Die folgenden Code-Schnipsel sollen beim Einstieg in die Konfiguration von Spring Security helfen. Durch die Beispiel-Konfiguration wird die Benutzer-Authentifikation über eine MySQL-Datenbank abgewickelt. Für weitere Informationen empfehle ich den „5 Minute Guide to Spring Security„.
Weitere hilfreiche Links:
Spring Security – FAQ
/WEB-INF/web.xml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | <?xml version="1.0" encoding="UTF-8"?> <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/applicationContext.xml, /WEB-INF/applicationContext-security.xml </param-value> </context-param> <!-- Begin of Spring Security --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- End of Spring Security --> ... </web-app> |
/WEB-INF/applicationContext.xml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" p:driverClassName="com.mysql.jdbc.Driver" p:url="jdbc:mysql://localhost/database" p:username="root" p:password="password" /> </beans> |
/WEB-INF/applicationContext-security.xml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <http> <http-basic /> <form-login login-page='/login.html' default-target-url='/index.html' always-use-default-target='true' /> <logout /> <intercept-url pattern="/login.html" access="ROLE_ANONYMOUS" /> <intercept-url pattern="/**" access="ROLE_USER" /> </http> <authentication-manager> <authentication-provider> <password-encoder hash="sha"/> <jdbc-user-service data-source-ref="dataSource" authorities-by-username-query="select username,authority from users where username=?"/> </authentication-provider> </authentication-manager> </beans:beans> |
Datenbank-Schema: database.users
1 2 3 4 5 6 7 8 9 | CREATE TABLE IF NOT EXISTS `database`.`users` ( `username` VARCHAR(50) NOT NULL, `password` VARCHAR(50) NOT NULL, `authority` VARCHAR(50) NOT NULL, `enabled` tinyint(1) NOT NULL, PRIMARY KEY (`username`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; |
Datenbank-User anlegen:
1 2 | INSERT INTO `database`.`users` (`username`, `password`, `authority`, `enabled`) VALUES ('bennyn', SHA1('password'), 'ROLE_USER', 1); |