spring security 登录验证 感想

这里只是我自己的一点感想，等会会放上别人的博客地址，写的很好

首先在jsp中使用表格

<form id="loginForm" action="<%=path%>/j_spring_security_check" method="post"></form>

然后在applicationContext-security.xml中进行配置

<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xmlns:security="http://www.springframework.org/schema/security"       xmlns:beans="http://www.springframework.org/schema/beans"       xsi:schemaLocation="http://www.springframework.org/schema/beans       http://www.springframework.org/schema/beans/spring-beans.xsd       http://www.springframework.org/schema/security       http://www.springframework.org/schema/security/spring-security.xsd">    <security:http security="none" pattern="/public/**"/>    <security:http security="none" pattern="/common/**"/>    <security:http security="none" pattern="/login*"/>    <security:http security="none" pattern="/home/*"/>    <security:http security="none" pattern="/register*"/>    <security:http security="none" pattern="/index.jsp"/>    <security:http security="none" pattern="/maxSessionError*"/>    <security:http security="none" pattern="/forbidden*"/>    <security:http security="none" pattern="/userFile*"/>    <security:http security="none" pattern="/fileStatus*"/>    <security:http security="none" pattern="/tools*"/>    <security:http auto-config="true" use-expressions="true">        <security:intercept-url pattern="/user/*" access="hasRole('LOGIN_ROLE')"/>        <security:intercept-url pattern="/notification/*" access="hasRole('LOGIN_ROLE')"/>        <security:intercept-url pattern="/favorite/*" access="hasRole('LOGIN_ROLE')"/>        <security:intercept-url pattern="/transaction/*" access="hasRole('LOGIN_ROLE')"/>        <security:intercept-url pattern="/enquiry/*" access="hasRole('LOGIN_ROLE')"/>        <security:intercept-url pattern="/demand/new/*" access="hasRole('LOGIN_ROLE')"/>        <security:intercept-url pattern="/demand/getlist/*" access="hasRole('LOGIN_ROLE')"/>        <security:form-login                login-processing-url="/j_spring_security_check"                login-page="/login"                authentication-failure-url="/login?error=1"                password-parameter="j_password"                username-parameter="j_username"                authentication-success-handler-ref="loginSuccessHandler"        ></security:form-login>        <security:logout invalidate-session="true" logout-url="/logout" delete-cookies="true"                         success-handler-ref="logoutSuccessHandler"/>        <security:access-denied-handler error-page="/forbidden"/>        <security:session-management session-fixation-protection="newSession">            <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="false"                                          expired-url="/maxSessionError"/>        </security:session-management>        <!--<security:custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" />-->    </security:http>    <!--用户管理-->    <security:authentication-manager alias="authenticationManager">        <security:authentication-provider user-service-ref="userInfoProvider">            <security:password-encoder hash="md5" base64="true"/>        </security:authentication-provider>    </security:authentication-manager>    <beans:bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>    <beans:bean id="authorizationListener" class="org.springframework.security.access.event.LoggerListener"/>    <!--过滤器-->    <!--  <beans:bean id="myFilter" class="com.authority.filter.MyFilterSecurityInterceptor">          <beans:property name="authenticationManager" ref="authenticationManager"/>          <beans:property name="accessDecisionManager"  ref="myAccessDesisionmanager"/>          <beans:property name="securityMetadataSource" ref="mySecurityMetadataSource"/>      </beans:bean>-->    <!--用户信息Provider-->    <bean id="userInfoProvider" class="com.qingneng.service.Impl.AuthenticationServiceImpl"/>    <!--登陆成功-->    <bean id="loginSuccessHandler" class="com.qingneng.handler.LoginSuccessHandler"/>    <!--退出登录-->    <bean id="logoutSuccessHandler" class="com.qingneng.handler.LogoutSuccessHandlerImpl"/>    <!--登陆失败-->    <bean id="loginFailHandler" class="com.qingneng.handler.LoginFailHandler"/></beans>

在<security:form-login中进行了一些基本的登录跳转配置等，

下面还有很多登出、session等配置

重点！

在<!--用户管理-->中，进行了自定义UserdetailsServer的配置

在之后extends Userdetails时调用的是这里的这个配置。

然后在applicationContext-hibernate.xml中

进行了数据库的一些配置等等，我现在还不是完全明白这个构造，所以先这么记着

放一个别人写的的网址，这个哥们写的很不错

http://blog.csdn.net/yin380697242/article/details/51959422