spring3.0 MVC初步4-集成spring security.pptVIP

spring3.0 MVC初步-4 集成spring security 3.1 下载spring security，集成下列jar包 spring-security-config-3.1.3.RELEASE.jar spring-security-core-3.1.3.RELEASE.jar spring-security-taglibs-3.1.3.RELEASE.jar spring-security-web-3.1.3.RELEASE.jar 配置web.xml中的filter filter filter-namespringSecurityFilterChain/filter-name filter-class org.springframework.web.filter.DelegatingFilterProXy /filter-class /filter filter-mapping filter-namespringSecurityFilterChain/filter-name url-pattern/*/url-pattern /filter-mapping 一定要写上filer-mapping，因为忘写filter-mapping程序根本不触发spring security的任何东西，也不报错，就是不干security的活。 修改perties增加下面行 .springframework.security=DEBUG 以观察security的执行情况 在src下创建security.xml beans:beans xmlns:beans=/schema/beans xmlns=/schema/security xmlns:xsi=/2001/XMLSchema-instance xsi:schemaLocation=/schema/beans /schema/beans/spring-beans-3.1.xsd /schema/security /schema/security/spring-security-3.1.xsd http auto-config=true use-expressions=false intercept-url pattern=/home access=ROLE_TEST / /http /beans:beans 把它加到context路径中 启动tomcat 报错： No bean named org.springframework.security.authenticationManager is defined: Did you forget to add a gobal authentication-manager element to your configuration (with child authentication-provider elements)? Alternatively you can use the authentication-manager-ref attribute on your http and global-method-security elements. 因为没有配置用户库authentication-manager 配置最简单的内存用户库authentication-manager 在上面security.xml中添加： user-service id=userService1 user name=habuma password=letmein authorities=ROLE_SPITTER,ROLE_ADMIN,ROLE_TEST/ user name=twoqubed password=longhorns authorities=ROLE_SPITTER/ user name=admin password=admin authorities=ROLE_ADMIN/ /user-service authentication-manager authentication-provider user-service-ref=userService1 / /authentication-manager 注意角色名称一定要有ROLE_前缀，不用这个前缀需要改配置。 访问 运行起来，访问http://t18:3000/s4/home，出现spring security自带的登陆界面；输入habuma letmein，登陆成功！ 配置jdbc访问数据库用户 去掉上面5中的内容，加上： jdbc-user-service id=userService1 data-source-ref=dataSource users-by-usern