Spring Security (一)
最近学习了一系列关于Spring security安全框架,不知道在项目中使用的多不多?
jar在官网下载:最新Spring Security 3.2.0.M2地址:http://www.springsource.org/download/community
一下用的是静态数据,没有连接数据库
web.xml配置:
<filter><filter-name>springSecurityFilterChain</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern></filter-mapping>
<security:http auto-config="true" access-denied-page="/403.jsp"><!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面 --> <security:form-login login-page="/security/login.jsp" authentication-failure-url="/403.jsp" default-target-url="/login!home.action" /> <!-- logout-success-url:成功注销后跳转到的页面; --> <security:logout logout-success-url="/security/login.jsp"/> <!-- intercept-url:拦截器,可以设定哪些路径需要哪些权限来访问. filters=none/security=none 不使用过滤,也可以理解为忽略 以下:ROLE_USER角色的用户才可以访问user.action --><security:intercept-url pattern="/user.action*" access="ROLE_USER" /><security:intercept-url pattern="/admin.action*" access="ROLE_ADMIN" /></security:http><!-- 权限管理操作 --> <security:authentication-manager> <security:authentication-provider> <!-- 使用固定的用户名和密码及权限来做验证. --> <security:user-service> <security:user name="admin" password="admin" authorities="ROLE_ADMIN" /> <security:user name="user" password="user" authorities="ROLE_USER" /> </security:user-service> </security:authentication-provider> </security:authentication-manager>
<form id="test" action="${path}/j_spring_security_check" method="post"> name<input id="name" name="j_username"/><br/> password<input id="password" name="j_password" value="submit"/> </form>
<bean id="messageSource" value="classpath:message_zh_CN"/> </bean>
<a href="${path}/user.action">User 用户入口</a><br/><a href="${path}/admin.action">Admin用户入口</a><br/><a href="${path}/j_spring_security_logout">注销吧</a>