SpringSecurity

1.配置文件
（1）配置web.xml:主要就是filter的配置
（2）spring-security文件的配置

    <bean id="webAuthenticationFilter"
        class=" xxxx.xxxx.xxx.web.filter.CustomAuthenticationFilter">
        <property name="authenticationManager" ref="customAuthenticationManager" />
        <property name="usernameParameter" value="u_name" />
        <property name="passwordParameter" value="u_pass" />
        <property name="filterProcessesUrl" value="/login" />
        <property name="authenticationSuccessHandler">
            <bean class="   xxxx.xxxx.xxx.web.filter.CustomLoginSuccessHandler"></bean>
        </property>
        <property name="authenticationFailureHandler">
            <bean class="   xxxx.xxxx.xxx.web.filter.CustomLoginFailureHandler"></bean>
        </property>
    </bean>
        <!-- 登出处理 -->
    <bean id="customLogoutSuccessHandler" class="   xxxx.xxxx.xxx.web.filter.CustomLogoutSuccessHandler"></bean>

    <ss:authentication-manager alias="customAuthenticationManager">
        <ss:authentication-provider user-service-ref="customUserDetailService">
            <!--密码采用MD5加密的话，并加“盐”-->
            <ss:password-encoder ref="passwordEncoder">
            </ss:password-encoder>
        </ss:authentication-provider>
    </ss:authentication-manager>
    <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.MessageDigestPasswordEncoder">
        <constructor-arg index="0">
            <value>MD5</value>
        </constructor-arg>
        <constructor-arg index="1">
            <value>true</value>
        </constructor-arg>
    </bean>
    <bean id="customUserDetailService" class="  xxxx.xxxx.xxx.service.security.CustomUserDetailService" />

    <!-- 访问决策器，决定某个用户具有的角色，是否有足够的权限去访问某个资源 -->
    <bean id="customAccessDecisionManager" 
        class=" xxxx.xxxx.xxx.service.security.impl.CustomAccessDecisionManager"/>

    <!-- 资源源数据定义，即定义某一资源可以被哪些角色访问 -->
    <bean id="customSecurityMetadataSource" 
        class=" xxxx.xxxx.xxx.service.security.impl.CustomInvocationSecurityMetadataSource" />
</beans>

3.编写filter
（1）继承AbstractAuthenticationFilter；
（2）重写createAuthentication方法。