SpringSecurity_Spring整合
1.导入jar包
<packaging>war</packaging><properties><spring.version>5.0.5.RELEASE</spring.version><project.build.sourceEncoding>UTF-8</project.build.sourceEncoding><maven.compiler.source>1.8</maven.compiler.source><maven.compiler.target>1.8</maven.compiler.target></properties><dependencies><dependency><groupId>org.springframework</groupId><artifactId>spring-core</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-web</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-webmvc</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-context-support</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-test</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-jdbc</artifactId><version>${spring.version}</version></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-web</artifactId><version>5.0.5.RELEASE</version></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-config</artifactId><version>5.0.5.RELEASE</version></dependency><dependency><groupId>javax.servlet</groupId><artifactId>servlet-api</artifactId><version>2.5</version><scope>provided</scope></dependency></dependencies><build><plugins><plugin><groupId>org.apache.tomcat.maven</groupId><artifactId>tomcat7-maven-plugin</artifactId><configuration><!-- 指定端口 --><port>85</port><!-- 请求路径 --><path>/</path></configuration></plugin></plugins></build>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi=""xmlns=""xsi:schemaLocation=" .xsd"id="WebApp_ID" version="3.0"><filter><filter-name>springSecurityFilterChain</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping><filter-name>springSecurityFilterChain</filter-name><url-pattern>/*</url-pattern></filter-mapping><!-- 2:springmvc的核心控制器--><servlet><servlet-name>springmvc</servlet-name><servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class><!-- 指定加载的配置文件 ,通过参数contextConfigLocation加载 --><init-param><param-name>contextConfigLocation</param-name><param-value>classpath:spring-security.xml</param-value></init-param><load-on-startup>1</load-on-startup></servlet><servlet-mapping><servlet-name>springmvc</servlet-name><url-pattern>*.do</url-pattern></servlet-mapping>
</web-app>
spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns=""xmlns:xsi=""xmlns:context=""xmlns:mvc=""xmlns:security=""xsi:schemaLocation="://www.springframework.org/schema/beans/spring-beans.xsd://www.springframework.org/schema/mvc/spring-mvc.xsd://www.springframework.org/schema/context/spring-context.xsd://www.springframework.org/schema/security/spring-security.xsd"><!--① 配置哪些链接可以放行(没有认证通过也可以访问的资源)security="none":没有权限pattern="/login.html":没有任何权限,可以访问login.html--><!--匿名访问--><security:http security="none" pattern="/login.html"></security:http><!--② 定义哪些链接不可以放行(必须通过认证才能访问的资源),及需要有角色,有权限才可以放行访问资源<security:http auto-config="true" use-expressions="true">auto-config="true":开启自动配置 由springsecurity提供登录页面,提供登录的url地址,退出的url地址use-expressions="true":使用表达式的方式控制权限security:intercept-url:定义哪些链接不可以放行,需要当前角色和权限才能放行pattern="/**":要求系统中的所有资源,都必须通过角色和权限才能访问access:指定角色和权限如果使用表达式use-expressions="true"access="hasRole('ROLE_ADMIN'):表示具有ROLE_ADMIN的角色才能访问系统的资源如果不使用表达式use-expressions="false"access="ROLE_ADMIN:表示具有ROLE_ADMIN的角色才能访问系统的资源--><security:http auto-config="true" use-expressions="true"><security:intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')"></security:intercept-url></security:http><security:authentication-manager><security:authentication-provider><security:user-service><security:user name="admin" authorities="ROLE_ADMIN" password="{noop}admin"></security:user></security:user-service></security:authentication-provider></security:authentication-manager>
</beans>
更多推荐
SpringSecurity_Spring整合
发布评论