Spring Security表单身份验证示例图解 _安全

基于表单的身份验证是一种通过登录表单完成用户身份验证的方式。该表格是内置的, 由Spring安全框架提供。
HttpSecurity类提供了一个方法formLogin(), 该方法负责呈现登录表单并验证用户凭据。
在本教程中, 我们将创建一个实现基于表单的身份验证的示例。让我们开始这个例子。
创建一个Maven项目
首先通过提供项目详细信息来创建一个Maven项目。

文章图片
该项目最初看起来像这样：

文章图片
Spring安全配置
使用以下Java文件在应用程序中配置spring安全性。创建一个包com.srcmini并将所有文件放入其中。
// AppConfig.java

package com.srcmini; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.view.InternalResourceViewResolver; import org.springframework.web.servlet.view.JstlView; @EnableWebMvc@Configuration@ComponentScan({ "com.srcmini.controller.*" })public class AppConfig {@Beanpublic InternalResourceViewResolver viewResolver() {InternalResourceViewResolver viewResolver= new InternalResourceViewResolver(); //viewResolver.setViewClass(JstlView.class); viewResolver.setPrefix("/WEB-INF/views/"); viewResolver.setSuffix(".jsp"); return viewResolver; }}

// MvcWebApplicationInitializer.java

package com.srcmini; import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer; public class MvcWebApplicationInitializer extendsAbstractAnnotationConfigDispatcherServletInitializer {@Overrideprotected Class< ?> [] getRootConfigClasses() {return new Class[] { WebSecurityConfig.class }; }@Overrideprotected Class< ?> [] getServletConfigClasses() {// TODO Auto-generated method stubreturn null; } @Overrideprotected String[] getServletMappings() {return new String[] { "/" }; }}

// SecurityWebApplicationInitializer.java

package com.srcmini; import org.springframework.security.web.context.*; public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {}

// WebSecuiryConfig.java

package com.srcmini; import org.springframework.context.annotation.*; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.*; import org.springframework.security.core.userdetails.*; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.util.matcher.AntPathRequestMatcher; @EnableWebSecurity@ComponentScan("com.srcmini")public class WebSecurityConfig extends WebSecurityConfigurerAdapter {@Beanpublic UserDetailsService userDetailsService() {InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(); manager.createUser(User.withDefaultPasswordEncoder().username("admin").password("admin123").roles("ADMIN").build()); return manager; }@Overrideprotected void configure(HttpSecurity http) throws Exception {http.authorizeRequests().antMatchers("/index", "/user", "/").permitAll().antMatchers("/admin").authenticated().and().formLogin() // It renders a login form .and().logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout")); }}

控制者
创建一个控制器HomeController并将其放入com.srcmini.controller包中。它包含以下代码。
// HomeController.java

package com.srcmini.controller; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @Controllerpublic class HomeController {@RequestMapping(value="http://www.srcmini.com/", method=RequestMethod.GET)public String index() {return "index"; }@RequestMapping(value="http://www.srcmini.com/admin", method=RequestMethod.GET)public String admin() {return "admin"; }}

观看次数
该项目包含以下两个视图(JSP页面)。将它们放入WEB-INF / views文件夹。
// index.jsp

< html> < head> < title> Index Page< /title> < /head> < body> Welcome to srcmini! < br> < br> < a href="http://www.srcmini.com/admin"> Admin login< /a> < /body> < /html>

// admin.jsp

< html> < head> < meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> < title> Home Page< /title> < /head> < body> < span style="color: green; "> login successful!< /span> < a href="http://www.srcmini.com/logout"> Logout< /a> < hr> < h3> Welcome Admin< /h3> < /body> < /html>

项目依赖
// pom.xml

< project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> < modelVersion> 4.0.0< /modelVersion> < groupId> com.srcmini< /groupId> < artifactId> springsecurity< /artifactId> < version> 0.0.1-SNAPSHOT< /version> < packaging> war< /packaging> < properties> < maven.compiler.target> 1.8< /maven.compiler.target> < maven.compiler.source> 1.8< /maven.compiler.source> < /properties> < dependencies> < dependency> < groupId> org.springframework< /groupId> < artifactId> spring-webmvc< /artifactId> < version> 5.0.2.RELEASE< /version> < /dependency> < dependency> < groupId> org.springframework.security< /groupId> < artifactId> spring-security-web< /artifactId> < version> 5.0.0.RELEASE< /version> < /dependency> < dependency> < groupId> org.springframework.security< /groupId> < artifactId> spring-security-core< /artifactId> < version> 5.0.4.RELEASE< /version> < /dependency> < !-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-config --> < dependency> < groupId> org.springframework.security< /groupId> < artifactId> spring-security-config< /artifactId> < version> 5.0.4.RELEASE< /version> < /dependency> < !-- https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api --> < dependency> < groupId> javax.servlet< /groupId> < artifactId> javax.servlet-api< /artifactId> < version> 3.1.0< /version> < scope> provided< /scope> < /dependency> < dependency> < groupId> javax.servlet< /groupId> < artifactId> jstl< /artifactId> < version> 1.2< /version> < /dependency> < /dependencies> < build> < plugins> < plugin> < groupId> org.apache.maven.plugins< /groupId> < artifactId> maven-war-plugin< /artifactId> < version> 2.6< /version> < configuration> < failOnMissingWebXml> false< /failOnMissingWebXml> < /configuration> < /plugin> < /plugins> < /build> < /project>

项目结构
【Spring Security表单身份验证示例图解】添加所有这些文件后, 项目结构如下所示：