English | 简体中文 | 繁體中文 | Русский язык | Français | Español | Português | Deutsch | 日本語 | 한국어 | Italiano | بالعربية
在本教程中,我们将使用Spring MVC 框架实现 Spring Security。所有示例都是Spring MVC,并且是使用Maven项目创建的。
我们使用的是 Spring Security 5.0.0.RELEASE 版本,以下是maven依赖项,我们在所有示例中都使用了。
<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-sicherheit-web</artifactId> <version>5.0.0.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-sicherheit-core</artifactId> <version>5.0.0.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-sicherheit-config</artifactId> <version>5.0.0.RELEASE</version> </dependency>
要在Spring应用程序中实现Spring Security,我们可以使用XML或基于Java的配置对其进行配置。
我们来看一个示例,其中将使用XML来配置Spring Security。
像我们一样,点击 Datei 菜单找到 New→Maven Project 在以下屏幕截图中。
提供项目名称,然后按照以下步骤选择打包类型为 war(网络存档)。
完成该项目,它将为该项目创建一个空的目录结构,如下所示。
最初,它是空的。因此,让我们创建一个Spring MVC应用程序并与Spring Security集成。
这是我们的项目布局。它包含一个控制器,三个XML文件和两个JSP文件。
我们的项目名称为 springsecurity ,其中包含以下源文件。
HomeController. Java
package com.w3codebox.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@Controller
public class HomeController {
@RequestMapping(value="/", method=RequestMethod.GET)
public String home() {
return "home";
}
@RequestMapping(value="/admin", method=RequestMethod.GET)
public String privateHome() {
return "privatePage";
}
}spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/sicherheit
http://www.springframework.org/schema/sicherheit/spring-security.xsd">
<http auto-config="true">
<intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="1234" authorities="hasRole(ROLE_ADMIN)" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>spring-servlet.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation=" http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> <mvc:annotation-driven /> <context:component-scan base-package="com.w3codebox.controller"> </context:component-scan> <context:annotation-config></context:annotation-config> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix" value="/WEB-INF/views/></eigenschaft> <property name="suffix" value=".jsp"></eigenschaft> </bean> </beans>
web.xml
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE xml> <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1"> <!-- Spring Konfiguration --> <servlet> <servlet-name>spring</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>spring</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/spring-servlet.xml /WEB-INF/spring-security.xml </param-value> </context-param> </web-app>
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.w3codebox</groupId> <artifactId>springsecurity</artifactId> <version>0.0.1-SNAPSHOT</version> <verpackung>war</verpackung> <eigenschaften> <maven.compiler.target>1.8</maven.compiler.target> <maven.compiler.source>1.8</maven.compiler.source> </eigenschaften> <dependencies> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>5.0.2.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-sicherheit-web</artifactId> <version>5.0.0.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-sicherheit-core</artifactId> <version>5.0.0.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-sicherheit-config</artifactId> <version>5.0.0.RELEASE</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> <scope>provided</scope> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <version>2.6</version> <konfiguration> <failOnMissingWebXml>false</failOnMissingWebXml> </konfiguration> </plugin> </plugins> </build> </project>
home.jsp
<html> <head> <meta content="text/html; charset=UTF-8"> <title>Home</title> </head> <body> <h2>Willkommen bei w3codebox spring tutorial!</h2> </body> </html>
home.jsp
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Admin</title> </head> <body> Hello Admin </body> </html>
Output
This example uses Apache Tomcat v9.0 executed. After running, it will produce the following output to the browser.
Initially, it will display home.jsp page, which will display the following output.
If we enter/ admin If we add spring security to the admin page, the browser, the application will produce the following output.
Request URL: http: //localhost: 8080/springsecurity/admin
Now, this is the real magic of Spring Security provided to protect resources.
This is a module provided by Spring Security that we did not create. It will also verify the user input.
provide incorrect credentials.
If we provide incorrect login credentials, it will use the ones we spring-security.xml The username and password mentioned in the file are verified.
If the login credentials are incorrect after verification, an error message will be triggered.
In this example, we have seen the Spring Security login module and how it verifies the username and password provided.
Next, we will implement further logic for the theme, for example: displaying the user after successful login.