DataLearner AI 专注大模型评测、数据资源与实践教学的知识平台,持续更新可落地的 AI 能力图谱。
© 2026 DataLearner AI. DataLearner 持续整合行业数据与案例,为科研、企业与开发者提供可靠的大模型情报与实践指南。
使用SpringMVC创建Web工程并使用SpringSecurity进行权限控制的详细配置方法 | DataLearnerAI
首页 / 博客列表 / 博客详情 使用SpringMVC框架搭建Web项目工程是目前非常流行的web项目创建方式。同时Spring Security也为我们提供了登录验证和权限控制等内容。在这篇博客中,我们将详细描述如何从0开始配置一个基于SpringMVC框架和SpringSecurity权限控制的网站。主要,需要实现搭建好Eclipse开发环境。可参考Eclipse的Web开发环境搭建——从零开始入门介绍 。本项目已经上传到GitHub中,请查看https://github.com/df19900725/WebTempalte
在这里,我们首先创建一个Dynamic Web Project项目。填好项目名称之后,直接点击Finish即可(不用next,这里我们用后面默认的配置)。然后,右键单击项目名称,依次选择Configure - Convert To Maven Project。将该项目转换成Maven的项目。这样,一个基于Maven的Web项目就建好了。可能有人问为啥不直接使用Maven创建。因为Eclipse的Maven插件提供的Web原型版本太低,而且常年不更新,和新的jdk版本搭配在一起很容易出错。所以我们采用这种方式。
欢迎关注 DataLearner 官方微信,获得最新 AI 技术推送
使用SpringMVC和SpringSecurity插件需要依赖一些包。我们使用Maven的方式添加,同时,我们还需要一些连接数据库的包。我们一同在下面加进去。把下面的插件添加之后,这个网站系统就支持SpringMVC和SpringSecurity的各项功能了。后面我们将一步一步说明。
<project xmlns ="http://maven.apache.org/POM/4.0.0" xmlns:xsi ="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation ="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" >
<modelVersion > 4.0.0</modelVersion >
<groupId > hfutec</groupId >
<artifactId > WebTemplate</artifactId >
<version > 0.0.1-SNAPSHOT</version >
<packaging > war</packaging >
<build >
<sourceDirectory > src</sourceDirectory >
<plugins >
<plugin >
<artifactId > maven-compiler-plugin</artifactId >
<version > 3.6.1</version >
<configuration >
<source > 1.8</source >
<target > 1.8</target >
</configuration >
</plugin >
<plugin >
<artifactId > maven-war-plugin</artifactId >
<version > 3.0.0</version >
<configuration >
<warSourceDirectory > WebContent</warSourceDirectory >
</configuration >
</plugin >
</plugins >
</build >
<dependencies >
<dependency >
<groupId > commons-logging</groupId >
<artifactId > commons-logging</artifactId >
<version > 1.1.1</version >
</dependency >
<dependency >
<groupId > commons-dbutils</groupId >
<artifactId > commons-dbutils</artifactId >
<version > 1.6</version >
</dependency >
<dependency >
<groupId > mysql</groupId >
<artifactId > mysql-connector-java</artifactId >
<version > 5.1.34</version >
</dependency >
<dependency >
<groupId > com.alibaba</groupId >
<artifactId > druid</artifactId >
<version > 1.0.12</version >
</dependency >
<dependency >
<groupId > jstl</groupId >
<artifactId > jstl</artifactId >
<version > 1.2</version >
</dependency >
<dependency >
<groupId > org.springframework.security</groupId >
<artifactId > spring-security-taglibs</artifactId >
<version > 4.0.2.RELEASE</version >
</dependency >
<dependency >
<groupId > org.springframework.security</groupId >
<artifactId > spring-security-web</artifactId >
<version > 4.0.2.RELEASE</version >
</dependency >
<dependency >
<groupId > org.springframework.security</groupId >
<artifactId > spring-security-config</artifactId >
<version > 4.0.2.RELEASE</version >
</dependency >
<dependency >
<groupId > org.springframework.security</groupId >
<artifactId > spring-security-core</artifactId >
<version > 4.0.2.RELEASE</version >
</dependency >
<dependency >
<groupId > org.springframework</groupId >
<artifactId > spring-webmvc</artifactId >
<version > 4.1.4.RELEASE</version >
</dependency >
<dependency >
<groupId > com.fasterxml.jackson.core</groupId >
<artifactId > jackson-core</artifactId >
<version > 2.5.0</version >
</dependency >
<dependency >
<groupId > com.fasterxml.jackson.core</groupId >
<artifactId > jackson-databind</artifactId >
<version > 2.5.0</version >
</dependency >
<dependency >
<groupId > com.fasterxml.jackson.core</groupId >
<artifactId > jackson-annotations</artifactId >
<version > 2.5.0</version >
</dependency >
<dependency >
<groupId > org.springframework</groupId >
<artifactId > spring-aop</artifactId >
<version > 4.3.6.RELEASE</version >
</dependency >
<dependency >
<groupId > org.aspectj</groupId >
<artifactId > aspectjrt</artifactId >
<version > 1.7.3</version >
</dependency >
<dependency >
<groupId > org.aspectj</groupId >
<artifactId > aspectjweaver</artifactId >
<version > 1.8.10</version >
</dependency >
<dependency >
<groupId > com.google.guava</groupId >
<artifactId > guava</artifactId >
<version > 20.0</version >
</dependency >
<dependency >
<groupId > com.alibaba</groupId >
<artifactId > fastjson</artifactId >
<version > 1.2.38</version >
</dependency >
</dependencies >
</project >
在上述操作完毕之后,我们的网站所所依赖的包就完毕了。现在我们讲一下Web.xml的配置。当我们去启动一个WEB项目时,容器包括(JBoss、Tomcat等)首先会读取项目web.xml配置文件里的配置,当这一步骤没有出错并且完成之后,项目才能正常地被启动起来。而一些Spring框架的监控都是在这里配置的(注意:配置条目的顺序要一样,因为它是按照顺序扫描加载的。顺序错了可能会导致出错)。我们右键项目中的WEB-INF文件夹,然后新建一个web.xml(有的时候创建项目可以勾选自动创建web.xml,这里我们手动建一个)。具体配置和说明如下:
<?xml version="1.0" encoding="UTF-8" ?>
<web-app
xmlns:xsi ="http://www.w3.org/2001/XMLSchema-instance"
xmlns ="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:jsp ="http://java.sun.com/xml/ns/javaee/jsp"
xsi:schemaLocation ="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
metadata-complete ="true" version ="3.1" >
<display-name > Web Template created by D.F.</display-name >
<welcome-file-list >
<welcome-file > /</welcome-file >
</welcome-file-list >
<session-config >
<session-timeout > 1800</session-timeout >
</session-config >
<listener >
<listener-class > org.springframework.web.context.ContextLoaderListener</listener-class >
</listener >
<listener >
<listener-class > org.springframework.security.web.session.HttpSessionEventPublisher</listener-class >
</listener >
<filter >
<filter-name > encodingFilter</filter-name >
<filter-class > org.springframework.web.filter.CharacterEncodingFilter</filter-class >
<init-param >
<param-name > encoding</param-name >
<param-value > UTF-8</param-value >
</init-param >
<init-param >
<param-name > forceEncoding</param-name >
<param-value > true</param-value >
</init-param >
</filter >
<filter-mapping >
<filter-name > encodingFilter</filter-name >
<url-pattern > /*</url-pattern >
</filter-mapping >
<filter >
<filter-name > springSecurityFilterChain</filter-name >
<filter-class > org.springframework.web.filter.DelegatingFilterProxy</filter-class >
</filter >
<filter-mapping >
<filter-name > springSecurityFilterChain</filter-name >
<url-pattern > /*</url-pattern >
</filter-mapping >
<context-param >
<param-name > contextConfigLocation</param-name >
<param-value > /WEB-INF/spring*.xml
/WEB-INF/applicationContext*.xml</param-value >
</context-param >
<servlet >
<servlet-name > applicationContext</servlet-name >
<servlet-class > org.springframework.web.servlet.DispatcherServlet</servlet-class >
<load-on-startup > 1</load-on-startup >
</servlet >
<servlet-mapping >
<servlet-name > applicationContext</servlet-name >
<url-pattern > /</url-pattern >
</servlet-mapping >
<servlet-mapping >
<servlet-name > default</servlet-name >
<url-pattern > *.css</url-pattern >
</servlet-mapping >
<servlet-mapping >
<servlet-name > default</servlet-name >
<url-pattern > *.js</url-pattern >
</servlet-mapping >
<servlet-mapping >
<servlet-name > default</servlet-name >
<url-pattern > *.ico</url-pattern >
</servlet-mapping >
<servlet-mapping >
<servlet-name > default</servlet-name >
<url-pattern > *.gif</url-pattern >
</servlet-mapping >
<servlet-mapping >
<servlet-name > default</servlet-name >
<url-pattern > *.jpg</url-pattern >
</servlet-mapping >
<servlet-mapping >
<servlet-name > default</servlet-name >
<url-pattern > *.png</url-pattern >
</servlet-mapping >
<servlet-mapping >
<servlet-name > default</servlet-name >
<url-pattern > *.bmp</url-pattern >
</servlet-mapping >
<servlet-mapping >
<servlet-name > default</servlet-name >
<url-pattern > *.jpeg</url-pattern >
</servlet-mapping >
<servlet-mapping >
<servlet-name > default</servlet-name >
<url-pattern > *.swf</url-pattern >
</servlet-mapping >
<servlet-mapping >
<servlet-name > default</servlet-name >
<url-pattern > *.flv</url-pattern >
</servlet-mapping >
<servlet-mapping >
<servlet-name > default</servlet-name >
<url-pattern > *.xml</url-pattern >
</servlet-mapping >
<servlet-mapping >
<servlet-name > default</servlet-name >
<url-pattern > *.txt</url-pattern >
</servlet-mapping >
<servlet-mapping >
<servlet-name > default</servlet-name >
<url-pattern > *.htm</url-pattern >
</servlet-mapping >
<servlet-mapping >
<servlet-name > default</servlet-name >
<url-pattern > *.html</url-pattern >
</servlet-mapping >
</web-app >
四、添加其他的配置文件
在web.xml的配置中,我们还加了一个其他配置文件。这里我们就在WEB-INF下面再加入三个配置文件,分别是applicationContext-database.xml、applicationContext-servlet.xml和spring-security.xml。我们将分别说明。
4.1、applicationContext-database.xml 这是阿里巴巴Druid数据连接池的配置。网站需要访问数据库,需要数据库连接池来管理数据库连接。我们使用的是druid工具。里面配置了用户名、密码、连接数、等待时间等等。不是本篇重点。我们只列出来,不说具体了。
<?xml version="1.0" encoding="UTF-8" ?>
<beans
xmlns ="http://www.springframework.org/schema/beans"
xmlns:xsi ="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation ="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd" >
<bean id ="dataSource" class ="com.alibaba.druid.pool.DruidDataSource" destroy-method ="close" >
<property name ="url" > <value > jdbc:mysql://127.0.0.1:3306/Enterprise</value > </property >
<property name ="username" > <value > root</value > </property >
<property name ="password" > <value > 11111111</value > </property >
<property name ="initialSize" value ="1" />
<property name ="minIdle" value ="1" />
<property name ="maxActive" value ="20" />
<property name ="maxWait" value ="60000" />
<property name ="timeBetweenEvictionRunsMillis" value ="60000" />
<property name ="minEvictableIdleTimeMillis" value ="300000" />
<property name ="validationQuery" value ="SELECT 'x'" />
<property name ="testWhileIdle" value ="true" />
<property name ="testOnBorrow" value ="false" />
<property name ="testOnReturn" value ="false" />
<property name ="poolPreparedStatements" value ="true" />
<property name ="maxPoolPreparedStatementPerConnectionSize" value ="20" />
<property name ="filters" value ="stat" />
</bean >
</beans >
4.2、applicationContext-servlet.xml 这里主要配置SpringMVC的一些信息,包括对自动标注的支持,设置需要扫描的拦截器目录等。具体如下:
<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns ="http://www.springframework.org/schema/beans"
xmlns:xsi ="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context ="http://www.springframework.org/schema/context"
xmlns:aop ="http://www.springframework.org/schema/aop"
xmlns:tx ="http://www.springframework.org/schema/tx"
xmlns:mvc ="http://www.springframework.org/schema/mvc"
xmlns:security ="http://www.springframework.org/schema/security"
xsi:schemaLocation ="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd" default-autowire ="byName" >
<mvc:annotation-driven >
<mvc:message-converters register-defaults ="true" >
<bean class ="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter" >
<property name ="supportedMediaTypes" >
<list >
<value > text/html;charset=UTF-8</value >
<value > application/json;charset=UTF-8</value >
</list >
</property >
</bean >
</mvc:message-converters >
</mvc:annotation-driven >
<mvc:default-servlet-handler />
<context:annotation-config />
<context:component-scan base-package ="org.test" />
<security:global-method-security jsr250-annotations ="enabled" secured-annotations ="enabled" pre-post-annotations ="enabled" />
<bean id ="jspViewResolver" class ="org.springframework.web.servlet.view.InternalResourceViewResolver" >
<property name ="viewClass" value ="org.springframework.web.servlet.view.JstlView" />
<property name ="prefix" value ="/WEB-INF/views/" />
<property name ="suffix" value =".jsp" />
</bean >
</beans >
4.3、spring-security.xml文件配置 这个就是配置spring-security权限控制的文件了。具体如下:
<?xml version="1.0" encoding="UTF-8" ?>
<beans:beans xmlns ="http://www.springframework.org/schema/security"
xmlns:xsi ="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans ="http://www.springframework.org/schema/beans"
xsi:schemaLocation ="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd" >
<http pattern ="/resources/**" security ="none" />
<http pattern ="/sitemap.xml" security ="none" />
<http pattern ="/favicon.ico" security ="none" />
<http auto-config ="true" use-expressions ="true" >
<intercept-url pattern ="/" access ="permitAll" />
<intercept-url pattern ="/index*" access ="permitAll" />
<intercept-url pattern ="/signin*" access ="permitAll" />
<intercept-url pattern ="/login*" access ="permitAll" />
<intercept-url pattern ="/register*" access ="permitAll" />
<intercept-url pattern ="/invalidsession*" access ="permitAll" />
<intercept-url pattern ="/404*" access ="none" />
<form-login login-page ="/signin" authentication-failure-url ="/signin?login_error" default-target-url ="/query" />
<logout logout-success-url ="/query" delete-cookies ="JSESSIONID" />
<intercept-url pattern ="/admin" access ="hasRole('ROLE_ADMIN')" />
<intercept-url pattern ="/**" access ="hasAnyRole('ROLE_ADMIN','ROLE_USER')" />
<csrf disabled ="true" />
<access-denied-handler error-page ="/403" />
<remember-me data-source-ref ="dataSource" token-validity-seconds ="1209600" remember-me-parameter ="remember-me" />
<session-management invalid-session-url ="/" >
<concurrency-control max-sessions ="1" />
</session-management >
</http >
<authentication-manager erase-credentials ="false" >
<authentication-provider >
<password-encoder ref ="bcryptEncoder" />
<jdbc-user-service data-source-ref ="dataSource" />
</authentication-provider >
</authentication-manager >
<beans:bean id ="messageSource"
class ="org.springframework.context.support.ReloadableResourceBundleMessageSource" >
<beans:property name ="basenames" >
<beans:list >
<beans:value > classpath:myMessages</beans:value >
</beans:list >
</beans:property >
</beans:bean >
<beans:bean name ="bcryptEncoder" class ="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
</beans:beans >
在上述配置文件都创建好了之后,我们的目录应该如下所示(这里把第5步骤的创建的首页也放进来了。)
五、创建首页 好了。在所有的配置文件都写好之后,我们开始创建一个首页。首先,我们在WEB-INF文件夹下创建一个views文件夹。这个之前说过了,我们在配置文件中写了。我们创建一个简单的jsp页面,如下:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<!DOCTYPE html >
<html lang ="zh" >
<head >
<title > 首页</title >
<meta http-equiv ="Content-Type" content ="text/html; charset=utf-8" />
<meta http-equiv ="pragma" content ="no-cache" />
<meta http-equiv ="cache-control" content ="max-age=3600" />
<meta http-equiv ="expires" content ="0" />
<meta http-equiv ="keywords" content ="" >
<meta http-equiv ="description" content ="" >
<meta name ="viewport" content ="width=device-width, initial-scale=1" >
</head >
<body >
<h1 > 你好</h1 >
</body >
</html >
然后,我们需要创建一个Contoller来控制这个首页访问。在Java Resource下src上右键单击创建一个包,然后创建一个Java类,如下:
package org.test.controller;
import javax.servlet.http.HttpServletRequest;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class ViewRedirectController {
@RequestMapping("/")
public ModelAndView index () {
ModelAndView mav = new ModelAndView ();
mav.setViewName("/index" );
return mav;
}
}
这里我们在类名上加上@Controller表明这是一个控制类,Spring监听器会把这个里面的方法加入到监听。然后我们创建了一个方法,声明@RequestMapping("/")表明这个方法是用来处理/请求的,就是我们常见的默认的首页。然后返回index这个页面。是使用setViewName("/index")方法。注意,这个类所在的包一定要和 applicationContext-servlet.xml 中配置的扫描的包要一致,至少要在那个包下面,负责会扫描不到这个控制类,就无法控制了。
好了,下面右键单击这个项目,点击Run As - Run on server之后,我们就可以启动这个系统(如果没有配置tomcat请先配置一下)。然后看到首页了。
2
回归模型中的交互项简介(Interactions in Regression)
