spring sercurity最简单示例

使用spring security，比原来的acegi配置要简单多了。如果只是用户需要密码登录，可以用以下做法简易实现。

首先，加入类库：

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-core-tiger</artifactId>
    <version>2.0.4</version>
</dependency>

 

然后，配置安全文件：
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
              http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
    <http auto-config='true'>
        <intercept-url pattern="/**" access="ROLE_USER" />
    </http>
    <authentication-provider>
        <user-service>
            <user name="marshal" password="password" authorities="ROLE_USER" />
        </user-service>
    </authentication-provider>
</beans:beans>

在web.xml文件中配置filter：

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

这样实现的缺点是用户名和密码写在文件中了。