关于Spring Security的笔记

1.web.xml配置文件

加载Spring Security,将DelegatingFilterProxy配置在DispatcherServlet之前。

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <servlet-name>appServlet</servlet-name>
</filter-mapping>
<servlet>
    <servlet-name>appServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:spring/appServlet/servlet-context.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

2.security-context配置文件

<http auto-config='true' use-expressions="true" access-denied-page="/403.jsp">
    <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
    <intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" />
    <intercept-url pattern="/**" access="permitAll"/>
    <form-login login-page="/login" 
        authentication-success-handler-ref="loginSuccessHandler" 
        authentication-failure-url="/login?error=true" 
        default-target-url="/user/welcome" />
    <logout invalidate-session="true" 
        logout-url="/j_spring_security_logout" 
        logout-success-url="/index" />
</http>

 

posted @ 2016-04-01 22:19  Yuan丶野幻想  阅读(291)  评论(0编辑  收藏  举报