Spring Security
对于 web 安全的控制,以前接触使用过 Shiro。
刚好最近在学习整理 Spring 相关的技术,就学习一下 Spring Security。
是什么?
Spring Security is a framework that focuses on providing both authentication and authorization to Java applications.
Like all Spring projects, the real power of Spring Security is found in how easily it can be extended to meet custom requirements.
Hello World
看了下官方的文档 5.0.0.RELEASE doc,
案例依赖于 gradle,一直以来使用的是 maven。
Spring Security入门程序示例
测试环境
$ java -version
java version "1.8.0_91"
Java(TM) SE Runtime Environment (build 1.8.0_91-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.91-b14, mixed mode)
$ mvn -v
Apache Maven 3.3.9
项目结构
完整代码下载地址
├── pom.xml
└── src
├── main
│ ├── java
│ │ └── com
│ │ └── ryo
│ │ └── spring
│ │ └── security
│ │ └── hello
│ │ └── controller
│ │ └── HelloWorldController.java
│ ├── resources
│ │ ├── application-mvc.xml
│ │ ├── application-security.xml
│ │ └── application.xml
│ └── webapp
│ └── WEB-INF
│ ├── pages
│ │ ├── admin.jsp
│ │ └── hello.jsp
│ └── web.xml
文件内容
- pom.xml
引入指定的 jar 和插件。
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<artifactId>spring-security</artifactId>
<groupId>com.ryo</groupId>
<version>1.0-SNAPSHOT</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>spring-security-hello</artifactId>
<packaging>war</packaging>
<dependencyManagement>
<dependencies>
<!--统一制定依赖 jar 的版本-->
<dependency>
<groupId>io.spring.platform</groupId>
<artifactId>platform-bom</artifactId>
<version>2.0.8.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<!-- Spring dependencies -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
</dependency>
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<!-- jstl for jsp page -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<!--tomcat7 插件,用于运行项目-->
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.2</version>
<configuration>
<port>8080</port>
<path>/</path>
<uriEncoding>UTF-8</uriEncoding>
</configuration>
</plugin>
</plugins>
</build>
</project>
- admin.jsp & hello.jsp
两个 jsp 页面,内容如下:
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<html>
<head>
<meta charset="utf-8">
</head>
<body>
<h1>标题: ${title}</h1>
<h1>消息 : ${message}</h1>
<c:if test="${pageContext.request.userPrincipal.name != null}">
<h2>欢迎: ${pageContext.request.userPrincipal.name}
| <a href="<c:url value="/j_spring_security_logout" />" > Logout</a></h2>
</c:if>
</body>
</html>
<%@ page language="java" import="java.util.*" pageEncoding="UTF-8" %>
<!DOCTYPE html>
<html lang="zh-CN">
<head>
<meta charset="utf-8">
</head>
<body>
<h1>标题:${title}</h1>
<h1>消息:${message}</h1>
</body>
</html>
- web.xml
用于指定 web 项目相关的配置,内容如下:
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>Archetype Created Web Application</display-name>
<!--装入spring配置文件-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:application.xml</param-value>
</context-param>
<!-- 以Listener方式启动spring -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!--过滤字符集-->
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--spring mvc-->
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:application-mvc.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
- application.xml
spring 配置文件,引入了 application-mvc.xml 和 application-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd">
<import resource="application-mvc.xml"/>
<import resource="application-security.xml"/>
</beans>
- application-mvc.xml
spring mvc 的配置:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<!--扫描@Controller注解-->
<context:component-scan base-package="com.ryo.spring.security.hello.controller">
<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
<context:include-filter type="annotation" expression="org.springframework.web.bind.annotation.ControllerAdvice"/>
</context:component-scan>
<mvc:annotation-driven/>
<!-- ViewResolver -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
<property name="prefix" value="/WEB-INF/pages/"/>
<property name="suffix" value=".jsp"/>
</bean>
</beans>
- application-security.xml
spring security 的配置:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true">
<intercept-url pattern="/admin**" access="hasRole('ROLE_USER')" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="ryo" password="123456" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
- HelloWorldController.java
简单的页面控制类:
package com.ryo.spring.security.hello.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
@Controller
@RequestMapping("/")
public class HelloWorldController {
/**
* 返回 hello 视图
* @return
*/
@RequestMapping(value = { "/", "/welcome**" }, method = RequestMethod.GET)
public ModelAndView welcomePage() {
ModelAndView model = new ModelAndView();
model.addObject("title", "Spring Security Hello World");
model.addObject("message", "This is welcome page!");
model.setViewName("hello");
return model;
}
/**
* 返回 admin 视图
* @return
*/
@RequestMapping(value = "/admin**", method = RequestMethod.GET)
public ModelAndView adminPage() {
ModelAndView model = new ModelAndView();
model.addObject("title", "Spring Security Hello World");
model.addObject("message", "This is protected page!");
model.setViewName("admin");
return model;
}
}
运行访问
直接运行 插件 tomcat7:run 启动服务,或者手动部署到 tomcat,此处不再赘述。
启动日志如下:
[INFO] Scanning for projects...
...
[INFO] Running war on http://localhost:8080/
...
[INFO] Mapped "{[/admin**],methods=[GET]}" onto public org.springframework.web.servlet.ModelAndView com.ryo.spring.security.hello.controller.HelloWorldController.adminPage()
[INFO] Mapped "{[/ || /welcome**],methods=[GET]}" onto public org.springframework.web.servlet.ModelAndView com.ryo.spring.security.hello.controller.HelloWorldController.welcomePage()
...
信息: Starting ProtocolHandler ["http-bio-8080"]
- 首页
直接浏览器访问 http://localhost:8080/,首页内容如下:
标题:Spring Security Hello World
消息:This is welcome page!
- admin
如果我们尝试访问
http://localhost:8080/admin,会进入登录页面。
用户名密码和我们 application-security.xml 文件中配置一致。
一、输入错误信息
页面内容如下:
Your login attempt was not successful, try again.
Reason: Bad credentials
二、输入正确信息
标题: Spring Security Hello World
消息 : This is protected page!
欢迎: ryo | Logout
好,到这里入门就介绍完毕。
内容出处:,
声明:本网站所收集的部分公开资料来源于互联网,转载的目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。如果您发现网站上有侵犯您的知识产权的作品,请与我们取得联系,我们会及时修改或删除。文章链接:http://www.yixao.com/procedure/25677.html
赞 (0)
打赏
微信扫一扫
支付宝扫一扫
微信扫一扫
支付宝扫一扫
Vant&NutUI–完美支持Vue3.0的移动端组件库
上一篇
2021-07-17 06:04
微软发布Windows10 21H2系统
下一篇
2021-07-17 07:44
相关推荐
-
用Python写了一个疫苗信息管理系统
Tkinter对于那些只是临时使用,需要快速开发出一个满足基本需求的轻型应用的用户来说,还是非常香的,相关组件也是相当完整的,看到这里估计肯定有人想说pyside2和pyqt5,嗯~~,它俩也挺好的。
-
springboot+thymeleaf+nginx实现页面静态化
适用场景 在高并发的情况下,为了缓解服务器动态解析的压力,利用nginx处理静态文件的优点,可将系统中修改次数较少的页面进行静态化处理。 自定义工具类 import org.thy…
-
php给app 或前端封装api 接口——json格式
封装api 返回数据结构 封装统一结构的出口如下图:(定义好一般不要去变动) code :返回状态码,可逻辑出数据字典。如200:成功,-201:用户不存在、-202:密码错误、-…
-
使用vue构建网站,通过axios将数据显示到表格
Vue构建网站网站是现在的大势所趋,通过vue axios构建的网站相比传统的网站混写更加有利于保障后端源码的安全,同时也可将网站打包成软件直接发布减少网站和app的双重开发。 此…
-
Opencv+python3.8+人脸识别+PIL法中文显示
1 说明: ===== 1.1 参考文章: https://www.cnblogs.com/xp12345/p/9818435.html 1.2 对原代码进行注释,调试,增加PIL…
-
使用js防止页面iframe调用代码
我时我们发会现自己的网站给别要调用并且一模一样的,这个其实就是简单的iframe调用了,下面我来给大家介绍js防止页面iframe调用的方法总结吧,有需要的朋友可参考,防止自己的网…
-
微信小程序跳转到第三方H5网页
我开发过程中有小程序跳转到网页的需求,下面分享一下我的实现过程: 使用官方文档web-view组件:web-view | 微信开放文档1、首先得通过微信公众平台配置业务域名,配置业…
-
用Pytest+Allure生成漂亮的HTML图形化测试报告
对于软件测试来说,测试报告是非常重要的工作产出。一个漂亮、清晰、格式规范的测试报告,能够减少开发人员和测试人员的沟通成本。 本篇文章将介绍如何使用开源的测试报告生成框架 Allur…
-
go语言实现微信支付宝QQ支付简单容易操作
一、安装 $ go get github.com/iGoogle-ink/gopay 查看 GoPay 版本 版本更新记录 import ( “fmt” “github.com/i…
-
umi提速方案MFSU
最近在开发react项目,在npm start启动项目的时候,速度很慢,影响工作效率。并提示尝试新出的 MFSU 方案: antd pro v5 项目里已经使用了MFSU案例。an…
