[spring security] spring security 4 基礎Demo

依賴包：

<properties>
  
  <junit.version>4.11</junit.version>
  <spring.version>4.1.6.RELEASE</spring.version>
  
   <spring-security.version>4.0.3.RELEASE</spring-security.version>
   
   <mysql.version>5.1.6</mysql.version>
  </properties>
  
  <dependencies>
    <dependency>
      <groupId>junit</groupId>
      <artifactId>junit</artifactId>
      <version>${junit.version}</version>
    </dependency>
    
    <!-- spring -->
    <dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-core</artifactId>
    <version>${spring.version}</version>
    </dependency>
    
    <dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-beans</artifactId>
    <version>${spring.version}</version>
    </dependency>
    
     <dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-aop</artifactId>
    <version>${spring.version}</version>
    </dependency>
    
     <dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-context</artifactId>
    <version>${spring.version}</version>
    </dependency>
    
     <dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-jdbc</artifactId>
    <version>${spring.version}</version>
    </dependency>
    
    <dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-context-support</artifactId>
    <version>${spring.version}</version>
    </dependency>
    
     <dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-web</artifactId>
    <version>${spring.version}</version>
    </dependency>
    
     <dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-webmvc</artifactId>
    <version>${spring.version}</version>
    </dependency>
    
    <!-- spring security  -->
    <dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-core</artifactId>
    <version>${spring-security.version}</version></dependency><dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-config</artifactId>
    <version>${spring-security.version}</version></dependency><dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-web</artifactId>
    <version>${spring-security.version}</version></dependency><!-- mysql Driver  -->    <dependency>
    <groupId>mysql</groupId>
    <artifactId>mysql-connector-java</artifactId>
    <version>${mysql.version}</version></dependency><dependency>
    <groupId>jstl</groupId>
    <artifactId>jstl</artifactId>
    <version>1.2</version></dependency>


  </dependencies>

 

1.web.xml

 <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <!-- Spring Security -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
  <!-- Spring MVC -->
    <servlet>
        <servlet-name>mvc-dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>classpath*:spring-context.xml</param-value>
    </init-param>
        <load-on-startup>1</load-on-startup>
        
    </servlet>
    <servlet-mapping>
        <servlet-name>mvc-dispatcher</servlet-name>
        <url-pattern>*.htm</url-pattern>
    </servlet-mapping>

2.spring-security.xml:

 <import resource="classpath:xwolf-datasource.xml"/>
     <!--靜態資源過濾-->
     <security:http pattern="/**/*.css" security="none"></security:http>
     <security:http pattern="/**/*.js" security="none"></security:http>
     <security:http pattern="/**/*.jpg" security="none"></security:http>
     <security:http pattern="/**/*.gif" security="none"></security:http>
     <security:http pattern="/**/*.png" security="none"></security:http>
     
     <!-- 1.基礎xml方式實現 -->
     <security:http auto-config="true"><security:intercept-url pattern="/admin.htm" access="hasRole('ROLE_USER')" />    
    </security:http> 
     
   <security:authentication-manager>
   
   <security:authentication-provider>
  <!-- 1.基礎用戶  <security:user-service>
   <security:user name="admin" password="123456" authorities="ROLE_USER"/>
   </security:user-service>  -->
   
   <!--  2.數據庫查詢用戶-->
   <security:jdbc-user-service data-source-ref="dataSource" users-by-username-query="select name,pwd,status as enabled from user where name=? "
   authorities-by-username-query="select u.name ,r.auth as authority from user u join user_role ur on u.uid=ur.uid join role r on r.rid=ur.rid 
   where u.name=?"/>
   </security:authentication-provider>
   </security:authentication-manager>

jdbc中用到的用戶和權限認證表信息。

其中用到的表結構：

兩個頁面分別對應hello.htm和admin.htm:

每個頁面一句話：

hello.jsp:

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%><html><head><title>登陸成功</title></head><body>
    <h3>登陸成功!Hello World!</h3></body></html>

admin.jsp:

<%@ page language="java" contentType="text/html; charset=UTF-8"
    pageEncoding="UTF-8"%><html><head><title>admin</title></head><body>
    <h2>admin!</h2></body></html>