spring-security4.1.2的學習

　　　　　　　　　　　　spring security教程

spring security是什么?

Spring Security是一個能夠為基於Spring的企業應用系統提供聲明式的安全訪問控制解決方案的安全框架。它提供了一組可以在Spring應用上下文中配置的Bean，充分利用了Spring IoC，DI（控制反轉Inversion of Control ,DI:Dependency Injection 依賴注入）和AOP（面向切面編程）功能，為應用系統提供聲明式的安全訪問控制功能，減少了為企業系統安全控制編寫大量重復代碼的工作。

 

spring security所需jar包

　　　　　

<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.1.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.1.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.1.2.RELEASE</version>
</dependency>

 

spring security在web.xml中的配置

 

<!-- Spring Secutiry4.1的過濾器鏈配置 -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

 

spring security的配置文件內容如下

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">

<debug />
<http security="none" pattern="/login.jsp" />
<http security="none" pattern="/static/**" />
<http use-expressions="true" auto-config="true">
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />

<!-- 同一時間內允許同一賬號保持4個在線,error-if-maximum-exceeded="true"表示第第四個以后的登不進去 -->
<session-management>
<concurrency-control max-sessions="4"
error-if-maximum-exceeded="true" />
</session-management>
<csrf disabled="true"/>
<form-login login-page="/login.jsp"
authentication-failure-handler-ref="authenticationFailureHandlerImpl"
authentication-success-handler-ref="authenticationSuccessHandlerImpl" />
<logout logout-success-url="/logout.jsp" logout-url="logout"
invalidate-session="true" delete-cookies="JSESSIONID" />
</http>

<authentication-manager>
<!-- <authentication-provider> -->
<!-- <user-service> -->
<!-- <user name="admin" password="123" authorities="ROLE_USER"/> -->
<!-- </user-service> -->
<!-- </authentication-provider> -->
<authentication-provider user-service-ref="userService">
<password-encoder hash="bcrypt" />
</authentication-provider>
</authentication-manager>

<beans:bean id="userService" class="com.**.user.service.impl.UserServiceImpl" />

<!-- 認證成功調用  主要實現AuthenticationSuccessHandler這個類的onAuthenticationSuccess方法-->
<beans:bean id="authenticationSuccessHandlerImpl"
class="com.**.utils.springsecurity.AuthenticationSuccessHandlerImpl">
<beans:property name="url" value="/welcome.jsp" />
</beans:bean>

<!-- 認證失敗調用 主要實現AuthenticationFailureHandler類的onAuthenticationFailure-- >
<beans:bean id="authenticationFailureHandlerImpl"
class="com.**.utils.springsecurity.AuthenticationFailureHandlerImpl">
<beans:property name="errorUrl" value="/error.jsp" />
</beans:bean>

</beans:beans>

 

com.**.user.service.impl.UserServiceImp.java

public class UserServiceImpl implements UserDetailsService{

　　@Autowired
　　private UserDao userDao;

　　public UserDetails loadUserByUsername(String username) {
　　　　UserDetails details = null;
　　　　try {
　　　　　　// 用戶名,密碼,是否激活,accountnonexpired如果帳戶沒有過期設置為true
　　　　　　// credentialsnonexpired如果證書沒有過期設置為true
　　　　　　// accountnonlocked如果帳戶不鎖定設置為true
　　　　　　com.aoyu.user.entity.User u = this.getUser(username);

　　　　　　//目前是把角色給寫死了
　　　　　　details = new org.springframework.security.core.userdetails.User(u.getUsername(), u.getPassword(), 　　　　　　　　　　　　u.isEnabled(),u.isAccountNonExpired(),u.isCredentialsNonExpired(),u.isAccountNonLocked(),AuthorityUtils.createAuthorityList("ROLE_USER"));

　　　　} catch (UsernameNotFoundException usernameNotFoundException) {
　　　　　　usernameNotFoundException.printStackTrace();
　　　　} catch (Exception e) {
　　　　　　e.printStackTrace();
　　　　}
　　　　return details;

　　}
}

 

  tips:你的只有自己動手敲代碼,你才可也學得更快,最后分享幾個spring-security的學習網站希望對大家有幫助　　　

　　　　http://www.mossle.com/docs/springsecurity3/html/springsecurity.html

　　　　https://vincentmi.gitbooks.io/spring-security-reference-zh/content/1_introduction.html

　　　　http://wiki.jikexueyuan.com/project/spring-security/log-in.html