Spring Security

 
介绍
Spring Security提供了一整套基于用户、角色的认证和权限管理框架。本文版本：4.1.0.RELEASE
 
Maven依赖
[codesyntax lang="xml"]
<dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-web</artifactId><version>4.1.0.RELEASE</version></dependency><dependency><groupId>org.springframework.security</groupId><artifactId>spring-security-config</artifactId><version>4.1.0.RELEASE</version></dependency>
[/codesyntax]
 
过滤器
需要把以下过滤器配置在web.xml中[codesyntax lang="xml"]
<filter><filter-name>springSecurityFilterChain</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping><filter-name>springSecurityFilterChain</filter-name><url-pattern>/*</url-pattern></filter-mapping>
[/codesyntax]
 
配置
[codesyntax lang="xml"]
<?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security"xmlns:beans="http://www.springframework.org/schema/beans"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xsi:schemaLocation="http://www.springframework.org/schema/beanshttp://www.springframework.org/schema/beans/spring-beans.xsdhttp://www.springframework.org/schema/securityhttp://www.springframework.org/schema/security/spring-security.xsd"><!-- <debug /> --><http security="none" pattern="/user_info/login.su" /><http security="none" pattern="/user_info/regist.su" /><http security="none" pattern="/user_info/registProcess.su" /><http security="none" pattern="/static/**" /><http use-expressions="false" auto-config="true"><intercept-url pattern="/**" access="ROLE_USER" /><session-management><concurrency-control max-sessions="400"error-if-maximum-exceeded="true" /></session-management><csrf disabled="true" /><form-login login-page="/user_info/login.su"login-processing-url="/user_info/login_process.su"default-target-url="/"authentication-success-handler-ref="authSuccessHandler"authentication-failure-url="/user_info/login.su?error=true"username-parameter="username"password-parameter="password"/><logout logout-url="/user_info/logout.su"logout-success-url="/user_info/login.su"invalidate-session="true"delete-cookies="JSESSIONID" /></http><authentication-manager alias="authenticationManager"><authentication-provider user-service-ref="userService"><password-encoder hash="plaintext" /></authentication-provider></authentication-manager><beans:bean id="userService" class="org.suren.autotest.platform.security.AutoTestUserDetailsService" /><beans:bean id="authSuccessHandler"class="org.suren.autotest.platform.security.AutoTestAuthSuccessHandler"></beans:bean><beans:bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource"><beans:property name="basenames"><beans:list><beans:value>message</beans:value></beans:list></beans:property></beans:bean></beans:beans>
[/codesyntax]
 
认证错误
${sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message}
 
参考
http://chen-rojer-gmail-com.iteye.com/blog/764015http://sishuok.com/forum/blogPost/list/3924.htmlhttp://itindex.net/detail/54377-spring-security-%E9%99%90%E5%88%B6

查看原文：http://surenpi.com/2017/02/15/spring-security/