本来之前打算把第三天写基于Session认证授权的,但是后来视屏看完后感觉意义不大,而且内容简单,就不单独写成文章了;
简单说一下吧,就是通过Servlet的SessionApi
通过实现拦截器的前置拦截
通过setAttr..放入session中
会话中通过getAttr获取
获取不到跳转到登录页面
获取到就判断权限,查看是否有某些特定的权限标识,
如果有就放行,没有就返回无权限
好了说完了;
下面说SpringSecurity
简介:
创建一个Maven项目
本来打算先写理论最后贴代码的,但是感觉不是很清晰,还是直接上代码吧,理论适当即可
项目结构
maven依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.flower.dance</groupId>
<artifactId>springsecuritydemo</artifactId>
<version>1.0-SNAPSHOT</version>
<packaging>war</packaging>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<spring.version>5.1.5.RELEASE</spring.version>
<jackson.version>2.5.0</jackson.version>
</properties>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>5.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<!--<dependency>-->
<!--<groupId>org.springframework</groupId>-->
<!--<artifactId>spring-jdbc</artifactId>-->
<!--<version>${spring.version}</version>-->
<!--</dependency>-->
<!--<dependency>-->
<!--<groupId>org.springframework</groupId>-->
<!--<artifactId>spring-test</artifactId>-->
<!--<version>${spring.version}</version>-->
<!--<scope>test</scope>-->
<!--</dependency>-->
<!--<dependency>-->
<!--<groupId>org.aspectj</groupId>-->
<!--<artifactId>aspectjweaver</artifactId>-->
<!--<version>1.8.4</version>-->
<!--</dependency>-->
<!-- log4j -->
<!--<dependency>-->
<!--<groupId>log4j</groupId>-->
<!--<artifactId>log4j</artifactId>-->
<!--<version>1.2.17</version>-->
<!--</dependency>-->
<!-- servlet -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>3.0-alpha-1</version>
<scope>provided</scope>
</dependency>
<!--<dependency>-->
<!--<groupId>javax.servlet</groupId>-->
<!--<artifactId>jstl</artifactId>-->
<!--<version>1.2</version>-->
<!--</dependency>-->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.8</version>
</dependency>
</dependencies>
<build>
<plugins>
<!-- tomcat插件控制 -->
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.2</version>
<configuration>
<port>8080</port>
<path>/abc</path>
<uriEncoding>UTF-8</uriEncoding>
</configuration>
</plugin>
<!-- maven插件控制 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>utf-8</encoding>
</configuration>
</plugin>
</plugins>
</build>
</project>
Sping配置类
1 package com.flower.dance.config;
2 import org.springframework.context.annotation.ComponentScan;
3 import org.springframework.context.annotation.Configuration;
4 import org.springframework.context.annotation.FilterType;
5 import org.springframework.stereotype.Controller;
6
7 /**
8 * @Description Spring配置类
9 * @ClassName SpringConfig
10 * @Author mr.zhang
11 * @Date 2020/5/2 15:53
12 * @Version 1.0.0
13 **/
14 @Configuration
15 @ComponentScan(basePackages = {"com.flower.dance"},
16 excludeFilters = {
17 @ComponentScan.Filter(
18 type = FilterType.ANNOTATION,
19 value = {Controller.class}
20 )
21 })
22 public class SpringConfig {
23
24 }
SpringMvc配置类
1 package com.flower.dance.config;
2
3 import org.springframework.context.annotation.Bean;
4 import org.springframework.context.annotation.ComponentScan;
5 import org.springframework.context.annotation.Configuration;
6 import org.springframework.context.annotation.FilterType;
7 import org.springframework.stereotype.Controller;
8 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
9 import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
10 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
11 import org.springframework.web.servlet.view.InternalResourceViewResolver;
12
13 /**
14 * @Description WebMvc配置类
15 * @ClassName com.flower.dance.config.SpringMvcConfig
16 * @Author mr.zhang
17 * @Date 2020/5/2 15:57
18 * @Version 1.0.0
19 **/
20 @Configuration
21 @EnableWebMvc
22 @ComponentScan(
23 basePackages = "com.flower.dance.controller",
24 includeFilters = {
25 @ComponentScan.Filter(
26 type = FilterType.ANNOTATION,
27 classes = {Controller.class}
28 )
29 }
30 )
31 public class SpringMvcConfig implements WebMvcConfigurer {
32
33 /**
34 * 视图映射器
35 * @return internalResourceViewResolver
36 */
37 @Bean
38 public InternalResourceViewResolver internalResourceViewResolver(){
39 InternalResourceViewResolver internalResourceViewResolver = new InternalResourceViewResolver();
40 internalResourceViewResolver.setPrefix("/WEB-INF/views/");
41 internalResourceViewResolver.setSuffix(".jsp");
42 return internalResourceViewResolver;
43 }
44
45 /**
46 * 视图控制器
47 * @param registry
48 */
49 @Override
50 public void addViewControllers(ViewControllerRegistry registry) {
51 // registry.addViewController("/").setViewName("login");
52 // 重定向到login
53 registry.addViewController("/").setViewName("redirect:/login");
54 }
55
56 }
安全配置类
1 package com.flower.dance.config;
2
3 import org.springframework.context.annotation.Bean;
4 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
5 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
6 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
7 import org.springframework.security.core.userdetails.User;
8 import org.springframework.security.core.userdetails.UserDetailsService;
9 import org.springframework.security.crypto.password.NoOpPasswordEncoder;
10 import org.springframework.security.crypto.password.PasswordEncoder;
11 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
12
13 /**
14 * @Description 安全配置
15 * @ClassName WebSecurityConfig
16 * @Author mr.zhang
17 * @Date 2020/5/6 17:58
18 * @Version 1.0.0
19 **/
20 @EnableWebSecurity
21 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
22
23 /**
24 * 定义用户信息服务(查询用户信息)
25 * @return UserDetailsService
26 */
27 @Bean
28 @Override
29 public UserDetailsService userDetailsService(){
30 // 基于内存比对
31 InMemoryUserDetailsManager inMemoryUserDetailsManager = new InMemoryUserDetailsManager();
32 // 创建用户
33 inMemoryUserDetailsManager.createUser(User.withUsername("zs").password("zs").authorities("p1").build());
34 inMemoryUserDetailsManager.createUser(User.withUsername("ls").password("ls").authorities("p2").build());
35 return inMemoryUserDetailsManager;
36 }
37
38 /**
39 * 密码编码器
40 * @return PasswordEncode
41 */
42 @Bean
43 public PasswordEncoder passwordEncoder(){
44 // 暂时采用字符串比对
45 return NoOpPasswordEncoder.getInstance();
46 }
47
48 /**
49 * 安全拦截机制
50 * @param http
51 * @throws Exception
52 */
53 @Override
54 protected void configure(HttpSecurity http) throws Exception {
55 // 认证请求
56 http.authorizeRequests()
57 // 需要认证
58 .antMatchers("/r/**").authenticated()
59 // 其他的放行
60 .anyRequest().permitAll()
61 // 并且
62 .and()
63 // 允许表单登录
64 .formLogin()
65 // 成功后转发地址
66 .successForwardUrl("/success");
67 }
68 }
配置类初始化
1 package com.flower.dance.config;
2
3 import org.springframework.web.filter.CharacterEncodingFilter;
4 import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
5
6 import javax.servlet.Filter;
7
8 /**
9 * @Description 配置加载类
10 * @ClassName com.flower.dance.config.StartConfig
11 * @Author mr.zhang
12 * @Date 2020/5/2 16:03
13 * @Version 1.0.0
14 **/
15 public class StartConfig extends AbstractAnnotationConfigDispatcherServletInitializer {
16
17 /**
18 * 根配置类加载
19 * @return class<?>[]
20 */
21 @Override
22 protected Class<?>[] getRootConfigClasses() {
23 return new Class[]{SpringConfig.class,WebSecurityConfig.class};
24 }
25
26 /**
27 * Web配置类加载
28 * @return class<?>[]
29 */
30 @Override
31 protected Class<?>[] getServletConfigClasses() {
32 return new Class[]{SpringMvcConfig.class};
33 }
34
35 /**
36 * 拦截请求
37 * @return string[]
38 */
39 @Override
40 protected String[] getServletMappings() {
41 return new String[]{"/"};
42 }
43
44 /**
45 * 编码过滤器
46 * @return filter[]
47 */
48 @Override
49 protected Filter[] getServletFilters() {
50 CharacterEncodingFilter encodingFilter = new CharacterEncodingFilter();
51 encodingFilter.setEncoding("UTF-8");
52 return new Filter[]{encodingFilter};
53 }
54 }
安全类初始化
1 package com.flower.dance.config;
2
3 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
4
5 /**
6 * @Description SpringSecurity初始化类
7 * @ClassName SpringSecurityApplicationInitializer
8 * @Author mr.zhang
9 * @Date 2020/5/6 19:00
10 * @Version 1.0.0
11 **/
12 public class SpringSecurityApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
13
14 public SpringSecurityApplicationInitializer() {
15 // 如果不适用Spring 需要调用父类传入安全类
16 // super(WebSecurityConfig.class);
17 }
18 }
控制器
1 package com.flower.dance.controller;
2
3 import org.springframework.web.bind.annotation.RequestMapping;
4 import org.springframework.web.bind.annotation.RestController;
5
6 import javax.servlet.http.HttpSession;
7
8 /**
9 * @Description 认证控制器
10 * @ClassName AuthService
11 * @Author mr.zhang
12 * @Date 2020/5/2 17:40
13 * @Version 1.0.0
14 **/
15 @RestController
16 public class AuthController {
17
18 /**
19 * 成功后跳转 提供给SpringSecurity使用
20 * @return
21 */
22 @RequestMapping(value="/success",produces = ("text/plain;charset=UTF-8"))
23 public String loginSuccess(){
24 return "登录成功";
25 }
26
27
28 }
配置完成后 使用Maven配置的Tomcat7插件启动
clean tomcat7:run
SpringSecurity提供了登录页面
根据构建的认证信息登录
SpringSecurity自带了退出接口
点击退出后回到登录页面
今天不是很忙,感觉51过后回来,轻松了好多,还有时间学习了
作者:彼岸舞
时间:2020\05\06
内容关于:spring security
本文部分来源于网络,只做技术分享,一概不负任何责任