spring security 3.x 多页面登录配置入门教程

最近在最shiro的多入口登录,搞了好久,就把spring security拿出来再炒一下,这是我以前在csdn写过的一篇博客。

 

spring security 是一个权限控制的框架。可以很方便地实现权限的控制,不需要我们手动地写拦截器去对于请求进行拦截,然后对于权限进行判断。这可以大大地减少工作量,并且,spring security提供了很可靠的安全保障。

废话不多说,以下为正文:

1、加入spring security的jar包,我是能过maven配合nexus进行jar包管理的。纯jar包也是可以的,下载相应的jar包添加到WEB-INF下的lib目录下即可。以下为pom.xml加入的依赖(来处官网http://projects.spring.io/spring-security/):

<dependencies>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>3.2.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>3.2.3.RELEASE</version>
    </dependency>
</dependencies>

2、在web.xml里面加入spring security的拦截器,当然配置文件也要加载,不过是通过正则表达式一次把spring的配置文件都加载完成的:

	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			classpath:spring*.xml
		</param-value>
	</context-param>

  

	<!-- spring security -->
 	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

3、配置spring-security.xml文件:

<?xml version="1.0" encoding="UTF-8"?>  
<beans:beans xmlns="http://www.springframework.org/schema/security"  
    xmlns:beans="http://www.springframework.org/schema/beans"   
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  
    xsi:schemaLocation="http://www.springframework.org/schema/beans  
    http://www.springframework.org/schema/beans/spring-beans-3.2.xsd  
    http://www.springframework.org/schema/security  
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">  
      
    <!-- 不需要进行认证的资源,3.0之后才改为这样配置 -->    
    <!-- <http security="none" pattern="/**/index" /> -->  
    <http security="none" pattern="/**/login" />  
    <http security="none" pattern="/**/*.jpg" />  
    <http security="none" pattern="/**/*.png" />  
    <http security="none" pattern="/**/*.gif" />  
    <http security="none" pattern="/**/*.css" />  
    <http security="none" pattern="/**/*.js" />  
  
    <!--设置匹配学生用户url,登录页面和所拥有的权限,以及引用studentAuthManager验证管理 -->  
    <http auto-config="true" pattern="/student/**" use-expressions="true" authentication-manager-ref="studentAuthManager">  
        <form-login login-processing-url="/student/j_spring_security_check"  
            login-page="/student/login" authentication-failure-url="/student/login" default-target-url="/student/index"/>  
        <logout logout-success-url="/student/login" logout-url="/student/j_spring_security_logout" />  
        <intercept-url pattern="/student/**" access="hasRole('ROLE_STUDENT')" />  
    </http>  
      
    <!--设置匹配管理员用户url,登录页面和所拥有的权限,以及引用adminAuthManager验证管理 -->  
    <http auto-config="true" pattern="/admin/**" use-expressions="true" authentication-manager-ref="adminAuthManager">  
        <form-login login-processing-url="/admin/j_spring_security_check"  
            login-page="/admin/login" authentication-failure-url="/admin/login"  default-target-url="/admin/index"/>  
        <logout logout-url="/admin/j_spring_security_logout" logout-success-url="/admin/index" />  
        <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />  
    </http>  
      
    <!--前台用户验证管理bean -->  
    <authentication-manager id="studentAuthManager">  
        <authentication-provider user-service-ref="studentDetailService">  
            <password-encoder hash="md5"></password-encoder>  
        </authentication-provider>          
    </authentication-manager>  
      
    <!--后台管理用户验证管理bean -->  
    <authentication-manager id="adminAuthManager">  
        <authentication-provider user-service-ref="adminDetailService">  
            <password-encoder hash="md5"></password-encoder>  
        </authentication-provider>  
    </authentication-manager>  
</beans:beans>  

 4、重写实现UserDetailsService的接口(由于student的实现方式,跟admin的实现方式是一模一样的,所以此处只列出admin的例子):

@Service  
public class AdminDetailService implements UserDetailsService{  
  
    @Resource  
    private AdminMapper adminMapper;  
      
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {  
        Admin admin = adminMapper.selectByUsername(username);  
        return admin;  
    }  
  
}  

5、在Admin的实体实现UserDetails接口(由于仅为demo所以权限是写死了的,可以从数据库取出),student实现也是实现UserDetails接口,不重复贴代码了。

public class Admin implements UserDetails{  
    private static final long serialVersionUID = 1557391641237960295L;  
  
    private Integer id;  
  
    private String username;  
  
    private String password;  
  
    public Integer getId() {  
        return id;  
    }  
  
    public void setId(Integer id) {  
        this.id = id;  
    }  
    
    //此部分的权限应该由数据库取出,此处不作取出操作  
    public Collection<? extends GrantedAuthority> getAuthorities() {  
        List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();  
        authorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));  
        return authorities;  
    }  
  
    public void setPassword(String password){  
        this.password = password;  
    }  
      
    public void setUsername(String username){  
        this.username = password;  
    }  
      
    public String getPassword() {  
        return password;  
    }  
  
    public String getUsername() {  
        return username;  
    }  
  
    public boolean isAccountNonExpired() {  
        return true;  
    }  
  
    public boolean isAccountNonLocked() {  
        return true;  
    }  
  
    public boolean isCredentialsNonExpired() {  
        return true;  
    }  
  
    public boolean isEnabled() {  
        return true;  
    }  
}  

6、如果不写页面的话,spring security会使用它默认的页面,十分的丑陋,不过所幸可以自己写,以下为自己写的页面(也十分地丑陋):

<body>  
    <form action="j_spring_security_check" method="post">  
    username:<input type="text" name="j_username"/><br/>  
    password:<input type="password" name="j_password"/><br/>  
    Remember Me:<input name="_spring_security_remember_me" type="checkbox" value="true"/><br/>  
    <input type="submit" value="提交"/>  
    </form>  
</body>  

7、访问,登录,大功告成,由于此部分的代码由项目代码改的,所以没有demo不好意思!!!(有机会一定补上= =||,估计是补不上了)

 

posted @ 2015-06-04 20:44  ICE_XUE  阅读(2714)  评论(0编辑  收藏  举报