如何在一个Spring MVC项目上集成Spring security呢?

Java-教程王 SpringSecurity 发布时间:2021-08-06 15:09:45 阅读数:15632 1
下文讲述在一个现成的Spring MVC项目上集成Spring Security框架的方法分享,如下所示:

Spring在Java中应用非常广泛,下文将讲述将Spring Security集成到Spring MVC项目上的方法分享,
具体操作步骤如下所示:

引入相关的jar包(pom.xml)


<!-- Spring Security -->
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-core</artifactId>
        <version>5.4.2</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>5.4.2</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>5.4.2</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-taglibs</artifactId>
        <version>5.4.2</version>
    </dependency>

在web.xml配置 spring security的过滤器链

  <!-- Spring security filter start -->
  <!-- Spring Security过滤器链,注意过滤器名称必须是springSecurityFilterChain -->
  <filter>
      <filter-name>springSecurityFilterChain</filter-name>
      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
  </filter-mapping>
    <!-- Spring security filter end -->

在applicationContext.xml里面进行相关的配置

    <!-- 10. Spring security认证权限配置-->
    <!-- ======== Spring security start ======== -->
    <import resource="classpath:springMyTest-security.xml"/>
    
    <!-- ====== Spring security end ======== -->
 

在src下面新建 springMyTest-security.xml文件


<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:jdbc="http://www.springframework.org/schema/jdbc"
       xmlns:jms="http://www.springframework.org/schema/jms"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:mybatis-spring="http://mybatis.org/schema/mybatis-spring"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:util="http://www.springframework.org/schema/util"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
        http://www.springframework.org/schema/context https://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc.xsd
        http://www.springframework.org/schema/jms https://www.springframework.org/schema/jms/spring-jms.xsd
        http://www.springframework.org/schema/mvc https://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://mybatis.org/schema/mybatis-spring http://mybatis.org/schema/mybatis-spring.xsd
        http://www.springframework.org/schema/tx https://www.springframework.org/schema/tx/spring-tx.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    <!-- 10. Spring security认证权限配置-->
    <!-- ================ Spring security start ================ -->

    <!-- 1).配置springSecurity -->
    <!-- 
    auto-config="true" 表示自动加载springsecurity的配置文件
    use-expressions="true" 表示使用spring的el表达式来配置springsecurity
    
     -->
    <security:http auto-config="true" use-expressions="true">
        <!-- 2).拦截资源 -->
        <!-- 
        pattern="/**" 表示拦截所有资源
        access="hasAnyRole('ROLE_USER')" 表示只有ROLE_USER角色才能访问资源
         -->
        <security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER')" /> 
    </security:http>
    
    <!-- 3).模拟测试用户(未连接数据库),设置spring security认证用户信息的来源 -->
    <!-- 
    springsecurity默认的认证必须加密 
     -->
    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <security:user name="user" password="pwd123456" authorities="ROLE_USER"/>
                <security:user name="admin" password="pwd123456" authorities="ROLE_ADMIN"/>
            </security:user-service>      
        </security:authentication-provider>
    </security:authentication-manager>
     
    <!-- ================ Spring security end ================ -->
 
</beans>
版权声明

本文仅代表作者观点,不代表本站立场。
本文系作者授权发表,未经许可,不得转载。

本文链接: https://www.Java265.com/JavaFramework/SpringSecurity/202108/642.html

最近发表

热门文章

好文推荐

Java265.com

https://www.java265.com

站长统计|粤ICP备14097017号-3

Powered By Java265.com信息维护小组

使用手机扫描二维码

关注我们看更多资讯

java爱好者