1,首先在项目导入springsecurity-servlet的三个基本包,。
2,配置springsecurity-servlet.xml,内容如下。
<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- 创建数据连接源 -->
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/security" />
<property name="username" value="root" />
<property name="password" value="moma" />
</bean>
<!-- 通过使用DbUtil类初始化数据库 这个可以没有 -->
<bean id="dbUtil" class="com.form.springsecuritydb.DbUtil" init-method="initialize">
<property name="dataSource" ref="dataSource" />
</bean>
<!-- 这里设置哪些文件是在任何情况下都可以访问的-->
<!-- <security:http pattern="/admin/login.jsp" security="none" /> -->
<!-- <security:http pattern="/admin/**.css" security="none" /> -->
<!-- <security:http pattern="/admin/**.js" security="none" /> -->
<!-- 配置 Spring Security 的 security:http 标签 -->
<security:http auto-config="true">
<--这里也是设置哪些文件在任何请款都可以被访问,上面写了这里就不需要了-->
<security:intercept-url pattern="/admin/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:form-login login-page="/admin/login.jsp" default-target-url="/admin/user_main.jsp" authentication-failure-url="/admin/login.jsp?login_error=1"/>
<!-- 指定的所有 URL 应该由 Spring Security 截获, 同时指定接入应仅限于那些谁拥有 ROLE_ADMIN 角色的用户 -->
<security:intercept-url pattern="/admin/user_**.jsp" access="ROLE_admin,ROLE_user" />
<security:intercept-url pattern="/admin/**" access="ROLE_admin" />
<--这里设置logout后到那个页面-->
<security:logout invalidate-session="true" logout-success-url="/admin/login.jsp"/>
</security:http>
<!-- 指定有效的用户身份验证和授权证书 -->
<security:authentication-manager>
<security:authentication-provider>
<!-- <security:password-encoder hash="md5"/> -->
<security:jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="select username,password,enabled from user_authentication where username=?"
authorities-by-username-query="select u1.username, u2.role from user_authentication u1, user_authorization u2 where u1.user_id = u2.user_id and u1.username =?" />
</security:authentication-provider>
</security:authentication-manager>
</beans>
3,在wenb.xml里配置springsecurity配置文件的加载。
<!-- 配置spring配置文件加载的位置 -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:beans.xml,/WEB-INF/springsecurity-servlet.xml</param-value>
</context-param>
<!-- 定义过滤器映射和过滤器的DelegatingFilterProxy,委托调用实现类 javax.servlet.Filter接口 并注册为Spring bean -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 配置的ContextLoadListener -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- 注册Spring的DispatcherServlet用于注册处理程序处理Web请求 -->
<servlet>
<servlet-name>springsecurity</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springsecurity</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
4,在login页面对form设置
<form name='loginForm' action="${pageContext.request.contextPath}/j_spring_security_check" method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type='text' name='j_username' value="${sessionScope['SPRING_SECURITY_LAST_USERNAME']}"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' /></td>
</tr>
<tr>
<td><label><input type="checkbox" name="_spring_security_remember_me" />Remember me</label></td>
<td><input name="submit" type="submit" value="submit" /></td>
</tr>
</table>
</form>
name和密码一定要和他们的命名一样。
另外文件中有el表达式要在头部加上<%@ page language="java" contentType="text/html; charset=UTF-8" isELIgnored="false" pageEncoding="UTF-8"%> isELIgnored="false" 让页面不忽略el表达式。
5,获取当前用户的name和logout
<%@ page language="java" contentType="text/html; charset=UTF-8" isELIgnored="false" pageEncoding="UTF-8"%>
<html>
<body>
<h2>main page</h2>
<span class="message">Welcome <%= request.getUserPrincipal().getName()%></span><br/>
<a href="${pageContext.request.contextPath}/j_spring_security_logout"> Logout</a>
</body>
</html>
这样就可以了。