Spring Security 01

環境搭建

maven依賴jar包

<!-- spring-security -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>4.2.3.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>4.2.3.RELEASE</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>4.2.3.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <version>4.2.3.RELEASE</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
            <version>4.2.3.RELEASE</version>
        </dependency>

note: spring security jar的具體解析見https://blog.csdn.net/sun_Leaf/article/details/78954501

applicationContext-security.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:sec="http://www.springframework.org/schema/security"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/context
                        http://www.springframework.org/schema/context/spring-context-3.1.xsd
                        http://www.springframework.org/schema/tx
                        http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
                        http://www.springframework.org/schema/security
                        http://www.springframework.org/schema/security/spring-security.xsd">
 
 
    <!-- 配置不過濾的資源（靜態資源及登陸相關）.是忽略攔截某些資源的意思，主要是針對靜態資源 -->
    <http pattern="/**/*.css" security="none"></http>
    <http pattern="/**/*.jpg" security="none"></http>
    <http pattern="/**/*.jpeg" security="none"></http>
    <http pattern="/**/*.gif" security="none"></http>
    <http pattern="/**/*.png" security="none"></http>
    <http pattern="/js/*.js" security="none"></http>
 
    <http pattern="/login.jsp" security="none"></http>
    <http pattern="/getCode" security="none" /><!-- 不過濾驗證碼 -->
    <http pattern="/test/**" security="none"></http><!-- 不過濾測試內容 -->
 
    <http auto-config="true">
        <!-- 表示訪問app.jsp時，須要ROLE_SERVICE權限 -->
        <intercept-url pattern="/adminpage.jsp" access="hasRole('ROLE_ADMIN')"></intercept-url>
        <!--表示訪問任何資源都須要ROLE_ADMIN權限。-->
        <intercept-url pattern="/**" access="hasRole('ROLE_USER')"></intercept-url>
    </http>
 
    <authentication-manager>
        <authentication-provider>
            <!-- 用戶的權限控制 -->
            <user-service>
                <user name="admin" password="123" authorities="ROLE_USER, ROLE_ADMIN" />
                <user name="user" password="123" authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>
</beans:beans>

web.xml配置

<!-- 加載配置文件 -->
  <context-param>
    <!-- 配置文件的路徑 -->
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath*:applicationContext-security.xml</param-value>
  </context-param>

<!-- 先由web容器加載爲k-v，在經過spring security監聽器監聽獲取 -->
  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

定義訪問頁面

• adminpage.jsp

<html>
<body>
<h2>this is admin page!</h2>
</body>
</html>

• index.jsp

<html>
<body>
<h2>this is index page!</h2>
</body>
</html>

• adminpage.jsp，須要具備ROLE_ADMIN權限的用戶才能訪問 index.jsp，須要具備ROLE_USER權限的用戶才能訪問