Spring security xml配置方式

  1. web.xml

    <!-- Spring Security -->
    <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!-- Spring -->
    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath*:conf/spring/*.xml</param-value>
    </context-param>
    <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
  2. conf/spring/spring-security.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <!-- enable use-expressions -->
    <http auto-config="true" use-expressions="true">

    <intercept-url pattern="/admin**" access="hasRole('NET_TOPOLOGY')" />

    <!-- access denied page -->
    <access-denied-handler error-page="/403" />

    <!-- enable csrf protection -->
    <csrf/>
    </http>

    <!-- Select users and user_roles from database -->
    <authentication-manager>
    <authentication-provider>
    <jdbc-user-service data-source-ref="dataSource"
    users-by-username-query=
    "select manager_account as username,manager_pwd as password,1 as enabled from t_manager where manager_account=?"
    authorities-by-username-query=
    "select A.manager_account as username, C.function_name as role
    from t_manager A, t_manager_function B,t_function C
    where A.manager_id=B.manager_id and B.function_id=C.function_id and A.manager_account=? " />
    </authentication-provider>
    </authentication-manager>
    </beans:beans>
  3. 依赖包

    • spring-security-core
    • spring-security-web
    • spring-security-config
  4. 参考