1.SpringSecurity配置?
spring-security.xml文件配置?
<!--2.释放静态资源-->
<!--
pattern:配置是路径和资源
security:none 当前资源不拦截
-->
<http pattern="" security="" />
例如:
对于所有的image文件下的资源都不拦截(包括子文件夹)
<http patten="/image/**" security="none" />
<!--3.配置访问相关 -->
<http use-expression="false">
<!--
3.1配置拦截路径
/*:包括根目录下的所有文件(不包括子文件夹)
/**:包括根目录下的所有文件(包括子文件夹)
access:ROLE_角色名
-->
<interceptor-url pattern="/**" access="ROLE_SELLER"/>
<!-- 3.2配置登录相关-->
<form-login login-page="/login.html"
login-processing-url="/login.do"
default-target-url="/admin/index.html"
always-use-default-url="true"
authentication-failure-url="/login.html" />
<!-- 3.3配置csrf:cross-site request forgery:跨域请求伪造
不进行跨域校验
-->
<csrf disable="false" />
<!-- 3.4配置退出
logout-url:可以自定义处理名称
invalidate-session:使session失效
logout-success-url:退出后进入的页面
-->
<logout logout-url="/logout.do"
invalidate-session="true"
logout-success-url="/login.html" />
</http>
<!--4.配置验证服务 -->
<authentication-manager>
<authentication-provider user-service-ref="userDetailImpl">
<password-encoder ref=""/>
</authentication-provider>
</authentication-manager>
<dubbo:application name="web_shop"/>
<dubbo:registry address="zookeeper://119.23.64.69:2181" />
<dubbo:reference id="sellerService" interface="需要引入的服务的接口"/>
<dubbo:consumer timeout="允许超时时间" />
<beans:bean id="userDetailImpl" class="实现类的全限定名">
<beans:property name="sellerService" ref="sellerService" />
</beans:bean>
<beans:bean id="passwordEncoder" class="BcryptPasswordEncoder全限定名"/>
web.xml配置?
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>DelegatingFilterProxy全限定名</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans
xmlns=“http://www.springframework.org/schema/security”
xmlns:beans=“http://www.springframework.org/schema/beans”
xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”
xsi:schemaLocation=“http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd”>
<!--开启jsr250注解-->
<global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled"></global-method-security>
<http pattern="/*.html" security="none"/>
<http pattern="/css/**" security="none"/>
<http pattern="/img/**" security="none"/>
<http pattern="/js/**" security="none"/>
<http pattern="/plugins/**" security="none"/>
<http pattern="/plugins2/**" security="none"/>
<http pattern="/*.ico" security="none"/>
<!-- use-expressions:设置是否启动SpEL表达式,默认值是true。 -->
<http use-expressions="false" auto-config="true">
<intercept-url pattern="/**" access="ROLE_ADMIN"/>
<form-login
login-page="/login.html"
login-processing-url="/login.do"
default-target-url="/admin/index.html"
always-use-default-target="true"
authentication-failure-url="/login.html"/>
<!-- 不使用csrf的校验 -->
<csrf disabled="true"/>
<!-- 配置框架页面不拦截 -->
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
<!-- 注销的配置 -->
<logout logout-url="/logout.do" invalidate-session="true" logout-success-url="/login.html"/>
</http>
<!-- 配置认证管理器 -->
<authentication-manager>
<!-- 认证的提供者 -->
<authentication-provider>
<user-service>
<user name="admin" password="123456" authorities="ROLE_ADMIN"/>
<user name="wc" password="123456" authorities="ROLE_ADMIN"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
相关依赖
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.1.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.1.0.RELEASE</version>
</dependency>
<dependency>
<groupId>com.github.penggle</groupId>
<artifactId>kaptcha</artifactId>
<version>2.3.2</version>
<exclusions>
<exclusion>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-cas</artifactId>
<version>4.1.0.RELEASE</version>
</dependency>
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.3.3</version>
<!--排除log4j包冲突-->
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
</exclusion>
</exclusions>
</dependency>