首頁技術(shù)文章正文

Spring Security初體驗

更新時間:2018年09月21日17時15分來源:傳智播客瀏覽次數(shù):

Spring Security是一個能夠為基于Spring的企業(yè)應(yīng)用系統(tǒng)提供聲明式的安全訪問控制解決方案的安全框架
要想使用他我先的加依賴

<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>5.0.1.RELEASE</version>
</dependency>
要做權(quán)限管理哪必須要攔截用戶的請求，那么當(dāng)然就有攔截器，那么就要在web.xml里面配置


<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
這樣所有的請求都要通過security的檢測
哪他是怎樣做權(quán)限管理的呢下面來看下  security 的配置文件
springSecurity.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:security="http://www.springframework.org/schema/security"
     xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/s ... spring-security.xsd">
  
  <security:http pattern="/login.jsp" security="none"></security:http>
  <security:http pattern="/failer.jsp" security="none"></security:http>
  <security:http pattern="/css/**" security="none"></security:http>
  <security:http pattern="/img/**" security="none"></security:http>
  <security:http pattern="/plugins/**" security="none"></security:http>

  <security:http auto-config="true" use-expressions="false">
      <security:intercept-url pattern="/**" access="ROLE_USER"></security:intercept-url>
      
      <security:form-login
              login-page="/login.jsp"
              login-processing-url="/login"
              default-target-url="/index.jsp"
              authentication-failure-url="/failer.jsp"
              username-parameter="username"
              password-parameter="password"
      ></security:form-login>

      
      <security:logout
              invalidate-session="true"
              logout-url="/logout"
              logout-success-url="/login.jsp" ></security:logout>
      
      <security:csrf disabled="true"></security:csrf>
  </security:http>

  
  <security:authentication-manager>
      
      <security:authentication-provider user-service-ref="userServiceImpl"></security:authentication-provider>
  </security:authentication-manager>
</beans>
從下面這行代碼可以看出他是基于URL 來控制的
<security:intercept-url pattern="/**" access="ROLE_USER"></security:intercept-url>

作者：傳智播客JacaEE培訓(xùn)學(xué)院
首發(fā)：http://java.itcast.cn/

上一篇：yum & 制作iso鏡像文件 下一篇：Spring Boot中使用MyBatis注解配置詳解