spring_security之Web权限配备

spring_security之Web权限配置

1.web.xml加入spring配置如下：

<filter>   <filter-name>springSecurityFilterChain</filter-name>   <filter-lass>org.springframework.web.filter.DelegatingFilterProxy   </filter-class></filter><filter-mapping>  <filter-name>springSecurityFilterChain</filter-name>  <url-pattern>/*</url-pattern></filter-mapping>//spring监听器<listener>  <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class></listener>

2.security_authority.xml配置如下:

<http auto-config='true'>     //指定要拦截的请求，以及拥有的权限   ?    <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>    <intercept-url pattern="/reg.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/>    <intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" />    <intercept-url pattern="/index.jsp" access="ROLE_USER,ROLE_ADMIN" />    <form-login login-page="/login.jsp" authentication-failure-url="/error.jsp" default-target-url="/index.jsp"/>    //制定数据源，查询语句    <authentication-manager>        <authentication-provider>            <jdbc-user-service data-source-ref="dataSource" users-by-username-query="select username,password,status as enabled                      from user where username=?" authorities-by-username-query="select u.username,r.name as authority                      from user u join user_role ur                      on u.id=ur.user_id join role r                      on r.id=ur.role_id where u.username=?" /></authentication-provider>     </authentication-manager>?</http>

3.数据库表结构如下：

create table role(    id bigint primary key auto_increment,    name varchar(50),    descn varchar(200));create table user(    id bigint primary key auto_increment,    username varchar(50),    password varchar(50),    status integer,    descn varchar(200));create table user_role(    user_id bigint,    role_id bigint);alter table user_role add constraint pk_user_role primary key(user_id, role_id);alter table user_role add constraint fk_user_role_user foreign key(user_id) references user(id);alter table user_role add constraint fk_user_role_role foreign key(role_id) references role(id);

4.login.jsp如下：

<fieldset>    <legend>登陆</legend>    //注意一下的j_spring_security_check、j_username、j_password不能改变名称?   <form action="j_spring_security_check" method="post">    username:<input type="text"  name="j_username" value="${sessionScope['SPRING_SECURITY_LAST_USERNAME']}"/>    </br>    password:<input type="text" name="j_password"/>    </br>    <input type="checkbox" name="spring_security_remember_me" />两周之内不必登陆<br />    <input type="submit" value="submit">|<input type="reset" value="reset">    </form></fieldset>//错误信息${sessionScope['SPRING_SECURITY_LAST_EXCEPTION'].message }

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?

?