SpringSecurity安全框架

1  Spring Security简介

Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。它提供了一组可以在Spring应用上下文中配置的Bean,充分利用了Spring IoC,DI(控制反转Inversion of Control ,DI:Dependency Injection 依赖注入)和AOP(面向切面编程)功能

2 使用Spring Security总共分五步  分别为

详细步骤如下

  a、创建liJun_springSecurity项目(war) 

  b、导入SpringSecurity的坐标(pom.xml)

  c、配置spring-security.xml

  d、配置web.xml

  e、测试

详细步骤如下:

   a 、创建liJun_springSecurity项目(war) 

  b、导入SpringSecurity的坐标(pom.xml)

 

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 <modelVersion>4.0.0</modelVersion>

 <groupId>com.itheima</groupId>
 <artifactId>itheima_springsecurity</artifactId>
 <version>1.0-SNAPSHOT</version>
 <packaging>war</packaging>

 <properties>
   <spring.version>5.0.2.RELEASE</spring.version>
   <spring.security.version>5.0.1.RELEASE</spring.security.version>
 </properties>
 <dependencies>
   <dependency>
     <groupId>org.springframework</groupId>
     <artifactId>spring-core</artifactId>
     <version>${spring.version}</version>
   </dependency>
   <dependency>
     <groupId>org.springframework</groupId>
     <artifactId>spring-web</artifactId>
     <version>${spring.version}</version>
   </dependency>
   <dependency>
     <groupId>org.springframework</groupId>
     <artifactId>spring-webmvc</artifactId>
     <version>${spring.version}</version>
   </dependency>
   <dependency>
     <groupId>org.springframework</groupId>
     <artifactId>spring-context-support</artifactId>
     <version>${spring.version}</version>
   </dependency>
   <dependency>
     <groupId>org.springframework</groupId>
     <artifactId>spring-test</artifactId>
     <version>${spring.version}</version>
   </dependency>
   <dependency>
     <groupId>org.springframework</groupId>
     <artifactId>spring-jdbc</artifactId>
     <version>${spring.version}</version>
   </dependency>
   <dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-web</artifactId>
     <version>${spring.security.version}</version>
   </dependency>
   <dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-config</artifactId>
     <version>${spring.security.version}</version>
   </dependency>
   <dependency>
     <groupId>org.springframework.security</groupId>
     <artifactId>spring-security-taglibs</artifactId>
     <version>${spring.security.version}</version>
   </dependency>
   <dependency>
     <groupId>javax.servlet</groupId>
     <artifactId>javax.servlet-api</artifactId>
     <version>3.1.0</version>
     <scope>provided</scope>
   </dependency>
 </dependencies>
 <build>
   <plugins>
     <!-- java编译插件 -->
     <plugin>
       <groupId>org.apache.maven.plugins</groupId>
       <artifactId>maven-compiler-plugin</artifactId>
       <version>3.2</version>
       <configuration>
         <source>1.8</source>
         <target>1.8</target>
         <encoding>UTF-8</encoding>
       </configuration>
     </plugin>
     <plugin>
       <groupId>org.apache.tomcat.maven</groupId>
       <artifactId>tomcat7-maven-plugin</artifactId>
       <configuration>
         <!-- 指定端口 -->
         <port>8080</port>
         <!-- 请求路径 -->
         <path>/</path>
       </configuration>
     </plugin>
   </plugins>
 </build>
</project>

c、配置spring-security.xml

在类加载路径resources下创建spring-security.xml配置文件,配置认证和授权信息


<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
      xmlns:security="http://www.springframework.org/schema/security"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xsi:schemaLocation="http://www.springframework.org/schema/beans
   http://www.springframework.org/schema/beans/spring-beans.xsd
   http://www.springframework.org/schema/security
   http://www.springframework.org/schema/security/spring-security.xsd">

   <!--
       配置拦截的规则
       auto-config="使用自带的页面"
       use-expressions="是否使用spel表达式",如果使用表达式:hasRole('ROLE_USER')
   -->
   <security:http auto-config="true" use-expressions="false">
       <!-- 配置拦截的请求地址,任何请求地址都必须有ROLE_USER的权限 -->
       <security:intercept-url pattern="/**" access="ROLE_USER"/>
   </security:http>
   
   <!-- 配置认证信息 -->
   <security:authentication-manager>
       <security:authentication-provider>
           <security:user-service>
               <security:user name="admin" password="{noop}admin" authorities="ROLE_USER"/>
           </security:user-service>
       </security:authentication-provider>
   </security:authentication-manager>

</beans>

d、配置web.xml


<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
        version="3.1">

 <!--Spring监听器指定配置文件位置-->
 <context-param>
   <param-name>contextConfigLocation</param-name>
   <param-value>classpath:spring-security.xml</param-value>
 </context-param>
 <listener>
   <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
 </listener>

 <!--配置委派代理过滤器: filter-name必须是:springSecurityFilterChain -->
 <filter>
   <filter-name>springSecurityFilterChain</filter-name>
   <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
 </filter>
 <filter-mapping>
   <filter-name>springSecurityFilterChain</filter-name>
   <url-pattern>/*</url-pattern>
 </filter-mapping>

</web-app>

e、测试

访问index.jsp页面,如果当前用户没有登录认证的话,则跳转到SpringSecurity的内置登录页面

 

点赞