Spring Security and Shiro
Posted 神跳跳
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Spring Security and Shiro相关的知识,希望对你有一定的参考价值。
Spring Security 看了第一篇的一部分,后几个还没看:
http://www.cnblogs.com/javay/p/5822879.html
http://blog.csdn.net/zmx729618/article/details/51096593
http://www.importnew.com/20612.html
http://hotstrong.iteye.com/blog/1160153
Shiro 还没看:
http://blog.csdn.net/donggua3694857/article/details/52157313
------------------------------------------
手敲了第一篇的一些代码,记录一下:
<dependecy>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.1.2.RELEASE</version>
</dependecy>
<dependecy>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.1.2.RELEASE</version>
</dependecy>
<dependecy>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.1.2.RELEASE</version>
</dependecy>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<http security="none" pattern="/login.jsp"/>
<http security="none" pattern="/static/**"/>
<http use-expressions="true" auto-config="true">
<intercept url-pattern="/**" access="hasRole(\'ROLE_USER\')"/>
<session-management>
<concurrency-control max-sessions="4" error-if-maximum-exceeded="true"/>
</session-management>
<csrf disabled="true"/>
<form-login login-page="/login.jsp" authentication-failure-handler-ref="authenticationFailureHandlerImpl"
authentication-success-handler-ref="authenticationSuccessHandlerImpl"/>
<logout logout-success-url="/logout.jsp" logout-url="logout" invalidate-session="true" delete-cookies="JSESSIONID">
</http>
<authentication-manager>
<authentication-provider user-service-ref="userService">
<password-encoder hash="bcrypt"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="userService" class="com.**.user.service.impl.UserServiceImpl"/>
<beans:bean id="authenticationSuccessHandlerImpl" class="com.**.utils.springsecurity.AuthenticationSuccessHandlerImpl">
<beans:property name="url" value="/welcome.jsp"/>
</beans:bean>
<beans:bean id="authenticationFailureHandlerImpl" class="com.**.utils.springsecutity.AuthenticationFailureHandlerImpl">
<beans:property name="errorUrl" value="/error.jsp"/>
</beans:bean>
</beans:beans>
以上是关于Spring Security and Shiro的主要内容,如果未能解决你的问题,请参考以下文章
Spring Security 是不是具有执行“hasAnyRole”的 AND 版本的“hasAllRole”
无法使用 curl 通过 tut-spring-security-and-angular-js “pairs-oauth2” 示例调用资源
Spring security - why does RoleVoter supports all classes and WebExpressionVoter only supports subcl