spring security 学习笔记（一）

1、搭建项目 在pom.xml添加

		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-core</artifactId>
			<version>3.1.2.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-web</artifactId>
			<version>3.1.2.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-core</artifactId>
			<version>3.1.2.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-web</artifactId>
			<version>3.1.2.RELEASE</version>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-config</artifactId>
			<version>3.1.2.RELEASE</version>
		</dependency>

2、在web.xml中添加

 <listener>  
   <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>  
 </listener>  

	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

这里简单的通过applicationContext.xml来配置项目。

3、通过xml来配置权限

<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd  
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
	<authentication-manager>
		<authentication-provider>
			<user-service>
				<user name="user" password="123456" authorities="ROLE_USER" />
			</user-service>
		</authentication-provider>
	</authentication-manager>
	
	<http auto-config='true' access-denied-page="/403.jsp">
	
	<form-login login-page="/login.jsp"
		authentication-failure-url="/403.jsp" default-target-url="/index.jsp" />
	<logout logout-success-url="/login.jsp" />
	</http>
</beans:beans>  

这里采用xml来配置权限。现在开发中这样做无效

4、配置jsp中的from

  <form action="j_spring_security_check" method="post">  
    Account:<input name="j_username"/><br/>  
   Password:<input name="j_password" type="password"/><br/>  
     <input value="submit" type="submit"/>  
    </form> 

这里的aciton、name 均采用默认的值。如果要修改，可以改变form-login标签中的默认配置。