spring-security(1)

这里简单介绍下spring security的使用

添加依赖

<org.springframework.security-version>4.1.0.RELEASE</org.springframework.security-version>

<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-web</artifactId>
  <version>${org.springframework.security-version}</version>
</dependency>
<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-cas</artifactId>
  <version>${org.springframework.security-version}</version>
</dependency>
<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-config</artifactId>
  <version>${org.springframework.security-version}</version>
</dependency>
<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-core</artifactId>
  <version>${org.springframework.security-version}</version>
</dependency>
<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-crypto</artifactId>
  <version>${org.springframework.security-version}</version>
</dependency>
<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-taglibs</artifactId>
  <version>${org.springframework.security-version}</version>
</dependency>

spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    <http auto-config="true">
        <!--intercept-url定义了一个权限控制的规则。
                pattern：进行权限控制的url
                access：需要什么权限，以逗号分隔的角色列表，只需拥有其中的一个角色就能成功访问
            -->
        <intercept-url pattern="/**" access="hasRole('role1')"/>
    </http>

    <beans:bean id="userService" class="com.yitop.feng.service.UserService"/>

    <!--
    authentication-manager元素指定了一个AuthenticationManager，其需要一个AuthenticationProvider来进行真正的认证，
    默认情况下authentication-provider对应一个UserDetailsService来获取用户信息(即查询数据库)。
    -->
    <authentication-manager>
        <authentication-provider user-service-ref="userService">
            <!-- 指定密码加密方式 -->
            <password-encoder hash="md5"/>
        </authentication-provider>
    </authentication-manager>
</beans:beans>

web.xml

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        classpath:spring-security.xml
    </param-value>
</context-param>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

userService

/**
 * @author fengzp
 * @date 2017/3/23下午5:52
 * @email fengzp@gzyitop.com
 * @company 广州易站通计算机科技有限公司
 */
public class UserService implements UserDetailsService {

    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {

        username = "fengzp";

        String password = "E10ADC3949BA59ABBE56E057F20F883E";//123456

        List<GrantedAuthority> rolenames = new ArrayList<GrantedAuthority>();
        rolenames.add(new SimpleGrantedAuthority("role1"));

        //这里要注意，密码要小写
        User user = new User(username,password.toLowerCase(),rolenames );

        return user;
    }
}

测试

打开首页可以看到一个登录页面，但是我并没有写这个登录页面，这个页面是当我们没有指定登录页面时，spring自动帮我们生成的。
这里我写死了一个用户/密码：fengzp/123456，当用别的用户或者密码不正确的时候，页面就会报错。