- 浏览: 52281 次
- 性别:
- 来自: 杭州
文章分类
最新评论
-
scholers:
这个方法也不错,有兴趣换工作不?
基于Mina同步通信中存在的BUG的一种解决方案 -
hemin108:
public void writeFileToResponse ...
IE6下文件下载不能直接打开,提示‘找不到....' -
hemin108:
我这样写ok了public void writeFileToR ...
IE6下文件下载不能直接打开,提示‘找不到....' -
从百草园到三味书屋:
hemin108 写道还是不行··那么兄弟,那你找到其他的解决 ...
IE6下文件下载不能直接打开,提示‘找不到....' -
hemin108:
还是不行··
IE6下文件下载不能直接打开,提示‘找不到....'
基于spring security3的权限 应用
1.创建mavn项目,导入一些必须的包:
pom.xml
2.编写web.xml
3.编写spring-security.xml
4.编写spring-despatcher
5.编写datasource配置文件
5.编写resource.properties
6.编写spring applicationContext.xml
7.实现spring security3 AccessDecisionManager,AbstractSecurityInterceptor,FilterInvocationSecurityMetadataSource,UserDetailsService和UserDetails类
不想详解!
pom.xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>com.ymq</groupId> <artifactId>map</artifactId> <packaging>war</packaging> <version>0.0.1-SNAPSHOT</version> <name>map Maven Webapp</name> <url>http://maven.apache.org</url> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <hibernate-annotations.version>3.4.0.GA</hibernate-annotations.version> <hibernate-c3p0.version>3.3.2.GA</hibernate-c3p0.version> <hibernate-validator.version>4.0.2.GA</hibernate-validator.version> <hibernate.show_sql>true</hibernate.show_sql> <m.jdbc.url>jdbc:mysql://172.19.4.157/wxps</m.jdbc.url> <m.jdbc.username>root</m.jdbc.username> <m.jdbc.password>admin</m.jdbc.password> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> <dependencies> <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-log4j12</artifactId> <version>1.6.1</version> </dependency> <dependency> <groupId>opensymphony</groupId> <artifactId>sitemesh</artifactId> <version>2.4.1</version> <scope>runtime</scope> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-orm</artifactId> <version>3.0.5.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> <version>3.0.5.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>3.0.5.RELEASE</version> </dependency> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.0.5</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>3.0.5.RELEASE</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-test</artifactId> <version>3.0.5.RELEASE</version> <scope>test</scope> </dependency> <dependency> <groupId>commons-lang</groupId> <artifactId>commons-lang</artifactId> <version>2.5</version> </dependency> <dependency> <groupId>commons-io</groupId> <artifactId>commons-io</artifactId> <version>1.4</version> </dependency> <dependency> <groupId>commons-fileupload</groupId> <artifactId>commons-fileupload</artifactId> <version>1.2.2</version> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>servlet-api</artifactId> <version>2.5</version> <scope>provided</scope> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>jstl</artifactId> <version>1.2</version> <type>jar</type> <scope>compile</scope> </dependency> <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-annotations</artifactId> <version>${hibernate-annotations.version}</version> </dependency> <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-c3p0</artifactId> <version>${hibernate-c3p0.version}</version> <scope>runtime</scope> </dependency> <dependency> <groupId>org.javassist</groupId> <artifactId>javassist</artifactId> <version>3.14.0-GA</version> <scope>runtime</scope> </dependency> <dependency> <groupId>org.hibernate</groupId> <artifactId>hibernate-proxool</artifactId> <version>3.3.2.GA</version> <scope>runtime</scope> </dependency> </dependencies> <build> <finalName>map</finalName> <plugins> <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>tomcat-maven-plugin</artifactId> <version>1.1</version> <configuration> <path>/</path> <port>8088</port> <warSourceDirectory>src/main/webapp</warSourceDirectory> <tomcatWebXml>webapp/WEB-INF/web.xml</tomcatWebXml> </configuration> </plugin> </plugins> </build> </project>
2.编写web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-*.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>characterEncodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>utf8</param-value> </init-param> <init-param> <param-name>forceEncoding</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>characterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.png</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.gif</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.jpg</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.js</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>default</servlet-name> <url-pattern>*.css</url-pattern> </servlet-mapping> <servlet> <servlet-name>dispatcher</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring-dispatcher.xml</param-value> </init-param> <load-on-startup>2</load-on-startup> </servlet> <servlet-mapping> <servlet-name>dispatcher</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <filter> <filter-name>sitemesh</filter-name> <filter-class>com.opensymphony.sitemesh.webapp.SiteMeshFilter</filter-class> </filter> <filter-mapping> <filter-name>sitemesh</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <context-param> <param-name>log4jConfigLocation</param-name> <param-value>classpath:log4j.properties</param-value> </context-param> <welcome-file-list> <welcome-file>login.jsp</welcome-file> </welcome-file-list> </web-app>
3.编写spring-security.xml
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <http auto-config="true" use-expressions="true"> <custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR"/> <intercept-url pattern="/login" filters="none"/> <form-login login-page="/login" authentication-failure-url="/login?auth-failure=true" default-target-url="/index"/> <logout logout-success-url="/login?logout-success=true"/> <access-denied-handler error-page="/WEB-INF/jsp/error/403"/> </http> <beans:bean id="myFilter" class="security.MyFilterSecurityInterceptor"> <!-- 用户拥有的权限 --> <beans:property name="authenticationManager" ref="myAuthenticationManager"/> <!-- 用户是否拥有所请求资源的权限 --> <beans:property name="accessDecisionManager" ref="myAccessDecisionManager"/> <!-- 资源与权限对应关系 --> <beans:property name="securityMetadataSource" ref="mySecurityMetadataSource"></beans:property> </beans:bean> <!-- 配置userDetailsService 来指定用户和权限: --> <authentication-manager alias="myAuthenticationManager"> <authentication-provider user-service-ref="userDetailsService"/> </authentication-manager> <beans:bean id="userDetailsService" class="security.MyUserDetailsService"/> <beans:bean id="myAccessDecisionManager" class="security.MyAccessDecisionManager"/> <beans:bean id="mySecurityMetadataSource" class="security.MySecurityMetadataSource" init-method="initResourceMap"/> </beans:beans>
4.编写spring-despatcher
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> <context:component-scan base-package="dispatcher"/> <!-- 显示层采用JSTL --> <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="viewClass" value="org.springframework.web.servlet.view.JstlView" /> <property name="prefix" value="/WEB-INF/jsp/" /> <property name="suffix" value=".jsp" /> </bean> <bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver"> <property name="maxUploadSize" value="30000000" /> </bean> <bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource"> <property name="basename" value="classpath:messages"/> <property name="defaultEncoding" value="utf-8"/> </bean> </beans>
5.编写datasource配置文件
<?xml version="1.0" encoding="utf-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:p="http://www.springframework.org/schema/p" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xmlns:jee="http://www.springframework.org/schema/jee" xmlns:lang="http://www.springframework.org/schema/lang" xmlns:jms="http://www.springframework.org/schema/jms" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.0.xsd http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang-3.0.xsd http://www.springframework.org/schema/jms http://www.springframework.org/schema/jms/spring-jms-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> <context:property-placeholder location="classpath:/resource.properties" /> <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close"> <property name="driverClass" value="${jdbc.driverClassName}"/> <property name="jdbcUrl" value="${jdbc.url}"/> <property name="user" value="${jdbc.username}"/> <property name="password" value="${jdbc.password}"/> <property name="idleConnectionTestPeriod" value="120"/> </bean> <bean id="sessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean"> <property name="dataSource" ref="dataSource"/> <property name="schemaUpdate" value="${hibernate.schemaUpdate}"/> <property name="packagesToScan" value="${hibernate.packageScan}"/> <property name="hibernateProperties"> <value> hibernate.dialect ${hibernate.dialect} hibernate.show_sql ${hibernate.show_sql} </value> </property> </bean> </beans>
5.编写resource.properties
#datasource jdbc.driverClassName org.gjt.mm.mysql.Driver jdbc.url jdbc:mysql://172.19.4.157/ss jdbc.username root jdbc.password admin #hibernate hibernate.dialect org.hibernate.dialect.MySQL5InnoDBDialect hibernate.show_sql true hibernate.schemaUpdate true hibernate.packageScan entity
6.编写spring applicationContext.xml
<?xml version="1.0" encoding="utf-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:p="http://www.springframework.org/schema/p" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xmlns:jee="http://www.springframework.org/schema/jee" xmlns:lang="http://www.springframework.org/schema/lang" xmlns:jms="http://www.springframework.org/schema/jms" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:context="http://www.springframework.org/schema/context" xmlns:task="http://www.springframework.org/schema/task" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang-3.0.xsd http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd http://www.springframework.org/schema/jms http://www.springframework.org/schema/jms/spring-jms-3.0.xsd http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd"> <import resource="spring-datasource.xml"/> <context:component-scan base-package="*" /> <bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager" p:sessionFactory-ref="sessionFactory" /> </beans>
7.实现spring security3 AccessDecisionManager,AbstractSecurityInterceptor,FilterInvocationSecurityMetadataSource,UserDetailsService和UserDetails类
/** * */ package security; import java.util.Collection; import java.util.Iterator; import org.springframework.security.access.AccessDecisionManager; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.SecurityConfig; import org.springframework.security.authentication.InsufficientAuthenticationException; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; /** * @author administrator * */ public class MyAccessDecisionManager implements AccessDecisionManager{ public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException { if(configAttributes == null){ return ; } System.out.println(object.toString()); //objectis a URL. Iterator<ConfigAttribute>ite=configAttributes.iterator(); while(ite.hasNext()){ ConfigAttribute ca=ite.next(); String needRole=((SecurityConfig)ca).getAttribute(); for(GrantedAuthority ga:authentication.getAuthorities()){ if(needRole.equals(ga.getAuthority())){ //ga isuser's role. return; } } } throw new AccessDeniedException(""); } public boolean supports(ConfigAttribute attribute) { return true; } public boolean supports(Class<?> clazz) { return true; } } /** * */ package security; import java.io.IOException; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import org.springframework.security.access.SecurityMetadataSource; import org.springframework.security.access.intercept.AbstractSecurityInterceptor; import org.springframework.security.access.intercept.InterceptorStatusToken; import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource; /** * @author administrator * */ public class MyFilterSecurityInterceptor extends AbstractSecurityInterceptor implements Filter{ private FilterInvocationSecurityMetadataSource securityMetadataSource; public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() { return securityMetadataSource; } public void setSecurityMetadataSource( FilterInvocationSecurityMetadataSource securityMetadataSource) { this.securityMetadataSource = securityMetadataSource; } public void init(FilterConfig filterConfig) throws ServletException { // TODO Auto-generated method stub System.out.println(filterConfig); } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { FilterInvocation fi = new FilterInvocation(request,response,chain); InterceptorStatusToken token = super.beforeInvocation(fi); try{ fi.getChain().doFilter(request, response); }finally{ super.afterInvocation(token, null); } } public void destroy() { // TODO Auto-generated method stub } @Override public Class<? extends Object> getSecureObjectClass() { // TODO Auto-generated method stub return FilterInvocation.class; } @Override public SecurityMetadataSource obtainSecurityMetadataSource() { return this.securityMetadataSource; } } /** * */ package security; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.Iterator; import java.util.List; import java.util.Map; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.ConfigAttribute; import org.springframework.security.access.SecurityConfig; import org.springframework.security.web.FilterInvocation; import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource; import org.springframework.security.web.util.AntUrlPathMatcher; import org.springframework.security.web.util.UrlMatcher; import org.springframework.stereotype.Service; import service.SecurityService; import entity.Role; import entity.Url; /** * @author administrator * */ @Service public class MySecurityMetadataSource implements FilterInvocationSecurityMetadataSource{ @Autowired private SecurityService securityService; public static Map<String, Collection<ConfigAttribute>> resourceMap = null; private UrlMatcher urlMatcher = new AntUrlPathMatcher();; public void initResourceMap(){ resourceMap = new HashMap<String,Collection<ConfigAttribute>>(); List<Url> urls = securityService.listUrls(); for(Url url:urls){ Collection<ConfigAttribute> configAttributes = new ArrayList<ConfigAttribute>(); for(Role r:url.getRoles()){ configAttributes.add(new SecurityConfig(r.getName())); } resourceMap.put(url.getUrl(), configAttributes); } } public Collection<ConfigAttribute> getAttributes(Object object) throws IllegalArgumentException { String url = ((FilterInvocation)object).getRequestUrl(); Iterator<String> ite =resourceMap.keySet().iterator(); while (ite.hasNext()) { String resURL = ite.next(); if (urlMatcher.pathMatchesUrl(url, resURL)) { return resourceMap.get(resURL); } } return null; } public Collection<ConfigAttribute> getAllConfigAttributes() { return null; } public boolean supports(Class<?> clazz) { return true; } } package security; import java.util.ArrayList; import java.util.Collection; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.dao.DataAccessException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.GrantedAuthorityImpl; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.stereotype.Service; import dao.UserDao; import entity.Role; import entity.User; @Service public class MyUserDetailsService implements UserDetailsService { @Autowired private UserDao userDao; public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { User u = userDao.listByName(username); UserDetailsImpl userDetails = null; if(u!=null){ Collection<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); for(Role r:u.getRoles()){ authorities.add(new GrantedAuthorityImpl(r.getName())); } userDetails = new UserDetailsImpl(u); userDetails.setAuthorities(authorities); } return userDetails; } } package security; import java.util.Collection; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; import entity.User; public class UserDetailsImpl extends User implements UserDetails{ private Collection<GrantedAuthority> authorities; private static final long serialVersionUID = 1L; private boolean accountNonExpired; private boolean accountNonLocked; private boolean credentialsNonExpired; private boolean enabled; public void setEnabled(boolean enabled) { this.enabled = enabled; } public UserDetailsImpl(User u){ this.accountNonExpired = true; this.accountNonLocked = true; this.credentialsNonExpired = true; this.setEnabled(true); this.setPassword(u.getPassword()); this.setUsername(u.getUsername()); //this.setAuthorities(u.getAuthorities()); this.setRemark(u.getRemark()); } public void setAccountNonExpired(boolean accountNonExpired) { this.accountNonExpired = accountNonExpired; } public void setAccountNonLocked(boolean accountNonLocked) { this.accountNonLocked = accountNonLocked; } public void setCredentialsNonExpired(boolean credentialsNonExpired) { this.credentialsNonExpired = credentialsNonExpired; } public Collection<GrantedAuthority> getAuthorities() { return this.authorities; } public void setAuthorities(Collection<GrantedAuthority> authorities) { this.authorities = authorities; } public boolean isAccountNonExpired() { return this.accountNonExpired; } public boolean isAccountNonLocked() { return this.accountNonLocked; } public boolean isCredentialsNonExpired() { return this.credentialsNonExpired; } public boolean isEnabled() { return this.enabled; } }
不想详解!
相关推荐
它提供了全面的安全解决方案,包括用户认证、权限授权、会话管理、CSRF防护以及基于HTTP的访问控制。在这个例子中,我们将深入探讨如何使用Spring Security进行认证和授权,并结合数据库操作进行动态配置。 首先,...
在这个“springboot springsecurity动态权限控制”的主题中,我们将深入探讨如何在Spring Boot项目中集成Spring Security,实现动态权限控制,让菜单权限的管理更加灵活和高效。 首先,我们需要理解Spring Security...
Spring Security 是一个全面的安全框架,用于保护基于Spring的应用。Spring Security 6 可能包括改进的身份验证和授权机制、支持最新的OAuth2标准以及增强的加密和安全配置选项。在这个论坛系统中,它扮演着核心角色...
# 基于Spring Security框架的安全认证与授权系统 ## 项目简介 本项目是一个基于Spring Security框架的安全认证与授权系统,旨在提供一个可复用的脚手架,帮助开发者快速实现认证授权机制。项目支持常见的认证、...
Spring Security 是一个基于 Java 的安全框架,旨在提供身份验证、授权和访问控制等功能。下面是 Spring Security 的主要知识点: 一、身份验证(Authentication) 身份验证是指对用户身份的验证,以确保用户的...
这三份资料——"实战Spring Security 3.x.pdf"、"Spring Security 3.pdf" 和 "Spring Security使用手册.pdf" 将深入探讨这些概念,并提供实践指导,帮助读者掌握如何在实际项目中应用Spring Security。通过学习这些...
### Spring Security 3.0.1 中文版知识点解析...通过上述知识点的介绍,我们了解了 Spring Security 的核心概念、配置方式以及一些高级特性,这有助于开发者更好地利用 Spring Security 为应用程序构建强大的安全防护。
### Spring Security3中文教程知识点概览 #### 一、安全核心概念与起步 Spring Security是Spring框架中的一个重要组成部分,主要用于为Web应用提供安全防护。它不仅提供了强大的认证和授权功能,还支持各种加密...
Spring Security是一个功能强大、高度定制的安全框架,它专门用于为基于Spring的应用程序提供安全性解决方案。Spring Security架构的设计初衷是为了解决认证和授权的需求,确保应用程序的安全性。它提供了全面的安全...
在"SpringSecurity2Demo"这个项目中,我们可以预期看到以下组成部分: 1. **配置文件**: `spring-security.xml`,这是Spring Security的核心配置文件,包含了过滤器链的配置、用户认证源、授权规则等。 2. **控制...
本项目以"基于spring security + oauth2 + jwt,可优雅集成第三方登录"为主题,旨在提供一个能够无缝整合第三方登录系统的解决方案。 Spring Security是一个强大的安全框架,它为Java和Java EE应用程序提供了全面的...
Spring Security是一个强大的安全管理框架,用于处理Java应用程序的安全需求,包括认证和授权。在从Acegi安全框架转换到Spring Security 2.0时,一个重要的变化就是如何将授权信息存储从XML配置文件迁移到数据库。这...
SpringSecurity支持基于角色的访问控制(RBAC)和其他授权模型。 - **Access Decision Manager**: 决策管理器用于处理授权决策,根据用户的角色和请求资源的权限进行判断。 - **UserDetailsService**: 这是一个...
Spring Security 是一个强大的Java安全框架,用于保护基于Spring的应用程序。它提供了全面的身份验证、授权和访问控制功能,使得开发者可以轻松地实现安全控制。在Spring Security 3版本中,这个框架已经相当成熟,...
通过对这些示例代码的学习和实践,开发者可以深入理解Spring Security 3的核心概念,并将其应用于实际项目中,确保应用程序的安全性。记得查看附带的使用文档,这将有助于理解和配置每个示例。同时,配合jar包,你...
10. **自定义**:Spring Security的灵活性允许开发者根据需求创建自定义策略和组件,如自定义权限表达式、自定义认证和授权逻辑。 教程文档则可能深入到实践操作,包括如何配置Spring Security、创建第一个安全应用...
Spring Security3是Spring框架中的一个模块,它提供了全面的安全服务,旨在为Web和非Web应用程序提供访问控制、认证、授权等功能。Spring Security3通过其强大的配置能力和丰富的特性,帮助开发者构建安全的应用程序...
Spring Security 是一个强大的Java安全框架,用于保护基于Spring的应用程序。在Spring Security 3版本中,这个框架提供了全面的身份验证、授权和访问控制机制,帮助开发者构建安全的Web应用程序。本资源包含Spring ...
在Spring Security 3版本中,这个框架进一步完善了其特性和性能,使其成为开发者构建安全应用的首选工具。下面将详细探讨Spring Security 3中的关键知识点。 1. **核心组件**: - **Filter Chain**: Spring ...