一、pom依赖引入
<properties>
<security-version>4.2.3.RELEASE</security-version>
</properties>
<dependencies>
<!-- ... other dependency elements ... -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${security-version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${security-version}</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework/spring-webmvc -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.3.9.RELEASE</version>
</dependency>
<!-- https://mvnrepository.com/artifact/commons-logging/commons-logging -->
<dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
<version>1.1.1</version>
</dependency>
</dependencies>
二、配置spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<bean:beans xmlns="http://www.springframework.org/schema/security"
xmlns:bean="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd">
<http pattern="/login.html" security="none"></http>
<http pattern="/loginerror.html" security="none"></http>
<http>
<!-- 设置权限 -->
<intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<!-- 登出成功及失败访问页 -->
<logout logout-url="/logout" logout-success-url="/login.html"/>
<!-- 设置登录相关配置 -->
<form-login always-use-default-target="true"
login-page="/login.html"
login-processing-url="/login"
default-target-url="/success.html"
authentication-failure-url="/login.html"
/>
<csrf disabled="true" />
</http>
<!-- 静态用户名 -->
<!-- <authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="123456" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager> -->
<bean:bean id="userDetail" class="liuli.relam.UserDetailServiceImpl"></bean:bean>
<!-- 动态用户名 -->
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userDetail"/>
</authentication-manager>
</bean:beans>
注:静态用户名用户名及密码在xml中配置,动态用户则为页面传输的用户名及密码(UserDetailServiceImpl需自己手动写)代码如下:
package liuli.relam;
import java.util.ArrayList;
import java.util.List;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
public class UserDetailServiceImpl implements UserDetailsService{
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
//可通过service层查出user,得到密码与权限
//为方便测试,此处省略持久层,直接加入数据
String password = "";
if(username.equals("admin"))
password = "123456";
else
password = "111111";
List<GrantedAuthority> list = new ArrayList<GrantedAuthority>();
//list包含该用户的所有权限
list.add(new SimpleGrantedAuthority("ROLE_USER"));
//并得到user的密码,最终添加进User进行比对
User user = new User("username",password,list);
return user;
}
}
三、配置spring-mvc.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<!--
注册映射器:BeanNameUrlHandlerMapping
通过设定的bean名称和url路径名称匹配
-->
<!-- <bean class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping"></bean> -->
<bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping"/>
<!-- 注册适配器 -->
<!-- <bean class="org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter"></bean> -->
<!-- <bean class="org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter"></bean> -->
<!-- 注解适配器:开发控制器采用注解的方式 -->
<bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter"/>
<!-- 配置后端处理器 -->
<!-- <bean name="/user.do" class="com.project.controller.UserHandler"></bean> -->
<!-- <bean name="/user2.do" class="com.project.controller.UserHandler2"></bean> -->
<!-- <context:component-scan base-package="com.controller"/> -->
<!-- 注册视图解析器 -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"/>
<!-- 避免拦截静态文件 -->
<mvc:default-servlet-handler/>
</beans>
四、自己写登录界面,授权失败界面及授权成功界面
注:用户名的name属性为"username",密码的name属性为"password",方法为"POST",具体可看UsernamePasswordAuthenticationFilter源码
public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "username";
public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "password";
private String usernameParameter = SPRING_SECURITY_FORM_USERNAME_KEY;
private String passwordParameter = SPRING_SECURITY_FORM_PASSWORD_KEY;
private boolean postOnly = true;
五、web.xml的配置
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<!-- 启动springmvc的中央控制器 -->
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<!-- 加载springmvc的配置文件 -->
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-mvc.xml</param-value>
</init-param>
<!-- 设置tomcat启动就加载servlet -->
<load-on-startup>0</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- 启动spring监听 -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-security.xml</param-value>
</context-param>
<!-- 配置security过滤器 -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
六、放入tomcat,启动即可
大功告成!!