源碼下載下傳位址: http://pan.baidu.com/s/1qWsgIg0 一、web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<!-- 字元編碼過濾器最好放最上面,最先加載,防止亂碼 -->
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<description>強制進行轉碼 </description>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- log4j -->
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>classpath:config/log4j.properties</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:config/applicationContext.xml,classpath:config/spring-security.xml</param-value>
</context-param>
<!-- SpringSecurity必須的核心過濾器優先配置,讓SpringSecurity先加載,防止SpringSecurity攔截失效 -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<!-- 在web.xml下面配置好監聽,讓伺服器啟動時就初始化該類,可以得到request -->
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<!-- Spring需要加載的配置檔案 -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- SpringMVC 預設所對應的配置檔案是WEB-INF下的{servlet-name}-servlet.xml,這裡便是:mvc-servlet.xml
這裡可以用 / 但不能用 /* ,攔截了所有請求會導緻靜态資源無法通路,是以要在servlet.xml中配置mvc:resources -->
<servlet>
<servlet-name>MVC</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:config/mvc-servlet.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>MVC</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>/index.jsp</welcome-file>
</welcome-file-list>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>Security.root</param-value>
</context-param>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
</web-app> 二、applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd">
<!-- org.springframework.context.i18n.LocaleContextHolder -->
<!-- <bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="classpath:org/springframework/security/messages"/>
</bean> -->
</beans> 三、spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- Spring-Security 的配置 -->
<security:http auto-config="true" use-expressions="true"
access-denied-page="/auth/denied">
<security:intercept-url pattern="/auth/login"
access="permitAll" />
<security:intercept-url pattern="/main/common"
access="ROLE_ADMIN,ROLE_USER" />
<security:intercept-url pattern="/main/admin"
access="ROLE_ADMIN" />
<security:form-login login-page="/auth/login"
authentication-failure-url="/auth/login?error=true"
default-target-url="/main/common" />
<security:logout invalidate-session="true"
logout-success-url="/auth/login" logout-url="/auth/logout" />
<security:custom-filter ref="customSecurityInterceptor"
before="FILTER_SECURITY_INTERCEPTOR" />
</security:http>
<!-- 認證過濾器 -->
<bean id="customSecurityInterceptor"
class="com.candy.common.utils.security.CustomSecurityInterceptor">
<!-- 使用者擁有的權限 -->
<property name="authenticationManager" ref="customAuthenticationManager" />
<!-- 使用者是否擁有所請求資源的權限 -->
<property name="accessDecisionManager" ref="customAccessDecisionManager" />
<!-- 資源與權限對應關系 -->
<property name="securityMetadataSource" ref="customSecurityMetadataSource" />
</bean>
<!-- 實作了UserDetailsService的Bean -->
<security:authentication-manager alias="customAuthenticationManager">
<security:authentication-provider
user-service-ref="customUserDetailsService">
<security:password-encoder hash="md5" />
</security:authentication-provider>
</security:authentication-manager>
<!-- 通過 customUserDetailsService,Spring會自動的使用者的通路級别. 也可以了解成:以後我們和資料庫操作就是通過customUserDetailsService來進行關聯. -->
<bean id="customUserDetailsService"
class="com.candy.common.utils.security.CustomUserDetailsService"></bean>
<!-- 通路決策器,決定某個使用者具有的角色,是否有足夠的權限去通路某個資源 -->
<bean id="customAccessDecisionManager"
class="com.candy.common.utils.security.CustomAccessDecisionManager"></bean>
<!-- 資源源資料定義,即定義某一資源可以被哪些角色通路 -->
<bean id="customSecurityMetadataSource"
class="com.candy.common.utils.security.CustomSecurityMetadataSource"></bean>
</beans> spring-security.xml命名空間配置,官方提供了兩種配置方案
第一種、命名空間用beans開頭,但是在配置中一直需要用<security:*>來配置。
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
...
</beans> 第二種、命名空間用security開頭,在配置中不需要security字首,但是bean的配置需要用<beans:bean>配置。
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
...
</beans:beans> 四、mvc-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:p="http://www.springframework.org/schema/p" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd">
<!-- 激活spring的注解. -->
<context:annotation-config />
<!-- 掃描注解元件并且自動的注入spring beans中. 例如,他會掃描@Controller 和@Service下的檔案.是以確定此base-package設定正确. -->
<context:component-scan base-package="com.candy.controller" />
<!-- 配置注解驅動的Spring MVC Controller 的程式設計模型.注:次标簽隻在 Servlet MVC工作! -->
<!-- SpringMVC通過JACKSON包,将responsebody中的對象轉換為JSON -->
<mvc:annotation-driven>
<mvc:message-converters register-defaults="false">
<bean id="jacksonMessageConverter"
class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter" />
</mvc:message-converters>
</mvc:annotation-driven>
<!-- 定義一個視圖解析器 -->
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver"
p:prefix="/WEB-INF/jsp/" p:suffix=".jsp" />
<!-- 處理靜态資源 -->
<mvc:default-servlet-handler />
</beans> 作者:
Candyメ奶糖出處:
http://www.cnblogs.com/Candies/本文版權歸作者和部落格園共有,歡迎轉載,但未經作者同意必須保留此段聲明,且在文章頁面明顯位置給出原文連接配接,否則保留追究法律責任的權利。
博文來源廣泛,如原作者認為我侵犯知識産權,請盡快給我發郵件
[email protected]聯系,我将以第一時間删除相關内容。
![GitHub連夜封殺!這份阿裡 10W 字内部 Java 字面試手冊到底有多強?[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)