1.配置文件
(1)配置web.xml:主要就是filter的配置
(2)spring-security文件的配置
<bean id="webAuthenticationFilter"
class=" xxxx.xxxx.xxx.web.filter.CustomAuthenticationFilter">
<property name="authenticationManager" ref="customAuthenticationManager" />
<property name="usernameParameter" value="u_name" />
<property name="passwordParameter" value="u_pass" />
<property name="filterProcessesUrl" value="/login" />
<property name="authenticationSuccessHandler">
<bean class=" xxxx.xxxx.xxx.web.filter.CustomLoginSuccessHandler"></bean>
</property>
<property name="authenticationFailureHandler">
<bean class=" xxxx.xxxx.xxx.web.filter.CustomLoginFailureHandler"></bean>
</property>
</bean>
<!-- 登出处理 -->
<bean id="customLogoutSuccessHandler" class=" xxxx.xxxx.xxx.web.filter.CustomLogoutSuccessHandler"></bean>
<ss:authentication-manager alias="customAuthenticationManager">
<ss:authentication-provider user-service-ref="customUserDetailService">
<!--密码采用MD5加密的话,并加“盐”-->
<ss:password-encoder ref="passwordEncoder">
</ss:password-encoder>
</ss:authentication-provider>
</ss:authentication-manager>
<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.MessageDigestPasswordEncoder">
<constructor-arg index="0">
<value>MD5</value>
</constructor-arg>
<constructor-arg index="1">
<value>true</value>
</constructor-arg>
</bean>
<bean id="customUserDetailService" class=" xxxx.xxxx.xxx.service.security.CustomUserDetailService" />
<!-- 访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源 -->
<bean id="customAccessDecisionManager"
class=" xxxx.xxxx.xxx.service.security.impl.CustomAccessDecisionManager"/>
<!-- 资源源数据定义,即定义某一资源可以被哪些角色访问 -->
<bean id="customSecurityMetadataSource"
class=" xxxx.xxxx.xxx.service.security.impl.CustomInvocationSecurityMetadataSource" />
</beans>
3.编写filter
(1)继承AbstractAuthenticationFilter;
(2)重写createAuthentication方法。