写在前面的话:本人小白,仅供参考。
一、原材料
1、Eclipse软件,直接从官网下载;
2、SpringFramework的全套jar包:spring-framework-4.1.7.RELEASE-dist.zip;
3、Spring Security的全套jar包:spring-security-4.0.1.RELEASE-dist.zip;
4、SpringFramework依赖的jar包:commons-logging-4.0.6.jar,log4j-1.2.16.jar;
二、工序
1、Eclipse建立Dynamic Web类型(动态网页)的工程,注意自动生成web.xml文件(当然创建工程的时候不生成也可以后续手动添加)。
工程目录如下:
将(一)中2、3、4项包含的jar包全部拷贝到WebContent/WEB-INF/lib下;
2、配置web.xml文件
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee"
<span> </span>xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
<span> </span>id="WebApp_ID" version="3.1">
<display-name>security</display-name>
<!--
- Location of the XML file that defines the root application context
- Applied by ContextLoaderListener.
-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:applicationContext.xml
/WEB-INF/config-security.xml
</param-value>
</context-param>
<!-- 配置Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 配置Spring的Web应用 -->
<!--
- Loads the root application context of this web app at startup.
- The application context is then available via
- WebApplicationContextUtils.getWebApplicationContext(servletContext).
-->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
</web-app>
3、配置config-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http>
<span> </span><intercept-url pattern="/**" access="hasRole('USER')" />
<span> </span><form-login />
<span> </span><logout />
</http>
<!-- koala: koala emu:emu wombat:wombat -->
<authentication-manager>
<authentication-provider>
<password-encoder hash="md5"/>
<user-service>
<user name="koala" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
<user name="emu" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
<user name="wombat" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
4、配置applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.2.xsd">
<!-- Root Context: defines shared resources visible to all other web components -->
</beans>
5、编辑index.xml
<!doctype html>
<html>
<head>
<title>Spring Security</title>
</head>
<body>
<h1>Hello Sprig Security!</h1>
<hr>
</body>
</html>
三、验收
至此,我们并没有写任何的java代码,只是配置了Spring Security到我们的web工程中来并配置了简单的登录验证。我们可以看到如下效果:
图1 在tomcat服务器运行index.xml文件 图2 用户名/密码不匹配时
图2 用户名/密码匹配时