SSM整合SpringSecurity

Posted 2020-12-18 Amy清风

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了SSM整合SpringSecurity相关的知识，希望对你有一定的参考价值。

1.pom.xml配置

<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<groupId>com.qingfeng</groupId>
	<artifactId>SpringSecurity</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<packaging>war</packaging>

	<properties>
		<spring.security.version>5.1.3.RELEASE</spring.security.version>
	</properties>

	<dependencies>


		<!--引入Servlet支持 -->
		<dependency>
			<groupId>javax.servlet</groupId>
			<artifactId>javax.servlet-api</artifactId>
			<version>3.1.0</version>
			<scope>provided</scope>
		</dependency>


		<!--引入Spring Security支持 -->
		<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-core -->
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-core</artifactId>
			<version>${spring.security.version}</version>
		</dependency>

		<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-web -->
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-web</artifactId>
			<version>${spring.security.version}</version>
		</dependency>

		<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-config -->
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-config</artifactId>
			<version>${spring.security.version}</version>
		</dependency>
	</dependencies>	
	
	<build>
        <plugins>
            <plugin>
                <groupId>org.apache.tomcat.maven</groupId>
                <artifactId>tomcat7-maven-plugin</artifactId>
                <configuration>
                    <!-- 指定端口 -->
                    <port>9001</port>
                    <!-- 请求路径 -->
                    <path>/</path>
                </configuration>
            </plugin>
        </plugins>
    </build>

</project>

2.web.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://java.sun.com/xml/ns/javaee"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         version="2.5">
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:spring-security.xml</param-value>
    </context-param>
    
    <listener>
        <listener-class>
            org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>
    
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
</web-app>

3.spring-security.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
	xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
						http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

	<!--以下页面不被拦截 -->
	<http pattern="/login.html" security="none"></http>
	<http pattern="/login_error.html" security="none"></http> 

	<!--页面拦截规则 -->
	<http>
		<!-- intercept-url:表示拦截规则 pattern：页码的匹配规则，在webapp下面的 access：资源的控制规则，需要什么的条件 -->
		<!-- 所有的资源都需要是ROLE_ADMIN的角色可以访问 -->
		<intercept-url pattern="/**"
			access="hasRole(\'ROLE_ADMIN\')" />
		<!-- 表单登录 
				login-page：登录页面
				default-target-url：默认跳转页面
				authentication-failure-url：登录错误，跳转错误页面
		-->
		<form-login  login-page="/login.html"  default-target-url="/index.html"  authentication-failure-url="/login_error.html"/>
		<!-- 退出登录 -->
		<logout />
		<!--  关闭跨域请求伪造控制。因为静态页无法动态生成token，所以将此功能关闭。一般静态页采用图形验证码的方式实现防止跨域请求伪造的功能。-->
		<csrf  disabled="true" />
	</http>

	<!-- 认证管理器 -->
	<!-- <authentication-manager> 认证管理器 <authentication-provider> 认证的提供者，就是用来配置用户名和密码 
		<user-service> 用户的服务 <user /> 配置用户和密码 -->
	<authentication-manager>
		<authentication-provider   user-service-ref="userDetailsService">
			<!-- <user-service>
				name：用户名，password:用户密码 authorities：指定用户的角色
				<user name="admin"
					password="$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga"
					authorities="ROLE_ADMIN" />
			</user-service> -->

			<!-- 密码使用bcrypt加密 -->
			<password-encoder ref="bcryptEncoder" />
		</authentication-provider>
	</authentication-manager>

	<!-- bcrypt加密 -->
	<beans:bean id="bcryptEncoder"
		class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></beans:bean>

	<beans:bean id="userDetailsService"  class="com.qingfeng.service.UserDetailsServiceImpl"></beans:bean>

</beans:beans>

4.UserDetailsServiceImpl.java类

package com.qingfeng.service;

import java.util.ArrayList;
import java.util.List;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

public class UserDetailsServiceImpl implements UserDetailsService {

	@Override
	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
		//构建角色集合 ，项目中此处应该是根据用户名查询用户的角色列表
		List<GrantedAuthority> geAuthorities = new ArrayList<GrantedAuthority>();
		//添加角色ROLE_ADMIN
		geAuthorities.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
		/**
		 * 第一参数：username
		 * 第二参数："$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga"是BCrypt加密的密码
		 * 第三参数：geAuthorities是它的角色
		 */
		return new User(username,"$2a$10$rIxa8dDL8F8Bf.TeC5rOeev96e0wTo0FIuLmtdJ6T/a8CptHlAlga",geAuthorities);
	}

}

5.编写登录login.html页面

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>登录</title>
</head>
<body>

	<form action="/login" method="post">
		<table>
			<tr>
				<td>用户名
				<td />
				<td><input name="username" />
				<td />
			<tr />
			<tr>
				<td>密码
				<td />
				<td><input type="password" name="password" />
				<td />
			<tr />
		</table>
		<button>登录</button>
	</form>

</body>
</html>

6.编写登录login_error.html页面

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>登录错误</title>
</head>
<body>
<h1 >用户名和密码错误！</h1>
</body>
</html>

7.编写登录index.html页面

<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>欢迎来到 SpringSecurity</title>
</head>
<body>
	<h1>欢迎来到 SpringSecurity</h1>
</body>
</html>

8.运行项目，输入http://localhost:9001/地址，用户随便填写，密码：123456

以上是关于SSM整合SpringSecurity的主要内容，如果未能解决你的问题，请参考以下文章

SpringBoot整合SpringSecurity

（面试总结）SSM 整合案例：总体介绍

Java SSM 项目实战 day07 SpringSecurity源码分析

（面试总结）SSM 整合案例：总体复述

springboot和springsecurity的区别

BOOT-crm使用springsecurity替换拦截器