Spring Security 常用的几个自定义filter
<form-login authentication-success-handler-ref="afterLoginSuccessHandler" login-page="/loginPage.action?error=false" authentication-failure-url="/loginPage.action?error=true" default-target-url="/"/> //配置自定义filter<custom-filter before="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter"/><custom-filter before="LOGOUT_FILTER" ref="logoutFilter"/> //配置权限Provider<authentication-manager alias="authenticationManager"> <authentication-provider ref="securityAuthenticationProvider" /></authentication-manager> //自定义Provider<beans:bean id="securityAuthenticationProvider" ref="securityUserService"/> <beans:property name="passwordEncoder" ref="passwordEncoder"/></beans:bean> //配置AuthenticationFilter<beans:bean id="authenticationProcessingFilter" ref="authenticationManager"/> <beans:property name="authenticationSuccessHandler" ref="afterLoginSuccessHandler"/> <beans:property name="authenticationFailureHandler" ref="afterLoginFailHandler"/> <beans:property name="authenticationDetailsSource" ref="authenticationDetailsSourceImpl"/></beans:bean> //自定义LoginFailHandler<beans:bean id="afterLoginFailHandler" value="com.xxx.security.SecurityWebAuthenticationDetails"/></beans:bean> //自定义LogoutFilter<beans:bean id="logoutFilter" /> <beans:constructor-arg> <beans:list> <beans:bean class="com.xxx.security.LogoutHandler"/> </beans:list> </beans:constructor-arg></beans:bean>
