spring security 登录验证 感想
来源:互联网 发布:淘宝银座宝会员卡 编辑:程序博客网 时间:2024/04/29 21:57
这里只是我自己的一点感想,等会会放上别人的博客地址,写的很好
首先在jsp中使用表格
<form id="loginForm" action="<%=path%>/j_spring_security_check" method="post"></form>然后在applicationContext-security.xml中进行配置
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <security:http security="none" pattern="/public/**"/> <security:http security="none" pattern="/common/**"/> <security:http security="none" pattern="/login*"/> <security:http security="none" pattern="/home/*"/> <security:http security="none" pattern="/register*"/> <security:http security="none" pattern="/index.jsp"/> <security:http security="none" pattern="/maxSessionError*"/> <security:http security="none" pattern="/forbidden*"/> <security:http security="none" pattern="/userFile*"/> <security:http security="none" pattern="/fileStatus*"/> <security:http security="none" pattern="/tools*"/> <security:http auto-config="true" use-expressions="true"> <security:intercept-url pattern="/user/*" access="hasRole('LOGIN_ROLE')"/> <security:intercept-url pattern="/notification/*" access="hasRole('LOGIN_ROLE')"/> <security:intercept-url pattern="/favorite/*" access="hasRole('LOGIN_ROLE')"/> <security:intercept-url pattern="/transaction/*" access="hasRole('LOGIN_ROLE')"/> <security:intercept-url pattern="/enquiry/*" access="hasRole('LOGIN_ROLE')"/> <security:intercept-url pattern="/demand/new/*" access="hasRole('LOGIN_ROLE')"/> <security:intercept-url pattern="/demand/getlist/*" access="hasRole('LOGIN_ROLE')"/> <security:form-login login-processing-url="/j_spring_security_check" login-page="/login" authentication-failure-url="/login?error=1" password-parameter="j_password" username-parameter="j_username" authentication-success-handler-ref="loginSuccessHandler" ></security:form-login> <security:logout invalidate-session="true" logout-url="/logout" delete-cookies="true" success-handler-ref="logoutSuccessHandler"/> <security:access-denied-handler error-page="/forbidden"/> <security:session-management session-fixation-protection="newSession"> <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="false" expired-url="/maxSessionError"/> </security:session-management> <!--<security:custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" />--> </security:http> <!--用户管理--> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider user-service-ref="userInfoProvider"> <security:password-encoder hash="md5" base64="true"/> </security:authentication-provider> </security:authentication-manager> <beans:bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/> <beans:bean id="authorizationListener" class="org.springframework.security.access.event.LoggerListener"/> <!--过滤器--> <!-- <beans:bean id="myFilter" class="com.authority.filter.MyFilterSecurityInterceptor"> <beans:property name="authenticationManager" ref="authenticationManager"/> <beans:property name="accessDecisionManager" ref="myAccessDesisionmanager"/> <beans:property name="securityMetadataSource" ref="mySecurityMetadataSource"/> </beans:bean>--> <!--用户信息Provider--> <bean id="userInfoProvider" class="com.qingneng.service.Impl.AuthenticationServiceImpl"/> <!--登陆成功--> <bean id="loginSuccessHandler" class="com.qingneng.handler.LoginSuccessHandler"/> <!--退出登录--> <bean id="logoutSuccessHandler" class="com.qingneng.handler.LogoutSuccessHandlerImpl"/> <!--登陆失败--> <bean id="loginFailHandler" class="com.qingneng.handler.LoginFailHandler"/></beans>
在<security:form-login中进行了一些基本的登录跳转配置等,
下面还有很多登出、session等配置
重点!
在<!--用户管理-->中,进行了自定义UserdetailsServer的配置
在之后extends Userdetails时调用的是这里的这个配置。
然后在applicationContext-hibernate.xml中
进行了数据库的一些配置等等,我现在还不是完全明白这个构造,所以先这么记着
放一个别人写的的网址,这个哥们写的很不错
http://blog.csdn.net/yin380697242/article/details/51959422
0 0
- spring security 登录验证 感想
- spring security 登录验证
- spring Security 登录验证
- spring security登录验证
- Spring Security 3.1 登录验证
- spring security 一个验证码登录例子
- Spring security实现登录验证+权限控制
- 使用Spring Security进行自动登录验证
- 使用Spring Security进行自动登录验证
- Spring security登录新增图片验证码
- spring-security 多类型用户登录+登录多参数验证
- Spring Security 自定义登录验证与自定义回调地址
- spring security登录校验时检查图片验证码
- Spring Security 自定义登录验证与自定义回调地址
- 简单的Spring Security实例(自定义登录验证)
- 基于Spring Security实现手机验证码登录
- Spring security登录原理
- spring security手动登录
- Thinkphp5.0使用小记和php7.0使用小记
- CF732C(Codeforces Round #377 (Div. 2) - C)
- springboot 数据库中文乱码
- Docker odoo客方配置
- java中的匿名内部类总结
- spring security 登录验证 感想
- $.ajax()方法参数详解
- ios系统针对底部input设置fixed的输入框不兼容问题
- Android Small插件化框架--启动插件Activity源码解析(下)
- Kafka 设计与原理详解
- yii2 girdview技巧总结
- LeetCode 403. Frog Jump|动态规划
- linux 文件加权限
- xil_xio.c