1...spring_security.xml
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 4 xmlns:security="http://www.springframework.org/schema/security" 5 xsi:schemaLocation="http://www.springframework.org/schema/beans 6 http://www.springframework.org/schema/beans/spring-beans.xsd 7 http://www.springframework.org/schema/security 8 http://www.springframework.org/schema/security/spring-security.xsd"> <! - does not block static resources -> 910 <security:http pattern="/css/**" security="none"></security:http> 11 <security:http pattern="/img/**" security="none"></security:http> 12 <security:http pattern="/plugins/**" security="none"></security:http> 13 <!--不拦截登录 不拦截error --> 14 <security:http pattern="/login.jsp" security="none"></security:http> 15 <security:http pattern="/error.jsp" security="none"></security:http> 16 <security:http pattern="/favicon.ico" security="none"></security:http> 20config to use its own page Auto-19Configure intercepted rule <! -18 <! - blocking rules -> 17 Use - Expressions whether spel Expression 21 is -> 22 is <Security: HTTP Auto-config = "to true" use-Expressions = "to false"> 23 is <- configuration; knockdown address ->! 24 <Security: intercept- pattern = url "/ **" Access = "ROLE_USER"> </ Security: Intercept-url> 25 ! <- configuration you want to jump to a specific page -> 26 <Security: form- the Login 27 the Login-page = "/login.jsp" 28 Login-Processing-URL = "/ Login" 29 default -target-URL = "/ the index.jsp" 30 authentication-failure-URL = "/ the login.jsp" 31 ></security:form-login> 32 <!--关闭跨域请求--> 33 <security:csrf disabled="true"></security:csrf> 34 <!-- 退出登录--> 35 <security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/login.jsp"></security:logout> 36 </security:http> 37 <!--自带账户密码--> 38 <security:authentication-manager> 39 <security:authentication-provider user-service-ref="sysUserService"> 40 <!-- <security:password-encoder ref="passwordEncoder"></security:password-encoder>--> 41 <!-- <security:user-service>--> 42 <!-- <!–临时账户密码 不加密–>--> 43 <!-- <security:user name="admin" password="{noop}admin" authorities="ROLE_USER"></security:user>--> 44 <!-- </security:user-service>--> 45 </security:authentication-provider> 46 </security:authentication-manager> 47 <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></bean> 48 </beans>
2....web.xml
1 <!DOCTYPE web-app PUBLIC 2 "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" 3 "http://java.sun.com/dtd/web-app_2_3.dtd" > 4 5 <web-app> 6 <display-name>Archetype Created Web Application</display-name> 7 <context-param> 8 <param-name>contextConfigLocation</param-name> 9 <param-value>classpath*:applicationContext*.xml,classpath:spring_security.xml</param-value> 10 </context-param> 11 <filter> 12 <filter-name>CharacterEncodingFilter</filter-name> 13 <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 14 <init-param> 15 <param-name>encoding</param-name> 16 <param-value>utf-8</param-value> 17 </init-param> 18 </filter> 19 <filter> 20 <filter-name>springSecurityFilterChain</filter-name> 21 <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 22 </filter> 23 <filter-mapping> 24 <filter-name>CharacterEncodingFilter</filter-name> 25 <url-pattern>/*</url-pattern> 26 </filter-mapping> 27 <!-- spring security 的过滤器配置 --> 28 29 <filter-mapping> 30 <filter-name>springSecurityFilterChain</filter-name> 31 <url-pattern>/*</url-pattern> 32 </filter-mapping> 33 <listener> 34 <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 35 </listener> 36 <servlet> 37 <servlet-name>DispatcherServlet</servlet-name> 38 <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 39 <init-param> 40 <param-name>contextConfigLocation</param-name> 41 <param-value>classpath*:spring_mvc.xml</param-value> 42 </init-param> 43 <!-- 按照tomcat顺序加载--> 44 <load-on-startup>1</load-on-startup> 45 </servlet> 46 <servlet-mapping> 47 <servlet-name>DispatcherServlet</servlet-name> 48 <url-pattern>/</url-pattern> 49 </servlet-mapping> 50 <welcome-file-list> 51 <welcome-file>index.html</welcome-file> 52 <welcome-file>index.htm</welcome-file> 53 <welcome-file>index.jsp</welcome-file> 54 <welcome-file>default.html</welcome-file> 55 <welcome-file>default.htm</welcome-file> 56 <welcome-file>default.jsp</welcome-file> 57 </welcome-file-list> 58 </web-app>
3 ... MD5 java code encryption password
. 1 Package com.wsc.md5; 2 . 3 Import java.math.BigInteger; . 4 Import the java.security.MessageDigest; . 5 Import java.security.NoSuchAlgorithmException; . 6 . 7 public class MD5Utils { . 8 / ** . 9 * algorithm is used md5 encryption 10 * / . 11 public static String MD5 (String plainText) { 12 is byte [] secretBytes = null ; 13 is the try { 14 secretBytes = MessageDigest.getInstance ( "MD5") .digest ( 15 plainText.getBytes ()); 16 } the catch (NoSuchAlgorithmException E) { . 17 the throw new new a RuntimeException ( "No md5 algorithm!" ); 18 is } . 19 String md5code = new new a BigInteger (. 1, secretBytes) .toString ( 16); // hexadecimal 20 // if the generated number is less than 32, the foregoing need to fill 0 21 is for ( int I = 0; I <32 - md5code.length (); I ++ ) { 22 is md5code = "0 "+ md5code; 23 is } 24 return md5code; 25 } 26 27 public static void main(String[] args) { 28 System.out.println(md5("123")); 29 } 30 31 }
4 ... to obtain the plaintext password
1 // md5 2 @Autowired 3 PasswordEncoder passwordEncoder; 4 @RequestMapping("/add") 5 public String add(Sysuser sysuser){ 6 7 // 获取明文密码 8 // String password = sysuser.getPASSWORD(); 9 // // 对明文密码加密 10 // String md5password = passwordEncoder.encode(password); 11 // sysuser.setPASSWORD(md5password); 12 sysuserService.add(sysuser); 13 return "redirect:/user/pageChange"; 14 }