Spring Security java配置与XML配置的对应和转换

先放官网文档 http://docs.spring.io/spring-security/site/docs/current/reference/html/   (最值得看！！！)

然后是别人写的spring mvc 以及spring security的java,xml配置对比的文档。http://hanqunfeng.iteye.com/blog/2114980

java配置代码如下

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private MySavedRequestAwareAuthenticationSuccessHandler authenticationSuccessHandler;

    @Autowired
    private MyAuthenticationFailureHandler myAuthenticationFailureHandler;

  //  @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.formLogin()
                .successHandler(authenticationSuccessHandler)
                .failureHandler(myAuthenticationFailureHandler).and()
                .requiresChannel()
                .antMatchers("/login").requiresSecure()
                .antMatchers("/system1/**").requiresSecure()
                .antMatchers("/system2/**").requiresSecure().and()
                .authorizeRequests()
                .antMatchers("/login", "/myresource/**").permitAll()
                .antMatchers("/system1/**").hasRole("USER1")
                .antMatchers("/system2/**").hasRole("USER2")
                .antMatchers("/system3/**").hasAnyRole("USER1", "USER2")
                .anyRequest().authenticated();//.and()
    }

    ///这个函数主要说明需要认证的用户，密码，以及权限
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(new MyUserDetailService());
    }
}

XML配置代码如下

web.xml如下

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
         http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         version="3.0">
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <listener>
        <listener-class>config.MyServerInit</listener-class>
    </listener>
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            classpath:applicationContext.xml,
            classpath:spring-security.xml
        </param-value>
    </context-param>
    <servlet>
        <servlet-name>mvc-dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>classpath:mvc-dispatcher-servlet.xml</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>mvc-dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

</web-app>

mvc-dipatcher-servlet.xml 如下

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns="http://www.springframework.org/schema/beans"
       xmlns:p="http://www.springframework.org/schema/p"
	   xmlns:c="http://www.springframework.org/schema/c"
	   xmlns:tx="http://www.springframework.org/schema/tx"
	   xmlns:aop="http://www.springframework.org/schema/aop"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       
       http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
	   http://www.springframework.org/schema/tx
	   http://www.springframework.org/schema/tx/spring-tx-4.0.xsd
	   http://www.springframework.org/schema/aop
	   http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
	   http://www.springframework.org/schema/task
       http://www.springframework.org/schema/task/spring-task-3.1.xsd 
       http://www.springframework.org/schema/context 
       http://www.springframework.org/schema/context/spring-context.xsd  
       http://www.springframework.org/schema/mvc
       http://www.springframework.org/schema/mvc/spring-mvc.xsd">

    <!-- 静态资源(js、image等)的访问 -->
    <mvc:default-servlet-handler/>

    <!-- 开启注解 -->
    <mvc:annotation-driven/>
    
    <!--指明 controller 所在包，并扫描其中的注解
    <context:component-scan base-package="evss.controller"/>
    -->
    
    <bean id="baseController" class="web.BaseController"
    />


    <!--ViewResolver 视图解析器-->
    <!--用于支持Servlet、JSP视图解析-->
    <bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
        <property name="prefix" value="/WEB-INF/pages/"/>
        <property name="suffix" value=".jsp"/>
    </bean>
</beans>

applicationContext.xml的内容也是为空

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	   xmlns="http://www.springframework.org/schema/beans"
	   xmlns:p="http://www.springframework.org/schema/p"
	   xmlns:c="http://www.springframework.org/schema/c"
	   xmlns:tx="http://www.springframework.org/schema/tx"
	   xmlns:task="http://www.springframework.org/schema/task"
	   xmlns:aop="http://www.springframework.org/schema/aop"
	   xmlns:context="http://www.springframework.org/schema/context"
	   xsi:schemaLocation="http://www.springframework.org/schema/beans
	   
	   http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
	   http://www.springframework.org/schema/tx
	   http://www.springframework.org/schema/tx/spring-tx-4.0.xsd
	   http://www.springframework.org/schema/aop
	   http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
	   http://www.springframework.org/schema/task
       http://www.springframework.org/schema/task/spring-task-3.1.xsd 
       http://www.springframework.org/schema/context 
       http://www.springframework.org/schema/context/spring-context.xsd">
</beans>

最最关键代码来了。

spring-security.xml代码如下

<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
		http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
		http://www.springframework.org/schema/security
		http://www.springframework.org/schema/security/spring-security.xsd">

    <beans:bean id="myUserDetailService" class ="config.MyUserDetailService"/>
    <beans:bean id="mySavedRequestAwareAuthenticationSuccessHandler" class ="config.MySavedRequestAwareAuthenticationSuccessHandler"/>
    <beans:bean id="myAuthenticationFailureHandler" class ="config.MyAuthenticationFailureHandler"/>
    <beans:bean id="myMatcher" class ="config.MyMatcher"/>


    <http>
        <intercept-url pattern="/system1/**" requires-channel="https" access="hasRole('USER1')" />
        <intercept-url pattern="/system2/**" requires-channel="https" access="hasRole('USER2')" />
        <intercept-url pattern="/system3/**" requires-channel="https" access="hasRole('USER1','USER2')" />
        <intercept-url pattern="/login" requires-channel="https" access="permitAll"/>
        <intercept-url pattern="/myresource" access="permitAll"/>
        <intercept-url request-matcher-ref="myMatcher" access="authenticated" />
        <!--<intercept-url pattern="/**" access="authenticated"/>-->
        <!--  如果需要定义自己的类实现角色和路径的判定 <intercept-url request-matcher-ref="myMatcher"/>-->
        <form-login authentication-success-handler-ref="mySavedRequestAwareAuthenticationSuccessHandler"
        authentication-failure-handler-ref="myAuthenticationFailureHandler"
        />
    </http>

    <authentication-manager>
        <authentication-provider user-service-ref='myUserDetailService'/>
    </authentication-manager>


</beans:beans>

其中的MyMatcher的代码如下

import org.springframework.security.web.util.matcher.RequestMatcher;

import javax.servlet.http.HttpServletRequest;
import java.util.List;
import java.util.regex.Pattern;

/**
 * Created by zhangjiasong on 2016/12/14.
 */
public class MyMatcher implements RequestMatcher {
    private Pattern allowedMethods = Pattern
            .compile("^(GET|HEAD|TRACE|OPTIONS)$");

    public boolean matches(HttpServletRequest request) {

        if (execludeUrls != null && execludeUrls.size() > 0) {
            String servletPath = request.getServletPath();
            for (String url : execludeUrls) {
                if (servletPath.contains(url)) {
                    return false;
                }
            }
        }
        return !allowedMethods.matcher(request.getMethod()).matches();
    }

    /**
     * 需要排除的url列表
     */
    private List<String> execludeUrls;

    public List<String> getExecludeUrls() {
        return execludeUrls;
    }

    public void setExecludeUrls(List<String> execludeUrls) {
        this.execludeUrls = execludeUrls;
    }
}

正在的对应就是spring-security.xml  借助官网文档。翻译还是很容易。