<form-login authentication-success-handler-ref="afterLoginSuccessHandler" login-page="/loginPage.action?error=false" authentication-failure-url="/loginPage.action?error=true" default-target-url="/"/>
//配置自定义filter
<custom-filter before="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter"/>
<custom-filter before="LOGOUT_FILTER" ref="logoutFilter"/>
//配置权限Provider
<authentication-manager alias="authenticationManager">
<authentication-provider ref="securityAuthenticationProvider" />
</authentication-manager>
//自定义Provider
<beans:bean id="securityAuthenticationProvider" class="com.xxx.security.SecurityAuthenticationProvider">
<beans:property name="userDetailsService" ref="securityUserService"/>
<beans:property name="passwordEncoder" ref="passwordEncoder"/>
</beans:bean>
//配置AuthenticationFilter
<beans:bean id="authenticationProcessingFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="authenticationSuccessHandler" ref="afterLoginSuccessHandler"/>
<beans:property name="authenticationFailureHandler" ref="afterLoginFailHandler"/>
<beans:property name="authenticationDetailsSource" ref="authenticationDetailsSourceImpl"/>
</beans:bean>
//自定义LoginFailHandler
<beans:bean id="afterLoginFailHandler" class="com.xxx.security.AfterLoginFailHandler">
<beans:property name="defaultFailureUrl">
<beans:value>/loginPage.action?error=true</beans:value>
</beans:property>
</beans:bean>
//自定义LoginSuccessHandler
<beans:bean id="afterLoginSuccessHandler" class="com.xxx.security.AfterLoginSuccessHandler">
<beans:property name="defaultTargetUrl">
<beans:value>/</beans:value>
</beans:property>
</beans:bean>
//Md5加密
<beans:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder"/>
<beans:bean id="authenticationDetailsSourceImpl" class="org.springframework.security.authentication.AuthenticationDetailsSourceImpl">
<beans:property name="clazz" value="com.xxx.security.SecurityWebAuthenticationDetails"/>
</beans:bean>
//自定义LogoutFilter
<beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg value="/" />
<beans:constructor-arg>
<beans:list>
<beans:bean class="com.xxx.security.LogoutHandler"/>
</beans:list>
</beans:constructor-arg>
</beans:bean>
Spring Security 常用的几个自定义filter
最新推荐文章于 2024-01-27 01:42:42 发布