使用java配置类的方式实现Spring security的功能 pom.xml文件:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>cn.iths.spring</groupId> <artifactId>spring-security</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>war</packaging> <dependencies> <!-- ehcache缓存依赖 --> <dependency> <groupId>net.sf.ehcache</groupId> <artifactId>ehcache</artifactId> <version>2.8.9</version> </dependency> <!-- Spring security的依赖 --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>4.2.1.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>4.2.1.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> <version>4.2.1.RELEASE</version> </dependency> <!-- 导入java ee jar 包 --> <dependency> <groupId>javax</groupId> <artifactId>javaee-api</artifactId> <version>7.0</version> </dependency> <!-- 单元测试 --> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.10</version> </dependency> <!-- POI 操作Excel依赖 --> <!-- <dependency> <groupId>org.apache.poi</groupId> <artifactId>poi-ooxml</artifactId> <version>3.9</version> </dependency> --> <!-- Spring相关依赖 --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context-support</artifactId> <version>4.1.3.release</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>4.1.3.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-beans</artifactId> <version>4.1.3.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>4.1.3.RELEASE</version> </dependency> <!-- 单元测试 --> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <version>4.1.3.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-jdbc</artifactId> <version>4.1.3.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-aspects</artifactId> <version>4.1.3.RELEASE</version> </dependency> <!-- Mybatis依赖 --> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis</artifactId> <version>3.2.8</version> </dependency> <!-- mybatis整合Spring --> <dependency> <groupId>org.mybatis</groupId> <artifactId>mybatis-spring</artifactId> <version>1.2.2</version> </dependency> <!-- 数据库链接依赖 --> <!-- MySql依赖 --> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.0.9</version> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.32</version> </dependency> <!-- <dependency> <groupId>commons-dbcp</groupId> <artifactId>commons-dbcp</artifactId> <version>1.2.2</version> </dependency> --> <!-- 动态数据源依赖 --> <!-- <dependency> <groupId>commons-dbcp</groupId> <artifactId>commons-dbcp</artifactId> <version>1.2.2</version> </dependency> --> <!-- slf4j日志依赖 --> <!-- <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>1.6.4</version> </dependency> --> <!-- 连接池 --> <!-- <dependency> <groupId>com.jolbox</groupId> <artifactId>bonecp-spring</artifactId> <version>0.8.0.RELEASE</version> </dependency> --> <!-- JSP相关 --> <dependency> <groupId>jstl</groupId> <artifactId>jstl</artifactId> <version>1.2</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>2.5</version> <scope>provided</scope> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>jsp-api</artifactId> <version>2.0</version> <scope>provided</scope> </dependency> <!-- log4j依赖 --> <!-- <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> <version>1.2.9</version> </dependency> --> <!-- 将这个注释掉,会出现一个子容器无法启动的错误,启动不了的tomcat --> <dependency> <groupId>net.sf.json-lib</groupId> <artifactId>json-lib</artifactId> <version>2.4</version> <classifier>jdk15</classifier> </dependency> <!-- <dependency> <groupId>commons-fileupload</groupId> <artifactId>commons-fileupload</artifactId> <version>1.3.1</version> </dependency> --> <!-- <dependency> <groupId>xom</groupId> <artifactId>xom</artifactId> <version>1.2.5</version> </dependency> --> </dependencies> </project>web.xml文件
<?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http//java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <!-- 让applicationContext.xml使用java配置 --> <context-param> <param-name>contextClass</param-name> <param-value> org.springframework.web.context.support.AnnotationConfigWebApplicationContext </param-value> </context-param> <!-- 指定根配置类,相当于applicationContext.xml中的配置 --> <context-param> <param-name>contextConfigLocation</param-name> <param-value> cn.iths.security.config.RootConfig </param-value> </context-param> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <!-- 让dispatcherServlet使用java配置 --> <servlet> <servlet-name>springmvc</servlet-name> <servlet-class> org.springframework.web.servlet.DispatcherServlet </servlet-class> <!-- 告诉springmvc.xml使用java配置 --> <init-param> <param-name>contextClass</param-name> <param-value> org.springframework.web.context.support.AnnotationConfigWebApplicationContext </param-value> </init-param> <!-- 指定dispatcherServlet配置类 --> <init-param> <param-name>contextConfigLocation</param-name> <param-value> <!-- 实现了WebMvcConfigurerAdapter的配置类,相当于springmvc.xml --> cn.iths.security.config.WebMVCConfig </param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>springmvc</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <!-- Security的过滤器 --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app> 在web.xml中有两个配置类,一个是RootConfig配置类,相当于xml配置中的applicationContext.xml配置文件,里面配置所有非web相关的bean(ps:当然要配置也是可以的);另一个WebMVCConfig配置类,相当于xml配置中的springmvc.xml配置文件,配置与web相关的bean。 在web.xml中,有个关键的过滤器配置--SpringSecurityFilterChain--,这个过滤器就是用来实现Spring Security的关键过滤器。当配置这个过滤器之后,我们需要Spring的应用上下文中,创建这个bean。在java配置类中,只需要一个java配置类继承WebSecurityConfigurerAdapter适配器类,再将这个类,加载到Spring应用上下文中,他就会自动生成SpringSecurityFilterChain的bean。WebMVCConfig配置代码:
package cn.iths.security.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.ViewResolver; import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import org.springframework.web.servlet.view.InternalResourceViewResolver; @Configuration @EnableWebMvc public class WebMVCConfig extends WebMvcConfigurerAdapter{ @Bean public ViewResolver viewResolver(){ InternalResourceViewResolver resolver = new InternalResourceViewResolver(); resolver.setPrefix("/WEB-INF/views/"); resolver.setSuffix(".jsp"); //暴露上下文环境 resolver.setExposeContextBeansAsAttributes(true); return resolver; } @Override public void addViewControllers(ViewControllerRegistry registry) { registry.addViewController("/index").setViewName("index"); } }Spring Security的配置类SecurityConfig:
package cn.iths.security.config; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter{ }目前在SecurityConfig类中没有任何配置,只是实现最简单的Spring Security配置。
RootConfig配置类:
package cn.iths.security.config; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Import; @Configuration @Import({SecurityConfig.class})//将SecurityConfig加载到内存 public class RootConfig { }index页面内容:
我们运行项目,访问index路径, 出现如图所示页面,这就表明基本配置成功了,这个页面时Spring Security提供的登录页面,因为我们没有自己指定登录页面。 当我们将在web.xml的配置的springSecurityFilterChain注释掉,那么访问index页面就不会有问题。
PS:在pom.xml中有个依赖: net.sf.json-lib json-lib 2.4 jdk15 我将这个依赖注释掉,启动tomcat时会报错,子容器启动失败,如果有知道的同道,希望可以告诉。
Spring Security的其他的配置会在后面的博客里。
