mini版spring security登陆(基于xml)
基于spring-security版本4.2.6.RELEASE
加入maven依赖
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${security.version}</version>
</dependency>配置web.xml
在web.xml中加入:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-context.xml, classpath:spring-security.xml</param-value>
</context-param>
<listener>
/* 上下文监听 */
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-mvc.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
//也可以叫delegatingFilterProxy
/* <filter-name>delegatingFilterProxy</filter-name> */
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>配置spring-security.xml文件
在spring-security.xml文件中:
//<security:xx />是spring security的标签
<security:http pattern="/**" auto-config="true" use-expressions="true">
<security:form-login />
<security:intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')"/>
<security:csrf disabled="true"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user password="111111" name="admin" authorities="ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>编写控制器
HwController.java内容:
@Controller
public class HwController {
@Autowired
private FilterChainProxy filterChainProxy;
@RequestMapping("/index")
public String index(){
List<SecurityFilterChain> list = filterChainProxy.getFilterChains();
for (SecurityFilterChain sfc: list){
for (Filter filter: sfc.getFilters()){
System.out.println(filter.getClass().getName());
}
}
return "index";
}
}访问
出现登陆页面,输入用户名/密码:admin/111111登陆成功,再次访问http://localhost:8080/index,控制台输出默认的过滤器:
org.springframework.security.web.context.SecurityContextPersistenceFilter
org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter
org.springframework.security.web.header.HeaderWriterFilter
//CsrfFilter过滤器被disabled了
<!-- org.springframework.security.web.csrf.CsrfFilter -->
org.springframework.security.web.authentication.logout.LogoutFilter
org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter
org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter
org.springframework.security.web.authentication.www.BasicAuthenticationFilter
org.springframework.security.web.savedrequest.RequestCacheAwareFilter
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
org.springframework.security.web.authentication.AnonymousAuthenticationFilter
org.springframework.security.web.session.SessionManagementFilter
org.springframework.security.web.access.ExceptionTranslationFilter
org.springframework.security.web.access.intercept.FilterSecurityInterceptor