1...spring_security.xml
1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans xmlns="http://www.springframework.org/schema/beans" 3 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 4 xmlns:security="http://www.springframework.org/schema/security" 5 xsi:schemaLocation="http://www.springframework.org/schema/beans 6 http://www.springframework.org/schema/beans/spring-beans.xsd 7 http://www.springframework.org/schema/security 8 http://www.springframework.org/schema/security/spring-security.xsd"> 9 <!--不拦截静态资源--> 10 <security:http pattern="/css/**" security="none"></security:http> 11 <security:http pattern="/img/**" security="none"></security:http> 12 <security:http pattern="/plugins/**" security="none"></security:http> 13 <!--不拦截登录 不拦截error --> 14 <security:http pattern="/login.jsp" security="none"></security:http> 15 <security:http pattern="/error.jsp" security="none"></security:http> 16 <security:http pattern="/favicon.ico" security="none"></security:http> 17 <!--拦截规则--> 18 <!--配置拦截的规则 19 auto-config 使用自带页面 20 use-expressions 是否使用spel 表达式 21 --> 22 <security:http auto-config="true" use-expressions="false"> 23 <!--配置;拦截地址 --> 24 <security:intercept-url pattern="/**" access="ROLE_USER"></security:intercept-url> 25 <!--配置你想跳转的具体页面--> 26 <security:form-login 27 login-page="/login.jsp" 28 login-processing-url="/login" 29 default-target-url="/index.jsp" 30 authentication-failure-url="/login.jsp" 31 ></security:form-login> 32 <!--关闭跨域请求--> 33 <security:csrf disabled="true"></security:csrf> 34 <!-- 退出登录--> 35 <security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/login.jsp"></security:logout> 36 </security:http> 37 <!--自带账户密码--> 38 <security:authentication-manager> 39 <security:authentication-provider user-service-ref="sysUserService"> 40 <!-- <security:password-encoder ref="passwordEncoder"></security:password-encoder>--> 41 <!-- <security:user-service>--> 42 <!-- <!–临时账户密码 不加密–>--> 43 <!-- <security:user name="admin" password="{noop}admin" authorities="ROLE_USER"></security:user>--> 44 <!-- </security:user-service>--> 45 </security:authentication-provider> 46 </security:authentication-manager> 47 <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></bean> 48 </beans>
2....web.xml
1 <!DOCTYPE web-app PUBLIC 2 "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" 3 "http://java.sun.com/dtd/web-app_2_3.dtd" > 4 5 <web-app> 6 <display-name>Archetype Created Web Application</display-name> 7 <context-param> 8 <param-name>contextConfigLocation</param-name> 9 <param-value>classpath*:applicationContext*.xml,classpath:spring_security.xml</param-value> 10 </context-param> 11 <filter> 12 <filter-name>CharacterEncodingFilter</filter-name> 13 <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> 14 <init-param> 15 <param-name>encoding</param-name> 16 <param-value>utf-8</param-value> 17 </init-param> 18 </filter> 19 <filter> 20 <filter-name>springSecurityFilterChain</filter-name> 21 <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 22 </filter> 23 <filter-mapping> 24 <filter-name>CharacterEncodingFilter</filter-name> 25 <url-pattern>/*</url-pattern> 26 </filter-mapping> 27 <!-- spring security 的过滤器配置 --> 28 29 <filter-mapping> 30 <filter-name>springSecurityFilterChain</filter-name> 31 <url-pattern>/*</url-pattern> 32 </filter-mapping> 33 <listener> 34 <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 35 </listener> 36 <servlet> 37 <servlet-name>DispatcherServlet</servlet-name> 38 <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 39 <init-param> 40 <param-name>contextConfigLocation</param-name> 41 <param-value>classpath*:spring_mvc.xml</param-value> 42 </init-param> 43 <!-- 按照tomcat顺序加载--> 44 <load-on-startup>1</load-on-startup> 45 </servlet> 46 <servlet-mapping> 47 <servlet-name>DispatcherServlet</servlet-name> 48 <url-pattern>/</url-pattern> 49 </servlet-mapping> 50 <welcome-file-list> 51 <welcome-file>index.html</welcome-file> 52 <welcome-file>index.htm</welcome-file> 53 <welcome-file>index.jsp</welcome-file> 54 <welcome-file>default.html</welcome-file> 55 <welcome-file>default.htm</welcome-file> 56 <welcome-file>default.jsp</welcome-file> 57 </welcome-file-list> 58 </web-app>
3...MD5 java代码 加密密码
1 package com.wsc.md5; 2 3 import java.math.BigInteger; 4 import java.security.MessageDigest; 5 import java.security.NoSuchAlgorithmException; 6 7 public class MD5Utils { 8 /** 9 * 使用md5的算法进行加密 10 */ 11 public static String md5(String plainText) { 12 byte[] secretBytes = null; 13 try { 14 secretBytes = MessageDigest.getInstance("md5").digest( 15 plainText.getBytes()); 16 } catch (NoSuchAlgorithmException e) { 17 throw new RuntimeException("没有md5这个算法!"); 18 } 19 String md5code = new BigInteger(1, secretBytes).toString(16);// 16进制数字 20 // 如果生成数字未满32位,需要前面补0 21 for (int i = 0; i < 32 - md5code.length(); i++) { 22 md5code = "0" + md5code; 23 } 24 return md5code; 25 } 26 27 public static void main(String[] args) { 28 System.out.println(md5("123")); 29 } 30 31 }
4...获取明文密码
1 // md5 2 @Autowired 3 PasswordEncoder passwordEncoder; 4 @RequestMapping("/add") 5 public String add(Sysuser sysuser){ 6 7 // 获取明文密码 8 // String password = sysuser.getPASSWORD(); 9 // // 对明文密码加密 10 // String md5password = passwordEncoder.encode(password); 11 // sysuser.setPASSWORD(md5password); 12 sysuserService.add(sysuser); 13 return "redirect:/user/pageChange"; 14 }