SpringSecurity相關配置【SpringSecurityConfig】

本文轉載自查看原文 2016-08-12 14:04 6014 Spring

SpringSecurity的配置相對來說有些復雜，如果是完整的bean配置，則需要配置大量的bean，所以xml配置時使用了命名空間來簡化配置，同樣，spring為我們提供了一個抽象類WebSecurityConfigurerAdapter和一個注解@EnableWebMvcSecurity，達到同樣減少bean配置的目的，如下：

applicationContext-SpringSecurityConfig.xml

Xml代碼

<http security="none" pattern="/static/**" />
<http security="none" pattern="/**/*.jsp" />
<http auto-config='true' access-decision-manager-ref="accessDecisionManager" access-denied-page="/login"
use-expressions="true">
<logout logout-url="/logout" invalidate-session="true"
logout-success-url="/login" />
<form-login login-page="/login" authentication-failure-url="/login?error=1"
login-processing-url="/j_spring_security_check" password-parameter="j_password"
username-parameter="j_username" />
<intercept-url pattern="/**/*.do*" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/**/*.htm" access="hasRole('ROLE_ADMIN')" />
<session-management session-fixation-protection="changeSessionId">
<concurrency-control max-sessions="1"
expired-url="/access/sameLogin.do" />
</session-management>
<remember-me key="webmvc#FD637E6D9C0F1A5A67082AF56CE32485"
remember-me-parameter="remember-me" />
</http>
<beans:bean
class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"
id="expressionHandler" />
<beans:bean
class="org.springframework.security.web.access.expression.WebExpressionVoter"
id="expressionVoter">
<beans:property name="expressionHandler" ref="expressionHandler" />
</beans:bean>
<beans:bean id="loggerListener"
class="org.springframework.security.authentication.event.LoggerListener" />
<beans:bean id="authorizationListener"
class="org.springframework.security.access.event.LoggerListener" />
<authentication-manager>
<authentication-provider user-service-ref="userService">
<password-encoder hash="md5" />
</authentication-provider>
</authentication-manager>
<beans:bean id="userService" class="web.security.CP_UserDetailsService" />
<beans:bean id="accessDecisionManager"
class="org.springframework.security.access.vote.AffirmativeBased">
<beans:property name="decisionVoters">
<beans:list>
<beans:bean class="org.springframework.security.access.vote.RoleVoter" />
<beans:bean
class="org.springframework.security.access.vote.AuthenticatedVoter" />
<beans:ref bean="expressionVoter" />
</beans:list>
</beans:property>
</beans:bean>

SpringSecurityConfig.java

Java代碼

@Configuration
@EnableWebMvcSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
private static final Logger logger = Logger
.getLogger(SpringSecurityConfig.class);
@Override
public void configure(WebSecurity web) throws Exception {
// 設置不攔截規則
web.ignoring().antMatchers("/static/**", "/**/*.jsp");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// 設置攔截規則
// 自定義accessDecisionManager訪問控制器,並開啟表達式語言
http.authorizeRequests().accessDecisionManager(accessDecisionManager())
.expressionHandler(webSecurityExpressionHandler())
.antMatchers("/**/*.do*").hasRole("USER")
.antMatchers("/**/*.htm").hasRole("ADMIN").and()
.exceptionHandling().accessDeniedPage("/login");
// 開啟默認登錄頁面
// http.formLogin();
// 自定義登錄頁面
http.csrf().disable().formLogin().loginPage("/login")
.failureUrl("/login?error=1")
.loginProcessingUrl("/j_spring_security_check")
.usernameParameter("j_username")
.passwordParameter("j_password").permitAll();
// 自定義注銷
http.logout().logoutUrl("/logout").logoutSuccessUrl("/login")
.invalidateHttpSession(true);
// session管理
http.sessionManagement().sessionFixation().changeSessionId()
.maximumSessions(1).expiredUrl("/");
// RemeberMe
http.rememberMe().key("webmvc#FD637E6D9C0F1A5A67082AF56CE32485");
}
@Override
protected void configure(AuthenticationManagerBuilder auth)
throws Exception {
// 自定義UserDetailsService
auth.userDetailsService(userDetailsService()).passwordEncoder(
new Md5PasswordEncoder());
}
@Bean
public CP_UserDetailsService userDetailsService() {
logger.info("CP_UserDetailsService");
CP_UserDetailsService userDetailsService = new CP_UserDetailsService();
return userDetailsService;
}
@Bean
public LoggerListener loggerListener() {
logger.info("org.springframework.security.authentication.event.LoggerListener");
LoggerListener loggerListener = new LoggerListener();
return loggerListener;
}
@Bean
public org.springframework.security.access.event.LoggerListener eventLoggerListener() {
logger.info("org.springframework.security.access.event.LoggerListener");
org.springframework.security.access.event.LoggerListener eventLoggerListener = new org.springframework.security.access.event.LoggerListener();
return eventLoggerListener;
}
/*
*
* 這里可以增加自定義的投票器
*/
@SuppressWarnings("rawtypes")
@Bean(name = "accessDecisionManager")
public AccessDecisionManager accessDecisionManager() {
logger.info("AccessDecisionManager");
List<AccessDecisionVoter> decisionVoters = new ArrayList<AccessDecisionVoter>();
decisionVoters.add(new RoleVoter());
decisionVoters.add(new AuthenticatedVoter());
decisionVoters.add(webExpressionVoter());// 啟用表達式投票器
AffirmativeBased accessDecisionManager = new AffirmativeBased(
decisionVoters);
return accessDecisionManager;
}
/*
* 表達式控制器
*/
@Bean(name = "expressionHandler")
public DefaultWebSecurityExpressionHandler webSecurityExpressionHandler() {
logger.info("DefaultWebSecurityExpressionHandler");
DefaultWebSecurityExpressionHandler webSecurityExpressionHandler = new DefaultWebSecurityExpressionHandler();
return webSecurityExpressionHandler;
}
/*
* 表達式投票器
*/
@Bean(name = "expressionVoter")
public WebExpressionVoter webExpressionVoter() {
logger.info("WebExpressionVoter");
WebExpressionVoter webExpressionVoter = new WebExpressionVoter();
webExpressionVoter.setExpressionHandler(webSecurityExpressionHandler());
return webExpressionVoter;
}
}

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 springSecurity配置解析 SpringSecurity SpringSecurity SpringSecurity SSM框架中springsecurity的配置及使用 SpringSecurity(六)：配置多個數據源 SpringBoot19 集成SpringSecurity01 -> 環境搭建、SpringSecurity驗證、SpringSecurity配置進階、登錄頁面處理 SpringSecurity權限管理系統實戰—九、數據權限的配置 Springsecurity3.1.3配置多個登陸頁面 SpringBoot SpringSecurity4整合,靈活權限配置,棄用注解方式.