springSecurity静的フィルタの設定ファイル

1. [追加の依存

<properties>
    <spring.version>5.0.2.RELEASE</spring.version>
    <spring.security.version>5.0.1.RELEASE</spring.security.version>
  </properties>
  <dependencies>
    <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-core</artifactId>
      <version>${spring.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-web</artifactId>
      <version>${spring.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-webmvc</artifactId>
      <version>${spring.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-context-support</artifactId>
      <version>${spring.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-test</artifactId>
      <version>${spring.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework</groupId>
      <artifactId>spring-jdbc</artifactId>
      <version>${spring.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-web</artifactId>
      <version>${spring.security.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-config</artifactId>
      <version>${spring.security.version}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-taglibs</artifactId>
      <version>${spring.security.version}</version>
    </dependency>
    <dependency>
      <groupId>javax.servlet</groupId>
      <artifactId>javax.servlet-api</artifactId>
      <version>3.1.0</version>
      <scope>provided</scope>
    </dependency>
  </dependencies>

xmlファイルスプリング・セキュリティを作成します。2.

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:security="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security.xsd">

    <!-- 不拦截静态资源 -->
    <security:http pattern="/css/**" security="none"/>
    <security:http pattern="/img/**" security="none"/>

    <!-- 配置不拦截指定页面 -->
    <security:http pattern="/login.jsp" security="none"/>
    <security:http pattern="/error.jsp" security="none"/>

    <!--
        配置拦截的规则
        auto-config="使用自带的页面"
        use-expressions="是否使用spel表达式"，
        如果使用表达式：hasRole('ROLE_USER')
    -->
    <security:http auto-config="true" use-expressions="false">
        <!-- 配置拦截的请求地址，任何请求地址都必须有ROLE_USER的权限 -->
        <security:intercept-url pattern="/**" access="ROLE_USER"/>

        <!-- 配置具体的页面跳转
             login-page:指定登录页面
             login-processing-url:登录请求路径
             default-target-url:登录成功后进入的页面
             authentication-failure-url:登录失败后进入的页面
         -->
        <security:form-login
                login-page="/login.jsp"
                login-processing-url="/login"
                always-use-default-target="true"
                default-target-url="/success.jsp"
                authentication-failure-url="/error.jsp"
        />

        <!-- 关闭跨域请求 -->
        <security:csrf disabled="true"/>
        <!-- 退出
         invalidate-session:是否刷新session
         logout-url:退出请求地址
         logout-success-url:退出成功后访问的页面
         -->
        <security:logout invalidate-session="true"
                         logout-url="/logout"
                         logout-success-url="/login.html"/>
    </security:http>

    <!-- 配置认证信息 -->
    <security:authentication-manager>
        <!--认证信息的提供者-->
        <security:authentication-provider>
            <!--用户的服务对象-->
            <security:user-service>
                <!--用户信息, 是临时账号和密码-->
                <!--noop:不使用加密  authorities:指定用户认证的角色-->
                <security:user name="admin" password="{noop}admin" authorities="ROLE_USER"/>
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>
</beans>

3.web.xml設定

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">

  <!--Spring监听器指定配置文件位置-->
  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:spring-security.xml</param-value>
  </context-param>
  <!--创建Spring容器对象-->
  <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>

  <!--配置委派代理过滤器： filter-name必须是：springSecurityFilterChain  -->
  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

</web-app>

対応する実行時の設定インターフェースを表示するには4