digest ~ 摘要认证

引入 jar包

<properties>
		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
		<org.springframework.version>3.2.10.RELEASE</org.springframework.version>
		<build.jar.outputDirectory>/tmp/</build.jar.outputDirectory>
  </properties>
	
  <dependencies>
	    
		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-oxm</artifactId>
			<version>${org.springframework.version}</version>
		</dependency>

		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-jms</artifactId>
			<version>${org.springframework.version}</version>
		</dependency>


		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-webmvc</artifactId>
			<version>${org.springframework.version}</version>
		</dependency>

		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-orm</artifactId>
			<version>${org.springframework.version}</version>
		</dependency>

		<dependency>
			<groupId>org.springframework</groupId>
			<artifactId>spring-context-support</artifactId>
			<version>${org.springframework.version}</version>
		</dependency>
		
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-web</artifactId>
			<version>3.2.7.RELEASE</version>
		</dependency>
		
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-config</artifactId>
			<version>3.2.7.RELEASE</version>
		</dependency>
		
	</dependencies>

编写security.xml 文件

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	         xmlns:beans="http://www.springframework.org/schema/beans" 
	         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	         xsi:schemaLocation="http://www.springframework.org/schema/beans
						http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
						http://www.springframework.org/schema/security
						http://www.springframework.org/schema/security/spring-security-3.2.xsd">
	
	<!-- 配置要认证的资源 -->
	<http pattern="/login*" use-expressions="true" entry-point-ref="digestEntryPoint">
    	<intercept-url pattern="/login*" access="none"/>
        <custom-filter ref="myFilter" after="BASIC_AUTH_FILTER" />
    </http>
    
    <beans:bean id="digestEntryPoint"
		class="org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint">
		<beans:property name="realmName" value="login" />
		<beans:property name="key" value="login" />
		<beans:property name="nonceValiditySeconds" value="120" />
	</beans:bean>

    <authentication-manager>
	    <authentication-provider user-service-ref="userDetailsService">
	    </authentication-provider>
	</authentication-manager>
	
	
	<beans:bean id="myFilter"
		class="org.springframework.security.web.authentication.www.DigestAuthenticationFilter">
		<beans:property name="userDetailsService" ref="userDetailsService" />
		<beans:property name="authenticationEntryPoint" ref="digestEntryPoint" />
	</beans:bean>

</beans:beans>

编写自定义的UserDetailsService

@Service("userDetailsService")
public class UserAuthUserDetailsService implements UserDetailsService {


	public UserDetails loadUserByUsername(String arg0) throws UsernameNotFoundException {
		
			String userName = arg0;
			User userDetails = null;
			if (arg0.equals("admin")) {
				//userDetails = new User(usreName, password, this.getAuthoritieshhh());  这里的 password  可通过数据库查询获得， 本demo为简洁操作，直接给出password
				userDetails = new User(arg0, "123456", this.getAuthoritieshhh());
			}else{
				userDetails = new User(arg0, "123456", this.getAuthorities());
			}
			return userDetails;
		}
	

	public Collection<? extends GrantedAuthority> getAuthorities() {
		List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
		authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
		return authorities;
	}
	
	public Collection<? extends GrantedAuthority> getAuthoritieshhh() {
		List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
		authorities.add(new SimpleGrantedAuthority("ROLE_MANAGER"));
		return authorities;
	}

}

编写web.xml

 <!-- 配置spring监听器来管理spring容器中管理的类 start -->
  <context-param>
  	<param-name>contextConfigLocation</param-name>
  	<param-value>
  		classpath:conf-spring/spring-service.xml;
		classpath:conf-spring/spring-security.xml;
  	</param-value>
  </context-param>
  
  <listener>
  	<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>
  <!-- 配置spring监听器来管理spring容器中管理的类 end -->

	
	<!-- 配置spring-security 安全认证  -->
	<filter>
	    <filter-name>springSecurityFilterChain</filter-name>
	    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
	    <filter-name>springSecurityFilterChain</filter-name>
	    <url-pattern>/*</url-pattern>
	</filter-mapping>
	
	<!-- 配置springmvc -->
	<servlet>
		<servlet-name>dispatcherServlet</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<init-param>
			<param-name>contextConfigLocation</param-name>
			<param-value>classpath:conf-spring/spring-controller.xml</param-value>
		</init-param>
		<load-on-startup>1</load-on-startup>
	</servlet>
	
	<servlet-mapping>
		<servlet-name>dispatcherServlet</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping>