偶爾看到有這麼個東西,恰好最近手頭工作不太忙,想着細細看看,看有啥新發現,
不看不知道,一看嚇一跳,好東西啊,
好吧,下面說說這個東西的強大:
Spring Security是一個能夠爲基於Spring的企業應用系統提供描述性安全訪問控制解決方案的安全框架。
它提供了一組可以在Spring應用上下文中配置的Bean,充分利用了Spring IoC(依賴注入,也稱控制反轉)和AOP(面向切面編程)功能,
爲應用系統提供聲明式的安全訪問控制功能,減少了爲企業系統安全控制編寫大量重複代碼的工作。
說白了就是提供訪問安全控制的東東,由於是spring應用,可以很好的支持SSH框架,使權限及安全控制隨性所欲;
下面通過簡單例子說明下springsecurity的用法。
1.新建項目springSecurity,
2.將jar包放到項目lib目錄下:
3.在web.xml中配置springsecurity:
源碼如下:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext*.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>/index.jsp</welcome-file>
</welcome-file-list>
</web-app>4.在src下創建xml文件applicationContext.xml,源碼如下:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<security:http auto-config="true">
<!-- 指定登錄頁面 -->
<security:form-login login-page="/login.jsp" />
<security:intercept-url pattern="/**" access="ROLE_ADMIN" />
<security:intercept-url pattern="/admin.jsp*" access="ROLE_ADMIN" />
<security:intercept-url pattern="/index.jsp*" access="ROLE_ADMIN,ROLE_USER" />
</security:http>
<!-- 配置認證管理器 -->
<security:authentication-manager>
<security:authentication-provider>
<security:password-encoder hash="md5" />
<security:user-service>
<security:user name="admin" password="21232f297a57a5a743894a0e4a801fc3"
authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>5.新建jsp文件index.jsp
好了,可以部署,啓動運行了,
當項目啓動後訪問index.jsp時會發現知道轉向到登錄頁面,但是我們並沒有創建登錄的頁面,會發現,這個登錄頁面是springsecurity自己創建的
登錄頁面源碼如下:
<html>
<head>
<title>Login Page</title>
</head>
<body onload='document.f.j_username.focus();'>
<h3>用戶登錄</h3>
<form name='f' action='<%=request.getContextPath() %>/j_spring_security_check'
method='POST'>
<table>
<tr>
<td>用戶名:</td>
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>密碼:</td>
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit" value="Login" />
</td>
</tr>
</table>
</form>
</body>
</html>