1.pom.xml配置
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.qingfeng</groupId>
<artifactId>SpringSecurity</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>war</packaging>
<properties>
<spring.security.version>5.1.3.RELEASE</spring.security.version>
</properties>
<dependencies>
<!--引入Servlet支持 -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>provided</scope>
</dependency>
<!--引入Spring Security支持 -->
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-core -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.version}</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-web -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-config -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<configuration>
<!-- 指定端口 -->
<port>9001</port>
<!-- 请求路径 -->
<path>/</path>
</configuration>
</plugin>
</plugins>
</build>
</project>
2.web.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-security.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
3.spring-security.xml配置
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!--以下页面不被拦截 --> <http pattern="/login.html" security="none"></http> <http pattern="/login_error.html" security="none"></http> <!--页面拦截规则 --> <http> <!-- intercept-url:表示拦截规则 pattern:页码的匹配规则,在webapp下面的 access:资源的控制规则,需要什么的条件 --> <!-- 所有的资源都需要是ROLE_ADMIN的角色可以访问 --> <intercept-url pattern="/**" access="hasRole(‘ROLE_ADMIN‘)" /> <!-- 表单登录 login-page:登录页面 default-target-url:默认跳转页面 authentication-failure-url:登录错误,跳转错误页面 --> <form-login login-page="/login.html" default-target-url="/index.html" authentication-failure-url="/login_error.html"/> <!-- 退出登录 --> <logout /> <!-- 关闭跨域请求伪造控制。因为静态页无法动态生成token,所以将此功能关闭。一般静态页采用图形验证码的方式实现防止跨域请求伪造的功能。--> <csrf disabled="true" /> </http> <!-- 认证管理器 --> <!-- <authentication-manager> 认证管理器 <authentication-provider> 认证的提供者,就是用来配置用户名和密码 <user-service> 用户的服务 <user /> 配置用户和密码 --> <authentication-manager> <authentication-provider user-service-ref="userDetailsService"> <!-- <user-service> name:用户名,password:用户密码 authorities:指定用户的角色 <user name="admin" password="$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga" authorities="ROLE_ADMIN" /> </user-service> --> <!-- 密码使用bcrypt加密 --> <password-encoder ref="bcryptEncoder" /> </authentication-provider> </authentication-manager> <!-- bcrypt加密 --> <beans:bean id="bcryptEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></beans:bean> <beans:bean id="userDetailsService" class="com.qingfeng.service.UserDetailsServiceImpl"></beans:bean> </beans:beans>
4.UserDetailsServiceImpl.java类
package com.qingfeng.service;
import java.util.ArrayList;
import java.util.List;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
public class UserDetailsServiceImpl implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//构建角色集合 ,项目中此处应该是根据用户名查询用户的角色列表
List<GrantedAuthority> geAuthorities = new ArrayList<GrantedAuthority>();
//添加角色ROLE_ADMIN
geAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
/**
* 第一参数:username
* 第二参数:"$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga"是BCrypt加密的密码
* 第三参数:geAuthorities是它的角色
*/
return new User(username,"$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga",geAuthorities);
}
}
5.编写登录login.html页面
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>登录</title> </head> <body> <form action="/login" method="post"> <table> <tr> <td>用户名 <td /> <td><input name="username" /> <td /> <tr /> <tr> <td>密码 <td /> <td><input type="password" name="password" /> <td /> <tr /> </table> <button>登录</button> </form> </body> </html>
6.编写登录login_error.html页面
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>登录错误</title> </head> <body> <h1 >用户名和密码错误!</h1> </body> </html>
7.编写登录index.html页面
<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>欢迎来到 SpringSecurity</title> </head> <body> <h1>欢迎来到 SpringSecurity</h1> </body> </html>
原文:https://www.cnblogs.com/Amywangqing/p/13362484.html