spring_security开发指引-实例

1、Spring Security 3E置说明：项目的总体结构，如下图 .3斯J击com,azt出beanl jj Documentjava，磁service(I8 implJ.| DoturnentServicelmplJavE,J | HelloServiceImplJava| J | Do cu me ntSe rvic e J a va-2) HelioServicejava 2) DBUtiljava； applicationConteKt.xml窗message5_zh_CNpropertie5J RE System Library : iur JZ .K Java EE 5 Libr

2、aries吕Referenced Libr就 %Webftoot0昌META-INFE&4NIjf indexjtp- 廨效的3/ S e $ s i o nTi m eo htm FZ?1.下载Spring Security 3下载地址：/spring-security/site/downloads.html2.搭建Spring Security 3的环境解压后，如下图：够鼻晋 yaccesDenied jspadminjspdistdocsclas5_mapping_from_2.0.x.txtlicense.txt. no

3、ticentwtdist文件夹中， 是项目中所需要的jar文件， 和两个Dem则子，DemoM子 是用.war格式的文件给我们的。如图：俱spring-security-acl-3.0.5. RELEASE Jar,_ spring-security-acl-S.OnS-RELEASE-sourcesJar黄springreErity-aspectAOERELEASE,jar邑spring-gecLinty-aspects-3.0,5fRELEASE-5Oijrce5jrI土spring-secunty-ca5-client-3,0,5KRELEASE.jarLspring-5ecurity-

4、ca5-dient3.0.5.RELEASE-sources.jar, spring *s?curity-config-3,0,5.RELEASE Jarh*T, spring-security-config3,0,5.RELEASE-ourte.jar1山,$pring-ecurity-core-3f0.5.RELEASEjairl-H spring-security-core-3H05HRELEASE-soijrcesjarspring-5&curity-ldap-3.0.5.RELEASEjar,_ springrpcurityddmp-MQSRELEASEfourtesjarh

5、*T, spring-security-openid-SnO.S.RELEASE Jar,-ujspring-security-openid-S.O.S.RELEASE-sQurces.jarI spring-security-sannples-contacts-3H0.5.RELEASEHVvarspring-5?curit)-samp les-tutori il-3.0.5.RELEASE.warP spring*$ecunty-taglibs*3,0.5.RELEASE.jar spring-security-taglibs-O.S.RELEASE-sourceJarIJJJspring

6、 -security-web-3.0.5. RELEASE ar旦spring-security-web-SHO.SnRELEASE-sourcesJardocs文件夹中，是Spring Security 3的API和reference文档。2.1建立数据库和表(这里使用MySQL数据库名demO+十usernane-；aLithorit!IM! radmin: BOLE_ADMIN:manager! ROLEJ1ANAGER!uer! BOLE_USEfi!- *-+rows in set isql select * fi*on users；usernane ! pass toold ! e

7、nab led !- +， +admin!21232f297a57a5a743894A0e4a801fc3!1!manager:21232F297a57a5a743894a0e4a801Fc3 : 1 I user ! 21232F297aS7a5a743894a0e4a801fc3 ! 1 !Create table users (username varchar(50),password varchar(50),enabled boolean)注：密码是经过了md5加密的，插入数据的时候要注意Create table authority(username varchar(50),autho

8、rity varchar(50)【建表语句丢了，这个肯定有问题，但是字段都是没问题的】2.2导入需要的jar包1.在MyEclipse中加入Spring的支持，版本什么都可以2.把刚刚加入的Spring的jar包都删掉，只保留applicationContext.xml文件3.找到刚刚解压的Spring Security3的包，在dist文件夹中找到那两 个.war的文件，随便找一个，把后缀名改为.rar然后，然后解压出 来，找到WEN-INF lib文件火， 把其中所有的jar包都拷贝到Myeclipse的工程中。2.3配置web.xml文件3. 4. contextConfigLocati

9、onclasspath:applicationContext*.xml_8. springSecurityFilterChainorg.springframework.web.filter.DelegatingFilterProxy 1.32.springSecurityFilterChain/* org.springframework.web.context.ContextLoaderListener org.springframework.security.web.session.HttpSess

10、ionEventPublisher HelloS.azt.servlet.HelloServletDocumentS.azt.servlet.DocumentServlet/ servlet-class2.HelloServlet43./HelloServlet44.45.46. DocumentServlet47./DocumentServlet1.52.index.jsp .4配置Spring的applicationcontext.xmlsecured-annotations=enabledjsr250-annotations=e

11、nabled-security:global-method-securitysecurity:protect-pointcutaccess=ROLE_USER,ROLE_ADMINexpression=execution(* com.azt.service.*.sayHello(.)security:protect-pointcutaccess=ROLEADMINexpression=execution(* com.azt.service.*.say*(.)/ security:global-method-securitysecurity:httpsecurity:intercept-urla

12、ccess =ROLE_ADMIN,ROLE_MANAGER/ security:session-management/ security:form-login/-!-请求页面可能带一些参数,所以后面加*号,TIPS要注意前面一定要根目录pattern =/login.jsp*pattern =/admin.jsp*/= /HelloServlet security:session-management=/SessionTimeout.htmlinvalid-session-urlpattern= truemax-sessions =1 bean id =helloServiceclass =

13、com.azt.service.impl.HelloServiceImpl配置login.jsp用户登录$sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message 用户名：密 码： 配置index.jsp引入标签：Body部分首页欢迎您进入admin.jsp页面！a href =DocumentServlet?method=adda href =DocumentServlet?method=updatea href =DocumentServlet?method=deleteproperty =name !新增文档更新文档删除文档进入admin.jsp页面！a href =DocumentServlet?method=updatea href = DocumentServlet?method=adda href = DocumentServlet?method=find 问好 再见a href =j_spring_security_logoutSessinTimeout页面您的会话超时了！ ！ ！ ！