Spring SecuritySpring
<??>
从下面这行代码可以看出他是基于URL 来控制的
<
是一个能够为基于
的企业应用系统提供声明式的安全访问控制解决方案的安全框架
要想使用他我先的加依赖
要想使用他我先的加依赖
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>
5.0.1.RELEASE
</version>
</dependency>
要做权限管理哪必须要拦截用户的请求,那么当然就有拦截器,那么就要在web.xml里面配置
</dependency>
要做权限管理哪必须要拦截用户的请求,那么当然就有拦截器,那么就要在web.xml里面配置
<!--springSecurity委派过滤器-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这样所有的请求都要通过
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
这样所有的请求都要通过
security的检测
哪他是怎样做权限管理的呢下面来看下
哪他是怎样做权限管理的呢下面来看下
security 的配置文件
springSecurity.xml
xml version
="1.0"
encoding
="UTF-8"
<
beans
xmlns
="http://www.springframework.org/schema/beans"
xmlns:
xsi
="http://www.w3.org/2001/XMLSchema-instance"
xmlns:
security
="http://www.springframework.org/schema/security"
xsi
:schemaLocation
="http://www.springframework.org/schema/beanswww.springframework.org/schema/bean…www.springframework.org/schema/secu… www.springframework.org/s ... sprin…"
>
<!--放行一些资源-->
<
security
:http
pattern
="/login.jsp"
security
="none"
></
security
:http
>
<
security
:http
pattern
="/failer.jsp"
security
="none"
></
security
:http
>
<
security
:http
pattern
="/css/**"
security
="none"
></
security
:http
>
<
security
:http
pattern
="/img/**"
security
="none"
></
security
:http
>
<
security
:http
pattern
="/plugins/**"
security
="none"
></
security
:http
>
<
security
:http
auto-config
="true"
use-expressions
="false"
>
<
security
:intercept-url
pattern
="/**"
access
="ROLE_USER"
></
security
:intercept-url
>
<!--配置登陆表单-->
<
security
:form-login
login-page
="/login.jsp"
login-processing-url
="/login"
default-target-url
="/index.jsp"
authentication-failure-url
="/failer.jsp"
username-parameter
="username"
password-parameter
="password"
></
security
:form-login
>
<!--退出配置-->
<
security
:logout
invalidate-session
="true"
logout-url
="/logout"
logout-success-url
="/login.jsp"
></
security
:logout
>
<!--关闭跨域请求-->
<
security
:csrf
disabled
="true"
></
security
:csrf
>
</
security
:http
>
<!--登陆认证连接数据库,执行service方法-->
<
security
:authentication-manager
>
<!--引用容器中的UserService对象,此对象一定要实现接口UserDetailsService-->
<
security
:authentication-provider
user-service-ref
="userServiceImpl"
></
security
:authentication-provider
>
</
security
:authentication-manager
>
</
beans
>
从下面这行代码可以看出他是基于URL 来控制的
<
security
:intercept-url
pattern
="/**"
access
="ROLE_USER"
></
security
:intercept-url
>
更多技术资讯可关注:gzitcast
