首先导入spring security所需要的jar包
spring-security-core-2.0.5.RELEASE.jar
spring-security-core-tiger-2.0.5.RELEASE.jar
一.配置过滤器
在web.xml中定义如下过滤器
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
二.在spring配置文件中添加security的命名空间
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
三.在spring配置文中中定义需要保护的资源
<http auto-config='true'>
<intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" />
<intercept-url pattern="/**" access="ROLE_USER" />
</http>
注意intercept-url的先后顺序,spring security使用第一个能匹配的intercept-url标签进行权限控制。
四.使用数据库获取用户权限
<!-- 数据源 -->
<beans:bean ;
roleList.add(role.getDescn());
}
}
s = s.substring(0,(s.length() - 1));
editor.setAsText(s);
editor.getValue();
return (ConfigAttributeDefinition) editor.getValue();
}
public Collection getConfigAttributeDefinitions() {
return roleList;
}
public boolean supports(Class clazz) {
return true;
}
}
相应的方法名保存在数据库中。
相关文章: