1.引入相应的jar包包括spring及其依赖的包,还有spring security的包。
2.在web.xml里添加配置
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3.在spring mvc相应的配置文件下做如下配置:
(1)资源与权限的关系
<http auto-config = 'true'>
<intercept-url pattern="/**" access="ROLE_USER"/>
</http>
其中auto-config是如下的缩写,配置为‘true’
<http>
<form-login />
<http-basic />
<logout />
</http>
(2)用户与权限的关系
<authentication-manager>
<authentication-provider>
<user-service>
<user name="xgl112" password = "xgl112" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>