框架demo去svn找https://svnbucket.com
1.配置文件
pom.xml
<!-- 身份验证 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/spring-security.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring-security.xml
<!-- 以下页面不被拦截 -->
<http pattern="/login.html" security="none"></http>
<http pattern="/css/**" security="none"></http>
<http pattern="/img/**" security="none"></http>
<http pattern="/js/**" security="none"></http>
<http pattern="/plugins/**" security="none"></http>
<!-- 页面拦截规则 -->
<http use-expressions="false">
<intercept-url pattern="/*" access="ROLE_ADMIN" />
<form-login login-page="/login.html" default-target-url="/admin/index.html" authentication-failure-url="/login.html" always-use-default-target="true"/>
<csrf disabled="true"/>
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
</http>
<!-- 认证管理器 -->
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="12345678" authorities="ROLE_ADMIN"/>
<user name="sunwukong" password="houzi" authorities="ROLE_ADMIN"/>
</user-service>
</authentication-provider>
</authentication-manager>
配置说明:
always-use-default-target:指定了是否在身份验证通过后总是跳转到default-target-url属性指定的URL。
如果你在系统中使用了框架页,需要设置框架页的策略为SAMEORIGIN
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
登录页面
<form id="loginform" action="/login" method="post" class="sui-form">
<input id="prependedInput" name="username" type="text" placeholder="邮箱/用户名/手机号" class="span2 input-xfat">
<input id="prependedInput" name="password" type="password" placeholder="请输入密码" class="span2 input-xfat">
<div class="setting">
<a class="sui-btn btn-block btn-xlarge btn-danger" onclick="document:loginform.submit()" target="_blank">登 录</a>
</form>
退出登录
在spring-security.xml的http节点中添加配置 <logout/>
加此配置后,会自动的产生退出登录的地址/logout,如果你不想用这个地址 ,你也可以定义生成的退出地址以及跳转的页面,配置如下 <logout logout-url="" logout-success-url=""/>
logout-url:退出的地址,会自动生成
logout-success-url:退出后跳转的地址
修改页面注销的链接
<div class="pull-right">
<a href="../logout" class="btn btn-default btn-flat">注销</a>
</div>
spring Security 内置过滤器表
别名 | Filter 类 |
CHANNEL_FILTER | ChannelProcessingFilter |
SECURITY_CONTEXT_FILTER | SecurityContextPersistenceFilter |
CONCURRENT_SESSION_FILTER | ConcurrentSessionFilter |
LOGOUT_FILTER | LogoutFilter |
X509_FILTER | X509AuthenticationFilter |
PRE_AUTH_FILTER | AstractPreAuthenticatedProcessingFilter 的子类 |
CAS_FILTER | CasAuthenticationFilter |
FORM_LOGIN_FILTER | UsernamePasswordAuthenticationFilter |
BASIC_AUTH_FILTER | BasicAuthenticationFilter |
SERVLET_API_SUPPORT_FILTER | SecurityContextHolderAwareRequestFilter |
JAAS_API_SUPPORT_FILTER | JaasApiIntegrationFilter |
REMEMBER_ME_FILTER | RememberMeAuthenticationFilter |
ANONYMOUS_FILTER | AnonymousAuthenticationFilter |
SESSION_MANAGEMENT_FILTER | SessionManagementFilter |
EXCEPTION_TRANSLATION_FILTER | ExceptionTranslationFilter |
FILTER_SECURITY_INTERCEPTOR | FilterSecurityInterceptor |
SWITCH_USER_FILTER | SwitchUserFilter |