xml ：spring-security 配置

>http://www.mkyong.com/spring-security/spring-security-hello-world-example/

In this tutorial,we will show you how to integrate Spring Security with a Spring MVC web application to secure a URL access. After implementing Spring Security,to access the content of an “admin” page,users need to key in the correct “username” and “password”.

Technologies used :

1. Spring 3.2.8.RELEASE
2. Spring Security 3.2.3.RELEASE
3. Eclipse 4.2
4. JDK 1.6
5. Maven 3

1. Project Demo

2. Directory Structure

Review the final directory structure of this tutorial.

3. Spring Security Dependencies

To use Spring security,you needspring-security-webandspring-security-config.

<properties>
	<jdk.version>1.6</jdk.version<spring.version>3.2.8.RELEASE</spring.version<spring.security.version>3.2.3.RELEASE</spring.security.version<jstl.version>1.2</jstl.version>
</properties>

<dependencies>

	<!-- Spring dependencies -->
	<dependency>
		<groupId>org.springframework</groupId<artifactId>spring-core</artifactId<version>${spring.version}</version</dependency>

	>spring-web>spring-webmvc>

	<!-- Spring Security -->
	>org.springframework.security>spring-security-web>${spring.security.version}>spring-security-config>

	<!-- jstl for jsp page -->
	>jstl>${jstl.version}</dependencies>

4. Spring MVC Web Application

A simple controller :

1. If URL =/welcomeor/,return hello page.
2. If URL =/admin,return admin page.

Later,we will show you how to use Spring Security to secure the “/admin” URL with a user login form.

package com.mkyong.web.controller;

import org.springframework.stereotype.Controller;
.bind.annotation.RequestMapping.RequestMethod.servlet.ModelAndView;

@Controller
public class HelloController {

	@RequestMapping(value = { "/", "/welcome**" }= RequestMethod.GET)
	public ModelAndView welcomePage() {

		ModelAndView model = new ModelAndView);
		model.addObject("title""Spring Security Hello World""message""This is welcome page!"setViewName"hello";
		return model;

	}

	= "/admin**"adminPage"This is protected page!""admin";

		}

}

Two JSP pages.

<%@page session="false"%>
<html<body<h1>Title : ${title}</h1>Message : ${message}</body</html>

<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<c:if test="${pageContext.request.userPrincipal.name != null}">
	   <h2>Welcome : ${pageContext.request.userPrincipal.name}
           | <a href="<c:url value"/j_spring_security_logout" />" > Logout</a></h2</c:if
  mvc-dispatcher-servlet.xml 
 
<beans xmlns"http://www.springframework.org/schema/beans" xmlns:context"http://www.springframework.org/schema/contextxmlns:xsi"http://www.w3.org/2001/XMLSchema-instancexsi:schemaLocation" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd<context:component-scan base-package"com.mkyong.*/>

	<bean class"org.springframework.web.servlet.view.InternalResourceViewResolver>
	  <property name"prefix<value>/WEB-INF/pages/</value</property"suffix>.jsp</bean</beans 5. Spring Security : User Authentication 
 Create a Spring Security XML file.
 

  spring-security.xml 
 
<beans:beans "http://www.springframework.org/schema/securityxmlns:beans"http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd<http auto-config"true<intercept-url pattern"/admin**access"ROLE_USER/>
	</http<authentication-manager<authentication-provider>
	    <user-service<user "mkyongpassword"123456authorities/>
	    </user-service</authentication-provider</authentication-manager</beans:beans>
 
 It tells,only user “mkyong” is allowed to access the/adminURL.
 
 6. Integrate Spring Security
 
 To integrate Spring security with a Spring MVC web application,just declaresDelegatingFilterProxyas a servlet filter to intercept any incoming request.
 

  web.xml 
 
<web-app id"WebApp_IDversion"2.4"http://java.sun.com/xml/ns/j2ee"http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd<display-name>Spring MVC Application</display-name>

	<!-- Spring MVC -->
	<servlet<servlet-name>mvc-dispatcher</servlet-name<servlet-class>org.springframework.web.servlet.DispatcherServlet
		</servlet-class<load-on-startup>1</load-on-startup</servlet<servlet-mapping<url-pattern>/</url-pattern</servlet-mapping<listener<listener-class>org.springframework.web.context.ContextLoaderListener
		</listener-class</listener>

        <!-- Loads Spring Security config file -->
	<context-param<param-name>contextConfigLocation</param-name<param-value>
			/WEB-INF/spring-security.xml
		</param-value</context-param<filter<filter-name>springSecurityFilterChain</filter-name<filter-class>org.springframework.web.filter.DelegatingFilterProxy
		</filter-class</filter<filter-mapping>/*</filter-mapping</web-app 7. Demo 
 That’s all,but wait… where’s the login form? No worry,if you do not define any custom login form,Spring will create a simple login form automatically.
 
 
 Custom Login Form 
 
 Read this “ 
 Spring Security form login example” to understand how to create a custom login form in Spring Security. 
 
 1. Welcome Page –http://localhost:8080/spring-security-helloworld-xml/welcome
 
 
  
 
 2. Try to access/adminpage,Spring Security will intercept the request and redirect to/spring_security_login,and a predefined login form is displayed.
 
 3. If username and password is incorrect,error messages will be displayed,and Spring will redirect to this URL/spring_security_login?login_error.
 
 4. If username and password are correct,Spring will redirect the request to the original requested URL and display the page.
 
 
  
 
 Download Source Code
 

  Download it – 
 spring-security-helloworld-xml.zip(9 KB) 
 
 References
 
 
 
Spring Security Official Site
 
 
Spring 3 MVC hello world example
 
 
Spring Security form login example (authentication)
 
                        
（编辑：李大同）
【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!