、
Spring Security Spring Framework . Acegi Secruty.
Spring Security Java ( ). Web .
Spring Security Web URL . .
Spring Security Servlet Web .
Spring Security 2.x , XML Schema .
----------------------------------------------------------------------------------------------------------------------------
、 web.xml , spring-security
1). spring :spring.jar commons-logging.jar
2). spring contextConfigLocation, ContextLoaderListener
3). spring-security jar spring-security-core-2.0.5.RELEASE.jar
4).<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
web.xml DelegatingFilterProxy:
(1). HTTP Spring Bean。 Bean javax.servlet.Fitler
, Spring IOC , web.xml 。
(2). , DelegatingFilterProxy HTTP <filter-name> Bean (
targetBeanName Bean )。
(3).SpringSecurity web web springSecurityFilterChain
(SpringSecurity web ), <filter-name> .
(4). spring-security filter, filter spring 。spring-
security filter spring bean, bean ? filter tomcat
servlet , IOC bean , springIOC filter bean,
IOC bean 。 web.xml filter, DelegatingFilterProxy,
。
----------------------------------------------------------------------------------------------------------------------------
5). applicationContext-springsecurity.xml, DelegatingFilterProxy。
① spring HTTP , , 。
<http auto-config="true">
<intercept-url pattern="/index.jsp" access="ROLE_ADMIN,ROLE_USER"/>
<intercept-url pattern="/user.jsp" access="ROLE_USER"/>
</http>
② spring-security
<authentication-provider>
<user-service>
<user password="user" name="user" authorities="ROLE_USER"/>
<user password="admin" name="admin" authorities="ROLE_ADMIN"/>
</user-service>
</authentication-provider>
----------------------------------------------------------------------------------------------------------------------------
6). xml :
:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
:1、 xmlns xmlns:sec
2、 xmlns:sec xmlns:bean
3、 <bean></bean> <bean:beans>
----------------------------------------------------------------------------------------------------------------------------
7). :
<!-- spring-security http -->
<http auto-config="true">
<intercept-url pattern="/admin.jsp" access="ROLE_ADMIN,ROLE_USER"/>
<intercept-url pattern="/user.jsp" access="ROLE_USER"/>
<!-- -->
<!-- , / , session, session -->
<logout logout-url="j_spring_security_logout"
logout-success-url="logout-success.jsp"
invalidate-session="true"/>
</http>
---------------------------------------------------------------------------------------------------------------------------
8).
<form-login login-page="login.jsp" login-processing-url="login"
default-target-url="success.jsp"
always-use-default-target="true"
authentication-failure-url="error.jsp"/>
①login-page ,
( :action ,name='j_username' )
②login-processing-url , login.jsp action
③default-target-url , 。
④always-use-default-target , security login-page
( , ), , ,
, default-target-url 。
: admin.jsp
◆ :
admin.jsp , login-page , admin.jsp
◆ :
admin.jsp , login-page , default-target-url
⑤authentication-failure-url
---------------------------------------------------------------------------------------------------------------------------
9). spring-security
① jar :spring-security-taglibs-2.0.5.RELEASE.jar
②<security:authorize ifAllGranted="ROLE_ADMIN"
ifAnyGranted="" ifNotGranted="">
</security:authorize>
ifAllGranted
ifAnyGranted
ifNotGranted