1.web.xml配置
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
<display-name>springCecurityDemo</display-name>
<!-- 1项目启动,初始化springSecurity配置-->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:springSecurity.xml</param-value>
</context-param>
<!-- 2注册过滤器链,这些过滤器实际是在spring容器中管理,这里只是代理注册给web容器 -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
2、Spring Security配置
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:http security="none" pattern="/login.html"></security:http>
<security:http security="none" pattern="/failer.html"></security:http>
<security:http auto-config="true" use-expressions="false" >
<!-- <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" /> -->
<security:intercept-url pattern="/**" access="ROLE_ACCESS" />
<security:form-login login-page="/login.html"
login-processing-url="/login.do"
default-target-url="/index.html"
authentication-failure-forward-url="/failer.html" />
<security:csrf disabled="true"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="admin" password="{noop}admin" authorities="ROLE_ADMIN"/>
<security:user name="itcast" password="{noop}itcast" authorities="ROLE_ACCESS"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
3.权限的设置
在业务层方法上通过注解@PreAuthorize,配置调用方法需要的权限:
@PreAuthorize(“hasAuthority(‘PRODUCT_LIST’)”)
/**
*
* 查询所有商品
* @PreAuthorize("hasAuthority('PRODUCT_LIST')")
* 配置调用该业务层方法需要的权限为:PRODUCT_LIST
* */
@PreAuthorize("hasAuthority('PRODUCT_LIST')")
@Transactional(propagation = Propagation.SUPPORTS ,readOnly = true)
public PageInfo findAllProduct(Integer pageNum,Integer pageSize){
PageHelper.startPage(pageNum, pageSize);
List<Product> products = productDao.findAllProduct();
PageInfo pageInfo = new PageInfo(products);
return pageInfo;
};