spring security 01) 起步
<!-- struts2 support -->...<!-- spring security --><filter><filter-name>springSecurityFilterChain</filter-name><filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class></filter><filter-mapping><filter-name>springSecurityFilterChain</filter-name><url-pattern>/*</url-pattern><dispatcher>FORWARD</dispatcher><dispatcher>REQUEST</dispatcher></filter-mapping>
默认不要写<dispatcher>FORWARD</dispatcher>等,但不加的话,struts2 action的跳转拦截不到。
?
?
3. 建立一个applicationContext-security.xml的配置文件
<?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <http auto-config='true'> <intercept-url pattern="/WEB-INF/pages/demo/user_findUser.jsp" access="ROLE_ADMIN" /> <intercept-url pattern="/index2.jsp" access="ROLE_ADMIN" /> <intercept-url pattern="/**" access="ROLE_USER" /> </http><authentication-manager> <authentication-provider><user-service><user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" /><user name="user" password="user" authorities="ROLE_USER" /></user-service> </authentication-provider> </authentication-manager></beans:beans>
?并在web.xml中引入这个文件。
classpath:applicationContext-security.xml,
?
?
这样,访问相应jsp时就需要相应的权限了,spring security还提供默认的登录页面。
?
?