day05记 springSecurity安全框架

一、是什么

是一种基于 Spring AOP 和 Servlet 过滤器的安全框架,对访问权限进行控制

二、作用

1.认证

　　用户名和密码认证,核对是否正确

2.授权

　　若正确,给予登录用户对应的访问权限

3.攻击防护

三、注意事项

1.登录页面提交用户名、密码表单路径必须是 /login

 

 

2.登录页面用户名和密码输入框中name属性值 必须叫做username 和 password

四、文件配置

1.引入resources-->spring-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">

    <!--以下页面不拦截 -->
    <http pattern="/login.html" security="none"></http>
    <http pattern="/login_error.html" security="none"></http>

    <!--页面拦截规则 -->
    <http use-expressions="false">
        <!--拦截所有的路径   只有用户ROLE_USER权限才可以放行-->
        <intercept-url pattern="/**" access="ROLE_USER" />
         <!--login-page :指定登录的页面   default-target-url指定登录成功后  访问的页面   authentication-failure-url：指定登录失败的页面-->
        <form-login login-page="/login.html" default-target-url="/index.html" authentication-failure-url="/login_error.html"/>

        <csrf disabled="true"/>
    </http>

<!--认证管理器-->
    <authentication-manager>
        <authentication-provider>
            <user-service>
               <user name="admin" password="123456" authorities="ROLE_USER"/>
            </user-service>
        </authentication-provider>
    </authentication-manager>
</beans:beans>

2.pm.xml核心

<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-web</artifactId>
  <version>4.1.0.RELEASE</version>
</dependency>
<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-config</artifactId>
  <version>4.1.0.RELEASE</version>
</dependency>

3.在web.xml配置过滤器

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns="http://java.sun.com/xml/ns/javaee"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         version="2.5">
  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:spring-security.xml</param-value>
  </context-param>
  <listener>
    <listener-class>
      org.springframework.web.context.ContextLoaderListener
    </listener-class>
  </listener>
  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
</web-app>