ក្នុងការបង្កើត Spring Project វាមានច្រើនវិធីសាស្រ្តក្នុងការបង្កើត និង configuration។ គេអាច បង្កើត Spring តាមរយៈ Dynamic Web Project ហើយបម្លែងទៅជា Maven ឬបង្កើតជា Maven តែម្តង ឬ តាម Spring Project ។ បន្តិចទៀតនេះ នឹងមានការបង្ហាញពី ការបែងចែក សិទ្ធរបស់អ្នកប្រើប្រាស់ម្នាក់ៗ ដោយការពារលើ URL។
៙តម្រូវការ
- Spring 3.2.8.RELEASE
- Spring Security 3.2.3.RELEASE
- JSTL 1.2
- JDK 1.7
- Tomcat 8.x
- STS 3.7.0
៙រចនាសម្ពន្ធ័ធ្វើរួចរាល់
៙pom.xml
<properties>
<org.springframework-version>3.2.8.RELEASE</org.springframework-version>
<spring.security.version>3.2.3.RELEASE</spring.security.version>
<jstl.version>1.2</jstl.version>
</properties>]
<dependencies>
<!-- Spring -->
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context</artifactId>
<version>${org.springframework-version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${org.springframework-version}</version>
</dependency>
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<!-- jstl for jsp page -->
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>${jstl.version}</version>
</dependency>
</dependencies>
៙web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <!-- The definition of the Root Spring Container shared by all Servlets and Filters --> <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/spring/root-context.xml</param-value> </context-param> <!-- Creates the Spring Container shared by all Servlets and Filters --> <!-- <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> --> <!-- ContextLoader no here in SecurityInit class was load --> <!-- Processes application requests --> <servlet> <servlet-name>appServlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>appServlet</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> </web-app>
៙SecurityConfig.java|package com.heng.config
package com.heng.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("vary").password("123456").roles("USER");
auth.inMemoryAuthentication().withUser("admin").password("123456").roles("ADMIN");
auth.inMemoryAuthentication().withUser("dba").password("123456").roles("DBA");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin/**").access("hasRole('ROLE_ADMIN') or hasRole('ROLE_DBA')")
.antMatchers("/dba/**").access("hasRole('ROLE_DBA')")
.and().formLogin();
http.csrf().disable();
}
}
@EnableWebSecurityannotation និង extends ពីClassWebSecurityConfigurerAdapterជួយអោយយើង ទាមទារនូវការកំនត់សិទ្ធ។- Enable Http Basic និង Form login
- Spring Security និងផ្តល់នូវ URL login និង logout page free សម្រាប់អ្នក។
- URL (/admin/) អាចចូលបាន លុះត្រាតែមាន សិទ្ធជា ADMIN ឬ DBA។
៙SecurityInit.java|package com.heng.config
package com.heng.config;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SecurityInit extends AbstractSecurityWebApplicationInitializer{
public SecurityInit() {
super(SecurityConfig.class);
}
//Load ContextLoaderListener && springSecurityFilterChain
}
៙HomeController.java|package com.heng.samplesecurity.controller
package com.heng.samplesecurity.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
/**
* @author Heng-Cyber
*/
@Controller
public class HomeController {
@RequestMapping(value = { "/", "/welcome**" }, method = RequestMethod.GET)
public ModelAndView welcomePage() {
ModelAndView model = new ModelAndView();
model.addObject("title", "Spring Security Hello World");
model.addObject("message", "This is welcome page!");
model.setViewName("home");
return model;
}
@RequestMapping(value = "/admin**", method = RequestMethod.GET)
public ModelAndView adminPage() {
ModelAndView model = new ModelAndView();
model.addObject("title", "Spring Security Hello World");
model.addObject("message", "This is protected page - Admin Page!");
model.setViewName("admin");
return model;
}
@RequestMapping(value = "/dba**", method = RequestMethod.GET)
public ModelAndView dbaPage() {
ModelAndView model = new ModelAndView();
model.addObject("title", "Spring Security Hello World");
model.addObject("message", "This is protected page - Database Page!");
model.setViewName("admin");
return model;
}
}
៙Screen Shot
 |
| Login as simple user |
 |
| access denied in URL admin |
ប្រភព៖ spring.io
ទាញយក Source Code:
ទីនេះ
Post a Comment
សូមមានយោបល់ខាងក្រោមនេះ៖