关于Spring Security的笔记

Posted Yuan丶野幻想

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了关于Spring Security的笔记相关的知识,希望对你有一定的参考价值。

1.web.xml配置文件

加载Spring Security,将DelegatingFilterProxy配置在DispatcherServlet之前。

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <servlet-name>appServlet</servlet-name>
</filter-mapping>
<servlet>
    <servlet-name>appServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:spring/appServlet/servlet-context.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

2.security-context配置文件

<http auto-config=‘true‘ use-expressions="true" access-denied-page="/403.jsp">
    <intercept-url pattern="/admin/**" access="hasRole(‘ROLE_ADMIN‘)" />
    <intercept-url pattern="/user/**" access="hasRole(‘ROLE_USER‘)" />
    <intercept-url pattern="/**" access="permitAll"/>
    <form-login login-page="/login" 
        authentication-success-handler-ref="loginSuccessHandler" 
        authentication-failure-url="/login?error=true" 
        default-target-url="/user/welcome" />
    <logout invalidate-session="true" 
        logout-url="/j_spring_security_logout" 
        logout-success-url="/index" />
</http>

 

以上是关于关于Spring Security的笔记的主要内容,如果未能解决你的问题,请参考以下文章

spring security实战项目笔记-用户管理

spring security笔记

Spring Security:无法让真正的用户使用显示过期的 SessionRegistry 登录

Spring Security 架构原理学习笔记

spring security实战项目笔记

关于spring security的错误