标签:
一、pom.xml
<!-- spring security --> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>3.2.2.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>3.2.2.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>3.2.2.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> <version>3.2.2.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-acl</artifactId> <version>3.2.2.RELEASE</version> </dependency>
二、web.xml
在原本spring的基础上添加
<context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring.xml,classpath:spring-hibernate.xml,classpath:spring-security.xml</param-value> </context-param> <!-- SpringSecurity filter --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
classpath:maven项目中放在src/main/resources下
三、spring-security.xml
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- 当指定一个http元素的security属性为none时,表示其对应pattern的filter链为空 --> <http security="none" pattern="/login.jsp"></http> <http auto-config="true"> <form-login login-page="/login.jsp" default-target-url="/hello.jsp" login-processing-url="/login.do" authentication-failure-url="/error.jsp"/> <logout logout-success-url="/login.jsp" /> <access-denied-handler error-page="/error.jsp"/> <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/error.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/**" access="ROLE_USER" /> </http> <!-- 用于认证的AuthenticationManager --> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="userDetailsService" /> </authentication-manager> <beans:bean id="userDetailsService" class="com.shi.core.service.UserDetailsServiceImpl"></beans:bean> </beans:beans>
四、UserDetailService.java
@Transactional(readOnly = true) public class UserDetailsServiceImpl implements UserDetailsService { @Autowired private UserManager userManager; @Override public UserDetails loadUserByUsername(String username)throws UsernameNotFoundException { User user = userManager.findUserByLoginName(username); if (user == null) { throw new UsernameNotFoundException("用户" + username + " 不存在"); } // 获得用户所有角色权限 Set<SimpleGrantedAuthority> grantedAuths = obtainGrantedAuthorities(user); // 初始化登录用户信息 OperatorDetails userDetails = new OperatorDetails(user.getName(), user.getPassword(), true, true, true, true, grantedAuths); return userDetails; } /** * 获得用户所有角色的权限. */ private Set<SimpleGrantedAuthority> obtainGrantedAuthorities(User user) { Set<SimpleGrantedAuthority> authSet = new HashSet<SimpleGrantedAuthority>(); for (Role role : user.getRoleList()) { authSet.add(new SimpleGrantedAuthority(role.getRole())); } return authSet; } }
标签:
原文地址:http://www.cnblogs.com/sishishinn/p/5473980.html
