最简单的Spring Security配置示例

代码结构：

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.nihaorz</groupId>
    <artifactId>spring-security</artifactId>
    <version>1.0-SNAPSHOT</version>

    <dependencies>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>4.1.4.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>4.1.4.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>jstl</artifactId>
            <version>1.2</version>
        </dependency>
        <dependency>
            <groupId>taglibs</groupId>
            <artifactId>standard</artifactId>
            <version>1.1.2</version>
        </dependency>
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>javax.servlet-api</artifactId>
            <version>3.1.0</version>
            <scope>provided</scope>
        </dependency>
    </dependencies>

</project>

　　

spring-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security.xsd">

    <!-- 静态资源不需要控制权限 -->
    <http pattern="/static/**" security="none"/>

    <http use-expressions="false">
        <!-- 登录页面不需要控制权限 -->
        <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <!-- 访问其他所有页面都需要有USER权限 -->
        <intercept-url pattern="/**" access="ROLE_USER" />
        <!-- 配置登录页面地址login-page、登录失败后的跳转地址authentication-failure-url -->
        <form-login login-page='/login.jsp' authentication-failure-url='/login.jsp?error' />
        <!-- 登出功能 -->
        <logout />
        <remember-me token-validity-seconds="30"/>
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <!-- 这里创建两个用户，可以通过用户名密码登录 -->
                <user name="admin" password="123456" authorities="ROLE_USER, ROLE_ADMIN" />
                <user name="nihaorz" password="123456" authorities="ROLE_USER" />
            </user-service>
        </authentication-provider>
    </authentication-manager>

</beans:beans>

　　

applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/util
        http://www.springframework.org/schema/util/spring-util-4.0.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context.xsd"
       xmlns:util="http://www.springframework.org/schema/util"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:context="http://www.springframework.org/schema/context">

    <import resource="classpath:config/spring-security.xml"/>

</beans>

　　

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
         version="3.1">

    <!-- configure the springIOC -->
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:config/applicationContext.xml</param-value>
    </context-param>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <welcome-file-list>
        <welcome-file>index.html</welcome-file>
    </welcome-file-list>
</web-app>

　　

login.jsp

<%--
  Created by IntelliJ IDEA.
  User: Nihaorz
  Date: 2017/10/11
  Time: 14:15
  To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<html>
<head>
    <title>登录页面</title>
    <style>
        .login-form {
            width: 200px;
            margin: 0 auto;
            font-size: 14px;
        }

        .login-form p input[type=text], .login-form p input[type=password] {
            width: 200px;
            padding: 5px;
        }

        .login-form p input[type=checkbox], .login-form p label {
            height: 24px;
            margin: 0;
        }

        .login-form p.parent:after {
            content: ' ';
            display: table;
            clear: both;
        }

        .login-form p.message {
            color: red;
        }
    </style>
</head>
<body>
<div style="text-align: center;">
    <c:url value="/login" var="loginUrl"/>
    <form action="${loginUrl}" method="post" class="login-form">
        <p>
            <input type="text" id="username" name="username" placeholder="用户名"/>
        </p>
        <p>
            <input type="password" id="password" name="password" placeholder="密码"/>
        </p>
        <p class="parent">
            <input type="checkbox" id="keep-login" name="remember-me" checked style="float: left;">
            <label for="keep-login" style="float: left;"> 记住我</label>
            <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
            <button type="submit" style="float: right;">登录</button>
        </p>
        <c:if test="${param.error != null}">
            <p class="message">用户名或密码无效！</p>
        </c:if>
        <c:if test="${param.logout != null}">
            <p class="message">您已注销！</p>
        </c:if>
    </form>
</div>
</body>
</html>

　　

logout.jsp

<%--
  Created by IntelliJ IDEA.
  User: Nihaorz
  Date: 2017/10/11
  Time: 14:24
  To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<html>
<head>
    <title>Title</title>
</head>
<body>
<c:url value="/logout" var="logoutUrl"/>
<form action="${logoutUrl}" method="post">
    <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
    <input type="submit" value="退出"/>
</form>
</body>
</html>

　　

index.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
我是首页
</body>
</html>

　　

参考：http://xxgblog.com/2015/09/06/spring-security-start/