SSH + Spring Security3.2例子(一)
2014-12-19 09:53
316 查看
Security之环境搭建
1.web.xml配置
<!-- spring的监听器,以便在启动时就自动加载spring的配置 --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- spring要加载的配置文件--> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:/applicationContext*.xml</param-value> </context-param> <!-- spring-security --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
2.applicationContext-security.xml配置
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.2.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd"> <!-- 不需要过滤的URL --> <http pattern="/jsp/login.jsp" security="none"/> <http pattern="/login.jsp" security="none"/> <http pattern="/test/main!goLogin.action" security="none"/> <http pattern="/jsp/error403.jsp" security="none"/> <http pattern="/jsp/sessionTimeOut.jsp" security="none"/> <http pattern="/css/**" security="none"/> <http pattern="/images/**" security="none"/> <http pattern="/js/**" security="none"/> <!-- 配置登陆页面的切入点 --> <!-- entry-point-ref:安全退出后,再次请求受限资源时所跳转的URL --> <http use-expressions="true" entry-point-ref="authenticationEntryPoint" access-denied-page="/jsp/error403.jsp"> <!-- 安全退出 处理 --> <logout invalidate-session="true" logout-url="/logout.do" success-handler-ref="logoutFilter" /> <!-- 配置session超时后跳转的页面,以及一个用户只能登陆一次 --> <session-management invalid-session-url="/jsp/sessionTimeOut.jsp"> <concurrency-control max-sessions="1" /> </session-management> <!-- 配置Cookies自动登录 --> <remember-me services-ref="rememberMeServices" key="TEST_REMEMBER" /> <!-- 替换默认的登陆验证Filter --> <custom-filter ref="loginFilter" position="FORM_LOGIN_FILTER" /> <!-- 替换默认的验证过滤Filter --> <custom-filter ref="FilterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR" /> </http> <!-- ====================================================模块分割线==================================================== --> <!-- 安全退出后,再次请求受限资源时所跳转的URL --> <beans:bean id="authenticationEntryPoint" class="com.test.security.login.MultipleAuthenticationEntryPoint"> <beans:property name="directUrl" value="/jsp/login.jsp"></beans:property> </beans:bean> <!-- ====================================================模块分割线==================================================== --> <!-- 配置登出页面 --> <beans:bean id="logoutFilter" class="com.test.security.logout.MultipleLogoutSuccessHandler"> <beans:property name="directUrl" value="/jsp/login.jsp"></beans:property> </beans:bean> <!-- ====================================================模块分割线==================================================== --> <!-- 配置Cookies自动登录 --> <beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices"> <!-- Cookies保存的属性名 --> <beans:property name="key" value="TEST_REMEMBER" /> <!-- 页面多选框标签的属性名 --> <beans:property name="parameter" value="rememberMe" /> <!-- Cookies时间(秒) 12天--> <beans:property name="tokenValiditySeconds" value="1209600"></beans:property> <beans:property name="userDetailsService" ref="myUserDetailsService" /> </beans:bean> <!-- ====================================================模块分割线==================================================== --> <!-- 配置身份验证管理器 --> <authentication-manager alias="authenticationManager"> <authentication-provider ref="multipleAuthenticationProvider"></authentication-provider> </authentication-manager> <!-- 配置身份验证器 --> <beans:bean id="multipleAuthenticationProvider" class="com.test.security.authentication.provider.MultipleAuthenticationProvider"> <beans:property name="authenticationProviders"> <beans:list> <beans:ref bean="myAuthenticationProvider" /> </beans:list> </beans:property> </beans:bean> <!-- 身份验证 --> <beans:bean id="myUserDetailsService" class="com.test.security.authentication.details.MyUserDetailsService"> </beans:bean> <!-- 配置加密策略 --> <beans:bean id="shaPasswordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"> <beans:property name="encodeHashAsBase64" value="false"></beans:property> </beans:bean> <!-- 配置密码的盐值 --> <beans:bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource"> <!-- 以用户名作为加密盐值 --> <beans:property name="userPropertyToUse" value="username"></beans:property> </beans:bean> <!-- 验证器并构建新用户凭证 --> <beans:bean id="myAuthenticationProvider" class="com.test.security.authentication.provider.MyAuthenticationProvider"> <beans:property name="userDetailsService" ref="myUserDetailsService"></beans:property> <beans:property name="passwordEncoder" ref="shaPasswordEncoder"></beans:property> <beans:property name="saltSource" ref="saltSource"></beans:property> </beans:bean> <!-- ====================================================模块分割线==================================================== --> <!-- 自定义登陆验证过滤器 --> <beans:bean id="loginFilter" class="com.test.security.authentication.filter.MultipleUsernamePasswordAuthenticationFilter"> <!-- 登陆页面URL <beans:property name="filterProcessesUrl" value="/login.do" /> 过期 --> <beans:property name="requiresAuthenticationRequestMatcher" ref="loginUrl" /> <!-- 注入用户凭证 --> <beans:property name="tokenResolver" ref="myAuthenticationTokenResolver"/> <!-- 校验用户名及密码,并对用户授权 --> <beans:property name="authenticationManager" ref="authenticationManager" /> <!-- 验证通过所执行的请求 --> <beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" /> <!-- 验证未通过所执行的请求 --> <beans:property name="authenticationFailureHandler" ref="authenticationFailureHandler" /> <!-- 自动登录 --> <beans:property name="rememberMeServices" ref="rememberMeServices"/> </beans:bean> <!-- 登陆页面URL --> <beans:bean id="loginUrl" class="org.springframework.security.web.util.matcher.AntPathRequestMatcher"> <beans:constructor-arg type="java.lang.String" value="/login.do"/> </beans:bean> <!-- ====================================================模块分割线==================================================== --> <!-- 构建登陆用户凭证 --> <beans:bean id="myAuthenticationTokenResolver" class="com.test.security.authentication.filter.MyAuthenticationTokenResolver"> </beans:bean> <!-- 登陆验证成功后的处理结果 --> <beans:bean id="authenticationSuccessHandler" class="com.test.security.authentication.handler.MultipleAuthenticationSuccessHandler"> <beans:property name="directUrl" value="/test/main!goMain.action"/> </beans:bean> <!-- 登陆验证失败后的处理结果 --> <beans:bean id="authenticationFailureHandler" class="com.test.security.authentication.handler.MultipleAuthenticationFailureHandler"> <beans:property name="directUrl" value="/test/main!goLogin.action" /> <!-- <beans:property name="useForward" value="true" /> --> </beans:bean> <!-- ====================================================模块分割线==================================================== --> <!-- 自定义权限认证过滤器 --> <beans:bean id="FilterSecurityInterceptor" class="com.test.security.manage.filter.MultipleFilterSecurityInterceptor"> <beans:property name="authenticationManager" ref="authenticationManager" /> <beans:property name="securityMetadataSource" ref="multipleSecurityMetadataSource" /> <beans:property name="accessDecisionManager" ref="multipleAccessDecisionManager" /> </beans:bean> <!-- 配置访问的资源属性 --> <beans:bean id="multipleSecurityMetadataSource" class="com.test.security.manage.metadata.MultipleFilterInvocationSecurityMetadataSource"> <beans:property name="metadataSource" ref="mySecurityMetadataSource" /> </beans:bean> <!-- 资源 --> <beans:bean id="mySecurityMetadataSource" class="com.test.security.manage.metadata.MySecurityMetadataSource"> </beans:bean> <!-- 配置访问决策器 --> <beans:bean id="multipleAccessDecisionManager" class="com.test.security.manage.decide.MultipleAccessDecisionManager" /> </beans:beans>
3.spring security资源
security的资源主要分为三种:非过滤资源、公有资源、受权限保护的资源。非过滤资源:不会经过security权限认证过滤器的处理,该资源不需要登陆就可以直接访问。(如
<http pattern="/jsp/login.jsp" security="none"/>公有资源:未定义权限的资源,该资源不需要登陆就可以直接访问。(没有定义的默认资源都是公有资源)
受权限保护的资源:登陆用户拥有该资源的权限,该资源才能被访问。(如
<!-- 本例子中 该资源通过数据库加载 --> <intercept-url pattern="/test1.jsp" access="ROLE_USER" />
完整下载例子下载:http://download.csdn.net/detail/huanglgln/8276525
相关文章推荐
- SSH集成开发例子(Struts1.2 + Spring 3.1 + Hibernate 3.2)
- 权限控制:spring 3.0 security配置例子
- 基于Annotation的SSH整合例子 Struts2 Spring3 Hibernate3
- 【JavaEE】SSH+Spring Security基础上配置AOP+log4j
- 升级spring 3.2 到 spring 4.3.7, spring-security 4.2.2
- 关于SSH整合, Struts2.3,Hibernate3,Spring3.2
- spring live上有个入门的整合SSH的例子
- spring boot 入门之security oauth2 jwt完美整合例子-java编程
- 【JavaEE】SSH+Spring Security自定义Security的部分处理策略
- 【JavaEE】SSH+Spring Security基础上配置AOP+log4j
- Spring Security OAuth 官方例子分析
- SSH 整合例子 Struts2 Spring3 Hibernate3
- ssh整合例子(spring3 + struts2 + hibernate4+dwr+ext+json)
- SSH整合例子 Struts2 Spring3 Hibernate3 注解
- Spring+Spring Security+JSTL实现的表单登陆的例子
- 权限控制:spring 3.0 security配置例子
- 权限控制:spring 3.0 security配置例子
- Spring+Spring Security+Maven 实现的一个Hello World例子
- spring security helloworld例子操作
- SSH与SSM学习之Spring01——介绍、搭建环境与第一个例子