1.下载spring security的最新版本,工程下载的是3.1
2. 新建工程,结构如下:
其中,涉及到的jar包可以在spring-security包中的例子中获取
3、配置spring-security.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- 保护应用程序的所有URL,只有拥有ROLE_USER才可以访问 --> <security:http auto-config="true"> <security:intercept-url pattern="/**" access="ROLE_USER" /> </security:http> <!--配置认证管理器,只有用户名为user,密码为user的用户,角色为ROLE_USER可访问指定的资源 --> <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user name="user" password="user" authorities="ROLE_USER"/> </security:user-service> </security:authentication-provider> </security:authentication-manager> </beans>
4.配置web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>springSecurity</display-name> <!--******************************** --> <!--*******log4j日志信息的配置****** --> <!--******************************* --> <context-param> <param-name>log4jConfigLocation</param-name> <param-value>classpath:log4j.xml</param-value> </context-param> <!--Spring默认刷新Log4j配置文件的间隔,单位为millisecond,可以不设置 --> <context-param> <param-name>log4jRefreshInterval</param-name> <param-value>60000</param-value> </context-param> <!--******************************** --> <!--*******spring bean的配置******** --> <!--******************************* --> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:applicationContext.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.util.IntrospectorCleanupListener</listener-class> </listener> <!--******************************** --> <!--*******字符集 过滤器************ --> <!--******************************* --> <filter> <filter-name>CharacterEncodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> <init-param> <param-name>forceEncoding</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>CharacterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!--******************************** --> <!--*******session的配置************ --> <!--******************************* --> <session-config> <session-timeout>30</session-timeout> </session-config> <!-- SpringSecurity必须的begin --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <!-- 拦截所有的请求 --> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- SpringSecurity必须的end --> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> </web-app>
5.index.jsp
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>首页</title> </head> <body> <h1>这里是首页,欢迎你!</h1> <% String[] str = session.getValueNames(); for(int i=0;i<str.length;i++){ out.println("key=="+str[i]); out.println("value=="+session.getAttribute(str[i])); } %> </body> </html>
6部署应用,在首次浏览index.jsp时,由于没登录,spring security会自动生成登录页面,页面内容如下:
7输入用户名和密码,user,则进入首页
至此,简单的权限控制完成,在index页面中通过session可以看到存入session中的用户信息。