Shulou(Shulou.com)06/01 Report--

We first to a simple Spring Security login, the first need to build the environment, here we use Spring+SpringMVC+Spring Security, database using Hibernate4+Oracle, about the jar package, Spring and SpringMVC I use version 3.2.

In web.xml, we mainly configure the integration of Spring, SpringMVC and Spring Security.

Dog Store contextConfigLocation org.springframework.web.context.ContextLoaderListener dogstore org.springframework.web.servlet.DispatcherServlet 1 dogstore * .do springSecurityFilterChain org.springframework.web.filter.DelegatingFilterProxy springSecurityFilterChain / *

Now that we need to configure the components of Spring Security, before configuring the permission control file of Spring Security, let's extend the Spring Security permission control method:

1. No database is used. All the data is written in the configuration file, which is also the demo in the official document.

2. Use the database to design the database according to the default implementation code of spring security, that is to say, the database is fixed, this method is not flexible, and the database is poorly designed and impractical.

3. Spring security is different from Acegi, it cannot modify the default filter, but it supports inserting filter, so according to this, we can insert our own filter to use flexibly.

4, violence, modify the source code, the aforementioned modification of the default filter is only to modify the configuration file to replace filter, this is directly changed the source code inside, but this is not in line with the OO design principles, and not practical, not available.

Now configure the dogstore-security.xml file, with regard to the namespace configuration, the official provides two configuration schemes

...

Second, the namespace starts with security. The security prefix is not required in the configuration, but the configuration of bean requires configuration.

...

First of all, let's make a simple demo:dogstore-security.xml according to the first permission control above, and note that the jar you refer to should be consistent with the namespace version.

In fact, the first http tag is mainly configured to block url, which probably configures which connection permissions you need if you want to access a certain path, while the tag under the authentication-manger tag under the http tag configures what permissions those users have. For now, let's follow this step for the time being, which will be described in detail later.

Now let's improve the configuration files needed for Spring and SpringMVC. We have reserved contextConfigLocation in the above web.xml to introduce the configuration file. First, create an empty dogstore-base.xml file, which is the Spring configuration file. If we need anything later, we will add it.

SpringMVC configuration file, first configure view parsing, SpringMVC configuration will automatically find the configuration file, Servlet's name is () is dogstore, convention is better than configuration will look for the configuration file named dogstore-servelt.xml in the WEB-INF directory

At present, the basic usage of Spring, SpringMVC, and Spring Security configuration files has been configured, introducing web.xml,SpringMVC itself into the configuration file.

ContextConfigLocation / WEB-INF/dogstore-security.xml / WEB-INF/dogstore-base.xml

Add the above configuration to tomcat and start. Before there is no custom login page, SpringSecurity will automatically generate a login page. As shown in the figure below, we add the home page under web.xml to verify whether the blocking is effective.

Main.jsp

Add main.jsp under WebContent

Insert title here, I've logged in!

Enter the wrong account number or wrong password

Enter the guest/guest configured above and log in successfully.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.