这里只是我自己的一点感想,等会会放上别人的博客地址,写的很好
首先在jsp中使用表格
<form id="loginForm" action="<%=path%>/j_spring_security_check" method="post">
</form>
然后在applicationContext-security.xml中进行配置
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<security:http security="none" pattern="/public/**"/>
<security:http security="none" pattern="/common/**"/>
<security:http security="none" pattern="/login*"/>
<security:http security="none" pattern="/home/*"/>
<security:http security="none" pattern="/register*"/>
<security:http security="none" pattern="/index.jsp"/>
<security:http security="none" pattern="/maxSessionError*"/>
<security:http security="none" pattern="/forbidden*"/>
<security:http security="none" pattern="/userFile*"/>
<security:http security="none" pattern="/fileStatus*"/>
<security:http security="none" pattern="/tools*"/>
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/user/*" access="hasRole('LOGIN_ROLE')"/>
<security:intercept-url pattern="/notification/*" access="hasRole('LOGIN_ROLE')"/>
<security:intercept-url pattern="/favorite/*" access="hasRole('LOGIN_ROLE')"/>
<security:intercept-url pattern="/transaction/*" access="hasRole('LOGIN_ROLE')"/>
<security:intercept-url pattern="/enquiry/*" access="hasRole('LOGIN_ROLE')"/>
<security:intercept-url pattern="/demand/new/*" access="hasRole('LOGIN_ROLE')"/>
<security:intercept-url pattern="/demand/getlist/*" access="hasRole('LOGIN_ROLE')"/>
<security:form-login
login-processing-url="/j_spring_security_check"
login-page="/login"
authentication-failure-url="/login?error=1"
password-parameter="j_password"
username-parameter="j_username"
authentication-success-handler-ref="loginSuccessHandler"
></security:form-login>
<security:logout invalidate-session="true" logout-url="/logout" delete-cookies="true"
success-handler-ref="logoutSuccessHandler"/>
<security:access-denied-handler error-page="/forbidden"/>
<security:session-management session-fixation-protection="newSession">
<security:concurrency-control max-sessions="1" error-if-maximum-exceeded="false"
expired-url="/maxSessionError"/>
</security:session-management>
<!--<security:custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" />-->
</security:http>
<!--用户管理-->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="userInfoProvider">
<security:password-encoder hash="md5" base64="true"/>
</security:authentication-provider>
</security:authentication-manager>
<beans:bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>
<beans:bean id="authorizationListener" class="org.springframework.security.access.event.LoggerListener"/>
<!--过滤器-->
<!-- <beans:bean id="myFilter" class="com.authority.filter.MyFilterSecurityInterceptor">
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="accessDecisionManager" ref="myAccessDesisionmanager"/>
<beans:property name="securityMetadataSource" ref="mySecurityMetadataSource"/>
</beans:bean>-->
<!--用户信息Provider-->
<bean id="userInfoProvider" class="com.qingneng.service.Impl.AuthenticationServiceImpl"/>
<!--登陆成功-->
<bean id="loginSuccessHandler" class="com.qingneng.handler.LoginSuccessHandler"/>
<!--退出登录-->
<bean id="logoutSuccessHandler" class="com.qingneng.handler.LogoutSuccessHandlerImpl"/>
<!--登陆失败-->
<bean id="loginFailHandler" class="com.qingneng.handler.LoginFailHandler"/>
</beans>
在<security:form-login 中进行了一些基本的登录跳转配置等,
下面还有很多登出、session等配置
重点!
在<!--用户管理-->中,进行了自定义UserdetailsServer的配置
在之后extends Userdetails时调用的是这里的这个配置。
然后在applicationContext-hibernate.xml中
进行了数据库的一些配置等等,我现在还不是完全明白这个构造,所以先这么记着
放一个别人写的的网址,这个哥们写的很不错
http://blog.csdn.net/yin380697242/article/details/51959422