Spring+Spring Security+JSTL实现的表单登陆的例子

2019独角兽企业重金招聘Python工程师标准>>>

Spring Security允许开发人员轻松地将安全功能集成到J2EE Web应用程序中，它通过Servlet过滤器实现“用户自定义”安全检查。

在本教程中，我们将向您展示如何在Spring MVC中集成Spring Security 3.0并安全访问。在集成成功后，当我们查看页面的内容时用户需要先输入正确的“用户名”和“密码”。

本教程的开发环境为：

1.Spring 3.0.5.RELEASE

2.Spring Security 3.0.5.RELEASE

3.Eclipse 3.6

4.JDK 1.6

5.Maven 3

注意：Spring Security 3.0 至少需要java 5.0或更高的运行环境。

1.目录结构

本教程的最终目录如下所示：

2.Spring Security依赖关系

为了正常运行 Spring security 3.0, 你需要加入 “spring-security-core.jar“, “spring-security-web.jar” and “spring-security-config.jar“. 在Maven库中你需要加入Spring配置库

pom.xml

<properties> 
<spring.version>3.0.5.RELEASE</spring.version> 
</properties> 
<dependencies> 
<!-- Spring 3 --> 
<dependency> 
<groupId>org.springframework</groupId> 
<artifactId>spring-core</artifactId> 
<version>${spring.version}</version> 
</dependency> 
<dependency> 
<groupId>org.springframework</groupId> 
<artifactId>spring-web</artifactId> 
<version>${spring.version}</version> 
</dependency> 
<dependency> 
<groupId>org.springframework</groupId> 
<artifactId>spring-webmvc</artifactId> 
<version>${spring.version}</version> 
</dependency> 
<!-- Spring Security --> 
<dependency> 
<groupId>org.springframework.security</groupId> 
<artifactId>spring-security-core</artifactId> 
<version>${spring.version}</version> 
</dependency> 
<dependency> 
<groupId>org.springframework.security</groupId> 
<artifactId>spring-security-web</artifactId> 
<version>${spring.version}</version> 
</dependency> 
<dependency> 
<groupId>org.springframework.security</groupId> 
<artifactId>spring-security-config</artifactId> 
<version>${spring.version}</version> 
</dependency> 
</dependencies> 
</project> 

3.Spring MVC Web应用程序

本教程是一个简单的Spring MVC 应用程序，即访问“/welcome”跳转到“hello.jsp”页面，稍后用Spring Security安全访问这个链接。

HelloController.java

package com.mkyong.common.controller; 
import org.springframework.stereotype.Controller; 
import org.springframework.ui.ModelMap; 
import org.springframework.web.bind.annotation.RequestMapping; 
import org.springframework.web.bind.annotation.RequestMethod; 
@Controller 
@RequestMapping("/welcome") 
public class HelloController { 
@RequestMapping(method = RequestMethod.GET) 
public String printWelcome(ModelMap model) { 
model.addAttribute("message", "Spring Security Hello World"); 
return "hello"; 
} 
} 

hello.jsp

<html> 
<body> 
<h1>Message : ${message}</h1> 
</body> 
</html> 

mvc-dispatcher-servlet.xml

<beans xmlns=" http://www.springframework.org/schema/beans" 
xmlns:context=" http://www.springframework.org/schema/context" 
xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation=" 
http://www.springframework.org/schema/beans      
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
http://www.springframework.org/schema/context  
http://www.springframework.org/schema/context/spring-context-3.0.xsd"> 
<context:component-scan base-package="com.mkyong.common.controller" /> 
<bean 
class="org.springframework.web.servlet.view.InternalResourceViewResolver"> 
<property name="prefix"> 
<value>/WEB-INF/pages/</value> 
</property> 
<property name="suffix"> 
<value>.jsp</value> 
</property> 
</bean> 
</beans> 

4.Spring Secuity:用户验证

创建一个单独的Spring配置文件去定义Spring Security相关的东西。它要实现的是：只有用户输入了正确的用户名“mkyong”和密码“123456”才可以访问“/welcome” 。

下面的Spring配置文件你应该明白是什么意思。

spring-security.xml:

<beans:beans xmlns=" http://www.springframework.org/schema/security" 
xmlns:beans=" http://www.springframework.org/schema/beans"  
xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation=" http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd"> 
<http auto-config="true"> 
<intercept-url pattern="/welcome*" access="ROLE_USER" /> 
</http> 
<authentication-manager> 
<authentication-provider> 
<user-service> 
<user name="mkyong" password="123456" authorities="ROLE_USER" /> 
</user-service> 
</authentication-provider> 
</authentication-manager> 
</beans:beans> 

5.整合Spring Security

想要在Web应用程序中整合Spring Security,只需加入“DelegatingFilterProxy”作为Servlet过滤器拦截到来的请求即可。

web.xml

<web-app id="WebApp_ID" version="2.4" 
xmlns=" http://java.sun.com/xml/ns/j2ee"  
xmlns:xsi=" http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation=" http://java.sun.com/xml/ns/j2ee  
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> 
<display-name>Spring MVC Application</display-name> 
<!-- Spring MVC --> 
<servlet> 
<servlet-name>mvc-dispatcher</servlet-name> 
<servlet-class> 
org.springframework.web.servlet.DispatcherServlet 
</servlet-class> 
<load-on-startup>1</load-on-startup> 
</servlet> 
<servlet-mapping> 
<servlet-name>mvc-dispatcher</servlet-name> 
<url-pattern>/</url-pattern> 
</servlet-mapping> 
<listener> 
<listener-class> 
org.springframework.web.context.ContextLoaderListener 
</listener-class> 
</listener> 
<context-param> 
<param-name>contextConfigLocation</param-name> 
<param-value> 
/WEB-INF/mvc-dispatcher-servlet.xml, 
/WEB-INF/spring-security.xml 
</param-value> 
</context-param> 
<!-- Spring Security --> 
<filter> 
<filter-name>springSecurityFilterChain</filter-name> 
<filter-class> 
org.springframework.web.filter.DelegatingFilterProxy 
</filter-class> 
</filter> 
<filter-mapping> 
<filter-name>springSecurityFilterChain</filter-name> 
<url-pattern>/*</url-pattern> 
</filter-mapping> 
</web-app> 