请教，spring security 配置

Posted 2023-03-09

1、原有框架springMVC+ hibernate+mysql，我想在此基础上添加spring security进行登录权限验证，首先想实现将用户名和密码写在配置文件中
2、添加jar

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>$org.springframework.version</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>$org.springframework.version</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>$org.springframework.version</version>
</dependency>

2、web.xml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

……
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
……
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>

3、login.jsp

1
2
3
4
5
6
7
8
9

<form id="form2" action="<c:url value='/j_spring_security_check' />" method="post">
<spring:message code="message.login.email"/>
<input type="text" id="j_username" name="j_username" value="$sessionScope['SPRING_SECURITY_LAST_USERNAME']"/>
<spring:message code="message.login.password"/>:</label>
<input type="password" id="j_password" name="j_password"/>
<input type="checkbox" name="_spring_security_remember_me" />
<spring:message code="message.login.keepLogin"/>
<input type="submit" value="<spring:message code='message.login.login'/>" />
</form>

4、springSecuritySimple-config.xml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true"
access-denied-page="/403.jsp"
>
<intercept-url pattern="/**" access="ROLE_USER"/>
<intercept-url pattern="/login.jsp" filters="none"/>
<intercept-url pattern="/common/**" filters="none"/>
<intercept-url pattern="/styles/**" filters="none"/>
<form-login login-page="/login.jsp"
login-processing-url="j_spring_security_check"
always-use-default-target="true"
default-target-url="/login.do"
authentication-failure-url="/403.jsp" />
<logout logout-url="/j_spring_security_logout"
logout-success-url="/login.jsp"
invalidate-session="true" />
<session-management
invalid-session-url="/sessionTimeout.do"
session-fixation-protection="none">
<concurrency-control max-sessions="1"
error-if-maximum-exceeded="true"/>
</session-management>
<http-basic/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="hj@163.com" password="1111" authorities="ROLE_USER,ROLE_ADMIN"/>
<user name="guest@163.com" password="1111" authorities="ROLE_ADMIN"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>

本回答由提问者推荐
举报| 回答纠错 | 参考技术A 1、原有框架springMVC+ hibernate+mysql，我想在此基础上添加spring security进行登录权限验证，首先想实现将用户名和密码写在配置文件中 2、添加jar org.springframework.security spring-security-core $org.springframework.version org.sp