Spring Secuirty与SSH整合
2017-01-16 21:25
183 查看
项目下载:点击下载
maven项目下载:点击下载
项目说明: Spring Security+SSH,通过数据库给用户授权认证
spring-security.xml配置如下:
说明:
authentication-manager需要authencation-provider提供支持验证,不清楚的可以参考如下文章:http://wiki.jikexueyuan.com/project/spring-security/authenticationProvider.html
通过自己实现自己实现的UserDetaisServiceImpl类,需要实现UserDetailsService 接口,并实现其loadUserByUsername方法,来处理用户认证.
主要处理业务方法如下:
UsernamePasswordAuthenticationToken 封装username和password,然后通过 authenticationManager认证授权得到新的Authentication对象,并保存到SecurityContext中,将SecurityContext保存到session中即可完成认证。
maven项目下载:点击下载
项目说明: Spring Security+SSH,通过数据库给用户授权认证
spring Security配置文件
spring-security.xml配置如下:<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.sprin 4000 gframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd "> <!-- 指定登录页面不添加任何权限 --> <http security="none" pattern="/login.jsp" /> <!-- 指定 访问js文件不需要任何权限,这个不配置,jquery(js)文件引入不了哦 --> <http security="none" pattern="/js/*.js" /> <!-- 指定 登录处理action 不需要任何权限 --> <http security="none" pattern="/login.action" /> <http auto-config="true"> <!-- login-page 设置自定义登录页面 --> <!-- 认证成功处理:(1)用户直接访问登录页成功后,调转 默认到项目根目录,可以通过 default-target-url来设置 (2)用户访问其他页面如a.jsp,跳转到登录页,认证成功后到a.jsp;(3)也可通过设置always-use-default-target 属性,只要认证成功就跳转到该页面 --> <form-login login-page="/login.jsp" username-parameter="username" password-parameter="password" /> <!-- 指定任何页面都需要user权限(前面已经设置login.jsp不需要) --> <intercept-url pattern="/**" access="ROLE_ADMIN" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="userDetaisServiceImpl" /> </authentication-manager> <beans:bean id="userDetaisServiceImpl" class="com.service.UserDetaisServiceImpl"> <beans:property name="userDetailsDaoImpl" ref="userDetailsDaoImpl"></beans:property> </beans:bean> <beans:bean id="userDetailsDaoImpl" class="com.dao.UserDetailsDaoImpl"> <beans:property name="sessionFactory" ref="sessionFactory"></beans:property> </beans:bean> </beans:beans>
说明:
authentication-manager需要authencation-provider提供支持验证,不清楚的可以参考如下文章:http://wiki.jikexueyuan.com/project/spring-security/authenticationProvider.html
通过自己实现自己实现的UserDetaisServiceImpl类,需要实现UserDetailsService 接口,并实现其loadUserByUsername方法,来处理用户认证.
UserDetaisServiceImpl类代码如下:
package com.service; import java.util.ArrayList; import java.util.List; import java.util.Set; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import com.dao.UserDetailsDaoImpl; import com.pojo.Role; import com.pojo.User; public class UserDetaisServiceImpl implements UserDetailsService { private UserDetailsDaoImpl userDetailsDaoImpl; public UserDetailsDaoImpl getUserDetailsDaoImpl() { return userDetailsDaoImpl; } public void setUserDetailsDaoImpl(UserDetailsDaoImpl userDetailsDaoImpl) { this.userDetailsDaoImpl = userDetailsDaoImpl; } public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { User user = userDetailsDaoImpl.findUser(username); List<GrantedAuthority> authorities = null; if (user != null) { authorities = buildUserAuthority(user.getRoles()); return new org.springframework.security.core.userdetails.User( user.getUsername(), user.getPassword(), authorities); } return null; } // 获取用户权限并转换成spring security能处理的权限类 private List<GrantedAuthority> buildUserAuthority(Set<Role> roles) { List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); for (Role role : roles) { authorities.add(new SimpleGrantedAuthority(role.getRoleName())); } return authorities; } }
Action处理类
主要处理业务方法如下:public void login() { try { UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( username, password); // 认证验证,内部会调用 UserDetailsServiceImpl.loadUserByUsername()验证 Authentication authentication = authenticationManager .authenticate(token); SecurityContextHolder.getContext() .setAuthentication(authentication); this.getSession().setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext()); this.getOut().print("success"); } catch (Exception e) { e.printStackTrace(); this.getOut().print("error"); } }首先理解这段代码,我们要先知道认证过程,可以参考如下文章:http://wiki.jikexueyuan.com/project/spring-security/certification.html
UsernamePasswordAuthenticationToken 封装username和password,然后通过 authenticationManager认证授权得到新的Authentication对象,并保存到SecurityContext中,将SecurityContext保存到session中即可完成认证。
相关文章推荐
- Struts Spring Hibernate (SSH) 整合实例
- 使用MyEclipse集成SSH和DWR(一)整合Spring和Struts
- 【3】SSH整合-spring注入
- 『转』整合SSH和DWR(2)spring+Hibernate
- 『转』整合SSH和DWR(1)spring+struts
- spring live上有个入门的整合SSH的例子
- 使用MyEclipse集成SSH整合Spring和Hibernate
- SSH整合中 hibernate托管给Spring得到SessionFactory
- SSH整合中 hibernate托管给Spring得到SessionFactory
- Struts Spring Hibernate (SSH) 整合实例
- 使用MyEclipse集成SSH和DWR(二)整合Spring和Hibernate
- MyEclipse整合SSH(Struts+Spring+Hibernate)简单登录范例(二)
- MyEclipse整合SSH(Struts+Spring+Hibernate)简单登录范例(一)
- Struts+Spring+Hibernate--SSH整合实例
- Struts Spring Hibernate (SSH) 整合实例
- SSH整合-关于Spring中applicationContext.xml文件对于事务的一些配置
- MyEclipse 7.0M1 SSH 整合开发问题解决:Spring2.5+hibernate3.1+Struts1.3 +Tomcat6.0
- Struts+Spring+Hibernate--SSH整合实例
- Struts+Spring+Hibernate/SSH整合开发详细二
- Struts+Spring+Hibernate--SSH整合实例