spring security安全框架配置-1
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- 设置不需要代理路径 -->
<http pattern="/login.jsp" security="none"></http>
<http pattern="/guest/**" security="none"></http>
<!--
Http 访问设置
Http 元素会创建一个FilterChainProxy和filter使用的bean
-->
<http auto-config="true" use-expressions="true">
<!-- 基本认证和注销处理对应 -->
<form-login login-page="/login.jsp" default-target-url="/index.jsp" />
<!-- 配置Spring Security 检测失效的session -->
<session-management invalid-session-url="/timeout.jsp">
<!-- 防止一个用户重复登录好几次 -->
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
</session-management>
<intercept-url pattern="/login.jsp" access="permitAll" />
<intercept-url pattern="/guest/**" access="permitAll" />
<intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<!-- <intercept-url pattern="/guest/**" access="hasRole('ROLE_GUEST')" />-->
</http>
<!--
Http 访问验证设置
<authentication-provider> 元素创建了一个DaoAuthenticationProvider bean
<user-service>元素创建了一个InMemoryDaoImpl
-->
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select u.us_name username ,u.us_password password ,u.us_enabled enabled from u_user u where u.us_name = ? and u.us_enabled = 1"
authorities-by-username-query="select r.ro_usname,r.ro_auauthority from u_role r where r.ro_usname = ?" />
<!-- <user-service>-->
<!-- <user name="mickey" password="mickey" authorities="ROLE_USER,ROLE_ADMIN"/>-->
<!-- <user name="internet" password="internet" authorities="ROLE_USER"/>-->
<!-- </user-service>-->
</authentication-provider>
</authentication-manager>
</beans:beans>
<!-- 读取资源文件 -->
<bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="location" value="classpath:jdbc.properties" />
</bean>
<!-- 配置数据源 -->
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName">
<value>${mysql_driver}</value>
</property>
<property name="url">
<value>${mysql_url}</value>
</property>
<property name="username">
<value>${mysql_username}</value>
</property>
<property name="password">
<value>${mysql_password}</value>
</property>
</bean>
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- 设置不需要代理路径 -->
<http pattern="/login.jsp" security="none"></http>
<http pattern="/guest/**" security="none"></http>
<!--
Http 访问设置
Http 元素会创建一个FilterChainProxy和filter使用的bean
-->
<http auto-config="true" use-expressions="true">
<!-- 基本认证和注销处理对应 -->
<form-login login-page="/login.jsp" default-target-url="/index.jsp" />
<!-- 配置Spring Security 检测失效的session -->
<session-management invalid-session-url="/timeout.jsp">
<!-- 防止一个用户重复登录好几次 -->
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
</session-management>
<intercept-url pattern="/login.jsp" access="permitAll" />
<intercept-url pattern="/guest/**" access="permitAll" />
<intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<!-- <intercept-url pattern="/guest/**" access="hasRole('ROLE_GUEST')" />-->
</http>
<!--
Http 访问验证设置
<authentication-provider> 元素创建了一个DaoAuthenticationProvider bean
<user-service>元素创建了一个InMemoryDaoImpl
-->
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select u.us_name username ,u.us_password password ,u.us_enabled enabled from u_user u where u.us_name = ? and u.us_enabled = 1"
authorities-by-username-query="select r.ro_usname,r.ro_auauthority from u_role r where r.ro_usname = ?" />
<!-- <user-service>-->
<!-- <user name="mickey" password="mickey" authorities="ROLE_USER,ROLE_ADMIN"/>-->
<!-- <user name="internet" password="internet" authorities="ROLE_USER"/>-->
<!-- </user-service>-->
</authentication-provider>
</authentication-manager>
</beans:beans>
<!-- 读取资源文件 -->
<bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="location" value="classpath:jdbc.properties" />
</bean>
<!-- 配置数据源 -->
<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
<property name="driverClassName">
<value>${mysql_driver}</value>
</property>
<property name="url">
<value>${mysql_url}</value>
</property>
<property name="username">
<value>${mysql_username}</value>
</property>
<property name="password">
<value>${mysql_password}</value>
</property>
</bean>