|
21 | 21 |
|
22 | 22 | 基于: https://www.mkyong.com/spring-security/spring-security-hello-world-example/ |
23 | 23 |
|
| 24 | +```xml |
| 25 | +<beans:beans xmlns="http://www.springframework.org/schema/security" |
| 26 | + xmlns:beans="http://www.springframework.org/schema/beans" |
| 27 | + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" |
| 28 | + xsi:schemaLocation="http://www.springframework.org/schema/beans |
| 29 | + http://www.springframework.org/schema/beans/spring-beans.xsd |
| 30 | + http://www.springframework.org/schema/security |
| 31 | + http://www.springframework.org/schema/security/spring-security-4.2.xsd"> |
| 32 | + |
| 33 | + <http auto-config="true" use-expressions="true"> |
| 34 | + <intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" /> |
| 35 | + </http> |
| 36 | + |
| 37 | + <authentication-manager> |
| 38 | + <authentication-provider> |
| 39 | + <user-service> |
| 40 | + <user name="cyper" password="{noop}123456" authorities="ROLE_ADMIN" /> |
| 41 | + </user-service> |
| 42 | + </authentication-provider> |
| 43 | + </authentication-manager> |
| 44 | + |
| 45 | +</beans:beans> |
| 46 | +``` |
| 47 | + |
24 | 48 | 默认提供的 EndPoint 有: |
25 | 49 |
|
26 | 50 | 1. GET/POST http://localhost:8080/course-app/login |
27 | 51 | 2. GET/POST http://localhost:8080/course-app/logout |
28 | 52 |
|
| 53 | +### Security jdbc version |
| 54 | + |
| 55 | +```xml |
| 56 | +<http auto-config="true" use-expressions="true"> |
| 57 | + <csrf disabled="true"/> |
| 58 | + <intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" /> |
| 59 | +</http> |
| 60 | + |
| 61 | +<beans:bean id="passwordEncoder" class="org.springframework.security.crypto.password.NoOpPasswordEncoder" factory-method="getInstance"/> |
| 62 | + |
| 63 | +<authentication-manager> |
| 64 | + <authentication-provider> |
| 65 | + <!-- <user-service> |
| 66 | + <user name="cyper" password="{noop}123456" authorities="ROLE_ADMIN" /> |
| 67 | + </user-service> --> |
| 68 | + |
| 69 | + <password-encoder ref="passwordEncoder" /> |
| 70 | + |
| 71 | + <jdbc-user-service |
| 72 | + data-source-ref="dataSource" |
| 73 | + users-by-username-query="select username, password, 'true' from tbl_user where username=?;" |
| 74 | + authorities-by-username-query="select username, 'ROLE_ADMIN' from tbl_user where username=?;" |
| 75 | + /> |
| 76 | + |
| 77 | + </authentication-provider> |
| 78 | +</authentication-manager> |
| 79 | +``` |
| 80 | + |
29 | 81 | ### Security Errors |
30 | 82 |
|
31 | 83 | 1. Failed to evaluate expression 'ROLE_USER' => (ref #5) |
|
42 | 94 | 3. https://stackoverflow.com/questions/41577234/why-does-spring-mvc-respond-with-a-404-and-report-no-mapping-found-for-http-req |
43 | 95 | 4. https://howtodoinjava.com/spring5/security5/security-java-config-enablewebsecurity-example/ |
44 | 96 | 5. https://stackoverflow.com/questions/35715065/it-throws-me-500-failed-to-evaluate-expression-role-user-in-spring-security |
| 97 | +6. [What is the difference between spring factory-method and factory-bean?](https://stackoverflow.com/questions/18772490/what-is-the-difference-between-spring-factory-method-and-factory-bean) |
0 commit comments