SpringSecurity 3.2入门（2）环境搭建

　　由于目前Spring官方只提供Meven的下载方式，为了能以最快的速度入门使用框架，这里提供百度网盘下载链接。

　　注：本入门教程默认已经配置成功SpringMVC框架。

1、web.xml配置

<!-- 加载Spring的配置文件 -->

<context-param>

    <param-name>contextConfigLocation</param-name>

    <param-value>

        classpath:applicationContext.xml,

        classpath:spring-security.xml

    </param-value>

</context-param>



<!-- SpringSecurity 核心过滤器配置 -->

<filter> 

    <filter-name>springSecurityFilterChain</filter-name>  

    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  

</filter>

<filter-mapping>

    <filter-name>springSecurityFilterChain</filter-name>

    <url-pattern>/*</url-pattern>  

</filter-mapping>

2、spring-security.xml命名空间配置

　　官方提供了两种配置方案

　　第一种、命名空间用beans开头，但是在配置中一直需要用<security:*>来配置，本教程将采用这种配置。

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

    xmlns:security="http://www.springframework.org/schema/security"

    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xsi:schemaLocation="http://www.springframework.org/schema/beans  

            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd  

            http://www.springframework.org/schema/security  

            http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    ...

</beans>

　　第二种、命名空间用security开头，在配置中不需要security前缀，但是bean的配置需要用<beans:bean>配置。

<beans:beans xmlns="http://www.springframework.org/schema/security"

  xmlns:beans="http://www.springframework.org/schema/beans"

  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

  xsi:schemaLocation="http://www.springframework.org/schema/beans

           http://www.springframework.org/schema/beans/spring-beans-3.0.xsd

           http://www.springframework.org/schema/security

           http://www.springframework.org/schema/security/spring-security.xsd">

    ...

</beans:beans>

3、spring-security.xml详细配置

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

    xmlns:security="http://www.springframework.org/schema/security"

    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xsi:schemaLocation="http://www.springframework.org/schema/beans  

            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd  

            http://www.springframework.org/schema/security  

            http://www.springframework.org/schema/security/spring-security-3.1.xsd">



    <!-- 不过滤登录页面 -->

    <security:http pattern="/login.htm" security="none" />

    <security:http pattern="/login.jsp" security="none" />



    <!-- 配置SpringSecurity的http安全服务 -->

    <security:http auto-config="true">

        <!-- 只有ROLE_ADMIN权限用户才能访问/admin/**页面 -->

        <security:intercept-url pattern="/admin/**"

            access="ROLE_ADMIN" />



        <!-- 只有ROLE_ADMIN或ROLE_USER权限用户才能访问所有页面 -->

        <security:intercept-url pattern="/**"

            access="ROLE_ADMIN,ROLE_USER" />



    </security:http>



    <!-- 认证管理器，配置SpringSecutiry的权限信息 -->

    <security:authentication-manager>

        <security:authentication-provider>

            <!-- 帐户信息，指定用户名、密码和权限 -->

            <security:user-service>

                <security:user name="admin" password="admin"

                    authorities="ROLE_ADMIN,ROLE_USER" />

            </security:user-service>



        </security:authentication-provider>

    </security:authentication-manager>



</beans>  

4、环境测试

　　发布项目，当出现如下界面，输入用户名admin和密码admin，若成功进入首页，则环境搭建成功。