JavaEE
鸿蒙应用开发
HTML&JS+前端
Python+大数据开发
人工智能开发
电商视觉设计
软件测试
新媒体+短视频
产品经理
集成电路应用开发
C/C++
狂野架构师
IP短视频
Spring Security初体验
更新时间:2018年09月21日17时15分 来源:传智播客 浏览次数:
Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架
要想使用他我先的加依赖
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>5.0.1.RELEASE</version>
</dependency>
要做权限管理哪必须要拦截用户的请求,那么当然就有拦截器,那么就要在web.xml里面配置
<!--springSecurity委派过滤器-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这样所有的请求都要通过security的检测
哪他是怎样做权限管理的呢下面来看下 security 的配置文件
springSecurity.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans.xsdhttp://www.springframework.org/schema/security http://www.springframework.org/s ... spring-security.xsd">
<!--放行一些资源-->
<security:http pattern="/login.jsp" security="none"></security:http>
<security:http pattern="/failer.jsp" security="none"></security:http>
<security:http pattern="/css/**" security="none"></security:http>
<security:http pattern="/img/**" security="none"></security:http>
<security:http pattern="/plugins/**" security="none"></security:http>
<security:http auto-config="true" use-expressions="false">
<security:intercept-url pattern="/**" access="ROLE_USER"></security:intercept-url>
<!--配置登陆表单-->
<security:form-login
login-page="/login.jsp"
login-processing-url="/login"
default-target-url="/index.jsp"
authentication-failure-url="/failer.jsp"
username-parameter="username"
password-parameter="password"
></security:form-login>
<!--退出配置-->
<security:logout
invalidate-session="true"
logout-url="/logout"
logout-success-url="/login.jsp" ></security:logout>
<!--关闭跨域请求-->
<security:csrf disabled="true"></security:csrf>
</security:http>
<!--登陆认证连接数据库,执行service方法-->
<security:authentication-manager>
<!--引用容器中的UserService对象,此对象一定要实现接口UserDetailsService-->
<security:authentication-provider user-service-ref="userServiceImpl"></security:authentication-provider>
</security:authentication-manager>
</beans>
从下面这行代码可以看出他是基于URL 来控制的
<security:intercept-url pattern="/**" access="ROLE_USER"></security:intercept-url>
猜你喜欢:
冒泡排序算法[动图介绍]
什么是java变量,java变量的定义
Java中switch条件语句的用法
要想使用他我先的加依赖
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>5.0.1.RELEASE</version>
</dependency>
要做权限管理哪必须要拦截用户的请求,那么当然就有拦截器,那么就要在web.xml里面配置
<!--springSecurity委派过滤器-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这样所有的请求都要通过security的检测
哪他是怎样做权限管理的呢下面来看下 security 的配置文件
springSecurity.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans.xsdhttp://www.springframework.org/schema/security http://www.springframework.org/s ... spring-security.xsd">
<!--放行一些资源-->
<security:http pattern="/login.jsp" security="none"></security:http>
<security:http pattern="/failer.jsp" security="none"></security:http>
<security:http pattern="/css/**" security="none"></security:http>
<security:http pattern="/img/**" security="none"></security:http>
<security:http pattern="/plugins/**" security="none"></security:http>
<security:http auto-config="true" use-expressions="false">
<security:intercept-url pattern="/**" access="ROLE_USER"></security:intercept-url>
<!--配置登陆表单-->
<security:form-login
login-page="/login.jsp"
login-processing-url="/login"
default-target-url="/index.jsp"
authentication-failure-url="/failer.jsp"
username-parameter="username"
password-parameter="password"
></security:form-login>
<!--退出配置-->
<security:logout
invalidate-session="true"
logout-url="/logout"
logout-success-url="/login.jsp" ></security:logout>
<!--关闭跨域请求-->
<security:csrf disabled="true"></security:csrf>
</security:http>
<!--登陆认证连接数据库,执行service方法-->
<security:authentication-manager>
<!--引用容器中的UserService对象,此对象一定要实现接口UserDetailsService-->
<security:authentication-provider user-service-ref="userServiceImpl"></security:authentication-provider>
</security:authentication-manager>
</beans>
从下面这行代码可以看出他是基于URL 来控制的
<security:intercept-url pattern="/**" access="ROLE_USER"></security:intercept-url>
猜你喜欢:
什么是java变量,java变量的定义
Java中switch条件语句的用法
最新资讯
0
分享到:
江苏传智播客教育科技股份有限公司 版权所有Copyright 2006-2024 All Rights Reserved 苏ICP备16007882号营业执照增值电信业务经营许可证出版物经营许可证
苏公网安备 32132202001156号