引入 jar包
<properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <org.springframework.version>3.2.10.RELEASE</org.springframework.version> <build.jar.outputDirectory>/tmp/</build.jar.outputDirectory> </properties> <dependencies> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-oxm</artifactId> <version>${org.springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-jms</artifactId> <version>${org.springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-webmvc</artifactId> <version>${org.springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-orm</artifactId> <version>${org.springframework.version}</version> </dependency> <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context-support</artifactId> <version>${org.springframework.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>3.2.7.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>3.2.7.RELEASE</version> </dependency> </dependencies>编写security.xml 文件
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd"> <!-- 配置要认证的资源 --> <http pattern="/login*" use-expressions="true" entry-point-ref="digestEntryPoint"> <intercept-url pattern="/login*" access="none"/> <custom-filter ref="myFilter" after="BASIC_AUTH_FILTER" /> </http> <beans:bean id="digestEntryPoint" class="org.springframework.security.web.authentication.www.DigestAuthenticationEntryPoint"> <beans:property name="realmName" value="login" /> <beans:property name="key" value="login" /> <beans:property name="nonceValiditySeconds" value="120" /> </beans:bean> <authentication-manager> <authentication-provider user-service-ref="userDetailsService"> </authentication-provider> </authentication-manager> <beans:bean id="myFilter" class="org.springframework.security.web.authentication.www.DigestAuthenticationFilter"> <beans:property name="userDetailsService" ref="userDetailsService" /> <beans:property name="authenticationEntryPoint" ref="digestEntryPoint" /> </beans:bean> </beans:beans>编写自定义的UserDetailsService
@Service("userDetailsService") public class UserAuthUserDetailsService implements UserDetailsService { public UserDetails loadUserByUsername(String arg0) throws UsernameNotFoundException { String userName = arg0; User userDetails = null; if (arg0.equals("admin")) { //userDetails = new User(usreName, password, this.getAuthoritieshhh()); 这里的 password 可通过数据库查询获得, 本demo为简洁操作,直接给出password userDetails = new User(arg0, "123456", this.getAuthoritieshhh()); }else{ userDetails = new User(arg0, "123456", this.getAuthorities()); } return userDetails; } public Collection<? extends GrantedAuthority> getAuthorities() { List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); authorities.add(new SimpleGrantedAuthority("ROLE_USER")); return authorities; } public Collection<? extends GrantedAuthority> getAuthoritieshhh() { List<GrantedAuthority> authorities = new ArrayList<GrantedAuthority>(); authorities.add(new SimpleGrantedAuthority("ROLE_MANAGER")); return authorities; } }编写web.xml
<!-- 配置spring监听器来管理spring容器中管理的类 start --> <context-param> <param-name>contextConfigLocation</param-name> <param-value> classpath:conf-spring/spring-service.xml; classpath:conf-spring/spring-security.xml; </param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- 配置spring监听器来管理spring容器中管理的类 end --> <!-- 配置spring-security 安全认证 --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 配置springmvc --> <servlet> <servlet-name>dispatcherServlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:conf-spring/spring-controller.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>dispatcherServlet</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping>
