1.创建一个web工程
2.在pom里面添加依赖,依赖不要随便改,我改了出错了好几次都找不到原因
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.7</maven.compiler.source>
<maven.compiler.target>1.7</maven.compiler.target>
<jacksonVersion>2.5.0</jacksonVersion>
<jstlVersion>1.2</jstlVersion>
<servletVersion>3.0-alpha-1</servletVersion>
</properties>
<dependencies>
<!--spring-->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.3.13.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>4.3.13.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>4.3.13.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>4.3.13.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>4.3.13.RELEASE</version>
</dependency>
<!--security-->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.2.3.RELEASE</version>
</dependency>
<!--jackson-->
<!-- Jackson可以轻松的将Java对象转换成json对象和xml文档,同样也可以将json、xml转换成Java对象 -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>${jacksonVersion}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>${jacksonVersion}</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>${jacksonVersion}</version>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
<version>1.9.13</version>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-core-asl</artifactId>
<version>1.9.13</version>
</dependency>
<!--servlet和jstl-->
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>${jstlVersion}</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>${servletVersion}</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>javax.servlet.jsp</groupId>
<artifactId>jsp-api</artifactId>
<version>2.2</version>
<scope>provided</scope>
</dependency>
</dependencies>3.配置web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
id="WebApp_ID" version="3.1">
<display-name>user-manager</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<!--加载Spring的配置文件到上下文中去 -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:applicationContext.xml
classpath:springSecurity.xml
</param-value>
</context-param>
<!-- Spring监听器 -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!--springSecurity的过滤器链-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 字符集过滤 -->
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 以下是 Spring MVC 的相关配置 -->
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<!-- 此处指向的的是SpringMVC的配置文件 -->
<param-value>classpath:springmvc.xml</param-value>
</init-param>
<!--配置容器在启动的时候就加载这个servlet并实例化 -->
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring MVC 的配置结束 -->
</web-app>4.配置applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd">
</beans>5.配置springmvc.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<!--此文件负责整个mvc中的配置-->
<!--启用spring的一些annotation 这里是个大坑-->
<!-- SpringMVC注解驱动 -->
<mvc:annotation-driven>
<!--用来处理json数据返回乱码的问题-->
<mvc:message-converters>
<bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter"/>
<bean class="org.springframework.http.converter.StringHttpMessageConverter">
<property name="supportedMediaTypes">
<list>
<value>text/plain;charset=utf-8</value>
<value>text/html;charset=UTF-8</value>
</list>
</property>
</bean>
</mvc:message-converters>
</mvc:annotation-driven>
<!--静态资源处理-->
<mvc:default-servlet-handler />
<!-- 自动扫描且只扫描 @Controller -->
<context:component-scan base-package="com.ty"
use-default-filters="false">
<context:include-filter type="annotation"
expression="org.springframework.stereotype.Controller" />
<context:include-filter type="annotation"
expression="org.springframework.web.bind.annotation.ControllerAdvice" />
</context:component-scan>
<!--静态资源映射-->
<!--本项目把静态资源放在了webapp的statics目录下,资源映射如下-->
<!--<mvc:resources mapping="/css/**" location="/css/"/>-->
<!--<mvc:resources mapping="/js/**" location="/js/"/>-->
<!--<mvc:resources mapping="/image/**" location="/images/"/>-->
<!-- 对模型视图名称的解析,即在模型视图名称添加前后缀(如果最后一个还是表示文件夹,则最后的斜杠不要漏了) 使用JSP-->
<!-- 默认的视图解析器 在上边的解析错误时使用 (默认使用html)- -->
<bean id="defaultViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
<property name="prefix" value="/WEB-INF/view/"/><!--设置JSP文件的目录位置-->
<property name="suffix" value=".jsp"/>
<property name="exposeContextBeansAsAttributes" value="true"/>
</bean>
</beans>6.配置springSecurity.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.2.xsd">
<!-- <security:http>:对web.xml中spring过滤器链的配置:web.xml里面的过滤器接受到请求,就会根据这个配置去过滤
1)需要拦截什么资源
2)什么资源什么角色权限
3)定义认证方式:HttpBasic,FormLogin
4)定义登陆页面,定义登陆请求地址,定义错误处理方式
用于授权
-->
<security:http>
<!--使用httpbasic的方式进行登陆,这个登陆一次之后以后都不需要在登录,服务器重启也是一样的-->
<!--<security:http-basic/>-->
<!--permitAll()允许所有人进行访问
isAnonymous():只有匿名用户才能进行访问,登陆了的用户不能访问
hasRole('ROLE_USER'):要有ROLE_USER这个角色才能访问前面的资源
注意,把要放行的请求放在前面,不然会出错
-->
<security:intercept-url pattern="/userLogin" access="permitAll()"></security:intercept-url>
<security:intercept-url pattern="/product/index" access="permitAll()"></security:intercept-url>
<security:intercept-url pattern="/product/add" access="hasRole('ROLE_USER')"></security:intercept-url>
<security:intercept-url pattern="/product/update" access="hasRole('ROLE_USER')"></security:intercept-url>
<security:intercept-url pattern="/product/list" access="hasRole('ROLE_ADMIN')"></security:intercept-url>
<security:intercept-url pattern="/product/delete" access="hasRole('ROLE_ADMIN')"></security:intercept-url>
<!--所有资源需要被认证才能访问-->
<security:intercept-url pattern="/**" access="isAuthenticated()"></security:intercept-url>
<!--表单登陆,login-page自定义登陆页面,login-processing-url:登陆处理的地址,要和表单填的action一致
-->
<security:form-login login-page="/userLogin" login-processing-url="/securityLogin"
authentication-success-handler-ref="myAuthenticationSuccessHandler" authentication-failure-handler-ref="myAuthenticationFailureHandler"/>
<!--自定义权限不足处理-->
<security:access-denied-handler error-page="/error"></security:access-denied-handler>
<!--关闭csrf的机制-->
<security:csrf disabled="true"></security:csrf>
<!--拦截路径的url
pattern:需要拦截的资源
access:访问资源的条件
-->
</security:http>
<!--security:authentication-manager:认证管理器
1)认证信息(可以定义初始的用户的账户名,密码,当前用户权限,也可以在数据库进行查询)
-->
<security:authentication-manager>
<!--这里才会动态的获取用户名,密码和权限-->
<security:authentication-provider user-service-ref="myUserDetailService">
<!--这里是初始化写死了的用户名,密码,角色-->
<!--<security:user-service>-->
<!--<security:user name="jojo" password="123456" authorities="ROLE_USER"></security:user>-->
<!--<security:user name="jack" password="123456" authorities="ROLE_ADMIN"></security:user>-->
<!--</security:user-service>-->
</security:authentication-provider>
</security:authentication-manager>
<bean id="myAuthenticationFailureHandler" class="com.ty.security.MyAuthenticationFailureHandler"></bean>
<bean id="myAuthenticationSuccessHandler" class="com.ty.security.MyAuthenticationSuccessHandler"></bean>
<!--这个类里面运用了数据库动态获取了用户的角色-->
<bean id="myUserDetailService" class="com.ty.security.MyUserDetailService"></bean>
</beans>7.自定义成功处理的拦截器 MyAuthenticationSuccessHandler
public class MyAuthenticationSuccessHandler implements AuthenticationSuccessHandler {
private final static ObjectMapper objectMapper=new ObjectMapper();
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
//这里是可以拿到用户对的登录名的
String username = request.getParameter("username");
System.out.println(username);
response.setContentType("application/json;charset=utf-8");
String successMessage = objectMapper.writeValueAsString(new JsonData(200, "登陆成功"));
response.getWriter().print(successMessage);
}
}自定义失败处理器的拦截器
public class MyAuthenticationFailureHandler implements AuthenticationFailureHandler{
private final static ObjectMapper objectMapper=new ObjectMapper();
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
//这里是可以拿到用户对的登录名的
String username = request.getParameter("username");
System.out.println(username);
response.setContentType("application/json;charset=utf-8");
String failureMessage = objectMapper.writeValueAsString(new JsonData(500, "登陆失败"));
response.getWriter().print(failureMessage);
}
}
自定义的authentication-provider下面的user-service
定义一个类,这个实现类就是用于封装数据库里面的用户的信息然后返回给springsecurity,它会比较从
表单穿过来的用户名和密码和数据库查出来的用户名和密码进行比对,这里写死,以后再加数据库
public class MyUserDetailService implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
//UserDetails:封装用户数据的接口,这里应该是数据库查询出来的数据,当返回这个user对象时,springsecurity会把输入的用户名和密码和这个对象里面的用户名和密码进行比对
//成功则认证通过,失败则登陆失败
User user=new User("jojo","123456", AuthorityUtils.commaSeparatedStringToAuthorityList("ROLE_USER"));
return user;
}
}创建这个目录结构
示范
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>商品添加页面</title>
</head>
<body>
商品添加页面
</body>
</html>其它页面一样
index.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>首页</title>
</head>
<body>
一下是网站的功能
<a href="/product/add">商品添加</a>
<a href="/product/update">商品修改</a>
<a href="/product/list">商品查询</a>
<a href="/product/delete">商品删除</a>
</body>
</html>
login.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>登录页面</title>
</head>
<body>
<form action="${pageContext.request.contextPath}/securityLogin" method="post">
用户名:<input type="text" name="username"><br>
密 码:<input type="password" name="password"><br>
<input type="submit" value="登录">
</form>
</body>
</html>
errorPage.jsp
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
<title>自定义错误页面</title>
</head>
<body>
权限不足,请正确操作
</body>
</html>
controller
@Controller
public class MainController {
/**
*
* @return登录页面
*/
@RequestMapping("/userLogin")
public String loginPage()
{
return "login";
}
/**
*
* @return登录页面
*/
@RequestMapping("/error")
public String errorPage()
{
return "errorPage";
}
}@Controller
@RequestMapping("product")
public class ProductController {
/**
* 商品添加
*/
@RequestMapping("index")
public String index()
{
return "index";
}
/**
* 商品添加
*/
@RequestMapping("add")
public String add()
{
return "product/productAdd";
}
/**
* 商品修改
*/
@RequestMapping("update")
public String update()
{
return "product/productUpdate";
}
/**
* 商品列表
*/
@RequestMapping("list")
public String list()
{
return "product/productList";
}
/**
* 商品删除
*/
@RequestMapping("delete")
public String delete()
{
return "product/productDelete";
}
}创建一个返回给前台的包装类,用于返回code和message
public class JsonData {
private Integer code;
private String message;
public JsonData() {
}
public JsonData(Integer code, String message) {
this.code = code;
this.message = message;
}
public Integer getCode() {
return code;
}
public void setCode(Integer code) {
this.code = code;
}
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
}
java
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。