SpringMVC+Spring Security5集成案例(一)

權限以前一直用Apache Shiro,最近項目上用到Spring Security，因此就把集成步驟寫下來。

首先咱們建立一個mavan項目,

1.集成所需的jar包

<properties>
    <spring.version>5.2.2.RELEASE</spring.version>
    <spring.security.version>5.2.1.RELEASE</spring.security.version>
    <jstl.version>1.2</jstl.version>
    <servlet.version>2.5</servlet.version>
</properties>

 <dependencies>
    <!-- spring -->
    <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-core</artifactId>
      <version>${spring.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-web</artifactId>
      <version>${spring.version}</version>
    </dependency>
    <!-- spring mvc -->
    <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-webmvc</artifactId>
      <version>${spring.version}</version>
    </dependency>
    <!-- spring security -->
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-web</artifactId>
      <version>${spring.security.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-config</artifactId>
      <version>${spring.security.version}</version>
    </dependency>

    <dependency>
      <groupId>jstl</groupId>
      <artifactId>jstl</artifactId>
      <version>${jstl.version}</version>
    </dependency>
    <dependency>
      <groupId>javax.servlet</groupId>
      <artifactId>servlet-api</artifactId>
      <version>${servlet.version}</version>
      <scope>provided</scope>
      <!--對於scope=provided的狀況，則能夠認爲這個provided是目標容器已經provide這個artifact。-->
    </dependency>
  </dependencies>

<build>
    <finalName>ssmvc</finalName>
    <!-- <pluginManagement>--> <!--加上這句在Maven Projects中的Plugins中不會顯示tomcat7插件，註釋後也可在"Edit Configurations..."配置，Command line:tomcat7:run -f pom.xml -->
      <plugins>
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
           <artifactId>maven-compiler-plugin</artifactId>
           <version>3.6.0</version>
           <configuration>
             <source>1.8</source>
             <target>1.8</target>
           </configuration>
         </plugin>
        <plugin>
          <groupId>org.apache.tomcat.maven</groupId>
          <artifactId>tomcat7-maven-plugin</artifactId>
          <version>2.2</version>
          <configuration>
            <port>8000</port>
            <path>/ssmvc</path>
            <server>tomcat7</server>
          </configuration>
        </plugin>
      </plugins>
    <!--</pluginManagement>-->
  </build>

2.web.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">

  <!--spring security filter chain-->
  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <!--start spring -->
  <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>
  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
      classpath:applicationContext.xml
      classpath:spring-security.xml
    </param-value>
  </context-param>

  <!-- start springMVC -->
  <!-- view https://docs.spring.io/spring-security/site/docs/5.2.1.RELEASE/reference/htmlsingle/#servlet-hello-xml-webxml-->
  <servlet>
    <servlet-name>DispatcherServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>classpath:spring-mvc.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
    <servlet-name>DispatcherServlet</servlet-name>
    <url-pattern>/</url-pattern>
  </servlet-mapping>
</web-app>

applicationContext.xml

<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
                http://www.springframework.org/schema/context
      http://www.springframework.org/schema/context/spring-context.xsd
      http://www.springframework.org/schema/aop
                http://www.springframework.org/schema/aop/spring-aop.xsd">
</beans>

spring-mvc.xml

<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
                http://www.springframework.org/schema/context
      http://www.springframework.org/schema/context/spring-context.xsd
      http://www.springframework.org/schema/mvc
                http://www.springframework.org/schema/aop/spring-mvc.xsd">
     <!--package scan -->
    <context:component-scan base-package="com.test"/>

    <mvc:annotation-driven/>

    <mvc:resources mapping="/static/**" location="/static/"/>

    <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="prefix" value="/WEB-INF/views/"/>
        <property name="suffix" value=".jsp"/>
    </bean>
</beans>

spring-security.xml

<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security.xsd">

     <security:http>
        <!-- pattern: 要攔截的資源-->
        <security:intercept-url pattern="/**" access="isFullyAuthenticated()"/>
        <security:http-basic/>
    </security:http>

    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <security:user name="admin" password="{noop}123456" authorities="ROLE_USER"/>
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>
</beans>

3.運行

此時咱們運行以後，會彈出用戶名密碼，咱們輸入上方的用戶名密碼便可登陸。這樣咱們第一步就算成功了。

錯誤：

嚴重: Exception starting filter springSecurityFilterChain
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' available

這個錯誤是咱們沒有在spring-sercurity中添加
 <security:http>
        <security:http-basic/>
    </security:http>

    <security:authentication-manager>

    </security:authentication-manager>

說明：

mvc:annotation-driven的做用

這個配置默認會幫咱們註冊默認處理請求，參數和返回值的類，其中最主要的兩個類：DefaultAnnotationHandlerMapping 和 AnnotationMethodHandlerAdapter ，分別爲HandlerMapping的實現類和HandlerAdapter的實現類，但從3.1.x版本開始對應實現類改成了RequestMappingHandlerMapping和RequestMappingHandlerAdapter。
 
HandlerMapping的實現類的做用
實現類RequestMappingHandlerMapping，它會處理@RequestMapping 註解，並將其註冊到請求映射表中。
 
HandlerAdapter的實現類的做用
實現類RequestMappingHandlerAdapter，則是處理請求的適配器，肯定調用哪一個類的哪一個方法，而且構造方法參數，返回值。
 
當配置了mvc:annotation-driven/後，Spring就知道了咱們啓用註解驅動。而後Spring經過context:component-scan/標籤的配置，會自動爲咱們將掃描到的@Component，@Controller，@Service，@Repository等註解標記的組件註冊到工廠中，來處理咱們的請求。