We first come to a simple Spring Security login, the first need to build the environment, here we use spring+springmvc+spring Security, database with hibernate4+oracle, about the jar package, Spring and Springmvc I use the 3.2 version.
In Web. xml, We primarily configure the integration of spring, springmvc, and spring Security.
<?xml version= "1.0" encoding= "UTF-8"? ><web-app xmlns:xsi= "http://www.w3.org/2001/ Xmlschema-instance " xmlns=" Http://java.sun.com/xml/ns/javaee " xmlns:web=" http://java.sun.com/xml/ns/ Javaee/web-app_2_5.xsd " xsi:schemalocation=" http://java.sun.com/xml/ns/javaee http://java.sun.com/ Xml/ns/javaee/web-app_2_5.xsd " id=" Dogstoreapp " version=" 2.5 "> <display-name>dog Store</display-name> <!-- Integrated Spring Universal Configuration --> < context-param> <param-name>contextconfiglocation</param-name> <param-value> </param-value> </context-param> <listener> <listener-class> Org.springframework.web.context.contextloaderlistener</listener-class> </listener> <!--&nbSp SPRINGMVC Front Controller --> <servlet> <servlet-name>dogstore</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> < servlet-mapping> <servlet-name>dogstore</servlet-name> <url-pattern>*.do</url-pattern> </servlet-mapping> <!-- springsecurity Core Filter Configuration --> <filter> < Filter-name>springsecurityfilterchain</filter-name> <filter-class> org.springframework.web.filter.delegatingfilterproxy</filter-class> </filter> <filter-mapping> <filter-name>springsecurityfilterchain</ Filter-name> <url-pattErn>/*</url-pattern> </filter-mapping></web-app>
Now that we need to configure the components of spring security, before we configure the Spring Security permission control file, Let's extend the Spring security permission Control method:
1, do not use the database, all the data written in the configuration file, This is the official document inside the demo;
2, using the database, according to the spring security default implementation code design database, that is, the database has been fixed, This method is not flexible, and the database design is very simple, poor practicality;
3, Spring Security and Acegi different, It can not modify the default filter, but support inserting filter, so according to this, we can insert their own filter to use flexibly;
4, Violent means, Modify the source code, said before the modification of the default filter is only to modify the configuration file to replace the filter, this is directly changed inside the source code, but this does not conform to the OO design principles, and not practical, not available.
Now configure Dogstore-security.xml This file, about the namespace configuration, The official provides two configuration scenarios
<beans xmlns= "http://www.springframework.org/schema/beans" xmlns:security= "http://www.springframework.org/schema/security" xmlns : xsi= "http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation= "/http www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd " > ... </beans>
< /span> The second type, the namespace starts with security, does not require a security prefix in the configuration, but the bean configuration requires <beans:bean> configuration
<beans:beans xmlns= "http://www.springframework.org/schema/ Security " xmlns:beans=" Http://www.springframework.org/schema/beans " xmlns:xsi= "http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation= "http// www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/ Spring-security.xsd "> ... </beans:beans>
< /span> first, Let's start with the first permission control above to make a simple demo:dogstore-security.xml, Note that the jar you refer to is consistent with the namespace version
<?xml version= "1.0" encoding= "UTF-8"? ><beans:beans xmlns= "http://www.springframework.org/schema/security" xmlns:xsi= "http://www.w3.org/2001/ Xmlschema-instance "xmlns:beans=" Http://www.springframework.org/schema/beans "xsi:schemalocation="/http/ www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsdhttp:// www.springframework.org/schema/security http://www.springframework.org/schema/security/ Spring-security-3.1.xsd ">
The first HTTP tag is basically configured to block the url, it is probably configured if you want to access a path, which connection permissions are required, and the HTTP tag under the Authentication-manger tag is configured by those users have what permissions, At present, we will take this step for a moment to do, the following detailed Introduction.
Now let's refine the configuration files required by spring and springmvc, Above Web. XML we have reserved the contextconfiglocation to introduce the configuration file, first create the dogstore-base.xml empty file, This is the spring configuration file, if what is needed later, we add
<?xml version= "1.0" encoding= "UTF-8"?><beans xmlns= "http://www.springframework.org/schema/beans" xmlns:xsi= "http://www.w3.org/2001/XMLSchema-instance" xmlns: context= "http://www.springframework.org/schema/context" xmlns:jdbc= "http://www.springframework.org/schema/jdbc" xsi:schemalocation= "http://www.springframework.org/schema/beans http://www.springframework.org/schema/ beans/spring-beans.xsdhttp://www.springframework.org/schema/jdbc http://www.springframework.org/ schema/jdbc/spring-jdbc-3.0.xsdhttp://www.springframework.org/schema/context http:// Www.springframework.org/schema/context/spring-context-2.5.xsd "> </beans>
SPRINGMVC Configuration file, Configure the view resolution first, SPRINGMVC configuration will automatically find the configuration file, servlet's name is (<servlet-name>) is dogstore, the contract is better than the configuration will look for a configuration file named Dogstore-servelt.xml in the Web-inf directory
<?xml version= "1.0" encoding= "UTF-8"? ><beans xmlns= "http://www.springframework.org/ Schema/beans "xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance "xmlns:context="/http/ Www.springframework.org/schema/context "xmlns:jdbc=" Http://www.springframework.org/schema/jdbc "xsi: schemalocation= "http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/ spring-beans.xsdhttp://www.springframework.org/schema/jdbc http://www.springframework.org/schema/ jdbc/spring-jdbc-3.0.xsdhttp://www.springframework.org/schema/context http://www.springframework.org/ Schema/context/spring-context-3.0.xsd "><bean id=" Viewresolver " class=" Org.springframework.web.servlet.view.UrlBasedViewResolver "> <property name=" Viewclass " value=" Org.springframework.web.servlet.view.JstlView "/> <property Name= "prefix" value= "/web-inf/views/"/> <property&Nbsp;name= "suffix" value= ". jsp"/></bean></beans>
The basic usage of spring, springmvc, and spring security profiles is now configured, introducing WEB.XML,SPRINGMVC to introduce itself into the configuration File.
<context-param> <param-name>contextConfigLocation</param-name> <param-value>/web-inf/d Ogstore-security.xml/web-inf/dogstore-base.xml </param-value> </context-param>
By adding the above configuration to tomcat, the springsecurity will automatically generate a login page before the custom login page, for example, we add the homepage under Web. XML to verify that the interception is valid
<welcome-file-list> <welcome-file>main.jsp</welcome-file> </welcome-file-list>
Add main.jsp under WebContent
<%@ page language= "java" contenttype= "text/html; Charset=utf-8 "pageencoding=" UTF-8 "%><! DOCTYPE HTML public "-//w3c//dtd HTML 4.01 transitional//en" "http://www.w3.org/TR/html4/loose.dtd" >
650) this.width=650; "src=" http://s2.51cto.com/wyfs02/M01/8A/5C/wKiom1guaj6gmmFQAAAVmPWYZl8751.png "title=" QQ picture 20161118104050.png "alt=" wkiom1guaj6gmmfqaaavmpwyzl8751.png "/>
Enter the wrong account or the wrong password
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/8A/58/wKioL1guapnSOvKHAAAi-apJWqg876.png "title=" QQ picture 20161118104215.png "alt=" wkiol1guapnsovkhaaai-apjwqg876.png "/>
Enter the guest/guest configured above to log in Successfully.
This article is from the "attack on the program ape" blog, please be sure to keep this source http://zangyanan.blog.51cto.com/11610700/1874163
Follow me learn spring Security--online Pet Shop Development (ii)