1.下载spring security的最新版本,工程下载的是3.1
2. 新建工程,结构如下:
其中,涉及到的jar包可以在spring-security包中的例子中获取
3、配置spring-security.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- 保护应用程序的所有URL,只有拥有ROLE_USER才可以访问 --> <security:http auto-config="true"> <security:intercept-url pattern="/**" access="ROLE_USER" /> </security:http> <!--配置认证管理器,只有用户名为user,密码为user的用户,角色为ROLE_USER可访问指定的资源 --> <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user name="user" password="user" authorities="ROLE_USER"/> </security:user-service> </security:authentication-provider> </security:authentication-manager> </beans>
4.配置web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>springSecurity</display-name>
<!--******************************** -->
<!--*******log4j日志信息的配置****** -->
<!--******************************* -->
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>classpath:log4j.xml</param-value>
</context-param>
<!--Spring默认刷新Log4j配置文件的间隔,单位为millisecond,可以不设置 -->
<context-param>
<param-name>log4jRefreshInterval</param-name>
<param-value>60000</param-value>
</context-param>
<!--******************************** -->
<!--*******spring bean的配置******** -->
<!--******************************* -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.util.IntrospectorCleanupListener</listener-class>
</listener>
<!--******************************** -->
<!--*******字符集 过滤器************ -->
<!--******************************* -->
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--******************************** -->
<!--*******session的配置************ -->
<!--******************************* -->
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<!-- SpringSecurity必须的begin -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<!-- 拦截所有的请求 -->
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- SpringSecurity必须的end -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
5.index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8"
pageEncoding="UTF-8"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>首页</title>
</head>
<body>
<h1>这里是首页,欢迎你!</h1>
<%
String[] str = session.getValueNames();
for(int i=0;i<str.length;i++){
out.println("key=="+str[i]);
out.println("value=="+session.getAttribute(str[i]));
}
%>
</body>
</html>
6部署应用,在首次浏览index.jsp时,由于没登录,spring security会自动生成登录页面,页面内容如下:
7输入用户名和密码,user,则进入首页
至此,简单的权限控制完成,在index页面中通过session可以看到存入session中的用户信息。