English | 简体中文 | 繁體中文 | Русский язык | Français | Español | Português | Deutsch | 日本語 | 한국어 | Italiano | بالعربية
In questo tutorial, utilizzeremoSpring MVC Implementazione del framework Spring Security.Tutti gli esempi sono basati su Spring MVC e sono stati creati utilizzando progetti Maven.
Quello che utilizziamo è Spring Security 5.0.0.RELEASE Versione, di seguito sono riportati i dipendenze Maven, che utilizziamo in tutti gli esempi.
<dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>5.0.0.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>5.0.0.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>5.0.0.RELEASE</version> </dependency>
Per implementare Spring Security in un'applicazione Spring, possiamo configurarlo utilizzando XML o configurazione basata su Java.
Prendiamo un esempio in cui utilizzeremo XML per configurare Spring Security.
Come noi, clicca File Trova nel menu Nuovo→Progetto Maven Nella seguente schermata.
Fornisci il nome del progetto e poi seleziona il tipo di pacchetto come segue war (archivio di rete).
CompletatoQuesto progetto creerà una struttura di directory vuota per il progetto, come mostrato di seguito.
All'inizio, era vuoto. Quindi, creiamo un'applicazione Spring MVC e integriamolo con Spring Security.
Questo è il layout del nostro progetto. Contiene un controller, tre file XML e due file JSP.
Il nome del nostro progetto è springsecurity contenente i seguenti file sorgenti.
HomeController. Java
package com.w3codebox.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@Controller
public class HomeController {
@RequestMapping(value="/", method=RequestMethod.GET)
public String home() {
return \
}
@RequestMapping(value="/admin", method=RequestMethod.GET)
public String privateHome() {
return \
}
}spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true">
<intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="1234" authorities="hasRole(ROLE_ADMIN)" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>spring-servlet.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation=" http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> <mvc:annotation-driven /> <context:component-scan base-package="com.w3codebox.controller"> </context:component-scan> <context:annotation-config></context:annotation-config> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix" value="/WEB-INF/views/"></property> <property name="suffix" value=".jsp"></property> </bean> </beans>
web.xml
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE xml> <web-app xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1"> <!-- Spring Configuration --> <servlet> <servlet-name>spring</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>spring</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/spring-servlet.xml /WEB-INF/spring-security.xml </param-value> </context-param> </web-app>
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.w3codebox</groupId> <artifactId>springsecurity</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>war</packaging> <properties> <maven.compiler.target>1.8</maven.compiler.target> <maven.compiler.source>1.8</maven.compiler.source> </properties> <dependencies> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>5.0.2.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>5.0.0.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>5.0.0.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>5.0.0.RELEASE</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> <scope>provided</scope> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <version>2.6</version> <configuration> <failOnMissingWebXml>false</failOnMissingWebXml> </configuration> </plugin> </plugins> </build> </project>
home.jsp
<html> <head> <meta content="text/html; charset=UTF-8"> <title>Home</title> </head> <body> <h2>Benvenuto su w3codebox spring tutorial!</h2> </body> </html>
home.jsp
<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Admin</title> </head> <body> Hello Admin </body> </html>
输出
此示例使用 Apache Tomcat v9.0 执行。运行后,它会向浏览器产生以下输出。
最初,它将呈现 home.jsp 页面,其中显示以下输出。
如果我们在管理页面中输入/ admin ,则会在管理页面中添加 spring security。浏览器,应用程序将产生以下输出。
请求 URL: http: //localhost: 8080/springsecurity/admin
现在,这是 Spring Security 提供的保护资源的真正魔力。
这是 spring security 提供的模块,我们没有创建它。还会验证用户输入。
提供错误的凭据。
如果我们提供了错误的登录凭据,它将使用我们在 spring-security.xml 文件中提到的用户名和密码进行验证。
验证后,如果登录凭据不正确,则会引发错误消息。
在这个示例中,我们已经看到了 Spring Security 的登录模块,并且它如何验证与所提供的用户名和密码相对应。
接下来,我们将实现主题进一步的逻辑,例如: 成功登录后呈现用户。