必须的begin -->
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<!-- 拦截所有的请求 -->
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<!-- SpringSecurity必须的end -->
	
  <welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
  </welcome-file-list>
</web-app>

 

5.index.jsp

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>首页</title>
</head>
<body>
	<h1>这里是首页,欢迎你!</h1>
	<% 
		String[] str = session.getValueNames();
		for(int i=0;i<str.length;i++){
			out.println("key=="+str[i]);
			out.println("value=="+session.getAttribute(str[i]));
		}
	%>
</body>
</html>

 

6部署应用,在首次浏览index.jsp时,由于没登录,spring security会自动生成登录页面,页面内容如下:

 


spring-security3 入门篇_第2张图片
 7输入用户名和密码,user,则进入首页

 

 
spring-security3 入门篇_第3张图片
 至此,简单的权限控制完成,在index页面中通过session可以看到存入session中的用户信息。

你可能感兴趣的:(spring,Security)