Spring Security入门教程

1、第一步编写web.xml：<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" version="3.0"> <display-name>SpringSecurityPrj</display-name> <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/springmvc-*.xml</param-value> </context-param> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list></web-app>

2、第二步编写Security的配置文件：<?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <!-- 自动配置模式，拦截所有请求，有ROLE_USER才可以通过 --> <http auto-config="true"> <intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <!-- 增加 ROLE_ADMIN角色--> <intercept-url pattern="/admin.jsp" access="ROLE_ADMIN"/> <intercept-url pattern="/**" access="ROLE_USER"/> <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1"/> <remember-me /> </http> <!-- 认证管理器。用户名密码都集成在配置文件中 --> <authentication-manager> <authentication-provider> <user-service> <!-- 添加ROLE_ADMIN角色 --> <user name="admin" password="654321" authorities="ROLE_USER,ROLE_ADMIN"/> <user name="jygzs" password="123456" authorities="ROLE_USER"/> </user-service> </authentication-provider> </authentication-manager> <!-- 指定中文资源 。默认命名空间是security,所以要加前缀beans: --> <beans:bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource"> <beans:property name="basename" value="classpath:org/springframework/security/messages_zh_CN"/> </beans:bean></beans:beans>

3、第三步编写登录成功的jsp页面：<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>登录首页</title></head><body><span color="red">登录成功!</span><br/><a href="admin.jsp">admin.jsp</a></body></html>

4、第四步编写管理员界面：<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head> <base href="<%=basePath%>"> <title>管理员页面</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> </head> <body> <p style="color:red">管理员页面</p> </body></html>

5、第五步编写自定义登录页面：<%@ page language="java" import="java.util.*" pageEncoding="UTF-8"%><%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %><%String path = request.getContextPath();String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";%><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html> <head> <base href="<%=basePath%>"> <title>用户登录</title> <meta http-equiv="pragma" content="no-cache"> <meta http-equiv="cache-control" content="no-cache"> <meta http-equiv="expires" content="0"> <meta http-equiv="keywords" content="keyword1,keyword2,keyword3"> <meta http-equiv="description" content="This is my page"> <!-- <link rel="stylesheet" type="text/css" href="styles.css"> --> </head> <body onLoad="document.f.j_username.focus();"><c:if test="${not empty param.login_error}"> <font color="red"> 登录失败，请重试.<br/><br/> 原因:<c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/> </font></c:if><form name="f" action="<c:url value='j_spring_security_check'/>" method="POST"> <table> <tr> <td>用户名:</td> <td> <input type='text' name='j_username' value='<c:if test="${not empty param.login_error}"><c:out value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/> </td> </tr> <tr> <td>密 码:</td> <td><input type='password' name='j_password'></td> </tr> <tr> <td colspan='2' align="center"> <input name="submit" type="submit"> <input name="reset" type="reset"> </td> </tr> </table></form></body></html>