美文网首页
spring-security 1:配置

spring-security 1:配置

作者: 轻云绿原 | 来源:发表于2020-09-03 10:06 被阅读0次

1:引入依赖包

    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-web</artifactId>
      <version>${springVersion}</version>
    </dependency>
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-config</artifactId>
      <version>${springVersion}</version>
    </dependency>

如果写jsp下面的包就有用

    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-taglibs</artifactId>
      <version>${springVersion}</version>
    </dependency>

2:配置spring-security.xml 

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/security
        https://www.springframework.org/schema/security/spring-security.xsd">

<!--    过滤器释放静态资源-->
    <security:http pattern="/css/**" security="none"/>
    <security:http pattern="/img/**" security="none"/>
    <security:http pattern="/plugins/**" security="none"/>
    <security:http pattern="/fail.jsp" security="none"/>

<!--    配置security-->
<!--    auto-config="true"表示自动加载springSecurity的配置文件-->
    <security:http auto-config="true" use-expressions="true">
        <security:intercept-url pattern="/login.jsp" access="permitAll()"/>
        <security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER')" />

        <security:form-login login-page="/login.jsp"
                             login-processing-url="/login"
                             default-target-url="/index.jsp"
                             authentication-failure-url="/fail.jsp" />
        <security:logout logout-url="/logout"
                         logout-success-url="/login.jsp"/>
<!--        去掉csrf拦截过滤器-->
<!--        <security:csrf disabled="true"/>-->
    </security:http>
    <!--spring提供的加密编码-->
    <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <!--spring security的密码认证,默认是加密的,不加密认证要加{noop}  no operation-->
                <security:user name="user" password="{noop}user" authorities="ROLE_USER"/>
                <security:user name="admin" password="{noop}admin" authorities="ROLE_ADMIN"/>
            </security:user-service>
        </security:authentication-provider>

        <security:authentication-provider user-service-ref="accountService">
            <security:password-encoder ref="passwordEncoder"/>
        </security:authentication-provider>
    </security:authentication-manager>

3:user-service-ref="accountService"里的bean实现

@Service("accountService")
public class AccountServiceImpl implements UserDetailsService {

    @Autowired
    @Qualifier("accountDao")
    private IAccountDao accountDao;

    @Override
    public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
        Account account = accountDao.fetchAccount1(s);
        if (account == null) {
            throw new UsernameNotFoundException("无帐户");
        }

        List<GrantedAuthority> l = new ArrayList<>();
        for (Role s1 : account.getAuthority()) {
            l.add(new SimpleGrantedAuthority(s1.getName()));
        }
        System.out.println(account);
        return new User(account.getUsername(),
                account.getPassword(),
                account.getStatus() == 1,
                true,
                true,
                true, l);
    }
}

4:spring-security什么时候加载

  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:applicationContext.xml,classpath:spring-security.xml</param-value>
  </context-param>

  <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>

或在applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc https://www.springframework.org/schema/mvc/spring-mvc.xsd">
    <context:component-scan base-package="com.ppf" >
        <context:exclude-filter type="annotation" expression="org.springframework.stereotype.Controller"/>
    </context:component-scan>

    <import resource="spring-security.xml"/>
</beans>

相关文章

网友评论

      本文标题:spring-security 1:配置

      本文链接:https://www.haomeiwen.com/subject/bocnsktx.html

      延伸阅读

      深度阅读

      • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

      栏目导航

      热点阅读

      关于我们|服务条款|联系我们|spring-security 1:配置|投稿指南|网站地图|RSS订阅|排版工具|手机版

      提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

      Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

      备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

      本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

      所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!