spring-security.安全框架配置的两种方式 spring-security.xml 逃离我推掉我的手 2022-05-19 00:16 171阅读 0赞 ## 0.pom.xml加入配置 ## <!-- spring 安全相关 --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>3.2.3.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>3.2.3.RELEASE</version> </dependency> ## 1.第一种方式: ## <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- 设置页面不登录也可以访问 --> <http pattern="/\*.html" security="none"></http> <http pattern="/css/\*\*" security="none"></http> <http pattern="/angularjs/\*\*" security="none"></http> <http pattern="/img/\*\*" security="none"></http> <http pattern="/js/\*\*" security="none"></http> <http pattern="/plugins/\*\*" security="none"></http> <!-- 定义页面拦截规则 use-expressions: 是否启用SPEL表达式 默认是true--> <http use-expressions="false"> <!-- 当前用户必须有ROLE\_USER的角色 才能访问 根目录 及所属子目录的资源 --> <intercept-url pattern="/\*\*" access="ROLE\_ADMIN"/> <form-login login-page="/login.html" default-target-url="/admin/index.html" authentication-failure-url="/login.html" always-use-default-target="false" /> <!-- 关闭csrf --> <csrf disabled="true"/> <logout/> <!-- 允许使用框架页 --> <headers> <frame-options policy="SAMEORIGIN"/> </headers> </http> <!-- 认证管理器 --> <authentication-manager> <authentication-provider> <user-service> <user name="admin" password="123456" authorities="ROLE\_ADMIN"/> <user name="hanzl" password="123456" authorities="ROLE\_ADMIN"/> </user-service> </authentication-provider> </authentication-manager> </beans:beans> ## 2.第二种方式: ## ### 1.1 spring-security.xml 文件内容 ### <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:dubbo="http://code.alibabatech.com/schema/dubbo" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://code.alibabatech.com/schema/dubbo http://code.alibabatech.com/schema/dubbo/dubbo.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- 设置页面不登录也可以访问 --> <http pattern="/\*.html" security="none"></http> <http pattern="/css/\*\*" security="none"></http> <http pattern="/angularjs/\*\*" security="none"></http> <http pattern="/img/\*\*" security="none"></http> <http pattern="/js/\*\*" security="none"></http> <http pattern="/plugins/\*\*" security="none"></http> <http pattern="/seller/add.do" security="none"></http> <!-- 定义页面拦截规则 use-expressions: 是否启用SPEL表达式 默认是true--> <http use-expressions="false"> <!-- 当前用户必须有ROLE\_USER的角色 才能访问 根目录 及所属子目录的资源 --> <intercept-url pattern="/\*\*" access="ROLE\_SELLER"/> <form-login login-page="/shoplogin.html" default-target-url="/admin/index.html" authentication-failure-url="/shoplogin.html" always-use-default-target="true" /> <!-- 关闭csrf --> <csrf disabled="true"/> <logout/> <!-- 允许使用框架页 --> <headers> <frame-options policy="SAMEORIGIN"/> </headers> </http> <!-- 认证管理器 --> <authentication-manager> <authentication-provider user-service-ref="userDetailService"> <!-- 解密 --> <password-encoder ref="bcriptencoder"></password-encoder> </authentication-provider> </authentication-manager> <!-- 认证类 --> <beans:bean id="userDetailService" class="com.pinyougou.service.UserDetailServiceImpl"> <beans:property name="sellerService" ref="sellerService"></beans:property> </beans:bean> <!-- 引用dubbo 引用接口--> <dubbo:application name="pinyougou-shop-web" /> <dubbo:registry address="zookeeper://192.168.199.130:2181"/> <dubbo:reference id="sellerService" interface="com.pinyougou.sellergoods.service.SellerService"></dubbo:reference> <!-- 解密bean --> <beans:bean id="bcriptencoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></beans:bean> </beans:beans> ### 1.2 UserDetailServiceImpl.java 实现 文件内容 作数据库查询用户使用 ### import java.util.ArrayList; import java.util.List; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import com.pinyougou.pojo.TbSeller; import com.pinyougou.sellergoods.service.SellerService; /\*\* \* @author 作者 E-mail: hanzl \* @version 创建时间:2018年7月17日 下午9:12:50 \* 类 说明: \*/ public class UserDetailServiceImpl implements UserDetailsService \{ private SellerService sellerService; public void setSellerService(SellerService sellerService) \{ this.sellerService = sellerService; \} public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException \{ System.out.println("经过了UserDetailServiceImpl"); List<GrantedAuthority> list=new ArrayList<>() ; list.add(new SimpleGrantedAuthority("ROLE\_SELLER")); TbSeller seller=sellerService.findOne(username); if(seller!=null)\{ if(seller.getStatus().equals("1")) return new User(username,seller.getPassword(),list); return null; \} return null; \} ## \} 3.web.xml 加入如下配置 ## <!-- 安全相关 --> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring/spring-security.xml</param-value> </context-param> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/\*</url-pattern> </filter-mapping>
还没有评论,来说两句吧...