环境搭建SpringSecurity

一、maven依赖

<!-- Spring dependencies -->
<dependency><groupId>org.springframework</groupId><artifactId>spring-web</artifactId><version>${spring.version}</version>
</dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-webmvc</artifactId><version>${spring.version}</version>
</dependency>
<!-- Spring Security -->
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-web</artifactId><version>${spring.security.version}</version>
</dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-config</artifactId><version>${spring.security.version}</version>
</dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-taglibs</artifactId><version>${spring.security.version}</version>
</dependency><!-- jstl for jsp page -->
<dependency><groupId>jstl</groupId><artifactId>jstl</artifactId><version>${jstl.version}</version>
</dependency>
<dependency><groupId>javax.servlet</groupId><artifactId>servlet-api</artifactId><version>${servlet.version}</version><scope>provided</scope>
</dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-jdbc</artifactId><version>${spring.version}</version>
</dependency><dependency><groupId>org.springframework</groupId><artifactId>spring-test</artifactId><version>${spring.version}</version>
</dependency>
<dependency><groupId>com.fasterxml.jackson.core</groupId><artifactId>jackson-databind</artifactId><version>2.9.5</version>
</dependency><dependency><groupId>org.mybatis</groupId><artifactId>mybatis</artifactId><version>3.4.4</version>
</dependency><dependency><groupId>log4j</groupId><artifactId>log4j</artifactId><version>1.2.17</version>
</dependency><dependency><groupId>org.mybatis</groupId><artifactId>mybatis-spring</artifactId><version>1.3.0</version>
</dependency><dependency><groupId>com.alibaba</groupId><artifactId>druid</artifactId><version>1.1.7</version>
</dependency><dependency><groupId>mysql</groupId><artifactId>mysql-connector-java</artifactId><version>5.1.41</version>
</dependency><dependency><groupId>junit</groupId><artifactId>junit</artifactId><version>4.12</version><scope>test</scope>
</dependency>

二、web.xml配置

<!-- SpringSecurity过滤器链  -->
<filter><filter-name>springSecurityFilterChain</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping><filter-name>springSecurityFilterChain</filter-name><url-pattern>/*</url-pattern>
</filter-mapping><!-- 启动Spring  -->
<listener><listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param><param-name>contextConfigLocation</param-name><param-value>classpath:applicationContext.xmlclasspath:spring-security.xml</param-value>
</context-param><!--启动SpringMVC-->
<servlet><servlet-name>DispatcherServlet</servlet-name><servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class><init-param><param-name>contextConfigLocation</param-name><param-value>classpath:springmvc.xml</param-value></init-param><!-- 服务器启动加载Servlet--><load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping><servlet-name>DispatcherServlet</servlet-name><url-pattern>/</url-pattern>
</servlet-mapping>

三、applicationContext.xml

<!---读取jdbc.properties -->
<context:property-placeholder location="classpath:jdbc.properties"/><!-- 连接池 -->
<bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource"><property name="url" value="${jdbc.url}"/><property name="driverClassName" value="${jdbc.driverClass}"/><property name="username" value="${jdbc.username}"/><property name="password" value="${jdbc.password}"/><property name="maxActive" value="10"/><property name="maxWait" value="3000"/>
</bean><!-- mybatis整合Spring -->
<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean"><property name="dataSource" ref="dataSource"/><!--别名扫描 --><property name="typeAliasesPackage" value="cn.sm1234.domain"/>
</bean><!--Mapper接口扫描 -->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer"><property name="basePackage" value="cn.sm1234.mapper"/>
</bean><!-- 事务配置 -->
<bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager"><property name="dataSource" ref="dataSource"/>
</bean>
<tx:annotation-driven/><context:component-scan base-package="cn.sm1234.service"/>

四、spring-security.xml配置

<security:http><!-- 拦截资源 --><security:intercept-url pattern="/product/list" access="hasAuthority('ROLE_LIST_PRODUCT')"/><security:intercept-url pattern="/product/add" access="hasAuthority('ROLE_ADD_PRODUCT')"/><security:intercept-url pattern="/product/update" access="hasAuthority('ROLE_UPDATE_PRODUCT')"/><security:intercept-url pattern="/product/delete" access="hasAuthority('ROLE_DELETE_PRODUCT')"/><security:intercept-url pattern="/userLogin" access="permitAll()"/><security:intercept-url pattern="/js/**" access="permitAll()"/><security:intercept-url pattern="/imageCode*" access="permitAll()"/><security:intercept-url pattern="/product/index" access="permitAll()"/><security:intercept-url pattern="/**" access="isFullyAuthenticated()"/><!-- 自定义Spring Security过滤器 --><security:custom-filter ref="imageCodeAuthenticationFilter" before="FORM_LOGIN_FILTER"/><security:form-login login-page="/userLogin" authentication-success-handler-ref="myAuthenticationnSuccessHandler" authentication-failure-handler-ref="myAuthenticationFailureHandler"/><!-- 权限不足处理 --><security:access-denied-handler error-page="/error"/><security:csrf disabled="true"/><!-- 加上rememberMe功能 --><!-- token-validity-seconds: 有效秒数 --><security:remember-me token-repository-ref="jdbcTokenRepository" token-validity-seconds="3600"/>
</security:http><security:authentication-manager><security:authentication-provider user-service-ref="myUserDetailSerivce"><!--使用加密算法对用户输入的密码进入加密，然后和数据库的密码进行配对 --><security:password-encoder ref="passwordEncoder"/></security:authentication-provider>
</security:authentication-manager><bean id="myUserDetailSerivce" class="cn.sm1234.security.MyUserDetailService"/><bean id="myAuthenticationnSuccessHandler" class="cn.sm1234.security.MyAuthenticationnSuccessHandler"/>
<bean id="myAuthenticationFailureHandler" class="cn.sm1234.security.MyAuthenticationFailureHandler"/><bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/><bean id="imageCodeAuthenticationFilter" class="cn.sm1234.security.ImageCodeAuthenticationFilter"><property name="authenticationFailureHandler" ref="myAuthenticationFailureHandler"/>
</bean><bean id="jdbcTokenRepository" class="org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl"><property name="dataSource" ref="dataSource"/><!-- <property name="createTableOnStartup" value="true"/>-->
</bean>

五、springmvc.xml配置

<!-- 扫描Controller类-->
<contenxt:component-scan base-package="cn.sm1234"/><!--处理静态资源 -->
<mvc:default-servlet-handler/><!--注解方式处理器映射器和处理器适配器 -->
<mvc:annotation-driven></mvc:annotation-driven><!--视图解析器-->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"><!--前缀 --><property name="prefix" value="/WEB-INF/jsp/"/><!-- 后缀--><property name="suffix" value=".jsp"/>
</bean>

六、jdbc.properties配置

jdbc.url = jdbc:mysql://localhost:3306/security
jdbc.driverClass = com.mysql.jdbc.Driver
jdbc.username = root
jdbc.password = root

七、log4j.properties配置

### direct log messages to stdout ###
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.Target=System.err
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.ConversionPattern=%d{ABSOLUTE} %5p %c{1}:%L - %m%n### direct messages to file mylog.log ###
log4j.appender.file=org.apache.log4j.FileAppender
log4j.appender.file.File=c\:mylog.log
log4j.appender.file.layout=org.apache.log4j.PatternLayout
log4j.appender.file.layout.ConversionPattern=%d{ABSOLUTE} %5p %c{1}:%L - %m%n### set log levels - for more verbose logging change 'info' to 'debug' ###log4j.rootLogger=debug, stdout