引入 jar包
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<org.springframework.version>3.2.10.RELEASE</org.springframework.version>
<build.jar.outputDirectory>/tmp/</build.jar.outputDirectory>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-oxm</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-jms</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-context-support</artifactId>
<version>${org.springframework.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.2.7.RELEASE</version>
</dependency>
</dependencies>
编写security.xml 文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- 配置要认证的资源 -->
<http pattern="/login*" use-expressions="true" entry-point-ref="digestEntryPoint">
<intercept-url pattern="/login*" access="none"/>
<custom-filter ref="myFilter" after="BASIC_AUTH_FILTER" />
</http>
<beans:bean id="digestEntryPoint"
class="org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint">
<beans:property name="realmName" value="login" />
<beans:property name="key" value="login" />
<beans:property name="nonceValiditySeconds" value="120" />
</beans:bean>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
</authentication-provider>
</authentication-manager>
<beans:bean id="myFilter"
class="org.springframework.security.web.authentication.www.DigestAuthenticationFilter">
<beans:property name="userDetailsService" ref="userDetailsService" />
<beans:property name="authenticationEntryPoint" ref="digestEntryPoint" />
</beans:bean>
</beans:beans>
编写自定义的UserDetailsService
@Service("userDetailsService")
public class UserAuthUserDetailsService implements UserDetailsService {
public UserDetails loadUserByUsername(String arg0) throws UsernameNotFoundException {
String userName = arg0;
User userDetails = null;
if (arg0.equals("admin")) {
//userDetails = new User(usreName, password, this.getAuthoritieshhh()); 这里的 password 可通过数据库查询获得, 本demo为简洁操作,直接给出password
userDetails = new User(arg0, "123456", this.getAuthoritieshhh());
}else{
userDetails = new User(arg0, "123456", this.getAuthorities());
}
return userDetails;
}
public Collection<? extends GrantedAuthority> getAuthorities() {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ROLE_USER"));
return authorities;
}
public Collection<? extends GrantedAuthority> getAuthoritieshhh() {
List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>();
authorities.add(new SimpleGrantedAuthority("ROLE_MANAGER"));
return authorities;
}
}
编写web.xml
<!-- 配置spring监听器来管理spring容器中管理的类 start -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:conf-spring/spring-service.xml;
classpath:conf-spring/spring-security.xml;
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- 配置spring监听器来管理spring容器中管理的类 end -->
<!-- 配置spring-security 安全认证 -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- 配置springmvc -->
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:conf-spring/spring-controller.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>