Spring security xml配置方式

发表于 分类于 本文字数: 238 阅读时长 ≈ 1 分钟
Spring security的用xml配置示例
  1. web.xml
    1
    2
    3
    4
    5
    6
    7
    8
    9
    <!-- Spring Security -->
       <filter>
           <filter-name>springSecurityFilterChain</filter-name>
           <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
       </filter>
       <filter-mapping>
           <filter-name>springSecurityFilterChain</filter-name>
           <url-pattern>/*</url-pattern>
       </filter-mapping>
    1
    2
    3
    4
    5
    6
    7
    8
    <!-- Spring -->
    	<context-param>
    		<param-name>contextConfigLocation</param-name>
    		<param-value>classpath*:conf/spring/*.xml</param-value>
    	</context-param>
    	<listener>
    		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    	</listener>
  2. conf/spring/spring-security.xml
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    	xmlns:beans="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans
    	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    	http://www.springframework.org/schema/security
    	http://www.springframework.org/schema/security/spring-security-3.2.xsd">

        <!-- enable use-expressions -->
    	<http auto-config="true" use-expressions="true">

    		<intercept-url pattern="/admin**" access="hasRole('NET_TOPOLOGY')" />

    		<!-- access denied page -->
    		<access-denied-handler error-page="/403" />

    		<!-- enable csrf protection -->
    		<csrf/>
    	</http>

    	<!-- Select users and user_roles from database -->
    	<authentication-manager>
    	  <authentication-provider>
    		<jdbc-user-service data-source-ref="dataSource"
    		  users-by-username-query=
    		    "select manager_account as username,manager_pwd as password,1 as enabled from t_manager where manager_account=?"
    		  authorities-by-username-query=
    		    "select A.manager_account as username, C.function_name as role
    		    from t_manager A, t_manager_function B,t_function C
    		    where A.manager_id=B.manager_id and B.function_id=C.function_id and A.manager_account=? " />
    	  </authentication-provider>
    	</authentication-manager>
    </beans:beans>
  3. 依赖包
    • spring-security-core
    • spring-security-web
    • spring-security-config
  4. 参考