Spring4和SpringSecurity4的整合(一)

時間  2020-03-16
標籤 spring4 spring springsecurity4 springsecurity 整合 欄目 Spring 简体版
原文   原文鏈接

SpringSecurity的官方文檔及其簡單,他的示例配置就是在xml文件中把用戶名和密碼寫固定了,然而在實際工做中是不可能的,參考了下網上的教程發現參差不齊,特此寫下記錄學習過程
首先pom導入jar包:
pom.xmljava

<dependencies>
        <dependency>
            <groupId>org.glassfish.web</groupId>
            <artifactId>javax.servlet.jsp.jstl</artifactId>
            <version>1.2.2</version>
        </dependency>
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>jstl</artifactId>
            <version>1.2</version>
        </dependency>
        <dependency>
            <groupId>javax</groupId>
            <artifactId>javaee-api</artifactId>
            <version>7.0</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>javax.servlet-api</artifactId>
            <version>3.1.0</version>
        </dependency>
        <dependency>
            <groupId>junit</groupId>
            <artifactId>junit</artifactId>
            <version>3.8.1</version>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-web</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-core</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-context</artifactId>
            <version>${spring.version}</version>
        </dependency>

        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-beans</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-jdbc</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-tx</artifactId>
            <version>${spring.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>4.1.3.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>4.1.3.RELEASE</version>
        </dependency>
    </dependencies>

SpringSecurity.xml配置git

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-4.1.xsd">
    <security:http auto-config="true">
        <security:intercept-url pattern="/index.jsp" access="hasRole('ROLE_ADMIN')" /><!-- access後面直接寫"ROLE_ADMIN"這裏會提示出錯,提示找不到這種ROLE_ADMIN這種類型 -->
    </security:http>
    <!-- 查詢網上的文章,這裏都是引用的實現了UserDetailsService的類,可是我引用的時候提示UserDetailService不能轉爲org.springframework.security.authentication.AuthenticationProvider,因此這裏須要改成實現了AuthenticationProvider的類 -->
    <bean id="MyUserService" class="szh.security.security.SecurityProvider"></bean>
    <security:authentication-manager>
        <security:authentication-provider
            ref="MyUserService">
        </security:authentication-provider>
    </security:authentication-manager>
</beans>

UserDetailService實現類github

public class MyUserDetailService implements UserDetailsService  {

    @Override
    public UserDetails loadUserByUsername(String username)
            throws UsernameNotFoundException {
//在這裏爲了方便測試直接固定了
        MyUser myUser = new MyUser();
        System.out.println(username + "load的值");
        myUser.setUser_name("a");
        myUser.setUser_password("aa");
        myUser.setUser_role("ROLE_ADMIN");
        return new MyUserDetail(myUser, getAuthorities());
    }

    private Collection<GrantedAuthority> getAuthorities() {
        Collection<GrantedAuthority> grantedAuthorities = new ArrayList<>();
        SimpleGrantedAuthority grantedAuthority = new SimpleGrantedAuthority("ROLE_ADMIN");
        grantedAuthorities.add(grantedAuthority);
        return grantedAuthorities;
    }

}

MyUserDetail實現類:爲了之後能更多的對用戶進行操做web

public class MyUserDetail implements UserDetails {
    private MyUser myUser;
    private Collection<? extends GrantedAuthority> authorities;

    public MyUserDetail(MyUser user,Collection<? extends GrantedAuthority> authorities) {
        this.myUser = user;
        this.authorities = authorities;
    }

    @Override
    public Collection<? extends GrantedAuthority> getAuthorities() {
        // TODO Auto-generated method stub
        return authorities;
    }

    @Override
    public String getPassword() {
        return myUser.getUser_password();
    }

    @Override
    public String getUsername() {
        return myUser.getUser_name();
    }

    @Override
    public boolean isAccountNonExpired() {
        // TODO Auto-generated method stub
        return false;
    }

    @Override
    public boolean isAccountNonLocked() {
        // TODO Auto-generated method stub
        return false;
    }

    @Override
    public boolean isCredentialsNonExpired() {
        // TODO Auto-generated method stub
        return false;
    }

    @Override
    public boolean isEnabled() {
        // TODO Auto-generated method stub
        return false;
    }

AuthenticationProvider類spring

public class SecurityProvider implements AuthenticationProvider {
    @Autowired
    private MyUserDetailService userDetailsService;
    @Override
    public Authentication authenticate(Authentication authentication)
            throws AuthenticationException {
        UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
        UserDetails userDetails = userDetailsService.loadUserByUsername("a");
        if (userDetails == null) {
            throw new UsernameNotFoundException("帳號不存在");
        }
        return new UsernamePasswordAuthenticationToken(userDetails, "aa",
                userDetails.getAuthorities());
    }

    @Override
    public boolean supports(Class<?> authentication) {
        // TODO Auto-generated method stub
        return UsernamePasswordAuthenticationToken.class.equals(authentication);
    }

其餘的正常配置便可
地址:https://github.com/Somersames...api

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程