博客开发笔记四——Spring Secruity 3最小系统
1、配置
<?xml?version="1.0"?encoding="UTF-8"?><b:beans?xmlns="http://www.springframework.org/schema/security"xmlns:b="http://www.springframework.org/schema/beans"??????xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"??????xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.4.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd????????????">??????<!-- 使用注解 -->????<global-method-security?pre-post-annotations="enabled">????</global-method-security>
????<http?use-expressions="true"?auto-config="true"?>??? ??<intercept-url?pattern="/**/*"?access="permitAll"?/>????????<form-login?login-page="/user/login.page"?default-target-url="/index.page"?authentication-failure-url="/user/login.page?login_error=1"/>????????<http-basic/>????????<logout?logout-success-url="/user/logout.page"/>????????<remember-me?/>????</http>???????<!-- 密码编码 -->????<b:bean?id="passwordEncoder"?class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"></b:bean>???????<!-- 认证管理,基于数据库 -->????<authentication-manager>????????<authentication-provider>???????????<!-- <password-encoder hash="md5"/>? -->???????????<password-encoder?ref="passwordEncoder"?>????????????????<salt-source?user-property="username"?/>???????????????</password-encoder>???????????<jdbc-user-service?data-source-ref="oracleDataSource"/>????????</authentication-provider>????</authentication-manager>
</b:beans>
2、数据库Schema
create table users( username varchar_ignorecase(50) not null primary key, password varchar_ignorecase(50) not null, enabled boolean not null); create table authorities ( username varchar_ignorecase(50) not null, authority varchar_ignorecase(50) not null, constraint fk_authorities_users foreign key(username) references users(username)); create unique index ix_auth_username on authorities (username,authority);3、使用3.1用户注册? ? ? ? ? ? ? ? ? ? //密码进行编码保存? ? ? ? ? ? password =?passwordEncoder.encodePassword(password, username);????????????Vector<GrantedAuthority> authList =?new?Vector<GrantedAuthority>();??????????????????????//一定要加Authority,不然登陆不了??????? ?????authList.add(new?GrantedAuthorityImpl("ROLE_USERS"));????????????User user =?new?User(username, password,?true,?true,?true,?true, authList);????????????userDetailsManager.createUser(user);????????????return?"redirect:"?+ referer;3.2登陆页面<%@?page?language="java"?contentType="text/html; charset=ISO-8859-1"????pageEncoding="ISO-8859-1"%><%@?taglib?prefix='c'?uri='http://java.sun.com/jstl/core_rt'?%><!DOCTYPE?html?PUBLIC?"-//W3C//DTD HTML 4.01 Transitional//EN"?"http://www.w3.org/TR/html4/loose.dtd"><html><head><meta?http-equiv="Content-Type"?content="text/html; charset=ISO-8859-1"><title>Insert title here</title></head><body>????<c:if?test="${not empty?param.login_error}">??????<font?color="red">??????? Your login attempt was not successful, try again.<br/><br/>??????? Reason:?<c:out?value="${SPRING_SECURITY_LAST_EXCEPTION.message}"/>.??????</font>????</c:if>
????<form?name="f"?action="<c:url?value='/j_spring_security_check'/>"?method="POST">??????<table>????????<tr><td>User:</td><td><input?type='text'?name='j_username'?value='<c:if?test="${not empty?param.login_error}"><c:out?value="${SPRING_SECURITY_LAST_USERNAME}"/></c:if>'/></td></tr>????????<tr><td>Password:</td><td><input?type='password'?name='j_password'></td></tr>????????<tr><td><input?type="checkbox"?name="_spring_security_remember_me"></td><td>Don't ask for my password for two weeks</td></tr>
????????<tr><td?colspan='2'><input?name="submit"?type="submit"></td></tr>????????<tr><td?colspan='2'><input?name="reset"?type="reset"></td></tr>??????</table>
????</form></body></html>3.3应用<sec:authorize?access="hasRole('ROLE_USERS')"><a?href="#fast_pub">发表文章</a>?<a?href="./content/editcatalog.page">管理分类</a>?<a?href="<c:url?value="/j_spring_security_logout"/>">注销</a>?</sec:authorize>上面代码写在jsp页面里面,意思是拥有ROLE_USERS角色的用户才能访问