2、在classpath下添加security配置文件,例如applicationContext-security.xml.网上现在大多都是2.0的schema. 要根据自己使用的版本而定.下面是3.0的schema.
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<description>SpringSecurity Config</description>
<s:http auto-config="true" servlet-api-provision="false" access-denied-page="/layout/noPrivilege.jsp">
<s:intercept-url pattern="/user/**" access="ROLE_Authority_Admin_Base"/>
<s:intercept-url pattern="/back/**" access="ROLE_Authority_Admin_Base"/>
<!--- 拦截器,哪些路径需要那些权限去访问, 访问失败跳转到noPrivilege.jsp -->
<s:intercept-url pattern="/payment/**" access="ROLE_Authority_Chief_Admin"/>
<s:intercept-url pattern="/systemConfig" access="ROLE_Authority_Chief_Admin"/>
<s:intercept-url pattern="/appSerPack" access="ROLE_Authority_Chief_Admin"/>
<s:intercept-url pattern="/back/cltPayment" access="ROLE_Authority_Chief_Admin"/>
<s:intercept-url pattern="/user/**" access="ROLE_Authority_Chief_Admin"/>
<s:intercept-url pattern="/back/ca/**" access="ROLE_Authority_Chief_Admin"/>
<s:intercept-url pattern="/back/aa/**" access="ROLE_Authority_Account_Admin"/>
<s:intercept-url pattern="/back/dev/**" access="ROLE_Authority_Developer"/>
<s:intercept-url pattern="/back/qc/**" access="ROLE_Authority_Quality_Checker"/>
<!--- 默认登陆成功与失败跳转的页面,重定向到其他的页面 --->
<s:form-login always-use-default-target="true"
login-page="/backLogin.jsp"
default-target-url="/login_success_by_role_redirect.jsp"
authentication-failure-url="/login_failure_by_role_redirect.jsp?error=1" />
<s:logout logout-success-url="/backLogout.jsp"/>
<s:anonymous enabled="true"/>
</s:http>
<!--- 为了防止暴力破解,使用md5做加密方式 主要通过loadUserByUsername来进行操作解密。--->
<bean id="userDetailsService" class="com.infindo.framework.spring.security.UserDetailsServiceImpl" />
<s:authentication-manager alias="authenticationManager">
<s:authentication-provider user-service-ref="userDetailsService">
<s:password-encoder hash="md5" />
</s:authentication-provider>
</s:authentication-manager>
</beans>
3. 在web.xml中要添加以下代码:
- <!-- spring security -->
- <context-param>
- <param-name>contextConfigLocation</param-name>
- <param-value>
- classpath*:/applicationContext*.xml
- </param-value>
- </context-param>
- <filter>
- <filter-name>springSecurityFilterChain</filter-name>
- <filter-class>
- org.springframework.web.filter.DelegatingFilterProxy
- </filter-class>
- </filter>
- <filter-mapping>
- <filter-name>springSecurityFilterChain</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
(1). login.jsp中主要:
<form action="${pageContext.request.contextPath}/j_spring_security_check" (固定的)
method="post" style="width: 260px; text-align: center;">
<fieldset>
<legend>
登陆
</legend>
用户:
<input type="text" name="j_username" style="width: 150px;"
value="${sessionScope['SPRING_SECURITY_LAST_USERNAME']}" />
<br />
密码:
<input type="password" name="j_password" style="width: 150px;" />
<br />
<%@ page contentType="text/html;charset=UTF-8"%>
<%@ include file="/common/taglibs.jsp"%>
<security:authorize ifAllGranted="ROLE_Authority_Chief_Admin">
<c:redirect url="/back/caDashboard?locale=en_US"></c:redirect>
</security:authorize>
<security:authorize ifAllGranted="ROLE_Authority_Account_Admin">
<c:redirect url="/back/pendingPackage?locale=en_US"></c:redirect>
</security:authorize>
<security:authorize ifAllGranted="ROLE_Authority_Quality_Checker">
<c:redirect url="/back/pendingQc?locale=en_US"></c:redirect>
</security:authorize>
<security:authorize ifAllGranted="ROLE_Authority_Developer">
<c:redirect url="/back/pendingNewBinary?locale=en_US"></c:redirect>
</security:authorize>
<security:authorize
ifNotGranted="ROLE_Authority_Admin_Base, ROLE_Authority_Account_Admin, ROLE_Authority_Quality_Checker, ROLE_Authority_Developer">
<c:redirect url="/backLogin.jsp"></c:redirect>
</security:authorize>
5.以上就是一个完整的配置过程。