1.pom.xml配置
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.qingfeng</groupId>
<artifactId>SpringSecurity</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<properties>
<spring.security.version>5.1.3.RELEASE</spring.security.version>
</properties>
<dependencies>
<!--引入Servlet支持 -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>provided</scope>
</dependency>
<!--引入Spring Security支持 -->
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-core -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.version}</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-web -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-config -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<configuration>
<!-- 指定端口 -->
<port>9001</port>
<!-- 请求路径 -->
<path>/</path>
</configuration>
</plugin>
</plugins>
</build>
</project>
2.web.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-security.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
3.spring-security.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!--以下页面不被拦截 -->
<http pattern="/login.html" security="none"></http>
<http pattern="/login_error.html" security="none"></http>
<!--页面拦截规则 -->
<http>
<!-- intercept-url:表示拦截规则 pattern:页码的匹配规则,在webapp下面的 access:资源的控制规则,需要什么的条件 -->
<!-- 所有的资源都需要是ROLE_ADMIN的角色可以访问 -->
<intercept-url pattern="/**"
access="hasRole('ROLE_ADMIN')" />
<!-- 表单登录
login-page:登录页面
default-target-url:默认跳转页面
authentication-failure-url:登录错误,跳转错误页面
-->
<form-login login-page="/login.html" default-target-url="/index.html" authentication-failure-url="/login_error.html"/>
<!-- 退出登录 -->
<logout />
<!-- 关闭跨域请求伪造控制。因为静态页无法动态生成token,所以将此功能关闭。一般静态页采用图形验证码的方式实现防止跨域请求伪造的功能。-->
<csrf disabled="true" />
</http>
<!-- 认证管理器 -->
<!-- <authentication-manager> 认证管理器 <authentication-provider> 认证的提供者,就是用来配置用户名和密码
<user-service> 用户的服务 <user /> 配置用户和密码 -->
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
<!-- <user-service>
name:用户名,password:用户密码 authorities:指定用户的角色
<user name="admin"
password="$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga"
authorities="ROLE_ADMIN" />
</user-service> -->
<!-- 密码使用bcrypt加密 -->
<password-encoder ref="bcryptEncoder" />
</authentication-provider>
</authentication-manager>
<!-- bcrypt加密 -->
<beans:bean id="bcryptEncoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></beans:bean>
<beans:bean id="userDetailsService" class="com.qingfeng.service.UserDetailsServiceImpl"></beans:bean>
</beans:beans>
4.UserDetailsServiceImpl.java类
package com.qingfeng.service;
import java.util.ArrayList;
import java.util.List;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
public class UserDetailsServiceImpl implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//构建角色集合 ,项目中此处应该是根据用户名查询用户的角色列表
List<GrantedAuthority> geAuthorities = new ArrayList<GrantedAuthority>();
//添加角色ROLE_ADMIN
geAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
/**
* 第一参数:username
* 第二参数:"$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga"是BCrypt加密的密码
* 第三参数:geAuthorities是它的角色
*/
return new User(username,"$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga",geAuthorities);
}
}
5.编写登录login.html页面
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>登录</title> </head> <body> <form action="/login" method="post"> <table> <tr> <td>用户名 <td /> <td><input name="username" /> <td /> <tr /> <tr> <td>密码 <td /> <td><input type="password" name="password" /> <td /> <tr /> </table> <button>登录</button> </form> </body> </html>
6.编写登录login_error.html页面
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>登录错误</title> </head> <body> <h1 >用户名和密码错误!</h1> </body> </html>
7.编写登录index.html页面
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>欢迎来到 SpringSecurity</title> </head> <body> <h1>欢迎来到 SpringSecurity</h1> </body> </html>
