简单测试

一开始看项目的时候不太清楚，spring security的机制和默认配置。比如：默认的登录字段和请求路径还有默认的拦截等等。

下面开始粘代码！还是粘相关详细配置

说明：一开始我是想把spring security和spring统一版本，但是总是出问题。所以这里我用的spring 4.0但security 的3点几的。

1、pom.xml

      <spring-security.version>3.2.4.RELEASE</spring-security.version>

      <dependency>
   <groupId>org.springframework.security</groupId>
   <artifactId>spring-security-config</artifactId>
   <version>${spring-security.version}</version>
</dependency>

<dependency>
   <groupId>org.springframework.security</groupId>
   <artifactId>spring-security-taglibs</artifactId>
   <version>${spring-security.version}</version>
</dependency>

   <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>${spring-security.version}</version>
        </dependency>
  
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>${spring-security.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-ldap</artifactId>
            <version>${spring-security.version}</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-taglibs</artifactId>
            <version>${spring-security.version}</version>
        </dependency>

2、web.xml 全部（因为这里经常报错却是因为security配置）

       <?xml version="1.0" encoding="utf-8"?>
<web-app version="2.5" 
xmlns="http://java.sun.com/xml/ns/javaee" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    <display-name>security</display-name>
    <listener>
        <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
    </listener>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext-*.xml,classpath:spring-security.xml</param-value> 
</context-param>
    <filter>
        <filter-name>encodingFilter</filter-name>
        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
        <init-param>
            <param-name>forceEncoding</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>encodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <!-- SpringSecurity 核心过滤器配置 -->  
<filter>   
   <filter-name>springSecurityFilterChain</filter-name>    
   <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>    
</filter>  
<filter-mapping>  
   <filter-name>springSecurityFilterChain</filter-name>  
   <url-pattern>/*</url-pattern>    
</filter-mapping>  
    <listener>
        <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
    </listener>
    <!-- Handles all requests into the application -->
    <servlet>
        <servlet-name>admin</servlet-name>
        <!--<servlet-class>com.sohu.mobile.admin.commons.web.DispatcherController</servlet-class>
        -->
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>admin</servlet-name>
        <url-pattern>/admin/*</url-pattern>
    </servlet-mapping>
    <error-page>
        <error-code>404</error-code>
        <location>/err404.jsp</location>
    </error-page>
</web-app>

3、spring-security.xml(spring版本和security版本最好对应，不然总是报错)

         <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
                        http://www.springframework.org/schema/security 
                        http://www.springframework.org/schema/security/spring-security-3.2.xsd">
    <!-- 配置不过滤的资源（静态资源及登录相关） -->  
    <security:http pattern="/login.jsp" security="none"></security:http>  
    <security:http auto-config="true">  
          
        <security:intercept-url pattern="/app.jsp" access="ROLE_ADMIN"/>  
        <security:intercept-url pattern="/**" access="ROLE_ADMIN"/>
        <security:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp" default-target-url="/app.jsp"/>    
              
    </security:http>  
     <!--本地配置用户权限-->
    <security:authentication-manager>  
        <security:authentication-provider>  
            <security:user-service >  
                <security:user name="admin" password="admin" authorities="ROLE_ADMIN"/>  
            </security:user-service>  
        </security:authentication-provider>  
    </security:authentication-manager>   
</beans>

简单测试

原文：http://blog.csdn.net/fqf_520/article/details/48055239