初识Spring security-添加security

Posted 2020-09-03 飞天0407

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了初识Spring security-添加security相关的知识，希望对你有一定的参考价值。

请先查看初识Spring security-无Security的SpringMVC

在pom.xml文件中添加包

<!-- Spring Security -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>${spring.security.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>${spring.security.version}</version>
        </dependency>

在web.xml文件中添加配置

<!-- Spring Security -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

在HelloController文件中添加代码

@RequestMapping(value = "/admin**", method = RequestMethod.GET)
    public ModelAndView adminPage() {
        ModelAndView model = new ModelAndView();
        model.addObject("title", "Spring Security Hello World");
        model.addObject("message", "This is protected page!);
        model.setViewName("admin");
        return model;
    }

添加模板文件admin.html，内容与hello.html一致

关键配置在spring-security.xml文件中

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
    <security:http auto-config="true">
        <security:intercept-url pattern="/admin**" access="hasRole(\'ROLE_USER\')"/>
    </security:http>
    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service>
                <security:user name="hongxf" password="123456" authorities="ROLE_USER" />
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>
</beans>

表明系统中添加一个用户名是hongxf，密码是123456，角色是ROLE_USER的用户，并配置访问/admin路径及其子路径必须含有角色ROLE_USER。

启动应用，访问http://localhost:8080/admin，则会跳转到http://localhost:8080/login，默认登录页

输入错误的用户名和密码，则会显示

输入正确的用户名和密码则会跳转到admin.html页面，说明简单的权限控制已经完成

以上是关于初识Spring security-添加security的主要内容，如果未能解决你的问题，请参考以下文章

Spring Cloud Security[微服务安全](一)初识Spring Cloud Security和OAuth2.0

01.Spring Security初识，表单认证

添加“spring-security-taglibs”后jsp中仍然报错：找不到spring security标签的标签库描述符

Spring cloud eureka 添加 spring-security

如何在 Spring WebFlux Security（Reactive Spring Security）配置中将多个用户角色添加到单个 pathMatcher/Route？

Spring Security - 多种配置 - 添加 LogoutHandler