最近项目中要使用到spring-security,可能研究的不够透彻 这些知识点 都是从网上copy的 或许能对需要的朋友一些帮助。如若喜欢欢迎转载!
1、在spring-security官网下载最新jar然后拷贝jar到项目的lib下。
2、在classpath下添加security配置文件,例如applicationContext-security.xml.网上现在大多都是2.0的schema. 要根据自己使用的版本而定.下面是3.0的schema.
<? xml version = "1.0" encoding = "UTF-8" ?>
< beans:beans xmlns = "http://www.springframework.org/schema/security" xmlns:beans = "http://www.springframework.org/schema/beans" xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation ="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd" >
</ beans:beans >
3、然后在web.xml中添加配置,内容如下:
<!-- spring security -->
< context-param >
< param-name > contextConfigLocation </ param-name >
< param-value > classpath*:/applicationContext*.xml </ param-value >
</ context-param >
< filter >
< filter-name > springSecurityFilterChain </ filter-name >
< filter-class > org.springframework.web.filter.DelegatingFilterProxy </ filter-class >
</ filter >
< filter-mapping >
< filter-name > springSecurityFilterChain </ filter-name >
< url-pattern > /* </ url-pattern >
</ filter-mapping >
< listener >
< listener-class > org.springframework.web.context.ContextLoaderListener
</ listener-class > </ listener >
配置起来很简单,由于我的security是整合到现有项目中的.一些jar可能已经存在. 单独做demo的朋友配置的时候可能会出现问题.
本想分开发挣点积分..但怕大家看起来累.. 就发到一起吧.. (*^__^*)
使用篇
1、建立login.jsp页面.内容如下:
< form action = "<%=path %>/j_spring_security_check" method = "post" > USERNAME: < input type = "text" name = "j_username" value = "${sessionScope['SPRING_SECURITY_LAST_USERNAME']}" /> < br /> PASSWORD: < input type = "password" name = "j_password" value = "" /> < br />
< input type = "checkbox" name = "_spring_security_remember_me" /> 两周之内不必登陆 < br />
< input type = "submit" >
</ form >
j_spring_security_check : 为security验证中心(不知道怎么说合适.暂时这么理解吧..).
j_username: 验证用户名;
j_password: 验证密码;
${sessionScope['SPRING_SECURITY_LAST_USERNAME']}:使用最后一次登录用户名.
_spring_security_remember_me:记住我...