SpringSecurity配置文件

web.xml

<!--springSecurity配置  -->
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:spring/spring-security.xml</param-value>
    </context-param>
    <listener>
        <listener-class>
        org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

spring-security.xml

 <!-- 放行: 配置不拦截的资源 -->
    <security:http pattern="/*.html" security="none"/>
    <security:http pattern="/css/**" security="none"/>
    <security:http pattern="/img/**" security="none"/>
    <security:http pattern="/plugins/**" security="none"/>
    <security:http pattern="/js/**" security="none"/>
	<security:http pattern="/seller/add.do" security="none"/>


    <security:http auto-config="true" use-expressions="false">
    	<!-- 配置具体的拦截的规则 pattern="请求路径的规则" access="访问系统的人，必须有ROLE_USER 或 ROLE_ADMIN 的之一角色" -->

		<security:intercept-url pattern="/**" access="ROLE_SELLER"/>
    	
    	<!-- 定义跳转的具体的页面
    	ddefault-target-url="/index.jsp": 用户名和密码匹配, 跳转的页面(没有权限等,或者没有设置success的话, 所以两者只用设置一个)
    	authentication-success-forward-url: 用户名, 密码, 权限等都匹配, 跳转的页面-->
    	<security:form-login
    		login-page="/shoplogin.html"
    		default-target-url="/admin/index.html"
    		authentication-failure-url="/shoplogin.html"
			always-use-default-target="true"
    	/>  <!--always-use-default-target, 登录后默认到default-target-url指定的路径-->
    	
    	<!-- 关闭跨服务器的请求, 默认是开启的, 这样可能有安全问题 -->
    	<security:csrf disabled="true"/>
		<!--设置可以使用iframe框架页-->
		<security:headers>
			<security:frame-options policy="SAMEORIGIN"/>
		</security:headers>
    	
    	<!-- 注销 -->
    	<security:logout logout-success-url="/shoplogin.html" />
    	
    </security:http>
    
     <!--切换成数据库中的用户名和密码, 是采用的配置版的-->
    <security:authentication-manager>  <!--规定了认证操作的service, 去完成登录认证-->
    	<security:authentication-provider user-service-ref="userDetailsService">
    		<!-- 配置解密的方式  -->
    		<security:password-encoder ref="passwordEncoder"/>
    	</security:authentication-provider>
    </security:authentication-manager>

	<!--对userDetailsService接口进行注入-->
	<bean id="userDetailsService" class="com.pinyougou.service.UserDetailsServiceImpl">
		<!--spring中的ioc进行注入-->
		<property name="sellerService" ref="sellerService"/>
	</bean>
    
    <!-- 配置加密类 -->
    <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/>

	<!--reference: 调用dubbo中的sellerService接口-->
	<dubbo:application name="pinyougou_shop_web"/>
	<dubbo:registry address="zookeeper://192.168.25.128:2181"/>
	<dubbo:reference interface="com.pinyougou.sellergoods.service.SellerService" id="sellerService"/>