spring mvc 和spring security配置 spring-servlet.xml和spring-security.xml设置

时间:2022-03-07 14:32:26

spring-servlet.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> <mvc:annotation-driven></mvc:annotation-driven>
<!--<mvc:annotation-driven conversion-service="formattingConversionService"></mvc:annotation-driven>-->
<mvc:resources mapping="/static/**" location="/statics/"></mvc:resources>
<mvc:resources mapping="/resources/**" location="/resources/"></mvc:resources>
<context:component-scan base-package="com.lingdong.controller"></context:component-scan>
<context:component-scan base-package="com.lingdong.thymeleaf"></context:component-scan>
<!-- 配置视图解析器 -->
<!--<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/resources/jsp/"></property>
<property name="suffix" value=".jsp"></property>
</bean>-->
<!--spring thymeleaf视图解析器-->
<bean id="springResourceTemplateResolver" class="org.thymeleaf.spring4.templateresolver.SpringResourceTemplateResolver">
<property name="prefix" value="/resources/views/"/>
<property name="suffix" value=".html"/>
<property name="templateMode" value="HTML5" />
<property name="cacheable" value="true" />
<property name="characterEncoding" value="UTF-8"/> </bean>
<!--<bean id="formattingConversionService" class="org.springframework.format.support.FormattingConversionServiceFactoryBean">
<property name="formatters">
<set>
<bean class="com.lingdong.thymeleaf.DateFormatter"/>
</set>
</property>
</bean>-->
<bean id="springTemplateEngine" class="org.thymeleaf.spring4.SpringTemplateEngine">
<property name="templateResolver" ref="springResourceTemplateResolver"/>
<property name="enableSpringELCompiler" value="true"/> </bean>
<!--<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
<property name="prefix" value="/resources/jsps/"/>
<property name="suffix" value=".jsp"/>
<property name="order" value="2"/>
<property name="viewNames" value="*jsp"/>
</bean>-->
<bean class="org.thymeleaf.spring4.view.ThymeleafViewResolver">
<property name="templateEngine" ref="springTemplateEngine"/>
<property name="characterEncoding" value="UTF-8"/> </bean> <bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
<property name="defaultErrorView" value="exception"/>
<property name="exceptionAttribute" value="ex"/>
<property name="exceptionMappings">
<props>
<prop key="NumberFormatException">numberException</prop>
<prop key="NullPointerException">runtimeException</prop>
<prop key="RuntimeException">runtimeException</prop>
<prop key="ClassCastException">runtimeException</prop>
</props>
</property>
</bean>
<!-- 从请求和响应 读取/编写字符串 -->
<bean id="stringHttpMessageConverter" class="org.springframework.http.converter.StringHttpMessageConverter">
<property name="supportedMediaTypes">
<list>
<value>text/plain;charset=UTF-8</value>
</list>
</property>
</bean>
</beans>

spring-security.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <security:http pattern="/statics/**" security="none"/>
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/login.do" access="isAnonymous()"/>
<security:intercept-url pattern="/register.do" access="isAnonymous()"/>
<security:intercept-url pattern="/registerusers.do" access="isAnonymous()"/>
<security:intercept-url pattern="/useradd.do" access="isAnonymous()"/>
<security:intercept-url pattern="/admins/**" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<security:csrf disabled="false" token-repository-ref="cookieCsrfTokenRepository" />
<security:form-login login-page="/login.do" login-processing-url="/login" username-parameter="username" password-parameter="password" authentication-failure-url="/login.do?error=true" />
<security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/login.do"/>
<security:http-basic />
<security:remember-me data-source-ref="dataSource" key="youkey" remember-me-parameter="remember-me"/>
<security:session-management>
<security:concurrency-control />
</security:session-management>
</security:http>
<security:authentication-manager>
<!--静态添加的用户登录信息-->
<!--<security:authentication-provider>
<security:user-service>
<security:user name="admin" password="admin123" authorities="ROLE_USER,ROLE_ADMIN"/>
<security:user name="user" password="user123" authorities="ROLE_USER"/>
</security:user-service>
</security:authentication-provider>-->
<security:authentication-provider>
<security:password-encoder ref="bCryptPasswordEncoder"/>
<security:jdbc-user-service id="userDetailsService" data-source-ref="dataSource"
users-by-username-query="SELECT username,password,enabled FROM users WHERE username=?"
authorities-by-username-query="SELECT u.username as username,r.rolename as authority FROM users u join userrole ur on u.userid=ur.userid join roles r on r.roleid=ur.roleid WHERE u.username=?"
/>
</security:authentication-provider>
</security:authentication-manager> <bean id="bCryptPasswordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>
<bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<property name="hideUserNotFoundExceptions" value="false"/>
<property name="userDetailsService" ref="userDetailsService"/>
<property name="passwordEncoder" ref="bCryptPasswordEncoder"/> </bean>
<bean id="cookieCsrfTokenRepository" class="org.springframework.security.web.csrf.CookieCsrfTokenRepository">
<property name="cookieHttpOnly" value="false"/>
</bean> </beans>