maven 构建 springmvc + spring security 权限控制示例。

介绍 :Spring Security 基于 Spring 框架,提供了一套 Web 应用安全性的完整解决方案。一般来说,Web 应用的安全性包括用户认证(Authentication)和用户授权(Authorization)两个部分。用户认证指的是验证某个用户是否为系统中 的合法主体,也就是说用户能否访问该系统。用户认证一般要求用户提供用户名和密码。系统通过校验用户名和密码来完成认证过程。用户授权指的是验证某个用户 是否有权限执行某个操作。在一个系统中,不同用户所具有的权限是不同的。比如对一个文件来说,有的用户只能进行读取,而有的用户可以进行修改。一般来说, 系统会为不同的用户分配不同的角色,而每个角色则对应一系列的权限。

对于上面提到的两种应用情景,Spring Security 框架都有很好的支持。在用户认证方面,Spring Security 框架支持主流的认证方式,包括 HTTP 基本认证、HTTP 表单验证、HTTP 摘要认证、OpenID 和 LDAP 等。在用户授权方面,Spring Security 提供了基于角色的访问控制和访问控制列表(Access Control List,ACL),可以对应用中的领域对象进行细粒度的控制。下面是spring security的入门小例子。

项目文件结构:

所需的jar包:

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>WebApp_Test</groupId> <artifactId>WebApp_Test</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>war</packaging> <properties>

<spring.version>3.0.5.RELEASE</spring.version> </properties> <dependencies>

<!-- Spring 3 dependencies -->

<dependency>

<groupId>org.springframework</groupId>

<artifactId>spring-core</artifactId>

<version>${spring.version}</version>

</dependency>

<dependency>

<groupId>org.springframework</groupId>

<artifactId>spring-web</artifactId>

<version>${spring.version}</version>

</dependency>

<dependency>

<groupId>org.springframework</groupId>

<artifactId>spring-webmvc</artifactId>

<version>${spring.version}</version>

</dependency>

<!-- Spring Security -->

<dependency>

<groupId>org.springframework.security</groupId>

<artifactId>spring-security-core</artifactId>

<version>${spring.version}</version>

</dependency>

<dependency>

<groupId>org.springframework.security</groupId>

<artifactId>spring-security-web</artifactId>

<version>${spring.version}</version>

</dependency>

<dependency>

<groupId>org.springframework.security</groupId>

<artifactId>spring-security-config</artifactId>

<version>${spring.version}</version>

</dependency> </dependencies> <build>

<finalName>WebApp_Test</finalName>

<plugins>

<plugin>

<artifactId>maven-compiler-plugin</artifactId>

<configuration>

<source>1.6</source>

<target>1.6</target>

</configuration>

</plugin>

</plugins> </build></project> web.xml

<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="3.0"> <display-name>WebApp_Test</display-name> <welcome-file-list>

<welcome-file>index.jsp</welcome-file> </welcome-file-list>

<!-- spring mvc --> <servlet>

<servlet-name>spring-mvc</servlet-name>

<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

<load-on-startup>1</load-on-startup> </servlet> <servlet-mapping>

<servlet-name>spring-mvc</servlet-name>

<url-pattern>/</url-pattern> </servlet-mapping>

<listener>

<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener>

<context-param>

<param-name>contextConfigLocation</param-name>

<param-value>

/WEB-INF/spring-mvc-servlet.xml,

/WEB-INF/spring-security.xml

</param-value> </context-param>

<!-- spring security --> <filter>

<filter-name>springSecurityFilterChain</filter-name>

<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping>

<filter-name>springSecurityFilterChain</filter-name>

<url-pattern>/*</url-pattern> </filter-mapping> </web-app> spring-mvc-servlet.xml

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="

http://www.springframework.org/schema/beans

http://www.springframework.org/schema/beans/spring-beans-3.0.xsd

http://www.springframework.org/schema/context

http://www.springframework.org/schema/context/spring-context-3.0.xsd"> <context:component-scan base-package="com.controller" /> <bean

class="org.springframework.web.servlet.view.InternalResourceViewResolver">

<property name="prefix">

<value>/WEB-INF/pages/</value>

</property>

<property name="suffix">

<value>.jsp</value>

</property> </bean></beans> spring-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.3.xsd"> <http auto-config="true">

<intercept-url pattern="/hello*" access="ROLE_USER" /> </http> <authentication-manager>

<authentication-provider>

<user-service>

<user name="admin" password="123456" authorities="ROLE_USER" />

</user-service>

</authentication-provider> </authentication-manager></beans:beans> HelloController

package com.controller; import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RequestMethod;import org.springframework.web.servlet.ModelAndView; @Controller@RequestMapping("/hello")public class HelloController {

@RequestMapping(method = RequestMethod.GET) public ModelAndView

printHello() {

return new ModelAndView("hello", "message", "Hello Spring Security !"); }} hello.jsp页面

<html><body> <h1>Message : ${message}</h1> </body></htm

访问 http://localhost:8080/WebApp_Test/hello

进入Spring Securtiy 框架就自动产生的一个登录页面

输入User:admin,Password:123456 就可以进入之前请求页面了

附项目源码:http://www.oschina.net/code/snippet_137649_17023

快照源:http://my.oschina.net/huangcongmin12/blog/99560