SS3中security部分的学习
研究了一下Springside下面的security部分的代码。其实security主要包括了两部分的内容。
1. 用户十分为合法用户。
2. 用户有哪些权限。
这些内容都是在userDetailsService中实现的。只需要重载这个接口,实现
public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException, DataAccessException
<bean id="databaseDefinitionSource" ref="resourceDetailsService" /></bean>
<http auto-config="true" access-decision-manager-ref="accessDecisionManager"> <intercept-url pattern="/security/user!save*" access="A_MODIFY_USER" /> <intercept-url pattern="/security/user!delete*" access="A_MODIFY_USER" /> <intercept-url pattern="/security/user*" access="A_VIEW_USER" /> <intercept-url pattern="/security/role!save*" access="A_MODIFY_ROLE" /> <intercept-url pattern="/security/role!delete*" access="A_MODIFY_ROLE" /> <intercept-url pattern="/security/role*" access="A_VIEW_ROLE" /> <form-login login-page="/login.action" default-target-url="/" authentication-failure-url="/login.action?error=true" /> <logout logout-success-url="/" /> <remember-me key="e37f4b31-0c45-11dd-bd0b-0800200c9a66" /> </http>
<bean id="accessDecisionManager" value="A_" /></bean><bean /></list></property></bean>
<?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd" default-autowire="byType" default-lazy-init="true"> <beans:description>使用SpringSecurity的安全配置文件</beans:description> <!-- 在此定义URL与授权的关系. 而用户、角色、授权及三者的关系则保存在数据库中. --> <http auto-config="true" access-decision-manager-ref="accessDecisionManager"> <intercept-url pattern="/security/user!save*" access="A_MODIFY_USER" /> <intercept-url pattern="/security/user!delete*" access="A_MODIFY_USER" /> <intercept-url pattern="/security/user*" access="A_VIEW_USER" /> <intercept-url pattern="/security/role!save*" access="A_MODIFY_ROLE" /> <intercept-url pattern="/security/role!delete*" access="A_MODIFY_ROLE" /> <intercept-url pattern="/security/role*" access="A_VIEW_ROLE" /> <form-login login-page="/login.action" default-target-url="/" authentication-failure-url="/login.action?error=true" /> <logout logout-success-url="/" /> <remember-me key="e37f4b31-0c45-11dd-bd0b-0800200c9a66" /> </http> <authentication-provider user-service-ref="userDetailsService"> <!-- 可设置hash使用sha1或md5散列密码后再存入数据库 --> <password-encoder hash="plaintext" /> </authentication-provider> <beans:bean id="userDetailsService" /> <!-- 将授权的默认前缀由ROLE_改为A_ --> <beans:bean id="accessDecisionManager" value="A_" /> </beans:bean> <beans:bean /> </beans:list> </beans:property> </beans:bean></beans:beans>