maven筹建WEB项目3 - 添加springSecurity

maven搭建WEB项目3 - 添加springSecurity
    添加SpringSecurity支持
    1、在pom.xml添加springSecurity的dependency
   

<dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-core</artifactId>
        <version>3.0.5.RELEASE</version>
      </dependency>
      <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>3.0.5.RELEASE</version>
      </dependency>
      <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-taglibs</artifactId>
        <version>3.0.5.RELEASE</version>
      </dependency>
      <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>3.0.5.RELEASE</version>
      </dependency>
      <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-acl</artifactId>
        <version>3.0.5.RELEASE</version>
      </dependency>

    2、在web.xml中注册springsecurity
   

<filter>
		<filter-name>securityFilter</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
		<init-param>
			<param-name>targetBeanName</param-name>
			<param-value>springSecurityFilterChain</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>securityFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

    在classpath下添加applicationContext-security.xml，因为SS的配置文件放置在classpath下而不是WEB-INF下，所以在context-param中添加一条classpath:/applicationContext-security.xml

<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			classpath:/applicationContext-security.xml
			/WEB-INF/applicationContext*.xml
	    </param-value>
	</context-param>

    3、配置SS,最简化配置
   

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" 
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:tx="http://www.springframework.org/schema/tx" 
	xmlns:aop="http://www.springframework.org/schema/aop"
	xmlns:jee="http://www.springframework.org/schema/jee" 
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:lang="http://www.springframework.org/schema/lang"
	xmlns:beans="http://www.springframework.org/schema/beans"
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
	   http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/aop 
       http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
	   http://www.springframework.org/schema/tx 
	   http://www.springframework.org/schema/tx/spring-tx-3.0.xsd   
	   http://www.springframework.org/schema/context 
	   http://www.springframework.org/schema/context/spring-context-3.0.xsd   
	   http://www.springframework.org/schema/jee 
	   http://www.springframework.org/schema/jee/spring-jee-3.0.xsd	   
	   http://www.springframework.org/schema/lang
	   http://www.springframework.org/schema/lang/spring-lang-3.0.xsd
	   http://www.springframework.org/schema/security 
	   http://www.springframework.org/schema/security/spring-security-3.0.xsd">
	
	<http auto-config="true" access-denied-page="/accessDenied.jsp">
		<intercept-url pattern="/styles/**" filters="none"/>
		<intercept-url pattern="/images/**" filters="none"/>
		<intercept-url pattern="/scripts/**" filters="none"/>
		<intercept-url pattern="/accessDenied.jsp" filters="none"/>
		<intercept-url pattern="/login.jsp" filters="none"/>
		<intercept-url pattern="/role/**" access="ROLE_ADMIN"/>
		<intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN"/>
		<form-login/>
		<http-basic/>
	</http>
	
	<authentication-manager>
		<authentication-provider>
			<user-service>
				<user name="amdmin" authorities="ROLE_ADMIN" password="admin"/>
			</user-service>
		</authentication-provider>
	</authentication-manager>
		
</beans:beans>

    4、测试一下
    输入http://localhost:8080/pineapple/，系统会自动转向index.jsp，经SS后转向登陆界面，如下图

    输入http://localhost:8080/pineapple/login.jsp，正常进入页面

    5、添加自己的登陆界面
    上面的配置使用的是SS的默认登陆界面，一般系统都是需要有自己的登陆界面。
    将<form-login/>修改为

<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?error=true" default-target-url="/index.jsp"/>
		<logout logout-success-url="/login.jsp"/>

    编辑login.jsp

<form action="<%=request.getContextPath() %>/j_spring_security_check" method="post">
	用户名：<input type="text" name="j_username" value="${sessionScope['SPRING_SECURITY_LAST_USERNAME']}"/></br>
	密     码：<input type="password" name="j_password" value=""/></br>
	<input type="checkbox" name="_spring_security_remember_me"/>两周之内不必登陆
	<input type="submit" value="登陆"> 
</form>

    6、再测试一下自定义的登陆界面