- 浏览: 150127 次
- 性别:
- 来自: 广州
文章分类
最新评论
-
leon.s.kennedy:
实际上<sec:authorize ifAllGrant ...
Spring Security 标签使用 -
leon.s.kennedy:
jasonw68 写道这只是一个demo 实际怎么应用要看自己 ...
Spring Security 标签使用 -
jasonw68:
这只是一个demo 实际怎么应用要看自己项目设计的需要!
Spring Security 标签使用 -
leon.s.kennedy:
引用:在web页面进行元素安全控制Java代码方式一 < ...
Spring Security 标签使用 -
xiangxuehai_jiaer:
...
sql where 1=1 0=1 的妙用
# spring security总结 # 首先导入spring security所需要的jar包 # spring-security-core-2.0.5.RELEASE.jar # spring-security-core-tiger-2.0.5.RELEASE.jar # 一.配置过滤器 # 在web.xml中定义如下过滤器 # <filter> # <filter-name>springSecurityFilterChain</filter-name> # <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> # </filter> # <filter-mapping> # <filter-name>springSecurityFilterChain</filter-name> # <url-pattern>/*</url-pattern> # </filter-mapping> # 二.在spring配置文件中添加security的命名空间 # <beans:beans xmlns="http://www.springframework.org/schema/security" # xmlns:beans="http://www.springframework.org/schema/beans" # xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" # xsi:schemaLocation="http://www.springframework.org/schema/beans # http://www.springframework.org/schema/beans/spring-beans-2.0.xsd # http://www.springframework.org/schema/security # http://www.springframework.org/schema/security/spring-security-2.0.4.xsd"> # 三.在spring配置文中中定义需要保护的资源 # <http auto-config='true'> # <intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" /> # <intercept-url pattern="/**" access="ROLE_USER" /> # </http> # 注意intercept-url的先后顺序,spring security使用第一个能匹配的intercept-url标签进行权限控制。 # 四.使用数据库获取用户权限 # <!-- 数据源 --> # <beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> # <beans:property name="driverClassName" value="com.mysql.jdbc.Driver"></beans:property> # <beans:property name="url" value="jdbc:mysql://localhost:3306/sp"></beans:property> # <beans:property name="username" value="root"></beans:property> # <beans:property name="password" value="root"></beans:property> # </beans:bean> # <!-- 定义用户的权限根据注入的数据源获得 --> # <authentication-provider> # <jdbc-user-service data-source-ref="dataSource"/> # </authentication-provider> # # 定义权限管理模块的表结构(mysql数据库) ## 将资源信息放入数据库中 # 表结构 # /* 用户表 */ # CREATE TABLE `t_account` ( # `id` int(11) NOT NULL, # `username` varchar(255) default NULL, # `password` varchar(255) default NULL, # `enabled` int default NULL, /* 用户是否禁用 0:禁用 非0:可用*/ # PRIMARY KEY (`id`) # ) ENGINE=InnoDB DEFAULT CHARSET=utf8; # /* 角色表 */ # CREATE TABLE `t_role` ( # `id` int(11) NOT NULL, # `name` varchar(255) default NULL, /* 角色名 */ # `descn` varchar(255) default NULL, /* 角色在spring配置文件中的名字 如ROLE_ADMIN,ROLE_USER*/ # PRIMARY KEY (`id`) # ) ENGINE=InnoDB DEFAULT CHARSET=utf8; # # /* 用户角色中间表 */ # CREATE TABLE `t_account_role` ( # `a_id` int(11) NOT NULL, # `r_id` int(11) NOT NULL, # PRIMARY KEY (`a_id`,`r_id`), # KEY `FK1C2BC9332D31C656` (`r_id`), # KEY `FK1C2BC93371CCC630` (`a_id`), # CONSTRAINT `FK1C2BC93384B0A30E` FOREIGN KEY (`a_id`) REFERENCES `t_account` (`id`), # CONSTRAINT `FK1C2BC9332D31C656` FOREIGN KEY (`r_id`) REFERENCES `t_role` (`id`) # ) ENGINE=InnoDB DEFAULT CHARSET=utf8; # /* 资源表 */ # CREATE TABLE `t_module` ( # `id` int(11) NOT NULL, # `name` varchar(255) default NULL, # `address` varchar(255) default NULL, # PRIMARY KEY (`id`) # ) ENGINE=InnoDB DEFAULT CHARSET=utf8; # # /* 资源角色的中间表 */ # CREATE TABLE `t_module_role` ( # `m_id` int(11) NOT NULL, # `r_id` int(11) NOT NULL, # PRIMARY KEY (`m_id`,`r_id`), # KEY `FKA713071E2D31C656` (`r_id`), # KEY `FKA713071ED78C9071` (`m_id`), # CONSTRAINT `FKA713071ED78C9071` FOREIGN KEY (`m_id`) REFERENCES `t_module` (`id`), # CONSTRAINT `FKA713071E2D31C656` FOREIGN KEY (`r_id`) REFERENCES `t_role` (`id`) # ) ENGINE=InnoDB DEFAULT CHARSET=utf8; # # /* 初始化数据 */ # insert into t_account values(1,'zhangsan','123',1); # insert into t_account values(2,'lisi','321',1); # # insert into t_role values(1,'系统管理员','ROLE_ADMIN'); # insert into t_role values(2,'普通用户','ROLE_USER'); # # insert into t_account_role values(1,2); # insert into t_account_role values(2,1); # # insert into t_module values(1,'部门管理','/dept.jsp'); # insert into t_module values(2,'人员管理','/emp.jsp'); # # insert into `t_module_role` values(1,1); # insert into `t_module_role` values(1,2); # insert into `t_module_role` values(2,1); # # 当用户登录时,spring security首先判断用户是否可以登录。用户登录后spring security获得该用户的 # 所有权限以判断用户是否可以访问资源。 # # spring配置文件中定义 # <authentication-provider> # <jdbc-user-service data-source-ref="dataSource" # users-by-username-query="select username,password,enabled from t_account where username=?" # authorities-by-username-query="select r.descn from t_account_role ar join # t_account a on ar.a_id=a.id join t_role r on ar.r_id=r.id where a.username=?"/> # </authentication-provider> # # users-by-username-query:根据用户名查找用户 # authorities-by-username-query:根据用户名查找这个用户所有的角色名,将用户访问的URL地址和 # 查询结果与<intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" />标签进行匹配。 # 匹配成功就允许访问,否则就返回到提示页面。 # # 在<http>标签中添加登录页面等信息 # <http auto-config='true'> # <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/> # <intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" /> # <intercept-url pattern="/**" access="ROLE_USER" /> # <form-login login-page="/login.jsp" # authentication-failure-url="/error.jsp" # default-target-url="/index.jsp" /> # </http> # # <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>让没有登录的用户也可以访问登录页面 # <form-login login-page="/login.jsp" # authentication-failure-url="/error.jsp" # default-target-url="/index.jsp" /> # login-page:当用户登录时显示自定义登录页面 # authentication-failure-url:登录失败时跳转到哪个页面 # default-target-url:登录成功后跳转到哪个页面 # # 注意:users-by-username-query指定的查询,必须至少按顺序返回3列,列名必须是 username,password,enabled # authorities-by-username-query指定的查询,必须至少按顺序返回2列,第一列列名必须是username # 第2列必须是权限的名字,与<intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" />中的 # access匹配。 # 不能使用select * # 完成的配置文件: # <?xml version="1.0" encoding="UTF-8"?> # <beans:beans xmlns="http://www.springframework.org/schema/security" # xmlns:beans="http://www.springframework.org/schema/beans" # xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" # xsi:schemaLocation="http://www.springframework.org/schema/beans # http://www.springframework.org/schema/beans/spring-beans-2.0.xsd # http://www.springframework.org/schema/security # http://www.springframework.org/schema/security/spring-security-2.0.4.xsd"> # # <!-- 数据源 --> # <beans:bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> # <beans:property name="driverClassName" value="com.mysql.jdbc.Driver"></beans:property> # <beans:property name="url" value="jdbc:mysql://localhost:3306/sp"></beans:property> # <beans:property name="username" value="root"></beans:property> # <beans:property name="password" value="root"></beans:property> # </beans:bean> # # <http auto-config='true'> # <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/> # <intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" /> # <intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN" /> # <form-login login-page="/login.jsp" # authentication-failure-url="/error.jsp" # default-target-url="/index.jsp" /> # </http> # # <authentication-provider> # <jdbc-user-service data-source-ref="dataSource" # users-by-username-query="select username,password,enabled from t_account where username=?" # authorities-by-username-query="select a.username,r.descn from t_account_role ar join # t_account a on ar.a_id=a.id join t_role r on ar.r_id=r.id where a.username=?"/> # </authentication-provider> # # </beans:beans> # # 登录页面 # <form action="${pageContext.request.contextPath}/j_spring_security_check" method="post"> # 用户: <input type="text" name="j_username" value="${SPRING_SECURITY_LAST_USERNAME}"/><br /> # 密码: <input type="password" name="j_password"/><br /> # <input type="checkbox" name="_spring_security_remember_me" />两周之内不必登陆<br /> # <input type="submit" value="登陆"/><input type="reset" value="重置"/> # </form> # 页面中输入控件的name属性和form的action地址必须符合spring security的规定 # # # 登录失败页面 # ${SPRING_SECURITY_LAST_EXCEPTION.message} 获取spring生成的异常 # # 1.在自定义的过滤器中获取资源的URL地址和角色名以取代spring配置文件中原有的<intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/> # 过滤器代码: # import java.sql.ResultSet; # import java.sql.SQLException; # # import java.util.LinkedHashMap; # import java.util.List; # import java.util.Map; # # import javax.sql.DataSource; # # import org.springframework.beans.factory.FactoryBean; # # import org.springframework.jdbc.core.support.JdbcDaoSupport; # import org.springframework.jdbc.object.MappingSqlQuery; # # import org.springframework.security.ConfigAttributeDefinition; # import org.springframework.security.ConfigAttributeEditor; # import org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource; # import org.springframework.security.intercept.web.FilterInvocationDefinitionSource; # import org.springframework.security.intercept.web.RequestKey; # import org.springframework.security.util.AntUrlPathMatcher; # import org.springframework.security.util.UrlMatcher; # # # public class JdbcFilterInvocationDefinitionSourceFactoryBean # extends JdbcDaoSupport implements FactoryBean { # private String resourceQuery; # # public boolean isSingleton() { # return true; # } # # public Class getObjectType() { # return FilterInvocationDefinitionSource.class; # } # # public Object getObject() { # return new DefaultFilterInvocationDefinitionSource(this # .getUrlMatcher(), this.buildRequestMap()); # } # # protected Map<String, String> findResources() { # ResourceMapping resourceMapping = new ResourceMapping(getDataSource(), # resourceQuery); # # Map<String, String> resourceMap = new LinkedHashMap<String, String>(); # # for (Resource resource : (List<Resource>) resourceMapping.execute()) { # String url = resource.getUrl(); # String role = resource.getRole(); # # if (resourceMap.containsKey(url)) { # String value = resourceMap.get(url); # resourceMap.put(url, value + "," + role); # } else { # resourceMap.put(url, role); # } # } # # return resourceMap; # } # # protected LinkedHashMap<RequestKey, ConfigAttributeDefinition> buildRequestMap() { # LinkedHashMap<RequestKey, ConfigAttributeDefinition> requestMap = null; # requestMap = new LinkedHashMap<RequestKey, ConfigAttributeDefinition>(); # # ConfigAttributeEditor editor = new ConfigAttributeEditor(); # # Map<String, String> resourceMap = this.findResources(); # # for (Map.Entry<String, String> entry : resourceMap.entrySet()) { # RequestKey key = new RequestKey(entry.getKey(), null); # editor.setAsText(entry.getValue()); # requestMap.put(key, # (ConfigAttributeDefinition) editor.getValue()); # } # # return requestMap; # } # # protected UrlMatcher getUrlMatcher() { # return new AntUrlPathMatcher(); # } # # public void setResourceQuery(String resourceQuery) { # this.resourceQuery = resourceQuery; # } # # private class Resource { # private String url; # private String role; # # public Resource(String url, String role) { # this.url = url; # this.role = role; # } # # public String getUrl() { # return url; # } # # public String getRole() { # return role; # } # } # # private class ResourceMapping extends MappingSqlQuery { # protected ResourceMapping(DataSource dataSource, # String resourceQuery) { # super(dataSource, resourceQuery); # compile(); # } # # protected Object mapRow(ResultSet rs, int rownum) # throws SQLException { # String url = rs.getString(1); # String role = rs.getString(2); # Resource resource = new Resource(url, role); # # return resource; # } # } # } # # 将自定义的过滤器放入到原有的spring security过滤器链中(在spring配置文件中配置) # 定义自定义过滤器(sql语句用于查询资源的URL地址 如:/index.jsp 和角色名 如ROLE_USER) # <beans:bean id="filterInvocationDefinitionSource" # class="com.lovo.JdbcFilterInvocationDefinitionSourceFactoryBean"> # <beans:property name="dataSource" ref="dataSource"/> # <beans:property name="resourceQuery" value=" # select m.address,r.descn # from t_module_role mr # join t_module m on mr.m_id=m.id # join t_role r on mr.r_id=r.id; # "/> # </beans:bean> # 将自定义过滤器放入过滤器链中 # <beans:bean id="filterSecurityInterceptor" # class="org.springframework.security.intercept.web.FilterSecurityInterceptor" autowire="byType"> # <custom-filter before="FILTER_SECURITY_INTERCEPTOR"/> # <beans:property name="objectDefinitionSource" ref="filterInvocationDefinitionSource" /> # </beans:bean> # 注意:FilterSecurityInterceptor过滤器会向request中写入一个标记,用于标记是否已经控制了当前请求,以避免对同一请求多次处理,导致第2个FilterSecurityInterceptor不会再次执行。 # 在<http>中不需要再定义<intercept-url>,如下: # <http auto-config='true'> # <form-login login-page="/login.jsp" # authentication-failure-url="/error.jsp" # default-target-url="/index.jsp" /> # # </http> # 自定义的过滤器就从配置文件中读取sql,查询结果就是角色和资源,用户登录时就在session中保存了用户的角色。 # 注意:intercept-url的先后顺序,spring security使用第一个能匹配的intercept-url标签进行权限控制。 # 现在intercept-url来源于数据库,所以在sql查询时注意角色和资源的顺序。 # 建议在角色和资源的中间表中添加1个字段用于标识顺序,(按从严到宽的顺序) # 表结构修改如下: # /* 资源角色的中间表 */ # CREATE TABLE `t_module_role` ( # `m_id` int(11) NOT NULL, # `r_id` int(11) NOT NULL, # `priority` int(11) default NULL, /* 用于标识角色和资源的匹配顺序 从严到宽 */ # PRIMARY KEY (`m_id`,`r_id`), # KEY `FKA713071E2D31C656` (`r_id`), # KEY `FKA713071ED78C9071` (`m_id`), # CONSTRAINT `FKA713071ED78C9071` FOREIGN KEY (`m_id`) REFERENCES `t_module` (`id`), # CONSTRAINT `FKA713071E2D31C656` FOREIGN KEY (`r_id`) REFERENCES `t_role` (`id`) # ) ENGINE=InnoDB DEFAULT CHARSET=utf8; # # 数据如下: # insert into t_account values(1,'zhangsan','123',1); # insert into t_account values(2,'lisi','321',1); # # insert into t_role values(1,'系统管理员','ROLE_ADMIN'); # insert into t_role values(2,'普通用户','ROLE_USER'); # # insert into t_account_role values(1,2); # insert into t_account_role values(2,1); # # insert into t_module values(1,'部门管理','/dept.jsp'); # insert into t_module values(2,'人员管理','/emp.jsp'); # # insert into `t_module_role` values(1,1,3); # insert into `t_module_role` values(1,2,2); # insert into `t_module_role` values(2,1,1); # # 自定义过滤器修改如下: # <beans:bean id="filterInvocationDefinitionSource" # class="com.lovo.JdbcFilterInvocationDefinitionSourceFactoryBean"> # <beans:property name="dataSource" ref="dataSource"/> # <beans:property name="resourceQuery" value=" # select m.address,r.descn # from t_module_role mr # join t_module m on mr.m_id=m.id # join t_role r on mr.r_id=r.id # order by mr.priority # "/> # </beans:bean> # # 如果持久层使用的是hibernate,那么只需要给自定义过滤器注入1个hibernateTemplate. # 在自定义过滤器中就不需要再使用mapRow的方式。而是直接获取url和角色名即可。 # 例如: # public class ModuleFilter implements FactoryBean { # private String resourceQuery; # # public boolean isSingleton() { # return true; # } # # public Class getObjectType() { # return FilterInvocationDefinitionSource.class; # } # # public Object getObject() { # return new DefaultFilterInvocationDefinitionSource(this # .getUrlMatcher(), this.buildRequestMap()); # } # # protected Map<String, String> findResources() { # ResourceMapping resourceMapping = new ResourceMapping(); # # Map<String, String> resourceMap = new LinkedHashMap<String, String>(); # # for (Resource resource : (List<Resource>) resourceMapping.execute()) { # String url = resource.getUrl(); # String role = resource.getRole(); # # if (resourceMap.containsKey(url)) { # String value = resourceMap.get(url); # resourceMap.put(url, value + "," + role); # } else { # resourceMap.put(url, role); # } # } # # return resourceMap; # } # # protected LinkedHashMap<RequestKey, ConfigAttributeDefinition> buildRequestMap() { # LinkedHashMap<RequestKey, ConfigAttributeDefinition> requestMap = null; # requestMap = new LinkedHashMap<RequestKey, ConfigAttributeDefinition>(); # # ConfigAttributeEditor editor = new ConfigAttributeEditor(); # # Map<String, String> resourceMap = this.findResources(); # # for (Map.Entry<String, String> entry : resourceMap.entrySet()) { # RequestKey key = new RequestKey(entry.getKey(), null); # editor.setAsText(entry.getValue()); # requestMap.put(key, # (ConfigAttributeDefinition) editor.getValue()); # } # # return requestMap; # } # # protected UrlMatcher getUrlMatcher() { # return new AntUrlPathMatcher(); # } # # public void setResourceQuery(String resourceQuery) { # this.resourceQuery = resourceQuery; # } # # private class Resource { # private String url; # private String role; # # public Resource(String url, String role) { # this.url = url; # this.role = role; # } # # public String getUrl() { # return url; # } # # public String getRole() { # return role; # } # } # # private class ResourceMapping{ # public List<Resource> execute(){ # List<Resource> rlist = new ArrayList<Resource>(); # List<Role> list = hibernateTemplate.find(resourceQuery); # for(int i=0;i<list.size();i++){ # Role role = list.get(i); # Set<Module> set = role.getModuleSet(); # Iterator<Module> it = set.iterator(); # while(it.hasNext()){ # Module m = it.next(); # Resource re = new Resource(m.getUrl(),role.getDescn()); # rlist.add(re); # } # } # return rlist; # } # } # # public void setHibernateTemplate(HibernateTemplate hibernateTemplate) { # this.hibernateTemplate = hibernateTemplate; # } # # private HibernateTemplate hibernateTemplate; # } # 而从灵活性的角度考虑,把hql写在配置文件中 # <beans:bean id="moduleFilter" class="com.lovo.ModuleFilter"> # <beans:property name="resourceQuery" # value="from com.lovo.po.Role order by ind"> # </beans:property> # <beans:property name="hibernateTemplate" ref="hibernateTemplate"> # </beans:property> # </beans:bean> # # 问题:系统只会在初始化的时候从数据库中加载信息。无法识别数据库中信息的改变。 # 解决:每个jsp页面上重新内存 # 代码:每个jsp页面include如下代码: # <%@page import="org.springframework.context.ApplicationContext"%> # <%@page import="org.springframework.web.context.support.WebApplicationContextUtils"%> # <%@page import="org.springframework.beans.factory.FactoryBean"%> # <%@page import="org.springframework.security.intercept.web.FilterSecurityInterceptor"%> # <%@page import="org.springframework.security.intercept.web.FilterInvocationDefinitionSource"%> # <% # ApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(application); # FactoryBean factoryBean = (FactoryBean) ctx.getBean("&自定义过滤器的id"); # FilterInvocationDefinitionSource fids = (FilterInvocationDefinitionSource) factoryBean.getObject(); # FilterSecurityInterceptor filter = (FilterSecurityInterceptor) ctx.getBean("filterSecurityInterceptor"); # filter.setObjectDefinitionSource(fids); # %> # 或者加入 // 刷新SpringSecurity权限信息 private void flushSpringSecurity() { try { FactoryBean factoryBean = (FactoryBean)SpringUtil.getBean("&userSecurityDefinitionSource"); FilterInvocationDefinitionSource filterInvocationDefinitionSource = (FilterInvocationDefinitionSource) factoryBean.getObject(); FilterSecurityInterceptor filterSecurityInterceptor = (FilterSecurityInterceptor) SpringUtil.getBean("filterSecurityInterceptor"); filterSecurityInterceptor.setObjectDefinitionSource(filterInvocationDefinitionSource); } catch (Exception e) { e.printStackTrace(); } }
发表评论
-
Drools语法
2014-12-11 14:30 799开始语法之前首先要了解一下drools的基本工作过程,通常 ... -
转载 ibator 工具
2011-11-04 09:44 673转载 ibator 工具 http://yhjhappy23 ... -
JECSHOP
2011-11-01 16:48 770http://code.google.com/p/jeshop ... -
link
2011-10-14 18:52 543http://code.google.com/p/ctf-fr ... -
ibatis 缓存实例
2011-08-07 21:45 783缓存,顾名思义,就是 ... -
(转)ibatis 缓存 (cacheModel)详解
2011-08-07 21:32 813cacheModel的属性值等 ... -
(转)使用spring-modules-0.9实现注解缓存
2011-08-04 10:09 834http://blog.csdn.net/gaoligaoli ... -
11 款用于优化、分析源代码的Java工具(转发)
2011-08-02 22:43 872本文将提供一些工具,帮助你优化代码以及检查源代码中的潜在问题。 ... -
iBatis-SqlMap配置总结(转载)
2010-10-30 14:53 1538SqlMap的配置是iBatis中应 ... -
spring-mvc-jquery
2010-10-19 11:30 1041http://www.jtraining.com/blogs/ ...
相关推荐
SpringSecurity学习总结源代码
Spring Security学习总结
Spring Security学习总结二
Spring Security 实践指南 Spring Security 是一个基于 Java 的安全框架,旨在提供身份验证、授权和访问控制等功能。下面是 Spring Security 的主要知识点: 一、身份验证(Authentication) 身份验证是指对用户...
spring security学习总结文档是我自己在学习security之后总结的,该部分是初级部分
Spring Security 演讲PPT(演讲嘉宾:张明星) WebSphere技术专家沙龙在广州圆满举办,WSC超级版主Fastzch(张明星)担任本次沙龙的演讲嘉宾,他给广州的WebSphere技术专家带来了以“Spring Security ”为主题的...
Spring Security三份资料,实战Spring Security 3.x.pdf;Spring Security 3.pdf;Spring Security使用手册.pdf
SpringSecurity学习总结一.pdf
springsecurity是一个功能强大且高度可定制的身份验证和访问控制框架。springsecurity是一个专注于为Java应用程序提供身份验证和授权的框架。与所有Spring项目一样,Spring安全性的真正威力在于它可以很容易地扩展以...
SpringSecurity框架的权限认证流程原理,请求到来时SpringSecurity如果调用层层过滤器来完成认证;
1.本项目为SpringCloud Gateway的微服务框架,整合了SpringSecurity,微服务间使用Redis来获取登陆的用户信息。 2.由于Gat
很多独立软件供应商,因为灵活的身份验证模式二选择Spring Security。这样做允许他们快速的集成到他们的终端客户需求的解决方案而不用进行大量工程或者改变客户的环境。如果上面的验证机制不符合你的需求,Spring ...
Spring Security学习总结 关于Spring Security的完全学习总结 强烈推荐
spring security spring security 中文文档
SpringSecurity入门到进阶到高级,是我们老师给我们讲课用的,我们都照着配就没有问题,可以跑通,
Spring Security:spring家族一员。是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。它提供了一组可以在Spring应用上下文中配置的Bean,充分利用了Spring IoC,DI(控制反转...
Spring Security 3.pdf Spring Security 3.pdf Spring Security 3.pdf Spring Security 3.pdf
三更springsecurity学习笔记