Spring Security java配置与XML配置的对应和转换

先放官网文档 http://docs.spring.io/spring-security/site/docs/current/reference/html/   (最值得看！！！)

然后是别人写的spring mvc 以及spring security的java,xml配置对比的文档。http://hanqunfeng.iteye.com/blog/2114980

java配置代码如下

public class SecurityConfig extends WebSecurityConfigurerAdapter {    @Autowired    private MySavedRequestAwareAuthenticationSuccessHandler authenticationSuccessHandler;    @Autowired    private MyAuthenticationFailureHandler myAuthenticationFailureHandler;  //  @Override    protected void configure(HttpSecurity http) throws Exception {        http.formLogin()                .successHandler(authenticationSuccessHandler)                .failureHandler(myAuthenticationFailureHandler).and()                .requiresChannel()                .antMatchers("/login").requiresSecure()                .antMatchers("/system1/**").requiresSecure()                .antMatchers("/system2/**").requiresSecure().and()                .authorizeRequests()                .antMatchers("/login", "/myresource/**").permitAll()                .antMatchers("/system1/**").hasRole("USER1")                .antMatchers("/system2/**").hasRole("USER2")                .antMatchers("/system3/**").hasAnyRole("USER1", "USER2")                .anyRequest().authenticated();//.and()    }    ///这个函数主要说明需要认证的用户，密码，以及权限    @Override    protected void configure(AuthenticationManagerBuilder auth) throws Exception {        auth.userDetailsService(new MyUserDetailService());    }}

XML配置代码如下

web.xml如下

<web-app xmlns="http://java.sun.com/xml/ns/javaee"         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee         http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"         version="3.0">    <listener>        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>    </listener>    <listener>        <listener-class>config.MyServerInit</listener-class>    </listener>    <context-param>        <param-name>contextConfigLocation</param-name>        <param-value>            classpath:applicationContext.xml,            classpath:spring-security.xml        </param-value>    </context-param>    <servlet>        <servlet-name>mvc-dispatcher</servlet-name>        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>        <init-param>            <param-name>contextConfigLocation</param-name>            <param-value>classpath:mvc-dispatcher-servlet.xml</param-value>        </init-param>        <load-on-startup>1</load-on-startup>    </servlet>    <servlet-mapping>        <servlet-name>mvc-dispatcher</servlet-name>        <url-pattern>/</url-pattern>    </servlet-mapping>    <filter>        <filter-name>springSecurityFilterChain</filter-name>        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>    </filter>    <filter-mapping>        <filter-name>springSecurityFilterChain</filter-name>        <url-pattern>/*</url-pattern>    </filter-mapping></web-app>

mvc-dipatcher-servlet.xml 如下

<?xml version="1.0" encoding="UTF-8"?><beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"       xmlns="http://www.springframework.org/schema/beans"       xmlns:p="http://www.springframework.org/schema/p"   xmlns:c="http://www.springframework.org/schema/c"   xmlns:tx="http://www.springframework.org/schema/tx"   xmlns:aop="http://www.springframework.org/schema/aop"       xmlns:context="http://www.springframework.org/schema/context"       xmlns:mvc="http://www.springframework.org/schema/mvc"       xsi:schemaLocation="http://www.springframework.org/schema/beans              http://www.springframework.org/schema/beans/spring-beans-3.2.xsd   http://www.springframework.org/schema/tx   http://www.springframework.org/schema/tx/spring-tx-4.0.xsd   http://www.springframework.org/schema/aop   http://www.springframework.org/schema/aop/spring-aop-4.0.xsd   http://www.springframework.org/schema/task       http://www.springframework.org/schema/task/spring-task-3.1.xsd        http://www.springframework.org/schema/context        http://www.springframework.org/schema/context/spring-context.xsd         http://www.springframework.org/schema/mvc       http://www.springframework.org/schema/mvc/spring-mvc.xsd">    <!-- 静态资源(js、image等)的访问 -->    <mvc:default-servlet-handler/>    <!-- 开启注解 -->    <mvc:annotation-driven/>        <!--指明 controller 所在包，并扫描其中的注解    <context:component-scan base-package="evss.controller"/>    -->        <bean id="baseController" class="web.BaseController"    />    <!--ViewResolver 视图解析器-->    <!--用于支持Servlet、JSP视图解析-->    <bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">        <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>        <property name="prefix" value="/WEB-INF/pages/"/>        <property name="suffix" value=".jsp"/>    </bean></beans>

applicationContext.xml的内容也是为空

<?xml version="1.0" encoding="UTF-8"?><beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"   xmlns="http://www.springframework.org/schema/beans"   xmlns:p="http://www.springframework.org/schema/p"   xmlns:c="http://www.springframework.org/schema/c"   xmlns:tx="http://www.springframework.org/schema/tx"   xmlns:task="http://www.springframework.org/schema/task"   xmlns:aop="http://www.springframework.org/schema/aop"   xmlns:context="http://www.springframework.org/schema/context"   xsi:schemaLocation="http://www.springframework.org/schema/beans      http://www.springframework.org/schema/beans/spring-beans-4.0.xsd   http://www.springframework.org/schema/tx   http://www.springframework.org/schema/tx/spring-tx-4.0.xsd   http://www.springframework.org/schema/aop   http://www.springframework.org/schema/aop/spring-aop-4.0.xsd   http://www.springframework.org/schema/task       http://www.springframework.org/schema/task/spring-task-3.1.xsd        http://www.springframework.org/schema/context        http://www.springframework.org/schema/context/spring-context.xsd"></beans>

最最关键代码来了。

spring-security.xml代码如下

<beans:beans xmlns="http://www.springframework.org/schema/security"             xmlns:beans="http://www.springframework.org/schema/beans"             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"             xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans-3.0.xsdhttp://www.springframework.org/schema/securityhttp://www.springframework.org/schema/security/spring-security.xsd">    <beans:bean id="myUserDetailService" class ="config.MyUserDetailService"/>    <beans:bean id="mySavedRequestAwareAuthenticationSuccessHandler" class ="config.MySavedRequestAwareAuthenticationSuccessHandler"/>    <beans:bean id="myAuthenticationFailureHandler" class ="config.MyAuthenticationFailureHandler"/>    <beans:bean id="myMatcher" class ="config.MyMatcher"/>    <http>        <intercept-url pattern="/system1/**" requires-channel="https" access="hasRole('USER1')" />        <intercept-url pattern="/system2/**" requires-channel="https" access="hasRole('USER2')" />        <intercept-url pattern="/system3/**" requires-channel="https" access="hasRole('USER1','USER2')" />        <intercept-url pattern="/login" requires-channel="https" access="permitAll"/>        <intercept-url pattern="/myresource" access="permitAll"/>        <intercept-url request-matcher-ref="myMatcher" access="authenticated" />        <!--<intercept-url pattern="/**" access="authenticated"/>-->        <!--  如果需要定义自己的类实现角色和路径的判定 <intercept-url request-matcher-ref="myMatcher"/>-->        <form-login authentication-success-handler-ref="mySavedRequestAwareAuthenticationSuccessHandler"        authentication-failure-handler-ref="myAuthenticationFailureHandler"        />    </http>    <authentication-manager>        <authentication-provider user-service-ref='myUserDetailService'/>    </authentication-manager></beans:beans>

其中的MyMatcher的代码如下

import org.springframework.security.web.util.matcher.RequestMatcher;import javax.servlet.http.HttpServletRequest;import java.util.List;import java.util.regex.Pattern;/** * Created by zhangjiasong on 2016/12/14. */public class MyMatcher implements RequestMatcher {    private Pattern allowedMethods = Pattern            .compile("^(GET|HEAD|TRACE|OPTIONS)$");    public boolean matches(HttpServletRequest request) {        if (execludeUrls != null && execludeUrls.size() > 0) {            String servletPath = request.getServletPath();            for (String url : execludeUrls) {                if (servletPath.contains(url)) {                    return false;                }            }        }        return !allowedMethods.matcher(request.getMethod()).matches();    }    /**     * 需要排除的url列表     */    private List<String> execludeUrls;    public List<String> getExecludeUrls() {        return execludeUrls;    }    public void setExecludeUrls(List<String> execludeUrls) {        this.execludeUrls = execludeUrls;    }}

正在的对应就是spring-security.xml  借助官网文档。翻译还是很容易。