我们使用springmvc web项目基于xml配置文件和注解配置类二种方式来写一个快速入门。
基于配置文件的spring security的快速入门
- 加入依赖
加入springmvc,spring secuity,servlet的一些依赖,配置jetty的插件,配置端口是8001,contextPath是"/"
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.3.13.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.2</version>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<finalName>secuity-quickstart-xml</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>3.0.0</version>
<configuration>
<failOnMissingWebXml>false</failOnMissingWebXml>
</configuration>
</plugin>
<plugin>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-maven-plugin</artifactId>
<version>9.4.3.v20170317</version>
<configuration>
<httpConnector>
<port>8001</port>
</httpConnector>
<webApp>
<contextPath>/</contextPath>
</webApp>
</configuration>
</plugin>
</plugins>
</build>
- 配置系统初始化类
public class WebAppInitializer extends AbstractDispatcherServletInitializer{
//配置配置文件,创建context上下文
@Override
protected WebApplicationContext createServletApplicationContext() {
XmlWebApplicationContext context = new XmlWebApplicationContext();
context.setConfigLocation("classpath:applicationContext.xml");
return context;
}
//配置urlmapping
@Override
protected String[] getServletMappings() {
return new String[]{"/*"};
}
@Override
protected WebApplicationContext createRootApplicationContext() {
return null;
}
}
- 配置初始化spring secuity
public class WebAppSecuityInitializer extends AbstractSecurityWebApplicationInitializer{
@Override
protected String getDispatcherWebApplicationContextSuffix() {
return AbstractDispatcherServletInitializer.DEFAULT_SERVLET_NAME;
}
}
- 配置文件
配置容器扫描的包路径,配置spring security的用户名密码,url权限配置
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:s="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<mvc:annotation-driven/>
<context:component-scan base-package="com.zhihao.miao.secuity"/>
<!--处理静态资源,不配置静态资源被拦截了-->
<mvc:default-servlet-handler />
<!--用户名密码配置在配置文件-->
<s:user-service>
<s:user name="zhangsan" authorities="ROLE_GUEST" password="654321" />
<s:user name="zhihao.miao" authorities="ROLE_USER" password="123456" />
<s:user name="lisi" authorities="ROLE_USER,ROLE_ADMIN" password="12345678" />
</s:user-service>
<s:http>
<s:intercept-url pattern="/hello" access="hasRole('ROLE_GUEST')" />
<s:intercept-url pattern="/home" access="hasRole('ROLE_USER')" />
<s:intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')" />
<!--不需要权限认证-->
<s:intercept-url pattern="/**/*.html" access="permitAll" />
<s:intercept-url pattern="/**/*.css" access="permitAll" />
<s:intercept-url pattern="/**/*.js" access="permitAll" />
<s:intercept-url pattern="/**/*.jpg" access="permitAll" />
<s:intercept-url pattern="/**/*.png" access="permitAll" />
<!--只要是使用上面的权限就能访问-->
<s:intercept-url pattern="/**" access="authenticated" />
<!--使用spring secuity帮我们创建一个登录页面-->
<s:form-login />
</s:http>
</beans>
- 进行相关的验证
http://localhost:8001/hello
http://localhost:8001/home
http://localhost:8001/admin
分别使用不同的用户名和密码进行验证
基于配置方式的spring security快速入门
- 加入maven依赖
加入springmvc,spring secuity,servlet的一些依赖,配置jetty的插件,配置端口是8001,contextPath是"/"
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.3.13.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.2</version>
<scope>provided</scope>
</dependency>
</dependencies>
<build>
<finalName>secuity-quickstart-config</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<version>3.0.0</version>
<configuration>
<failOnMissingWebXml>false</failOnMissingWebXml>
</configuration>
</plugin>
<plugin>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-maven-plugin</artifactId>
<version>9.4.3.v20170317</version>
<configuration>
<httpConnector>
<port>8001</port>
</httpConnector>
<webApp>
<contextPath>/</contextPath>
</webApp>
</configuration>
</plugin>
</plugins>
</build>
- 定义系统启动类
public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
//系统启动的时候的根类
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class<?>[]{WebAppConfig.class};
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
//设置成/*表示拦截静态的文件
@Override
protected String[] getServletMappings() {
return new String[]{"/"};
}
}
- web入口类
/**
*
* 入口类,启动spring mvc,启动spring secuity
*/
@EnableWebMvc
@EnableWebSecurity
@ComponentScan("com.zhihao.miao.secuity")
public class WebAppConfig extends WebMvcConfigurerAdapter {
public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
}
- spring security配置类
/**
*
* 初始化spring security
*/
public class WebAppSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
protected String getDispatcherWebApplicationContextSuffix() {
return AbstractDispatcherServletInitializer.DEFAULT_SERVLET_NAME;
}
}
- 具体的controller
@RestController
public class HelloController {
@GetMapping("/hello")
public String hello(){
return "hello spring secuity";
}
@GetMapping("/home")
public String home(){
return "home spring security";
}
@GetMapping("/admin")
public String admin(){
return "admin spring secuity";
}
}
在webapp目录下定义一些静态资源
权限用户名密码的具体配置
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("zhangsan").password("123456").roles("GUEST");
auth.inMemoryAuthentication().withUser("zhihao.miao").password("123456").roles("USER");
auth.inMemoryAuthentication().withUser("lisi").password("12345678").roles("USER", "ADMIN");
}
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/hello").hasRole("GUEST");
http.authorizeRequests().antMatchers("/home").hasRole("USER");
http.authorizeRequests().antMatchers("/admin").hasRole("ADMIN");
http.authorizeRequests().antMatchers("/**/*.html").permitAll();
http.authorizeRequests().antMatchers("/**/*.css").permitAll();
http.authorizeRequests().antMatchers("/**/*.js").permitAll();
http.authorizeRequests().antMatchers("/**/*.png").access("permitAll");
http.authorizeRequests().anyRequest().authenticated();
//http.authorizeRequests().anyRequest().access("authenticated");
http.formLogin();
}
}
使用mvn clean jetty:run启动程序进行验证,不同的用户名密码访问不同的资源。
