spring中security有基本应用
本人近来刚学会了一点基本spring-security 的使用，想一想还是可以跟大家分享一下。

Spring Security是基于Spring的的权限认证框架，先给大家看看，applicationContext-security.xml的配置：

<?xml version="1.0" encoding="UTF-8"?><b:beans xmlns="http://www.springframework.org/schema/security"    xmlns:b="http://www.springframework.org/schema/beans"    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">        <http auto-config="true"><!--这里是用来设置默认的登录页面的-->    <form-login login-page="/login.jsp"    authentication-failure-url="/login.jsp/error=true"    default-target-url="/login"    /><!--intercept用于设置拦截器，分配拦截器-->    <intercept-url pattern="/admin.jsp" access="ROLE_ADMIN"/>    <intercept-url pattern="/**" access="ROLE_USER"/>    </http><!--这里设置了两个用户，admin和bob-->    <authentication-manager>    <authentication-provider>      <user-service>        <user name="admin" password="admin" authorities="ROLE_USER,ROLE_ADMIN" />        <user name="bob" password="bob" authorities="ROLE_USER" />      </user-service></authentication-provider>  </authentication-manager>    </b:beans>

而web.xml文件的配置如下：

<?xml version="1.0" encoding="UTF-8"?><web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">    <context-param>        <param-name>contextConfigLocation</param-name>        <param-value>            classpath:applicationContext-*.xml        </param-value>    </context-param>        <listener>        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>    </listener>    <!--      - Publishes events for session creation and destruction through the application      - context. Optional unless concurrent session control is being used.      -->    <listener>      <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>    </listener>    <listener>        <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>    </listener>    <filter>        <filter-name>springSecurityFilterChain</filter-name>        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>    </filter>    <filter-mapping>      <filter-name>springSecurityFilterChain</filter-name>      <url-pattern>/*</url-pattern>    </filter-mapping></web-app>

通过上面的配置，spring-security权限框架的设置基本可以满足于测试了。要把用户从数据库中取出来进行分配其角色，则需要用java代码通过继承UserDetails和UserDetailsService来进行有效的处理。这还有代码于我在进行更多的测试。