Spring Security框架入门（附案例）

Spring Security简介

        Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。它提供了一组可以在Spring应用上下文中配置的Bean，充分利用了Spring IoC，DI（控制反转Inversion of Control ,DI:Dependency Injection 依赖注入）和AOP（面向切面编程）功能，为应用系统提供声明式的安全访问控制功能，减少了为企业系统安全控制编写大量重复代码的工作。

案例：

需要创建maven工程：

1. pom配置文件：

<properties>         <spring.version>4.2.4.RELEASEspring.version>     properties>     <dependencies>         <dependency>             <groupId>org.springframeworkgroupId>             <artifactId>spring-coreartifactId>             <version>${spring.version}version>         dependency>         <dependency>             <groupId>org.springframeworkgroupId>             <artifactId>spring-webartifactId>             <version>${spring.version}version>         dependency>         <dependency>             <groupId>org.springframeworkgroupId>             <artifactId>spring-webmvcartifactId>             <version>${spring.version}version>         dependency>         <dependency>             <groupId>org.springframeworkgroupId>             <artifactId>spring-context-supportartifactId>             <version>${spring.version}version>         dependency>         <dependency>             <groupId>org.springframeworkgroupId>             <artifactId>spring-testartifactId>             <version>${spring.version}version>         dependency>         <dependency>             <groupId>org.springframeworkgroupId>             <artifactId>spring-jdbcartifactId>             <version>${spring.version}version>         dependency>         <dependency>             <groupId>org.springframework.securitygroupId>             <artifactId>spring-security-webartifactId>             <version>4.1.0.RELEASEversion>         dependency>         <dependency>             <groupId>org.springframework.securitygroupId>             <artifactId>spring-security-configartifactId>             <version>4.1.0.RELEASEversion>         dependency>         <dependency>             <groupId>javax.servletgroupId>             <artifactId>servlet-apiartifactId>             <version>2.5version>             <scope>providedscope>         dependency>     dependencies>     <build>       <plugins>                         <plugin>                 <groupId>org.apache.maven.pluginsgroupId>                 <artifactId>maven-compiler-pluginartifactId>                 <version>3.2version>                 <configuration>                     <source>1.7source>                     <target>1.7target>                     <encoding>UTF-8encoding>                 configuration>           plugin>                <plugin>                 <groupId>org.apache.tomcat.mavengroupId>                 <artifactId>tomcat7-maven-pluginartifactId>                 <configuration>                                         <port>8083port>                                         <path>/path>                 configuration>           plugin>        plugins>      build> project>

2.创建web.xml

xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"     xmlns="http://java.sun.com/xml/ns/javaee"     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"     version="2.5">           <context-param>         <param-name>contextConfigLocationparam-name>         <param-value>classpath:spring-security.xmlparam-value>      context-param>      <listener>         <listener-class>             org.springframework.web.context.ContextLoaderListener         listener-class>      listener>         <filter>          <filter-name>springSecurityFilterChainfilter-name>         <filter-class>org.springframework.web.filter.DelegatingFilterProxyfilter-class>       filter>       <filter-mapping>          <filter-name>springSecurityFilterChainfilter-name>          <url-pattern>/*url-pattern>       filter-mapping>  web-app>

3.创建index.html  内容略

4.创建spring 配置文件spring-security.xml 

xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security"     xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd                         http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">           <http use-expressions="false">         <intercept-url pattern="/**" access="ROLE_USER" />         <form-login/>       http>           <authentication-manager>         <authentication-provider>             <user-service>                 <user name="admin" password="123456" authorities="ROLE_USER"/>             user-service>             authentication-provider>      authentication-manager> beans:beans>

此案例我们没有登录页，而是使用了系统自动生成的登陆页，效果如下：

配置说明：

intercept-url 表示拦截页面  

        /*  表示的是该目录下的资源，只包括本级目录不包括下级目录

        /** 表示的是该目录以及该目录下所有级别子目录的资源

        form-login 为开启表单登陆

        use-expressions 为是否使用 Spring 表达式语言（ SpEL ），默认为true ,如果开启，则拦截的配置应该写成以下形式

<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />