xml ：spring-security 配置

>http://www.mkyong.com/spring-security/spring-security-hello-world-example/

In this tutorial,we will show you how to integrate Spring Security with a Spring MVC web application to secure a URL access. After implementing Spring Security,to access the content of an “admin” page,users need to key in the correct “username” and “password”.

Technologies used :

Spring 3.2.8.RELEASE
Spring Security 3.2.3.RELEASE
Eclipse 4.2
JDK 1.6
Maven 3

Note
Spring Security 3.0 requires Java 5.0 Runtime Environment or higher

1. Project Demo

2. Directory Structure

Review the final directory structure of this tutorial.

3. Spring Security Dependencies

To use Spring security,you needspring-security-webandspring-security-config.

  pom.xml 

@H_301_64@<properties>
	<jdk.version>1.6</jdk.version<spring.version>3.2.8.RELEASE</spring.version<spring.security.version>3.2.3.RELEASE</spring.security.version<jstl.version>1.2</jstl.version>
</properties>

<dependencies>

	<!-- Spring dependencies -->
	<dependency>
		<groupId>org.springframework</groupId<artifactId>spring-core</artifactId<version>${spring.version}</version</dependency>

	>spring-web>spring-webmvc>

	<!-- Spring Security -->
	>org.springframework.security>spring-security-web>${spring.security.version}>spring-security-config>

	<!-- jstl for jsp page -->
	>jstl>${jstl.version}</dependencies>

4. Spring MVC Web Application

A simple controller :

If URL =/welcomeor/,return hello page.
If URL =/admin,return admin page.

Later,we will show you how to use Spring Security to secure the “/admin” URL with a user login form.

HelloController.java

package com.mkyong.web.controller;

import org.springframework.stereotype.Controller;
.bind.annotation.RequestMapping.RequestMethod.servlet.ModelAndView;

@Controller
public class HelloController {

	@RequestMapping(value = { "/", "/welcome**" }= RequestMethod.GET)
	public ModelAndView welcomePage() {

		ModelAndView model = new ModelAndView);
		model.addObject("title""Spring Security Hello World""message""This is welcome page!"setViewName"hello";
		return model;

	}

	= "/admin**"adminPage"This is protected page!""admin";

		}

}

Two JSP pages.

hello.jsp

<%@page session="false"%>
<html<body<h1>Title : ${title}</h1>Message : ${message}</body</html>

admin.jsp

<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<c:if test="${pageContext.request.userPrincipal.name != null}">
	   <h2>Welcome : ${pageContext.request.userPrincipal.name}
           | <a href="<c:url value"/j_spring_security_logout" />" > logout</a></h2</c:if
  mvc-dispatcher-servlet.xml

<beans xmlns"http://www.springframework.org/schema/beans" xmlns:context"http://www.springframework.org/schema/contextxmlns:xsi"http://www.w3.org/2001/XMLSchema-instancexsi:schemaLocation" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd<context:component-scan base-package"com.mkyong.*/> <bean class"org.springframework.web.servlet.view.InternalResourceViewResolver> <property name"prefix<value>/WEB-INF/pages/</value</property"suffix>.jsp</bean</beans 5. Spring Security : User Authentication

Create a Spring Security XML file.

spring-security.xml

<beans:beans "http://www.springframework.org/schema/securityxmlns:beans"http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd<http auto-config"true<intercept-url pattern"/admin**access"ROLE_USER/>
	</http<authentication-manager<authentication-provider>
	    <user-service<user "mkyongpassword"123456authorities/>
	    </user-service</authentication-provider</authentication-manager</beans:beans>

It tells,only user “mkyong” is allowed to access the/adminURL.

6. Integrate Spring Security

To integrate Spring security with a Spring MVC web application,just declaresDelegatingFilterProxyas a servlet filter to intercept any incoming request.

web.xml

<web-app id"WebApp_IDversion"2.4"http://java.sun.com/xml/ns/j2ee"http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd<display-name>Spring MVC Application</display-name>

	<!-- Spring MVC -->
	<servlet<servlet-name>mvc-dispatcher</servlet-name<servlet-class>org.springframework.web.servlet.DispatcherServlet
		</servlet-class<load-on-startup>1</load-on-startup</servlet<servlet-mapping<url-pattern>/</url-pattern</servlet-mapping<listener<listener-class>org.springframework.web.context.ContextLoaderListener
		</listener-class</listener>

        <!-- Loads Spring Security config file -->
	<context-param<param-name>contextConfigLocation</param-name<param-value>
			/WEB-INF/spring-security.xml
		</param-value</context-param<filter<filter-name>springSecurityFilterChain</filter-name<filter-class>org.springframework.web.filter.DelegatingFilterProxy
		</filter-class</filter<filter-mapping>/*</filter-mapping</web-app 7. Demo 
 That’s all,but wait… where’s the login form? No worry,if you do not define any custom login form,Spring will create a simple login form automatically. 
 
 Custom Login Form 
 
 Read this “ 
 Spring Security form login example” to understand how to create a custom login form in Spring Security. 
 
 1. Welcome Page –http://localhost:8080/spring-security-helloworld-xml/welcome 
 
  
 
 2. Try to access/adminpage,Spring Security will intercept the request and redirect to/spring_security_login,and a predefined login form is displayed. 
 3. If username and password is incorrect,error messages will be displayed,and Spring will redirect to this URL/spring_security_login?login_error. 
 4. If username and password are correct,Spring will redirect the request to the original requested URL and display the page. 
 
  
 
 Download Source Code 

  Download it – 
 spring-security-helloworld-xml.zip(9 KB) 
 
 References 
 
 Spring Security Official Site 
 Spring 3 MVC hello world example 
 Spring Security form login example (authentication) 

      
      
                 
        上一篇：[随笔]repo manifest.xml修改下一篇：使用XmlPullParser把xml文件转换成

xml ：spring-security 配置

1. Project Demo

2. Directory Structure

3. Spring Security Dependencies

4. Spring MVC Web Application

6. Integrate Spring Security

Download Source Code

References

猜你在找的XML相关文章