本来之前打算把第三天写基于Session认证授权的,但是后来视屏看完后感觉意义不大,而且内容简单,就不单独写成文章了;
简单说一下吧,就是通过Servlet的SessionApi
通过实现拦截器的前置拦截
通过setAttr..放入session中
会话中通过getAttr获取
获取不到跳转到登录页面
获取到就判断权限,查看是否有某些特定的权限标识,
如果有就放行,没有就返回无权限
好了说完了;
下面说SpringSecurity
简介:
创建一个Maven项目
本来打算先写理论最后贴代码的,但是感觉不是很清晰,还是直接上代码吧,理论适当即可
项目结构
maven依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion> <groupId>com.flower.dance</groupId>
<artifactId>springsecuritydemo</artifactId>
<version>1.0-SNAPSHOT</version> <packaging>war</packaging> <properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
<spring.version>5.1.5.RELEASE</spring.version>
<jackson.version>2.5.0</jackson.version>
</properties> <dependencies> <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>4.12</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>5.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.1.4.RELEASE</version>
</dependency> <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency> <!--<dependency>-->
<!--<groupId>org.springframework</groupId>-->
<!--<artifactId>spring-jdbc</artifactId>-->
<!--<version>${spring.version}</version>-->
<!--</dependency>--> <!--<dependency>-->
<!--<groupId>org.springframework</groupId>-->
<!--<artifactId>spring-test</artifactId>-->
<!--<version>${spring.version}</version>-->
<!--<scope>test</scope>-->
<!--</dependency>--> <!--<dependency>-->
<!--<groupId>org.aspectj</groupId>-->
<!--<artifactId>aspectjweaver</artifactId>-->
<!--<version>1.8.4</version>-->
<!--</dependency>--> <!-- log4j -->
<!--<dependency>-->
<!--<groupId>log4j</groupId>-->
<!--<artifactId>log4j</artifactId>-->
<!--<version>1.2.17</version>-->
<!--</dependency>--> <!-- servlet -->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>3.0-alpha-1</version>
<scope>provided</scope>
</dependency> <!--<dependency>-->
<!--<groupId>javax.servlet</groupId>-->
<!--<artifactId>jstl</artifactId>-->
<!--<version>1.2</version>-->
<!--</dependency>--> <dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.3</version>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.8</version>
</dependency> </dependencies> <build>
<plugins> <!-- tomcat插件控制 -->
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.2</version>
<configuration>
<port>8080</port>
<path>/abc</path>
<uriEncoding>UTF-8</uriEncoding>
</configuration>
</plugin>
<!-- maven插件控制 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.8</source>
<target>1.8</target>
<encoding>utf-8</encoding>
</configuration>
</plugin> </plugins>
</build>
</project>
Sping配置类
package com.flower.dance.config;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.FilterType;
import org.springframework.stereotype.Controller; /**
* @Description Spring配置类
* @ClassName SpringConfig
* @Author mr.zhang
* @Date 2020/5/2 15:53
* @Version 1.0.0
**/
@Configuration
@ComponentScan(basePackages = {"com.flower.dance"},
excludeFilters = {
@ComponentScan.Filter(
type = FilterType.ANNOTATION,
value = {Controller.class}
)
})
public class SpringConfig { }
SpringMvc配置类
package com.flower.dance.config; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.FilterType;
import org.springframework.stereotype.Controller;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.view.InternalResourceViewResolver; /**
* @Description WebMvc配置类
* @ClassName com.flower.dance.config.SpringMvcConfig
* @Author mr.zhang
* @Date 2020/5/2 15:57
* @Version 1.0.0
**/
@Configuration
@EnableWebMvc
@ComponentScan(
basePackages = "com.flower.dance.controller",
includeFilters = {
@ComponentScan.Filter(
type = FilterType.ANNOTATION,
classes = {Controller.class}
)
}
)
public class SpringMvcConfig implements WebMvcConfigurer { /**
* 视图映射器
* @return internalResourceViewResolver
*/
@Bean
public InternalResourceViewResolver internalResourceViewResolver(){
InternalResourceViewResolver internalResourceViewResolver = new InternalResourceViewResolver();
internalResourceViewResolver.setPrefix("/WEB-INF/views/");
internalResourceViewResolver.setSuffix(".jsp");
return internalResourceViewResolver;
} /**
* 视图控制器
* @param registry
*/
@Override
public void addViewControllers(ViewControllerRegistry registry) {
// registry.addViewController("/").setViewName("login");
// 重定向到login
registry.addViewController("/").setViewName("redirect:/login");
} }
安全配置类
package com.flower.dance.config; import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager; /**
* @Description 安全配置
* @ClassName WebSecurityConfig
* @Author mr.zhang
* @Date 2020/5/6 17:58
* @Version 1.0.0
**/
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { /**
* 定义用户信息服务(查询用户信息)
* @return UserDetailsService
*/
@Bean
@Override
public UserDetailsService userDetailsService(){
// 基于内存比对
InMemoryUserDetailsManager inMemoryUserDetailsManager = new InMemoryUserDetailsManager();
// 创建用户
inMemoryUserDetailsManager.createUser(User.withUsername("zs").password("zs").authorities("p1").build());
inMemoryUserDetailsManager.createUser(User.withUsername("ls").password("ls").authorities("p2").build());
return inMemoryUserDetailsManager;
} /**
* 密码编码器
* @return PasswordEncode
*/
@Bean
public PasswordEncoder passwordEncoder(){
// 暂时采用字符串比对
return NoOpPasswordEncoder.getInstance();
} /**
* 安全拦截机制
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
// 认证请求
http.authorizeRequests()
// 需要认证
.antMatchers("/r/**").authenticated()
// 其他的放行
.anyRequest().permitAll()
// 并且
.and()
// 允许表单登录
.formLogin()
// 成功后转发地址
.successForwardUrl("/success");
}
}
配置类初始化
package com.flower.dance.config; import org.springframework.web.filter.CharacterEncodingFilter;
import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer; import javax.servlet.Filter; /**
* @Description 配置加载类
* @ClassName com.flower.dance.config.StartConfig
* @Author mr.zhang
* @Date 2020/5/2 16:03
* @Version 1.0.0
**/
public class StartConfig extends AbstractAnnotationConfigDispatcherServletInitializer { /**
* 根配置类加载
* @return class<?>[]
*/
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[]{SpringConfig.class,WebSecurityConfig.class};
} /**
* Web配置类加载
* @return class<?>[]
*/
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[]{SpringMvcConfig.class};
} /**
* 拦截请求
* @return string[]
*/
@Override
protected String[] getServletMappings() {
return new String[]{"/"};
} /**
* 编码过滤器
* @return filter[]
*/
@Override
protected Filter[] getServletFilters() {
CharacterEncodingFilter encodingFilter = new CharacterEncodingFilter();
encodingFilter.setEncoding("UTF-8");
return new Filter[]{encodingFilter};
}
}
安全类初始化
package com.flower.dance.config; import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; /**
* @Description SpringSecurity初始化类
* @ClassName SpringSecurityApplicationInitializer
* @Author mr.zhang
* @Date 2020/5/6 19:00
* @Version 1.0.0
**/
public class SpringSecurityApplicationInitializer extends AbstractSecurityWebApplicationInitializer { public SpringSecurityApplicationInitializer() {
// 如果不适用Spring 需要调用父类传入安全类
// super(WebSecurityConfig.class);
}
}
控制器
package com.flower.dance.controller; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpSession; /**
* @Description 认证控制器
* @ClassName AuthService
* @Author mr.zhang
* @Date 2020/5/2 17:40
* @Version 1.0.0
**/
@RestController
public class AuthController { /**
* 成功后跳转 提供给SpringSecurity使用
* @return
*/
@RequestMapping(value="/success",produces = ("text/plain;charset=UTF-8"))
public String loginSuccess(){
return "登录成功";
} }
配置完成后 使用Maven配置的Tomcat7插件启动
clean tomcat7:run
SpringSecurity提供了登录页面
根据构建的认证信息登录
SpringSecurity自带了退出接口
点击退出后回到登录页面
今天不是很忙,感觉51过后回来,轻松了好多,还有时间学习了
作者:彼岸舞
时间:2020\05\06
内容关于:spring security
本文部分来源于网络,只做技术分享,一概不负任何责任