xml :spring-security 配置
前端之家收集整理的这篇文章主要介绍了
xml :spring-security 配置,
前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
>http://www.mkyong.com/spring-security/spring-security-hello-world-example/
In this tutorial,we will show you how to integrate Spring Security with a Spring MVC web application to secure a URL access. After implementing Spring Security,to access the content of an “admin” page,users need to key in the correct “username” and “password”.
Technologies used :
- Spring 3.2.8.RELEASE
- Spring Security 3.2.3.RELEASE
- Eclipse 4.2
- JDK 1.6
- Maven 3
Note
Spring Security 3.0 requires Java 5.0 Runtime Environment or higher
1. Project Demo
@H_
301_28@
2. Directory Structure
Review the final directory structure of this tutorial.
3. Spring Security Dependencies
To use Spring security,you needspring-security-web
andspring-security-config
.
pom.xml
<properties>
<jdk.version>1.6</jdk.version<spring.version>3.2.8.RELEASE</spring.version<spring.security.version>3.2.3.RELEASE</spring.security.version<jstl.version>1.2</jstl.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework</groupId<artifactId>spring-core</artifactId<version>${spring.version}</version</dependency>
>spring-web>spring-webmvc>
>org.springframework.security>spring-security-web>${spring.security.version}>spring-security-config>
>jstl>${jstl.version}</dependencies>
4. Spring MVC Web Application
A simple controller :
- If URL =
/welcome
or/
,return hello page.
- If URL =
/admin
,return admin page.
Later,we will show you how to use Spring Security to secure the “/admin” URL with a user login form.
HelloController.java
package com.mkyong.web.controller;
import org.springframework.stereotype.Controller;
.bind.annotation.RequestMapping.RequestMethod.servlet.ModelAndView;
@Controller
public class HelloController {
@RequestMapping(value = { "/", "/welcome**" }= RequestMethod.GET)
public ModelAndView welcomePage() {
ModelAndView model = new ModelAndView);
model.addObject("title""Spring Security Hello World""message""This is welcome page!"setViewName"hello";
return model;
}
= "/admin**"adminPage"This is protected page!""admin";
}
}
Two JSP pages.
hello.jsp
<%@page session="false"%>
<html<body<h1>Title : ${title}</h1>Message : ${message}</body</html>
admin.jsp
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<c:if test="${pageContext.request.userPrincipal.name != null}">
<h2>Welcome : ${pageContext.request.userPrincipal.name}
| <a href="<c:url value"/j_spring_security_logout" />" > logout</a></h2</c:if
mvc-dispatcher-servlet.xml
<beans xmlns"http://www.springframework.org/schema/beans" xmlns:context"http://www.springframework.org/schema/contextxmlns:xsi"http://www.w3.org/2001/XMLSchema-instancexsi:schemaLocation" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd<context:component-scan base-package"com.mkyong.*/>
<bean class"org.springframework.web.servlet.view.InternalResourceViewResolver>
<property name"prefix<value>/WEB-INF/pages/</value</property"suffix>.jsp</bean</beans 5. Spring Security : User Authentication
Create a Spring Security XML file.
spring-security.xml
<
beans:beans "http://www.springframework.org/schema/securityxmlns:beans"http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd<http auto-config"true<intercept-url pattern"/admin**access"ROLE_USER/>
</http<authentication-manager<authentication-provider>
<user-service<user "mkyongpassword"123456authorities/>
</user-service</authentication-provider</authentication-manager</beans:beans>
It tells,only user “mkyong” is allowed to access the/admin
URL.
6. Integrate Spring Security
To integrate Spring security with a Spring MVC web application,just declaresDelegatingFilterProxy
as a servlet filter to intercept any incoming request.
web.xml
<web-app id"WebApp_IDversion"2.4"http://java.sun.com/xml/ns/j2ee"http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd<display-name>Spring MVC Application</display-name>
<servlet<servlet-name>mvc-dispatcher</servlet-name<servlet-class>org.springframework.web.servlet.DispatcherServlet
</servlet-class<load-on-startup>1</load-on-startup</servlet<servlet-mapping<url-pattern>/</url-pattern</servlet-mapping<listener<listener-class>org.springframework.web.context.ContextLoaderListener
</listener-class</listener>
<context-param<param-name>contextConfigLocation</param-name<param-value>
/WEB-INF/spring-security.xml
</param-value</context-param<filter<filter-name>springSecurityFilterChain</filter-name<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class</filter<filter-mapping>/*</filter-mapping</web-app 7. Demo
That’s all,but wait… where’s the login form? No worry,if you do not define any custom login form,Spring will create a simple login form automatically.
1. Welcome Page –http://localhost:8080/spring-security-helloworld-xml/welcome
2. Try to access/admin
page,Spring Security will intercept the request and redirect to/spring_security_login
,and a predefined login form is displayed.
3. If username and password is incorrect,error messages will be displayed,and Spring will redirect to this URL
/spring_security_login?login_error
.