在上一篇文档中,对Spring Security中的身份认证的流程和管理进行了详细介绍,本文将从实践的角度告诉大家如何使用最简便的方式用Spring Security进行身份验证。
开发环境如下:
JDK 1.7
Tomcat 7
Eclipse
Spring Security 3.2.5
项目目录结构如下:
1.新建Maven Project,对Maven不熟悉的童鞋请自行充电,现在这个念头不学习Maven绝对是不行的。
2. 在Pom.xml添加相关jar依赖。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
<
project
xmlns
=
"http://maven.apache.org/POM/4.0.0"
xmlns:xsi
=
"http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation
=
"http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"
>
<
modelVersion
>4.0.0</
modelVersion
>
<
groupId
>com.favccxx.favsecurity</
groupId
>
<
artifactId
>HelloSpringSecurity</
artifactId
>
<
packaging
>war</
packaging
>
<
version
>0.0.1-SNAPSHOT</
version
>
<
name
>HelloSpringSecurity Maven Webapp</
name
>
<
url
>http://maven.apache.org</
url
>
<
properties
>
<
spring.version
>3.2.8.RELEASE</
spring.version
>
</
properties
>
<
dependencies
>
<
dependency
>
<
groupId
>junit</
groupId
>
<
artifactId
>junit</
artifactId
>
<
version
>3.8.1</
version
>
<
scope
>test</
scope
>
</
dependency
>
<
dependency
>
<
groupId
>org.springframework</
groupId
>
<
artifactId
>spring-core</
artifactId
>
<
version
>${spring.version}</
version
>
</
dependency
>
<
dependency
>
<
groupId
>org.springframework</
groupId
>
<
artifactId
>spring-webmvc</
artifactId
>
<
version
>${spring.version}</
version
>
</
dependency
>
<
dependency
>
<
groupId
>org.springframework</
groupId
>
<
artifactId
>spring-beans</
artifactId
>
<
version
>${spring.version}</
version
>
</
dependency
>
<
dependency
>
<
groupId
>org.springframework</
groupId
>
<
artifactId
>spring-context</
artifactId
>
<
version
>${spring.version}</
version
>
</
dependency
>
<
dependency
>
<
groupId
>org.springframework</
groupId
>
<
artifactId
>spring-aop</
artifactId
>
<
version
>${spring.version}</
version
>
</
dependency
>
<
dependency
>
<
groupId
>org.springframework</
groupId
>
<
artifactId
>spring-tx</
artifactId
>
<
version
>${spring.version}</
version
>
</
dependency
>
<!-- <dependency> -->
<!-- <groupId>org.springframework</groupId> -->
<!-- <artifactId>spring-test</artifactId> -->
<!-- <version>${spring.version}</version> -->
<!-- </dependency> -->
<
dependency
>
<
groupId
>org.freemarker</
groupId
>
<
artifactId
>freemarker</
artifactId
>
<
version
>2.3.20</
version
>
</
dependency
>
<
dependency
>
<
groupId
>org.springframework</
groupId
>
<
artifactId
>spring-orm</
artifactId
>
<
version
>${spring.version}</
version
>
</
dependency
>
<
dependency
>
<
groupId
>org.springframework.security</
groupId
>
<
artifactId
>spring-security-web</
artifactId
>
<
version
>3.2.5.RELEASE</
version
>
</
dependency
>
<
dependency
>
<
groupId
>org.springframework.security</
groupId
>
<
artifactId
>spring-security-config</
artifactId
>
<
version
>3.2.5.RELEASE</
version
>
</
dependency
>
<
dependency
>
<
groupId
>jstl</
groupId
>
<
artifactId
>jstl</
artifactId
>
<
version
>1.2</
version
>
</
dependency
>
</
dependencies
>
<
build
>
<
finalName
>HelloSpringSecurity</
finalName
>
</
build
>
</
project
>
|
3. 配置web.xml,在容器启动时加载Spring MVC的配置文件与Spring Security的配置文件。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
<?
xml
version
=
"1.0"
encoding
=
"UTF-8"
?>
<
web-app
id
=
"helloSpringSecurity"
version
=
"2.4"
xmlns
=
"http://java.sun.com/xml/ns/j2ee"
xmlns:xsi
=
"http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation
=
"http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
>
<
display-name
>Hello Spring Security</
display-name
>
<
context-param
>
<
param-name
>contextConfigLocation</
param-name
>
<
param-value
>
classpath:springSecurity.xml
</
param-value
>
</
context-param
>
<
listener
>
<
listener-class
>org.springframework.web.context.ContextLoaderListener</
listener-class
>
</
listener
>
<
filter
>
<
filter-name
>springSecurityFilterChain</
filter-name
>
<
filter-class
>org.springframework.web.filter.DelegatingFilterProxy</
filter-class
>
</
filter
>
<
filter-mapping
>
<
filter-name
>springSecurityFilterChain</
filter-name
>
<
url-pattern
>/*</
url-pattern
>
</
filter-mapping
>
<
servlet
>
<
servlet-name
>springMVC</
servlet-name
>
<
servlet-class
>org.springframework.web.servlet.DispatcherServlet</
servlet-class
>
<
init-param
>
<
param-name
>contextConfigLocation</
param-name
>
<
param-value
>classpath:spring-context.xml</
param-value
>
</
init-param
>
<
load-on-startup
>1</
load-on-startup
>
</
servlet
>
<
servlet-mapping
>
<
servlet-name
>springMVC</
servlet-name
>
<
url-pattern
>/</
url-pattern
>
</
servlet-mapping
>
</
web-app
>
|
4. SpringSecurity.xml配置文件如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
<?
xml
version
=
"1.0"
encoding
=
"UTF-8"
?>
<
beans
xmlns
=
"http://www.springframework.org/schema/beans"
xmlns:xsi
=
"http://www.w3.org/2001/XMLSchema-instance"
xmlns:security
=
"http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<
security:http
auto-config
=
"true"
>
<
security:intercept-url
pattern
=
"/admin"
access
=
"ROLE_ADMIN"
/>
<
security:intercept-url
pattern
=
"/confidential"
access
=
"ROLE_SUPERADMIN"
/>
</
security:http
>
<
security:authentication-manager
>
<
security:authentication-provider
>
<
security:user-service
>
<
security:user
name
=
"favccxx"
password
=
"favccxx"
authorities
=
"ROLE_USER,ROLE_ADMIN"
/>
<
security:user
name
=
"super"
password
=
"super"
authorities
=
"ROLE_SUPERADMIN"
/>
</
security:user-service
>
</
security:authentication-provider
>
</
security:authentication-manager
>
</
beans
>
|
5.spring-context.xml配置文件如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
<?
xml
version
=
"1.0"
encoding
=
"UTF-8"
?>
<
beans
xmlns
=
"http://www.springframework.org/schema/beans"
xmlns:xsi
=
"http://www.w3.org/2001/XMLSchema-instance"
xmlns:context
=
"http://www.springframework.org/schema/context"
xmlns:mvc
=
"http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd">
<
mvc:annotation-driven
></
mvc:annotation-driven
>
<
context:component-scan
base-package
=
"com.favccxx.favsecurity.web"
></
context:component-scan
>
<
bean
id
=
"viewResolver"
class
=
"org.springframework.web.servlet.view.UrlBasedViewResolver"
>
<
property
name
=
"viewClass"
value
=
"org.springframework.web.servlet.view.JstlView"
/>
<
property
name
=
"prefix"
value
=
"/WEB-INF/views"
/>
<
property
name
=
"suffix"
value
=
".jsp"
/>
</
bean
>
</
beans
>
|
6. 新建HelloSpringSecurityController.java文件,代码如下:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
package
com.favccxx.favsecurity.web;
import
org.springframework.stereotype.Controller;
import
org.springframework.web.bind.annotation.RequestMapping;
import
org.springframework.web.bind.annotation.RequestMethod;
import
org.springframework.web.servlet.ModelAndView;
@Controller
public
class
HelloSpringSecurityController {
@RequestMapping
(
"/hello"
)
public
ModelAndView hello(){
ModelAndView mav =
new
ModelAndView();
mav.addObject(
"title"
,
"Welcome - Spring Security Hello World"
);
mav.addObject(
"message"
,
"This is welcome page!"
);
mav.setViewName(
"/hello"
);
return
mav;
}
@RequestMapping
(value = {
"/"
,
"/welcome"
}, method = RequestMethod.GET)
public
ModelAndView welcome() {
ModelAndView mav =
new
ModelAndView();
mav.addObject(
"title"
,
"Welcome - Spring Security Hello World"
);
mav.addObject(
"message"
,
"This is welcome page!"
);
mav.setViewName(
"/hello"
);
return
mav;
}
@RequestMapping
(value =
"/admin"
, method = RequestMethod.GET)
public
ModelAndView admin() {
ModelAndView mav =
new
ModelAndView();
mav.addObject(
"title"
,
"Admin - Spring Security Hello World"
);
mav.addObject(
"message"
,
"This is protected page!"
);
mav.setViewName(
"/admin"
);
return
mav;
}
}
}
|
7. 在/WEB-INF/views文件夹下分别创建admin.jsp和hello.jsp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<!DOCTYPE html>
<
html
>
<
head
>
<
meta
http-equiv
=
"Content-Type"
content
=
"text/html; charset=UTF-8"
>
<
title
>${title}</
title
>
</
head
>
<
body
>
<
h1
>Title : ${title}</
h1
>
<
h1
>Message : ${message}</
h1
>
<
c:if
test
=
"${pageContext.request.userPrincipal.name != null}"
>
<
h2
>
Welcome : ${pageContext.request.userPrincipal.name} | <
a
href
=
"<c:url value="
/j_spring_security_logout" />"> Logout</
a
>
</
h2
>
</
c:if
>
</
body
>
</
html
>
|
1
2
3
4
5
6
7
8
9
10
11
12
13
|
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<
html
>
<
head
>
<
meta
http-equiv
=
"Content-Type"
content
=
"text/html; charset=UTF-8"
>
<
title
>${title}</
title
>
</
head
>
<
body
>
<
h1
>Title:${title}</
h1
>
<
h1
>Message:${message}</
h1
>
</
body
>
</
html
>
|
8. 系统运行效果图如下
备注:猛击此处下载源代码
本文转自 genuinecx 51CTO博客,原文链接:http://blog.51cto.com/favccxx/1606889,如需转载请自行联系原作者