本来之前打算把第三天写基于Session认证授权的,但是后来视屏看完后感觉意义不大,而且内容简单,就不单独写成文章了;
简单说一下吧,就是通过Servlet的SessionApi
通过实现拦截器的前置拦截
通过setAttr..放入session中
会话中通过getAttr获取
获取不到跳转到登录页面
获取到就判断权限,查看是否有某些特定的权限标识,
如果有就放行,没有就返回无权限
好了说完了;
下面说SpringSecurity
简介:
创建一个Maven项目
本来打算先写理论最后贴代码的,但是感觉不是很清晰,还是直接上代码吧,理论适当即可
项目结构
maven依赖
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.flower.dance</groupId> <artifactId>springsecuritydemo</artifactId> <version>1.0-SNAPSHOT</version> <packaging>war</packaging> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <maven.compiler.source>1.8</maven.compiler.source> <maven.compiler.target>1.8</maven.compiler.target> <spring.version>5.1.5.RELEASE</spring.version> <jackson.version>2.5.0</jackson.version> </properties> <dependencies> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.12</version> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>5.1.4.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>5.1.4.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>${spring.version}</version> </dependency> <!--<dependency>--> <!--<groupId>org.springframework</groupId>--> <!--<artifactId>spring-jdbc</artifactId>--> <!--<version>${spring.version}</version>--> <!--</dependency>--> <!--<dependency>--> <!--<groupId>org.springframework</groupId>--> <!--<artifactId>spring-test</artifactId>--> <!--<version>${spring.version}</version>--> <!--<scope>test</scope>--> <!--</dependency>--> <!--<dependency>--> <!--<groupId>org.aspectj</groupId>--> <!--<artifactId>aspectjweaver</artifactId>--> <!--<version>1.8.4</version>--> <!--</dependency>--> <!-- log4j --> <!--<dependency>--> <!--<groupId>log4j</groupId>--> <!--<artifactId>log4j</artifactId>--> <!--<version>1.2.17</version>--> <!--</dependency>--> <!-- servlet --> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>3.0-alpha-1</version> <scope>provided</scope> </dependency> <!--<dependency>--> <!--<groupId>javax.servlet</groupId>--> <!--<artifactId>jstl</artifactId>--> <!--<version>1.2</version>--> <!--</dependency>--> <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> <version>1.2.3</version> </dependency> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> <version>1.18.8</version> </dependency> </dependencies> <build> <plugins> <!-- tomcat插件控制 --> <plugin> <groupId>org.apache.tomcat.maven</groupId> <artifactId>tomcat7-maven-plugin</artifactId> <version>2.2</version> <configuration> <port>8080</port> <path>/abc</path> <uriEncoding>UTF-8</uriEncoding> </configuration> </plugin> <!-- maven插件控制 --> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> <version>3.1</version> <configuration> <source>1.8</source> <target>1.8</target> <encoding>utf-8</encoding> </configuration> </plugin> </plugins> </build> </project>
Sping配置类
1 package com.flower.dance.config; 2 import org.springframework.context.annotation.ComponentScan; 3 import org.springframework.context.annotation.Configuration; 4 import org.springframework.context.annotation.FilterType; 5 import org.springframework.stereotype.Controller; 6 7 /** 8 * @Description Spring配置类 9 * @ClassName SpringConfig 10 * @Author mr.zhang 11 * @Date 2020/5/2 15:53 12 * @Version 1.0.0 13 **/ 14 @Configuration 15 @ComponentScan(basePackages = {"com.flower.dance"}, 16 excludeFilters = { 17 @ComponentScan.Filter( 18 type = FilterType.ANNOTATION, 19 value = {Controller.class} 20 ) 21 }) 22 public class SpringConfig { 23 24 }
SpringMvc配置类
1 package com.flower.dance.config; 2 3 import org.springframework.context.annotation.Bean; 4 import org.springframework.context.annotation.ComponentScan; 5 import org.springframework.context.annotation.Configuration; 6 import org.springframework.context.annotation.FilterType; 7 import org.springframework.stereotype.Controller; 8 import org.springframework.web.servlet.config.annotation.EnableWebMvc; 9 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; 10 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; 11 import org.springframework.web.servlet.view.InternalResourceViewResolver; 12 13 /** 14 * @Description WebMvc配置类 15 * @ClassName com.flower.dance.config.SpringMvcConfig 16 * @Author mr.zhang 17 * @Date 2020/5/2 15:57 18 * @Version 1.0.0 19 **/ 20 @Configuration 21 @EnableWebMvc 22 @ComponentScan( 23 basePackages = "com.flower.dance.controller", 24 includeFilters = { 25 @ComponentScan.Filter( 26 type = FilterType.ANNOTATION, 27 classes = {Controller.class} 28 ) 29 } 30 ) 31 public class SpringMvcConfig implements WebMvcConfigurer { 32 33 /** 34 * 视图映射器 35 * @return internalResourceViewResolver 36 */ 37 @Bean 38 public InternalResourceViewResolver internalResourceViewResolver(){ 39 InternalResourceViewResolver internalResourceViewResolver = new InternalResourceViewResolver(); 40 internalResourceViewResolver.setPrefix("/WEB-INF/views/"); 41 internalResourceViewResolver.setSuffix(".jsp"); 42 return internalResourceViewResolver; 43 } 44 45 /** 46 * 视图控制器 47 * @param registry 48 */ 49 @Override 50 public void addViewControllers(ViewControllerRegistry registry) { 51 // registry.addViewController("/").setViewName("login"); 52 // 重定向到login 53 registry.addViewController("/").setViewName("redirect:/login"); 54 } 55 56 }
安全配置类
1 package com.flower.dance.config; 2 3 import org.springframework.context.annotation.Bean; 4 import org.springframework.security.config.annotation.web.builders.HttpSecurity; 5 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 6 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 7 import org.springframework.security.core.userdetails.User; 8 import org.springframework.security.core.userdetails.UserDetailsService; 9 import org.springframework.security.crypto.password.NoOpPasswordEncoder; 10 import org.springframework.security.crypto.password.PasswordEncoder; 11 import org.springframework.security.provisioning.InMemoryUserDetailsManager; 12 13 /** 14 * @Description 安全配置 15 * @ClassName WebSecurityConfig 16 * @Author mr.zhang 17 * @Date 2020/5/6 17:58 18 * @Version 1.0.0 19 **/ 20 @EnableWebSecurity 21 public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 22 23 /** 24 * 定义用户信息服务(查询用户信息) 25 * @return UserDetailsService 26 */ 27 @Bean 28 @Override 29 public UserDetailsService userDetailsService(){ 30 // 基于内存比对 31 InMemoryUserDetailsManager inMemoryUserDetailsManager = new InMemoryUserDetailsManager(); 32 // 创建用户 33 inMemoryUserDetailsManager.createUser(User.withUsername("zs").password("zs").authorities("p1").build()); 34 inMemoryUserDetailsManager.createUser(User.withUsername("ls").password("ls").authorities("p2").build()); 35 return inMemoryUserDetailsManager; 36 } 37 38 /** 39 * 密码编码器 40 * @return PasswordEncode 41 */ 42 @Bean 43 public PasswordEncoder passwordEncoder(){ 44 // 暂时采用字符串比对 45 return NoOpPasswordEncoder.getInstance(); 46 } 47 48 /** 49 * 安全拦截机制 50 * @param http 51 * @throws Exception 52 */ 53 @Override 54 protected void configure(HttpSecurity http) throws Exception { 55 // 认证请求 56 http.authorizeRequests() 57 // 需要认证 58 .antMatchers("/r/**").authenticated() 59 // 其他的放行 60 .anyRequest().permitAll() 61 // 并且 62 .and() 63 // 允许表单登录 64 .formLogin() 65 // 成功后转发地址 66 .successForwardUrl("/success"); 67 } 68 }
配置类初始化
1 package com.flower.dance.config; 2 3 import org.springframework.web.filter.CharacterEncodingFilter; 4 import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer; 5 6 import javax.servlet.Filter; 7 8 /** 9 * @Description 配置加载类 10 * @ClassName com.flower.dance.config.StartConfig 11 * @Author mr.zhang 12 * @Date 2020/5/2 16:03 13 * @Version 1.0.0 14 **/ 15 public class StartConfig extends AbstractAnnotationConfigDispatcherServletInitializer { 16 17 /** 18 * 根配置类加载 19 * @return class<?>[] 20 */ 21 @Override 22 protected Class<?>[] getRootConfigClasses() { 23 return new Class[]{SpringConfig.class,WebSecurityConfig.class}; 24 } 25 26 /** 27 * Web配置类加载 28 * @return class<?>[] 29 */ 30 @Override 31 protected Class<?>[] getServletConfigClasses() { 32 return new Class[]{SpringMvcConfig.class}; 33 } 34 35 /** 36 * 拦截请求 37 * @return string[] 38 */ 39 @Override 40 protected String[] getServletMappings() { 41 return new String[]{"/"}; 42 } 43 44 /** 45 * 编码过滤器 46 * @return filter[] 47 */ 48 @Override 49 protected Filter[] getServletFilters() { 50 CharacterEncodingFilter encodingFilter = new CharacterEncodingFilter(); 51 encodingFilter.setEncoding("UTF-8"); 52 return new Filter[]{encodingFilter}; 53 } 54 }
安全类初始化
1 package com.flower.dance.config; 2 3 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; 4 5 /** 6 * @Description SpringSecurity初始化类 7 * @ClassName SpringSecurityApplicationInitializer 8 * @Author mr.zhang 9 * @Date 2020/5/6 19:00 10 * @Version 1.0.0 11 **/ 12 public class SpringSecurityApplicationInitializer extends AbstractSecurityWebApplicationInitializer { 13 14 public SpringSecurityApplicationInitializer() { 15 // 如果不适用Spring 需要调用父类传入安全类 16 // super(WebSecurityConfig.class); 17 } 18 }
控制器
1 package com.flower.dance.controller; 2 3 import org.springframework.web.bind.annotation.RequestMapping; 4 import org.springframework.web.bind.annotation.RestController; 5 6 import javax.servlet.http.HttpSession; 7 8 /** 9 * @Description 认证控制器 10 * @ClassName AuthService 11 * @Author mr.zhang 12 * @Date 2020/5/2 17:40 13 * @Version 1.0.0 14 **/ 15 @RestController 16 public class AuthController { 17 18 /** 19 * 成功后跳转 提供给SpringSecurity使用 20 * @return 21 */ 22 @RequestMapping(value="/success",produces = ("text/plain;charset=UTF-8")) 23 public String loginSuccess(){ 24 return "登录成功"; 25 } 26 27 28 }
配置完成后 使用Maven配置的Tomcat7插件启动
clean tomcat7:run
SpringSecurity提供了登录页面
根据构建的认证信息登录
SpringSecurity自带了退出接口
点击退出后回到登录页面
今天不是很忙,感觉51过后回来,轻松了好多,还有时间学习了
作者:彼岸舞
时间:2020�5�6
内容关于:spring security
本文部分来源于网络,只做技术分享,一概不负任何责任