使用SpringMVC创建Web工程并使用SpringSecurity进行权限控制的详细配置方法

使用SpringMVC框架搭建Web项目工程是目前非常流行的web项目创建方式。同时Spring Security也为我们提供了登录验证和权限控制等内容。在这篇博客中，我们将详细描述如何从0开始配置一个基于SpringMVC框架和SpringSecurity权限控制的网站。主要，需要实现搭建好Eclipse开发环境。可参考[Eclipse的Web开发环境搭建——从零开始入门介绍](http://www.datalearner.com/blog/1051504188229579)。本项目已经上传到GitHub中，请查看https://github.com/df19900725/WebTempalte

[TOC]

### 一、创建Web项目
在这里，我们首先创建一个Dynamic Web Project项目。填好项目名称之后，直接点击Finish即可（不用next，这里我们用后面默认的配置）。然后，右键单击项目名称，依次选择Configure - Convert To Maven Project。将该项目转换成Maven的项目。这样，一个基于Maven的Web项目就建好了。可能有人问为啥不直接使用Maven创建。因为Eclipse的Maven插件提供的Web原型版本太低，而且常年不更新，和新的jdk版本搭配在一起很容易出错。所以我们采用这种方式。

<center>
![](http://www.datalearner.com/resources/blog_images/5d43b7e3-96bd-4d7a-94bb-ffbc7ce3d486.jpg)
![](http://www.datalearner.com/resources/blog_images/53dbd32c-d4ac-4987-a304-fea286cf8726.jpg)
</center>

### 二、配置pom.xml文件
使用SpringMVC和SpringSecurity插件需要依赖一些包。我们使用Maven的方式添加，同时，我们还需要一些连接数据库的包。我们一同在下面加进去。把下面的插件添加之后，这个网站系统就支持SpringMVC和SpringSecurity的各项功能了。后面我们将一步一步说明。

```xml
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>hfutec</groupId>
  <artifactId>WebTemplate</artifactId>
  <version>0.0.1-SNAPSHOT</version>
  <packaging>war</packaging>
  
  
  <build>
    <sourceDirectory>src</sourceDirectory>
    <plugins>
      <plugin>
        <artifactId>maven-compiler-plugin</artifactId>
        <version>3.6.1</version>
        <configuration>
          <source>1.8</source>
          <target>1.8</target>
        </configuration>
      </plugin>
      <plugin>
        <artifactId>maven-war-plugin</artifactId>
        <version>3.0.0</version>
        <configuration>
          <warSourceDirectory>WebContent</warSourceDirectory>
        </configuration>
      </plugin>
    </plugins>
  </build>
  
  <dependencies>

<dependency>
		<groupId>commons-logging</groupId>
		<artifactId>commons-logging</artifactId>
		<version>1.1.1</version>
	</dependency>
	
	
	<dependency>
		<groupId>commons-dbutils</groupId>
		<artifactId>commons-dbutils</artifactId>
		<version>1.6</version>
	</dependency>

<dependency>
		<groupId>mysql</groupId>
		<artifactId>mysql-connector-java</artifactId>
		<version>5.1.34</version>
	</dependency>

<dependency>
		<groupId>com.alibaba</groupId>
		<artifactId>druid</artifactId>
		<version>1.0.12</version>
	</dependency>

<dependency>
		<groupId>jstl</groupId>
		<artifactId>jstl</artifactId>
		<version>1.2</version>
	</dependency>

<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-taglibs</artifactId>
		<version>4.0.2.RELEASE</version>
	</dependency>

<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-web</artifactId>
		<version>4.0.2.RELEASE</version>
	</dependency>

<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-config</artifactId>
		<version>4.0.2.RELEASE</version>
	</dependency>
	
	
	<dependency>
		<groupId>org.springframework.security</groupId>
		<artifactId>spring-security-core</artifactId>
		<version>4.0.2.RELEASE</version>
	</dependency>

<dependency>
		<groupId>org.springframework</groupId>
		<artifactId>spring-webmvc</artifactId>
		<version>4.1.4.RELEASE</version>
	</dependency>

<dependency>
		<groupId>com.fasterxml.jackson.core</groupId>
		<artifactId>jackson-core</artifactId>
		<version>2.5.0</version>
	</dependency>
	<dependency>
		<groupId>com.fasterxml.jackson.core</groupId>
		<artifactId>jackson-databind</artifactId>
		<version>2.5.0</version>
	</dependency>
	<dependency>
		<groupId>com.fasterxml.jackson.core</groupId>
		<artifactId>jackson-annotations</artifactId>
		<version>2.5.0</version>
	</dependency>

<dependency>
		<groupId>org.springframework</groupId>
		<artifactId>spring-aop</artifactId>
		<version>4.3.6.RELEASE</version>
	</dependency>

<dependency>
		<groupId>org.aspectj</groupId>
		<artifactId>aspectjrt</artifactId>
		<version>1.7.3</version>
	</dependency>

<dependency>
		<groupId>org.aspectj</groupId>
		<artifactId>aspectjweaver</artifactId>
		<version>1.8.10</version>
	</dependency>

<dependency>
        <groupId>com.google.guava</groupId>
        <artifactId>guava</artifactId>
        <version>20.0</version>
    </dependency>

<dependency>
        <groupId>com.alibaba</groupId>
        <artifactId>fastjson</artifactId>
        <version>1.2.38</version>
    </dependency>

</dependencies>
</project>
```

### 三、配置Web.xml
在上述操作完毕之后，我们的网站所所依赖的包就完毕了。现在我们讲一下Web.xml的配置。当我们去启动一个WEB项目时，容器包括（JBoss、Tomcat等）首先会读取项目web.xml配置文件里的配置，当这一步骤没有出错并且完成之后，项目才能正常地被启动起来。而一些Spring框架的监控都是在这里配置的（注意：配置条目的顺序要一样，因为它是按照顺序扫描加载的。顺序错了可能会导致出错）。我们右键项目中的```WEB-INF```文件夹，然后新建一个web.xml（有的时候创建项目可以勾选自动创建web.xml，这里我们手动建一个）。具体配置和说明如下：

```xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app 
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns="http://xmlns.jcp.org/xml/ns/javaee" 
	xmlns:jsp="http://java.sun.com/xml/ns/javaee/jsp"
	xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
	metadata-complete="true" version="3.1">
	
	<display-name>Web Template created by D.F.</display-name>

<welcome-file-list>
		<welcome-file>/</welcome-file>
	</welcome-file-list>
	
	
	<session-config>
		<session-timeout>1800</session-timeout>
	</session-config>

<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	<listener>
		<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
	</listener>
	
	
	<filter>
		<filter-name>encodingFilter</filter-name>
		<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
		<init-param>
			<param-name>encoding</param-name>
			<param-value>UTF-8</param-value>
		</init-param>
		<init-param>
			<param-name>forceEncoding</param-name>
			<param-value>true</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>encodingFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	
	
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	
	
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>/WEB-INF/spring*.xml
					/WEB-INF/applicationContext*.xml</param-value>
	</context-param>
	
	
	<servlet>
		<servlet-name>applicationContext</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
		<servlet-name>applicationContext</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping>

<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.css</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.js</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.ico</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.gif</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.jpg</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.png</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.bmp</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.jpeg</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.swf</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.flv</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.xml</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.txt</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.htm</url-pattern>
	</servlet-mapping>
	<servlet-mapping>
		<servlet-name>default</servlet-name>
		<url-pattern>*.html</url-pattern>
	</servlet-mapping>
</web-app>
```

四、添加其他的配置文件
在web.xml的配置中，我们还加了一个其他配置文件。这里我们就在WEB-INF下面再加入三个配置文件，分别是```applicationContext-database.xml```、```applicationContext-servlet.xml```和```spring-security.xml```。我们将分别说明。

##### 4.1、applicationContext-database.xml

这是阿里巴巴Druid数据连接池的配置。网站需要访问数据库，需要数据库连接池来管理数据库连接。我们使用的是druid工具。里面配置了用户名、密码、连接数、等待时间等等。不是本篇重点。我们只列出来，不说具体了。

<property name="url"><value>jdbc:mysql://127.0.0.1:3306/Enterprise</value></property> 
		<property name="username"><value>root</value></property> 
		<property name="password"><value>11111111</value></property>
		
		
		<property name="initialSize" value="1" />
		<property name="minIdle" value="1" /> 
		<property name="maxActive" value="20" />
		
		
		<property name="maxWait" value="60000" />
		
		
		<property name="timeBetweenEvictionRunsMillis" value="60000" />
		
		
		<property name="minEvictableIdleTimeMillis" value="300000" />
		
		<property name="validationQuery" value="SELECT 'x'" />
		<property name="testWhileIdle" value="true" />
		<property name="testOnBorrow" value="false" />
		<property name="testOnReturn" value="false" />
		
		
		<property name="poolPreparedStatements" value="true" />
		<property name="maxPoolPreparedStatementPerConnectionSize" value="20" />
		
		
		<property name="filters" value="stat" />
		
    </bean>

</beans>

```

##### 4.2、applicationContext-servlet.xml

这里主要配置SpringMVC的一些信息，包括对自动标注的支持，设置需要扫描的拦截器目录等。具体如下：

```xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xmlns:context="http://www.springframework.org/schema/context"
             xmlns:aop="http://www.springframework.org/schema/aop"
             xmlns:tx="http://www.springframework.org/schema/tx"
             xmlns:mvc="http://www.springframework.org/schema/mvc" 
             xmlns:security="http://www.springframework.org/schema/security" 
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                     http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
                     http://www.springframework.org/schema/context
                     http://www.springframework.org/schema/context/spring-context-4.0.xsd
                     http://www.springframework.org/schema/aop
                     http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
                     http://www.springframework.org/schema/mvc  
            		 http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
                     http://www.springframework.org/schema/tx
                     http://www.springframework.org/schema/tx/spring-tx-4.0.xsd
                     http://www.springframework.org/schema/security
                     http://www.springframework.org/schema/security/spring-security-4.0.xsd" default-autowire="byName">

<mvc:annotation-driven>
        
        <mvc:message-converters register-defaults="true">
            <bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
                <property name="supportedMediaTypes">
                    <list>
                        <value>text/html;charset=UTF-8</value>
                        <value>application/json;charset=UTF-8</value>
                    </list>
                </property>
            </bean>
        </mvc:message-converters>
    </mvc:annotation-driven>
    
    
    
    <mvc:default-servlet-handler />
    
    <context:annotation-config />
    
	
	<context:component-scan base-package="org.test" />
    
	
	<security:global-method-security jsr250-annotations="enabled" secured-annotations="enabled" pre-post-annotations="enabled"/>
    
	
	<bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
	    <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
	    <property name="prefix" value="/WEB-INF/views/"/>
	    <property name="suffix" value=".jsp"/>
	</bean>
	
</beans>
```

##### 4.3、spring-security.xml文件配置
这个就是配置spring-security权限控制的文件了。具体如下：
```xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
	xmlns:beans="http://www.springframework.org/schema/beans"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
		http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
		http://www.springframework.org/schema/security
		http://www.springframework.org/schema/security/spring-security-4.0.xsd">

<http pattern="/resources/**" security="none" />
	<http pattern="/sitemap.xml" security="none" />
	<http pattern="/favicon.ico" security="none" />
	
	
	<http auto-config="true" use-expressions="true">
		
		<intercept-url pattern="/"	access="permitAll" />
		<intercept-url pattern="/index*" access="permitAll" />
		<intercept-url pattern="/signin*" access="permitAll" />
		<intercept-url pattern="/login*" access="permitAll" />
		<intercept-url pattern="/register*" access="permitAll" />
		<intercept-url pattern="/invalidsession*" access="permitAll" />
		<intercept-url pattern="/404*" access="none" />
		
		
		<form-login login-page="/signin" authentication-failure-url="/signin?login_error" default-target-url="/query"/>
		<logout logout-success-url="/query" delete-cookies="JSESSIONID" />
		
		
		<intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')" />
		<intercept-url pattern="/**" access="hasAnyRole('ROLE_ADMIN','ROLE_USER')" />
	
		<csrf disabled="true" />
		<access-denied-handler error-page="/403" />
		
		<remember-me data-source-ref="dataSource" token-validity-seconds="1209600" remember-me-parameter="remember-me" />
		
		<session-management invalid-session-url="/"> 
			<concurrency-control max-sessions="1"/> 
		</session-management>
		
	</http>

<authentication-manager erase-credentials="false">
		<authentication-provider>
			<password-encoder ref="bcryptEncoder" />
			<jdbc-user-service data-source-ref="dataSource" />
		</authentication-provider>
	</authentication-manager>

<beans:bean id="messageSource"
		class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
		<beans:property name="basenames">
			<beans:list>
				<beans:value>classpath:myMessages</beans:value>
			</beans:list>
		</beans:property>
	</beans:bean>

<beans:bean name="bcryptEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />

</beans:beans>
```

在上述配置文件都创建好了之后，我们的目录应该如下所示（这里把第5步骤的创建的首页也放进来了。）

<center>
![](http://www.datalearner.com/resources/blog_images/39336c6f-a725-4e90-8ac4-cb3167fc6fbd.jpg)
</center>

#### 五、创建首页
好了。在所有的配置文件都写好之后，我们开始创建一个首页。首先，我们在WEB-INF文件夹下创建一个views文件夹。这个之前说过了，我们在配置文件中写了。我们创建一个简单的jsp页面，如下：

```html
<%@ page language="java" contentType="text/html; charset=UTF-8"	pageEncoding="UTF-8"%>

<!DOCTYPE html>
<html lang="zh">
<head>
  <title>首页</title>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <meta http-equiv="pragma" content="no-cache" />
  <meta http-equiv="cache-control" content="max-age=3600" />
  <meta http-equiv="expires" content="0" />
  <meta http-equiv="keywords" content="">
  <meta http-equiv="description" content="">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  
</head>
<body>

</body>
</html>

```

然后，我们需要创建一个Contoller来控制这个首页访问。在Java Resource下src上右键单击创建一个包，然后创建一个Java类，如下：

<center>
![](http://www.datalearner.com/resources/blog_images/a05a819b-1f88-4d0a-a157-78570265ea01.jpg)
</center>

```java
package org.test.controller;

import javax.servlet.http.HttpServletRequest;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;

@Controller
public class ViewRedirectController {
	
  @RequestMapping("/")
  public ModelAndView index() {
    ModelAndView mav = new ModelAndView();
    mav.setViewName("/index");
    return mav;
  }
  
}
```

这里我们在类名上加上```@Controller```表明这是一个控制类，Spring监听器会把这个里面的方法加入到监听。然后我们创建了一个方法，声明```@RequestMapping("/")```表明这个方法是用来处理```/```请求的，就是我们常见的默认的首页。然后返回index这个页面。是使用```setViewName("/index")```方法。<font color=red>注意，这个类所在的包一定要和 applicationContext-servlet.xml 中配置的扫描的包要一致，至少要在那个包下面，负责会扫描不到这个控制类，就无法控制了。</font>

好了，下面右键单击这个项目，点击Run As - Run on server之后，我们就可以启动这个系统（如果没有配置tomcat请先配置一下）。然后看到首页了。

<center>
![](http://www.datalearner.com/resources/blog_images/5d2365db-1014-4b56-ad70-9a0c10a70dcf.jpg)![](http://www.datalearner.com/resources/blog_images/945d7997-4c0f-4072-a533-df92621f2504.jpg)
</center>

本项目已经上传到GitHub中，请查看https://github.com/df19900725/WebTempalte

使用SpringMVC创建Web工程并使用SpringSecurity进行权限控制的详细配置方法

欢迎大家关注DataLearner官方微信，接受最新的AI技术推送

相关博客

最热博客