至于ssh框架的配置,我就不多介绍。你懂得...
let's go,spring security 3
请注意加了这个springSecurityFilterChain之后,applicationContext-security.xml中一定要<security:http auto-config="true"></http>段代码才能启动
web.xml
<listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
applicationContext.xml
<import resource="classpath:applicationContext-security.xml"/>
请注意:spring security 3 的spring.jar的要求是3.0.3以上版本,我用的是3.1.0版本,而spring3.1.0没有aopalliance.jar,但最新版的aopalliance.jar好像又没aop这个包了。要用aop管理事物的请注意!!!
applicationContext-security.xml
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <security:http auto-config="true"> <!-- 不拦截/login.jsp --> <security:intercept-url pattern="/login.jsp" filters="none" /> <security:intercept-url pattern="/employee/**" access="ROLE_ADMIN" /> <security:intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN" /> <security:session-management session-fixation-protection="none" /> <security:form-login login-page="/login.jsp" login-processing-url="/j_spring_security_check" default-target-url="/page/index.jsp" /> <security:logout logout-success-url="/login.jsp" /> <security:access-denied-handler error-page="/page/system/403.jsp" /> </security:http> <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user name="admin" password="admin" authorities="ROLE_ADMIN" /> <security:user name="joe" password="joe" authorities="ROLE_ADMIN" /> <security:user name="user" password="user" authorities="ROLE_USER" /> </security:user-service> </security:authentication-provider> </security:authentication-manager> </beans>
spring security 3 有自己的登录验证页面,但最好自定义登录页面。
自定义登录页面:
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ taglib uri="/struts-tags" prefix="s"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <form action="<c:url value='/j_spring_security_check' />" method="post"> <table> <tr> <td>username:</td> <td> <input name="j_username" type="text" value="${sessionScope['SPRING_SECURITY_LAST_USERNAME']}" /> </td> </tr> <tr> <td>password:</td> <td> <input name="j_password" type="password" /> </td> </tr> <tr> <td> <input type="checkbox" name="spring_security_remember_me" />记住密码 </td> <td> <input name="submit" type="submit" value="submit" /> <input name="reset" type="reset" value="reset" /> </td> </tr> </table> </form> </body> </html>
至于这里的input的name属性,你右键spring security 3 自带登录页面查看源码你就会懂得.
jar:
spring-security-acl-3.0.5.RELEASE.jar spring-security-config-3.0.5.RELEASE.jar spring-security-core-3.0.5.RELEASE.jar spring-security-taglibs-3.0.5.RELEASE.jar spring-security-web-3.0.5.RELEASE.jar
就这样配置就可以了,本人正在研究,慢慢会复杂化,欢迎大家多提意见,多指正。