spring_security開發(fā)指引-實例

1、Spring Security 3E置說明：項目的總體結(jié)構(gòu)，如下圖 .3斯J擊com,azt出beanl jj Documentjava，磁service(I8 implJ.| DoturnentServicelmplJavE,J | HelloServiceImplJava| J | Do cu me ntSe rvic e J a va-2) HelioServicejava 2) DBUtiljava； applicationConteKt.xml窗message5_zh_CNpropertie5J RE System Library : iur JZ .K Java EE 5 Libr

2、aries呂Referenced Libr就 %Webftoot0昌META-INFE&4NIjf indexjtp- 廨效的3/ S e $ s i o nTi m eo htm FZ?1.下載Spring Security 3下載地址：/spring-security/site/downloads.html2.搭建Spring Security 3的環(huán)境解壓后，如下圖：夠鼻晉 yaccesDenied jspadminjspdistdocsclas5_mapping_from_2.0.x.txtlicense.txt. no

3、ticentwtdist文件夾中， 是項目中所需要的jar文件， 和兩個Dem則子，DemoM子 是用.war格式的文件給我們的。如圖：俱spring-security-acl-3.0.5. RELEASE Jar,_ spring-security-acl-S.OnS-RELEASE-sourcesJar黃springreErity-aspectAOERELEASE,jar邑spring-gecLinty-aspects-3.0,5fRELEASE-5Oijrce5jrI土spring-secunty-ca5-client-3,0,5KRELEASE.jarLspring-5ecurity-

4、ca5-dient3.0.5.RELEASE-sources.jar, spring *s?curity-config-3,0,5.RELEASE Jarh*T, spring-security-config3,0,5.RELEASE-ourte.jar1山,$pring-ecurity-core-3f0.5.RELEASEjairl-H spring-security-core-3H05HRELEASE-soijrcesjarspring-5&curity-ldap-3.0.5.RELEASEjar,_ springrpcurityddmp-MQSRELEASEfourtesjarh

5、*T, spring-security-openid-SnO.S.RELEASE Jar,-ujspring-security-openid-S.O.S.RELEASE-sQurces.jarI spring-security-sannples-contacts-3H0.5.RELEASEHVvarspring-5?curit)-samp les-tutori il-3.0.5.RELEASE.warP spring*$ecunty-taglibs*3,0.5.RELEASE.jar spring-security-taglibs-O.S.RELEASE-sourceJarIJJJspring

6、 -security-web-3.0.5. RELEASE ar旦spring-security-web-SHO.SnRELEASE-sourcesJardocs文件夾中，是Spring Security 3的API和reference文檔。2.1建立數(shù)據(jù)庫和表(這里使用MySQL數(shù)據(jù)庫名demO+十usernane-；aLithorit!IM! radmin: BOLE_ADMIN:manager! ROLEJ1ANAGER!uer! BOLE_USEfi!- *-+rows in set isql select * fi*on users；usernane ! pass toold ! e

7、nab led !- +， +admin!21232f297a57a5a743894A0e4a801fc3!1!manager:21232F297a57a5a743894a0e4a801Fc3 : 1 I user ! 21232F297aS7a5a743894a0e4a801fc3 ! 1 !Create table users (username varchar(50),password varchar(50),enabled boolean)注：密碼是經(jīng)過了md5加密的，插入數(shù)據(jù)的時候要注意Create table authority(username varchar(50),autho

8、rity varchar(50)【建表語句丟了，這個肯定有問題，但是字段都是沒問題的】2.2導(dǎo)入需要的jar包1.在MyEclipse中加入Spring的支持，版本什么都可以2.把剛剛加入的Spring的jar包都刪掉，只保留applicationContext.xml文件3.找到剛剛解壓的Spring Security3的包，在dist文件夾中找到那兩 個.war的文件，隨便找一個，把后綴名改為.rar然后，然后解壓出 來，找到WEN-INF lib文件火， 把其中所有的jar包都拷貝到Myeclipse的工程中。2.3配置web.xml文件3. 4. contextConfigLocati

9、onclasspath:applicationContext*.xml_8. springSecurityFilterChainorg.springframework.web.filter.DelegatingFilterProxy 1.32.springSecurityFilterChain/* org.springframework.web.context.ContextLoaderListener org.springframework.security.web.session.HttpSess

10、ionEventPublisher HelloS.azt.servlet.HelloServletDocumentS.azt.servlet.DocumentServlet/ servlet-class2.HelloServlet43./HelloServlet44.45.46. DocumentServlet47./DocumentServlet1.52.index.jsp .4配置Spring的applicationcontext.xmlsecured-annotations=enabledjsr250-annotations=e

11、nabled-security:global-method-securitysecurity:protect-pointcutaccess=ROLE_USER,ROLE_ADMINexpression=execution(* com.azt.service.*.sayHello(.)security:protect-pointcutaccess=ROLEADMINexpression=execution(* com.azt.service.*.say*(.)/ security:global-method-securitysecurity:httpsecurity:intercept-urla

12、ccess =ROLE_ADMIN,ROLE_MANAGER/ security:session-management/ security:form-login/-!-請求頁面可能帶一些參數(shù),所以后面加*號,TIPS要注意前面一定要根目錄pattern =/login.jsp*pattern =/admin.jsp*/= /HelloServlet security:session-management=/SessionTimeout.htmlinvalid-session-urlpattern= truemax-sessions =1 bean id =helloServiceclass =

13、com.azt.service.impl.HelloServiceImpl配置login.jsp用戶登錄$sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message 用戶名：密 碼： 配置index.jsp引入標(biāo)簽：Body部分首頁歡迎您進(jìn)入admin.jsp頁面！a href =DocumentServlet?method=adda href =DocumentServlet?method=updatea href =DocumentServlet?method=deleteproperty =name !新增文檔更新文檔刪除文檔進(jìn)入admin.jsp頁面！a href =DocumentServlet?method=updatea href = DocumentServlet?method=adda href = DocumentServlet?method=find 問好 再見a href =j_spring_security_logoutSessinTimeout頁面您的會話超時了！ ！ ！ ！