SpringMVC4零配置--SpringSecurity相关配置【SpringSecurityConfig】 博客分类: SpringSecuritySpring SpringSecurit

SpringMVC4零配置--SpringSecurity相关配置【SpringSecurityConfig】

博客分类:  SpringSecurity Spring
 

 SpringSecurity的配置相对来说有些复杂,如果是完整的bean配置,则需要配置大量的bean,所以xml配置时使用了命名空间来简化配置,同样,spring为我们提供了一个抽象类WebSecurityConfigurerAdapter和一个注解@EnableWebMvcSecurity,达到同样减少bean配置的目的,如下:

 

applicationContext-SpringSecurityConfig.xml

Xml代码   收藏代码
  1. <http security="none" pattern="/static/**" />  
  2.     <http security="none" pattern="/**/*.jsp" />  
  3.   
  4.     <http auto-config='true' access-decision-manager-ref="accessDecisionManager" access-denied-page="/login"  
  5.         use-expressions="true">  
  6.         <logout logout-url="/logout" invalidate-session="true"  
  7.             logout-success-url="/login" />  
  8.   
  9.   
  10.         <form-login login-page="/login" authentication-failure-url="/login?error=1"  
  11.             login-processing-url="/j_spring_security_check" password-parameter="j_password"  
  12.             username-parameter="j_username" />  
  13.   
  14.   
  15.         <intercept-url pattern="/**/*.do*" access="hasRole('ROLE_USER')" />  
  16.         <intercept-url pattern="/**/*.htm" access="hasRole('ROLE_ADMIN')" />  
  17.   
  18.         <session-management session-fixation-protection="changeSessionId">  
  19.             <concurrency-control max-sessions="1"  
  20.                 expired-url="/access/sameLogin.do" />  
  21.         session-management>  
  22.   
  23.         <remember-me key="webmvc#FD637E6D9C0F1A5A67082AF56CE32485"  
  24.             remember-me-parameter="remember-me" />  
  25.     http>  
  26.   
  27.       
  28.     <beans:bean  
  29.         class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"  
  30.         id="expressionHandler" />  
  31.     <beans:bean  
  32.         class="org.springframework.security.web.access.expression.WebExpressionVoter"  
  33.         id="expressionVoter">  
  34.         <beans:property name="expressionHandler" ref="expressionHandler" />  
  35.     beans:bean>  
  36.   
  37.       
  38.     <beans:bean id="loggerListener"  
  39.         class="org.springframework.security.authentication.event.LoggerListener" />  
  40.     <beans:bean id="authorizationListener"  
  41.         class="org.springframework.security.access.event.LoggerListener" />  
  42.   
  43.       
  44.     <authentication-manager>  
  45.         <authentication-provider user-service-ref="userService">  
  46.             <password-encoder hash="md5" />  
  47.         authentication-provider>  
  48.     authentication-manager>  
  49.   
  50.   
  51.   
  52.   
  53.   
  54.     <beans:bean id="userService" class="web.security.CP_UserDetailsService" />  
  55.   
  56.     <beans:bean id="accessDecisionManager"  
  57.         class="org.springframework.security.access.vote.AffirmativeBased">  
  58.         <beans:property name="decisionVoters">  
  59.             <beans:list>  
  60.                 <beans:bean class="org.springframework.security.access.vote.RoleVoter" />  
  61.                 <beans:bean  
  62.                     class="org.springframework.security.access.vote.AuthenticatedVoter" />  
  63.                 <beans:ref bean="expressionVoter" />  
  64.             beans:list>  
  65.         beans:property>  
  66.     beans:bean>  

SpringSecurityConfig.java

Java代码   收藏代码
  1. @Configuration  
  2. @EnableWebMvcSecurity  
  3. public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {  
  4.   
  5.     private static final Logger logger = Logger  
  6.             .getLogger(SpringSecurityConfig.class);  
  7.   
  8.     @Override  
  9.     public void configure(WebSecurity web) throws Exception {  
  10.         // 设置不拦截规则  
  11.         web.ignoring().antMatchers("/static/**""/**/*.jsp");  
  12.   
  13.     }  
  14.   
  15.     @Override  
  16.     protected void configure(HttpSecurity http) throws Exception {  
  17.         // 设置拦截规则  
  18.         // 自定义accessDecisionManager访问控制器,并开启表达式语言  
  19.         http.authorizeRequests().accessDecisionManager(accessDecisionManager())  
  20.                 .expressionHandler(webSecurityExpressionHandler())  
  21.                 .antMatchers("/**/*.do*").hasRole("USER")  
  22.                 .antMatchers("/**/*.htm").hasRole("ADMIN").and()  
  23.                 .exceptionHandling().accessDeniedPage("/login");  
  24.   
  25.         // 开启默认登录页面  
  26.         // http.formLogin();  
  27.   
  28.         // 自定义登录页面  
  29.         http.csrf().disable().formLogin().loginPage("/login")  
  30.                 .failureUrl("/login?error=1")  
  31.                 .loginProcessingUrl("/j_spring_security_check")  
  32.                 .usernameParameter("j_username")  
  33.                 .passwordParameter("j_password").permitAll();  
  34.   
  35.         // 自定义注销  
  36.         http.logout().logoutUrl("/logout").logoutSuccessUrl("/login")  
  37.                 .invalidateHttpSession(true);  
  38.   
  39.         // session管理  
  40.         http.sessionManagement().sessionFixation().changeSessionId()  
  41.                 .maximumSessions(1).expiredUrl("/");  
  42.   
  43.         // RemeberMe  
  44.         http.rememberMe().key("webmvc#FD637E6D9C0F1A5A67082AF56CE32485");  
  45.   
  46.     }  
  47.   
  48.     @Override  
  49.     protected void configure(AuthenticationManagerBuilder auth)  
  50.             throws Exception {  
  51.   
  52.         // 自定义UserDetailsService  
  53.         auth.userDetailsService(userDetailsService()).passwordEncoder(  
  54.                 new Md5PasswordEncoder());  
  55.   
  56.     }  
  57.   
  58.     @Bean  
  59.     public CP_UserDetailsService userDetailsService() {  
  60.         logger.info("CP_UserDetailsService");  
  61.         CP_UserDetailsService userDetailsService = new CP_UserDetailsService();  
  62.         return userDetailsService;  
  63.     }  
  64.   
  65.     @Bean  
  66.     public LoggerListener loggerListener() {  
  67.         logger.info("org.springframework.security.authentication.event.LoggerListener");  
  68.         LoggerListener loggerListener = new LoggerListener();  
  69.   
  70.         return loggerListener;  
  71.     }  
  72.   
  73.     @Bean  
  74.     public org.springframework.security.access.event.LoggerListener eventLoggerListener() {  
  75.         logger.info("org.springframework.security.access.event.LoggerListener");  
  76.         org.springframework.security.access.event.LoggerListener eventLoggerListener = new org.springframework.security.access.event.LoggerListener();  
  77.   
  78.         return eventLoggerListener;  
  79.     }  
  80.   
  81.     /* 
  82.      *  
  83.      * 这里可以增加自定义的投票器 
  84.      */  
  85.     @SuppressWarnings("rawtypes")  
  86.     @Bean(name = "accessDecisionManager")  
  87.     public AccessDecisionManager accessDecisionManager() {  
  88.         logger.info("AccessDecisionManager");  
  89.         List decisionVoters = new ArrayList();  
  90.         decisionVoters.add(new RoleVoter());  
  91.         decisionVoters.add(new AuthenticatedVoter());  
  92.         decisionVoters.add(webExpressionVoter());// 启用表达式投票器  
  93.   
  94.         AffirmativeBased accessDecisionManager = new AffirmativeBased(  
  95.                 decisionVoters);  
  96.   
  97.         return accessDecisionManager;  
  98.     }  
  99.   
  100.     /* 
  101.      * 表达式控制器 
  102.      */  
  103.     @Bean(name = "expressionHandler")  
  104.     public DefaultWebSecurityExpressionHandler webSecurityExpressionHandler() {  
  105.         logger.info("DefaultWebSecurityExpressionHandler");  
  106.         DefaultWebSecurityExpressionHandler webSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();  
  107.         return webSecurityExpressionHandler;  
  108.     }  
  109.   
  110.     /* 
  111.      * 表达式投票器 
  112.      */  
  113.     @Bean(name = "expressionVoter")  
  114.     public WebExpressionVoter webExpressionVoter() {  
  115.         logger.info("WebExpressionVoter");  
  116.         WebExpressionVoter webExpressionVoter = new WebExpressionVoter();  
  117.         webExpressionVoter.setExpressionHandler(webSecurityExpressionHandler());  
  118.         return webExpressionVoter;  
  119.     }  
  120.   
  121. }  

你可能感兴趣的:(SpringMVC4零配置--SpringSecurity相关配置【SpringSecurityConfig】 博客分类: SpringSecuritySpring SpringSecurit)