那里有很多相同的东西,只需要正确谷歌搜索即可。
无论如何,迄今为止我发现的最好的(几乎所有春季图)是Krams http://krams915.blogspot.com这是基本的 Spring 安全性。
http://krams915.blogspot.com/2010/12/spring-security-mvc-integration_18.html http://krams915.blogspot.com/2010/12/spring-security-mvc-integration_18.html
要实现 UserDetailService,这里是链接
http://krams915.blogspot.in/2012/01/spring-security-31-implement_5023.html http://krams915.blogspot.in/2012/01/spring-security-31-implement_5023.html
其他一些是:
- 春天的例子 http://www.springbyexample.org/examples/simple-spring-security-webapp.html
- MK Young http://www.mkyong.com/tutorials/spring-security-tutorials/
- 以及 SpringSource 站点本身 http://static.springsource.org/spring-security/site/docs/3.0.x/reference/springsecurity.html
EDIT
这就是我自己的应用程序进行身份验证的方式(请注意,我不使用外部身份验证,我只是从数据库获取详细信息,但我想这应该不是什么大问题)。
My security-context.xml
:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<global-method-security pre-post-annotations="enabled" jsr250-annotations="enabled" secured-annotations="enabled">
</global-method-security>
<http use-expressions="true">
<intercept-url pattern="/favicon.ico" access="permitAll" />
<intercept-url pattern="/static/**" access="permitAll"/>
<intercept-url pattern="/login.jsp*" access="permitAll"/>
<intercept-url pattern="/Admin/**" access="hasAnyRole('ROLE_SUPER_USER')"/>
<intercept-url pattern="/**" access="hasAnyRole('ROLE_USER','ROLE_SUPER_USER','ROLE_ADMIN'"/>
<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1" />
<http-basic/>
<logout logout-success-url="/login.jsp"/>
<remember-me user-service-ref="loginService" /
</http>
<authentication-manager>
<authentication-provider user-service-ref="loginService">
<password-encoder hash="md5"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="loginService" class="com.indyaah.service.LoginService">
</beans:bean>
<beans:bean id="authService" class="com.indyaah.service.AuthService" />
</beans:beans>
现在如你所见,我已经指定了一个名为的 beanloginService
作为我的身份验证提供者,它是类的 beancom.indyaah.service.LoginService
.
相同的代码是:请注意我已经截断了不必要的代码
package com.indyaah.service;
..
@Service
public class LoginService implements UserDetailsService {
....
/**
* Implementation for custom spring security UserDetailsService
*/
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException, DataAccessException {
logger.debug("Inside get member by username");
if (userName != null) {
Member memberVO = memberMapper.getMemberByUsername(userName);
if (memberVO != null) {
ArrayList<String> authList = memberRolesMapper.getMemberRoles(memberVO.getMemberId());
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
for (String role : authList) {
System.out.println(role);
authorities.add(new GrantedAuthorityImpl(role.toString()));
}
if (memberVO.getEnabled()) {
User user = new User(memberVO.getUserName(), memberVO.getPassword(), true, true, true, true, authorities);
return user;
} else {
logger.error("User with login: " + userName + " not Enabled in database. Authentication failed for user ");
throw new UsernameNotFoundException("User Not Enabled");
}
} else {
logger.error("User with login: " + userName + " not found in database. Authentication failed for user ");
throw new UsernameNotFoundException("user not found in database");
}
} else {
logger.error("No User specified in the login ");
throw new UsernameNotFoundException("No username specified");
}
}
}
这里注意两件事。
- 我获取用户详细信息(在我的情况下来自数据库,您的可能有所不同)并将其放在新的
org.springframework.security.core.userdetails.User
然后该方法将对象返回给 spring security。
- 此外,当局(我根据我的数据库架构与数据库分开加载,您的场景可能会有所不同)并通过相同的 User 对象将其传递给 spring security。