xml :spring-security 配置

前端之家收集整理的这篇文章主要介绍了xml :spring-security 配置前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

>http://www.mkyong.com/spring-security/spring-security-hello-world-example/


In this tutorial,we will show you how to integrate Spring Security with a Spring MVC web application to secure a URL access. After implementing Spring Security,to access the content of an “admin” page,users need to key in the correct “username” and “password”.

Technologies used :

  1. Spring 3.2.8.RELEASE
  2. Spring Security 3.2.3.RELEASE
  3. Eclipse 4.2
  4. JDK 1.6
  5. Maven 3
Note
Spring Security 3.0 requires Java 5.0 Runtime Environment or higher

1. Project Demo

@H_301_28@

2. Directory Structure

Review the final directory structure of this tutorial.

3. Spring Security Dependencies

To use Spring security,you needspring-security-webandspring-security-config.

pom.xml
<properties>
	<jdk.version>1.6</jdk.version<spring.version>3.2.8.RELEASE</spring.version<spring.security.version>3.2.3.RELEASE</spring.security.version<jstl.version>1.2</jstl.version>
</properties>

<dependencies>

	<!-- Spring dependencies -->
	<dependency>
		<groupId>org.springframework</groupId<artifactId>spring-core</artifactId<version>${spring.version}</version</dependency>

	>spring-web>spring-webmvc>

	<!-- Spring Security -->
	>org.springframework.security>spring-security-web>${spring.security.version}>spring-security-config>

	<!-- jstl for jsp page -->
	>jstl>${jstl.version}</dependencies>

4. Spring MVC Web Application

A simple controller :

  1. If URL =/welcomeor/,return hello page.
  2. If URL =/admin,return admin page.

Later,we will show you how to use Spring Security to secure the “/admin” URL with a user login form.

HelloController.java
package com.mkyong.web.controller;

import org.springframework.stereotype.Controller;
.bind.annotation.RequestMapping.RequestMethod.servlet.ModelAndView;

@Controller
public class HelloController {

	@RequestMapping(value = { "/", "/welcome**" }= RequestMethod.GET)
	public ModelAndView welcomePage() {

		ModelAndView model = new ModelAndView);
		model.addObject("title""Spring Security Hello World""message""This is welcome page!"setViewName"hello";
		return model;

	}

	= "/admin**"adminPage"This is protected page!""admin";

		}

}

Two JSP pages.

hello.jsp
<%@page session="false"%>
<html<body<h1>Title : ${title}</h1>Message : ${message}</body</html>
admin.jsp
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<c:if test="${pageContext.request.userPrincipal.name != null}">
	   <h2>Welcome : ${pageContext.request.userPrincipal.name}
           | <a href="<c:url value"/j_spring_security_logout" />" > logout</a></h2</c:if
  mvc-dispatcher-servlet.xml 
<beans xmlns"http://www.springframework.org/schema/beans" xmlns:context"http://www.springframework.org/schema/contextxmlns:xsi"http://www.w3.org/2001/XMLSchema-instancexsi:schemaLocation" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd<context:component-scan base-package"com.mkyong.*/>

	<bean class"org.springframework.web.servlet.view.InternalResourceViewResolver>
	  <property name"prefix<value>/WEB-INF/pages/</value</property"suffix>.jsp</bean</beans 5. Spring Security : User Authentication 

Create a Spring Security XML file.

spring-security.xml
<beans:beans "http://www.springframework.org/schema/securityxmlns:beans"http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd<http auto-config"true<intercept-url pattern"/admin**access"ROLE_USER/>
	</http<authentication-manager<authentication-provider>
	    <user-service<user "mkyongpassword"123456authorities/>
	    </user-service</authentication-provider</authentication-manager</beans:beans>

It tells,only user “mkyong” is allowed to access the/adminURL.

6. Integrate Spring Security

To integrate Spring security with a Spring MVC web application,just declaresDelegatingFilterProxyas a servlet filter to intercept any incoming request.

web.xml
<web-app id"WebApp_IDversion"2.4"http://java.sun.com/xml/ns/j2ee"http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd<display-name>Spring MVC Application</display-name>

	<!-- Spring MVC -->
	<servlet<servlet-name>mvc-dispatcher</servlet-name<servlet-class>org.springframework.web.servlet.DispatcherServlet
		</servlet-class<load-on-startup>1</load-on-startup</servlet<servlet-mapping<url-pattern>/</url-pattern</servlet-mapping<listener<listener-class>org.springframework.web.context.ContextLoaderListener
		</listener-class</listener>

        <!-- Loads Spring Security config file -->
	<context-param<param-name>contextConfigLocation</param-name<param-value>
			/WEB-INF/spring-security.xml
		</param-value</context-param<filter<filter-name>springSecurityFilterChain</filter-name<filter-class>org.springframework.web.filter.DelegatingFilterProxy
		</filter-class</filter<filter-mapping>/*</filter-mapping</web-app 7. Demo 

That’s all,but wait… where’s the login form? No worry,if you do not define any custom login form,Spring will create a simple login form automatically.

Custom Login Form
Read this “ Spring Security form login example” to understand how to create a custom login form in Spring Security.

1. Welcome Page –http://localhost:8080/spring-security-helloworld-xml/welcome

2. Try to access/adminpage,Spring Security will intercept the request and redirect to/spring_security_login,and a predefined login form is displayed.

3. If username and password is incorrect,error messages will be displayed,and Spring will redirect to this URL/spring_security_login?login_error.

4. If username and password are correct,Spring will redirect the request to the original requested URL and display the page.

Download Source Code

Download it – spring-security-helloworld-xml.zip(9 KB)

References

  1. Spring Security Official Site
  2. Spring 3 MVC hello world example
  3. Spring Security form login example (authentication)

猜你在找的XML相关文章