1. 导入3个基础包 -core, -web, -config
2. web.xml配置拦截,注意要在struts2拦截之后
<!-- struts2 support --> ... <!-- spring security --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> <dispatcher>FORWARD</dispatcher> <dispatcher>REQUEST</dispatcher> </filter-mapping>
默认不要写<dispatcher>FORWARD</dispatcher>等,但不加的话,struts2 action的跳转拦截不到。
3. 建立一个applicationContext-security.xml的配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config='true'>
<intercept-url pattern="/WEB-INF/pages/demo/user_findUser.jsp" access="ROLE_ADMIN" />
<intercept-url pattern="/index2.jsp" access="ROLE_ADMIN" />
<intercept-url pattern="/**" access="ROLE_USER" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="user" password="user" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
并在web.xml中引入这个文件。
classpath:applicationContext-security.xml,
这样,访问相应jsp时就需要相应的权限了,spring security还提供默认的登录页面。