2. 技术人生
    3. spring security

    spring security

    技术2022-05-20  43

    1.首先在web.xml文件中加如下代码:

     context-param>          <param-name>contextConfigLocation</param-name>          <param-value>              classpath:applicationContext-security.xml           </param-value>      </context-param>        <filter>          <filter-name>springSecurityFilterChain</filter-name>          <filter-class>              org.springframework.web.filter.DelegatingFilterProxy           </filter-class>      </filter>      <filter-mapping>          <filter-name>springSecurityFilterChain</filter-name>          <url-pattern>/*</url-pattern>      </filter-mapping>      <listener >         <listener-class>              org.springframework.web.context.ContextLoaderListener           </listener-class>      </listener>

     2.在src中建一个applicationContext-security.xml

    <?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security"      xmlns:beans="http://www.springframework.org/schema/beans"      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"      xsi:schemaLocation="http://www.springframework.org/schema/beans       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd       http://www.springframework.org/schema/security       http://www.springframework.org/schema/security/spring-security-3.0.xsd">                 <http auto-config="true" access-denied-page="/403.jsp">          <!-- intercept-url:拦截器,可以设定哪些路径需要哪些权限来访问. filters=none 不使用过滤,也可以理解为忽略 -->          <intercept-url pattern="/login.jsp" access="ROLE_USER,ROLE_ADMIN"/>          <intercept-url pattern="/admin.jsp" filters="none" />          <intercept-url pattern="/user.jsp" access="ROLE_USER" />                     <!-- session-management是针对session的管理. 这里可以不配置. 如有需求可以配置. -->          <!-- id登陆唯一. 后登陆的账号会挤掉第一次登陆的账号  error-if-maximum-exceeded="true" 禁止2次登陆;               session-fixation-protection="none" 防止伪造sessionid攻击. 用户登录成功后会销毁用户当前的session.               创建新的session,并把用户信息复制到新session中.            -->          <session-management session-fixation-protection="none">              <concurrency-control/>          </session-management>          <!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面 -->          <form-login  />          <!-- logout-success-url:成功注销后跳转到的页面; -->          <logout />      </http>      <!-- 权限管理操作 -->      <authentication-manager>              <authentication-provider>                         <user-service>                  <user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />                  <user name="user" password="user" authorities="ROLE_USER"/>                  </user-service>                       </authentication-provider>      </authentication-manager>  </beans:beans> 

    专利

    最新回复(0)