SpringSecurity的官方文件及其簡單,他的示例配置就是在xml檔案中把使用者名稱和密碼寫固定了,然而在實際工作中是不可能的,參考了下網上的教程發現良莠不齊,特此寫下記錄學習過程
首先pom匯入jar包:
pom.xml
<dependencies>
<dependency>
<groupId>org.glassfish.web</groupId>
<artifactId>javax.servlet.jsp.jstl</artifactId>
<version>1.2.2</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>javax</groupId>
<artifactId>javaee-api</artifactId>
<version>7.0</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jdbc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.1.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.1.3.RELEASE</version>
</dependency>
</dependencies>
SpringSecurity.xml配置
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.1.xsd">
<security:http auto-config="true">
<security:intercept-url pattern="/index.jsp" access="hasRole(`ROLE_ADMIN`)" /><!-- access後面直接寫"ROLE_ADMIN"這裡會提示出錯,提示找不到這種ROLE_ADMIN這種型別 -->
</security:http>
<!-- 查詢網上的文章,這裡都是引用的實現了UserDetailsService的類,但是我引用的時候提示UserDetailService不能轉為org.springframework.security.authentication.AuthenticationProvider,所以這裡需要改為實現了AuthenticationProvider的類 -->
<bean id="MyUserService" class="szh.security.security.SecurityProvider"></bean>
<security:authentication-manager>
<security:authentication-provider
ref="MyUserService">
</security:authentication-provider>
</security:authentication-manager>
</beans>
UserDetailService實現類
public class MyUserDetailService implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException {
//在這裡為了方便測試直接固定了
MyUser myUser = new MyUser();
System.out.println(username + "load的值");
myUser.setUser_name("a");
myUser.setUser_password("aa");
myUser.setUser_role("ROLE_ADMIN");
return new MyUserDetail(myUser, getAuthorities());
}
private Collection<GrantedAuthority> getAuthorities() {
Collection<GrantedAuthority> grantedAuthorities = new ArrayList<>();
SimpleGrantedAuthority grantedAuthority = new SimpleGrantedAuthority("ROLE_ADMIN");
grantedAuthorities.add(grantedAuthority);
return grantedAuthorities;
}
}
MyUserDetail實現類:為了以後能更多的對使用者進行操作
public class MyUserDetail implements UserDetails {
private MyUser myUser;
private Collection<? extends GrantedAuthority> authorities;
public MyUserDetail(MyUser user,Collection<? extends GrantedAuthority> authorities) {
this.myUser = user;
this.authorities = authorities;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
// TODO Auto-generated method stub
return authorities;
}
@Override
public String getPassword() {
return myUser.getUser_password();
}
@Override
public String getUsername() {
return myUser.getUser_name();
}
@Override
public boolean isAccountNonExpired() {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean isAccountNonLocked() {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean isCredentialsNonExpired() {
// TODO Auto-generated method stub
return false;
}
@Override
public boolean isEnabled() {
// TODO Auto-generated method stub
return false;
}
AuthenticationProvider類
public class SecurityProvider implements AuthenticationProvider {
@Autowired
private MyUserDetailService userDetailsService;
@Override
public Authentication authenticate(Authentication authentication)
throws AuthenticationException {
UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
UserDetails userDetails = userDetailsService.loadUserByUsername("a");
if (userDetails == null) {
throw new UsernameNotFoundException("賬號不存在");
}
return new UsernamePasswordAuthenticationToken(userDetails, "aa",
userDetails.getAuthorities());
}
@Override
public boolean supports(Class<?> authentication) {
// TODO Auto-generated method stub
return UsernamePasswordAuthenticationToken.class.equals(authentication);
}
其他的正常配置即可
地址:https://github.com/Somersames…