spring security 3 权限框架

spring security 3 权限框架


至于ssh框架的配置,我就不多介绍。你懂得...

let's go,spring security 3

请注意加了这个springSecurityFilterChain之后,applicationContext-security.xml中一定要<security:http auto-config="true"></http>段代码才能启动

web.xml

	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>


applicationContext.xml

<import resource="classpath:applicationContext-security.xml"/>


请注意:spring security 3 的spring.jar的要求是3.0.3以上版本,我用的是3.1.0版本,而spring3.1.0没有aopalliance.jar,但最新版的aopalliance.jar好像又没aop这个包了。要用aop管理事物的请注意!!!

applicationContext-security.xml

<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:security="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
		http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
		http://www.springframework.org/schema/security
		http://www.springframework.org/schema/security/spring-security-3.0.xsd">
		<security:http auto-config="true">
		<!-- 不拦截/login.jsp -->
		<security:intercept-url pattern="/login.jsp" filters="none" />
		<security:intercept-url pattern="/employee/**" access="ROLE_ADMIN" />
		<security:intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN" />
		<security:session-management session-fixation-protection="none" />
		<security:form-login login-page="/login.jsp" login-processing-url="/j_spring_security_check" default-target-url="/page/index.jsp" />
		<security:logout logout-success-url="/login.jsp" />
		<security:access-denied-handler error-page="/page/system/403.jsp" />
	</security:http>
	<security:authentication-manager>
		<security:authentication-provider>
			<security:user-service>
				<security:user name="admin" password="admin" authorities="ROLE_ADMIN" />
				<security:user name="joe" password="joe" authorities="ROLE_ADMIN" />
				<security:user name="user" password="user" authorities="ROLE_USER" />
			</security:user-service>
		</security:authentication-provider>
	</security:authentication-manager>
</beans>


spring security 3 有自己的登录验证页面,但最好自定义登录页面。

自定义登录页面:

<%@ page language="java" contentType="text/html; charset=UTF-8"
	pageEncoding="UTF-8"%>
<%@ taglib uri="/struts-tags" prefix="s"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
		<title>Insert title here</title>
	</head>
	<body>
		<form action="<c:url value='/j_spring_security_check' />" method="post">
			<table>
				<tr>
					<td>username:</td>
					<td>
						<input name="j_username" type="text" value="${sessionScope['SPRING_SECURITY_LAST_USERNAME']}" />
					</td>
				</tr>
				<tr>
					<td>password:</td>
					<td>
						<input name="j_password" type="password"  />
					</td>
				</tr>
				<tr>
					<td>
						<input type="checkbox" name="spring_security_remember_me" />记住密码
					</td>
					<td>
						<input name="submit" type="submit" value="submit" />
						<input name="reset" type="reset" value="reset" />
					</td>
				</tr>
			</table>
		</form>
	</body>
</html>


至于这里的input的name属性,你右键spring security 3 自带登录页面查看源码你就会懂得.
jar:
spring-security-acl-3.0.5.RELEASE.jar
spring-security-config-3.0.5.RELEASE.jar
spring-security-core-3.0.5.RELEASE.jar
spring-security-taglibs-3.0.5.RELEASE.jar
spring-security-web-3.0.5.RELEASE.jar


就这样配置就可以了,本人正在研究,慢慢会复杂化,欢迎大家多提意见,多指正。

你可能感兴趣的:(Spring Security)