PS:此教程使用的是SpringSecurity的默认过滤器,需严格按照默认过滤器的配置来
1.部署描述符web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:/resources/spring-security.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
注意:这里<filter-name>springSecurityFilterChain</filter-name>不可以更改,采用默认过滤器必须使用该名称,要不然会报错提示找不到你自定义的名字的Bean名称
2.核心配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- 对登录页面不过滤,任何用户都可以访问,否则会进入死循环 -->
<http pattern="/login.jsp" security="none"/>
<!-- 验证失败或者权限验证不通过跳转的页面 -->
<http access-denied-page="/deny.jsp" >
<form-login login-page="/login.jsp"/>
<!-- 访问/admin.jsp资源的用户必须具有ROLE_ADMIN的权限 -->
<intercept-url pattern="/admin.jsp" access="ROLE_ADMIN"/>
<!-- 访问/**资源的用户必须具有ROLE_USER的权限 -->
<intercept-url pattern="/**" access="ROLE_USER"/>
<!-- 会话管理,可选项 -->
<session-management>
<concurrency-control max-sessions="1" error-if-maximum-exceeded="false"/>
</session-management>
</http>
<!-- 认证管理器,这里通过硬编码(xml配置文件)配置用户信息 -->
<authentication-manager>
<authentication-provider>
<user-service>
<user name="tt" password="tt" authorities="ROLE_USER"/>
<user name="admin" password="admin" authorities="ROLE_ADMIN"/>
<user name="all" password="all" authorities="ROLE_USER,ROLE_ADMIN"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
3.登录页面
<%@page language="java" import="java.util.*" pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>登录</title>
</head>
<body>
<form action="j_spring_security_check" method="POST">
<table>
<tr>
<td>用户:</td>
<td><input type='text' name='j_username'></td>
</tr>
<tr>
<td>密码:</td>
<td><input type='password' name='j_password'></td>
</tr>
<tr>
<td><input name="submit" type="submit"></td>
<td><input name="reset" type="reset"></td>
</tr>
</table>
</form>
</body>
</html>
注意:
1.<form action="j_spring_security_check" method="POST">action名称一般不可更改,除非你修改springsecurity源码
2.<input type='password' name='j_password'>,<input type='text' name='j_username'>;j_password和j_username也一般不可更改,因为这个例子引用的是默认的过滤器,在后面使用自定义过滤器,认真管理器,授权管理器的时候就可以自定义了
4.其他页面
其他页面就不写出来了,没啥一下影响。
5.本文完整例子下载地址及相应帮助文档下载地址如下:
(1).springsecurity3.x开发手册.pdf
http://download.csdn.net/detail/u012557538/9287455(2)本文项目实例:
http://download.csdn.net/detail/u012557538/9287445(3)官方中文帮助手册
http://download.csdn.net/detail/u012557538/9287473