2014-01-29 34 views

回答

4

在Servlet 2.5環境中,Spring Security 3.2在下面的代碼中用JavaConfig配置。

的web.xml

<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 
<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

SecurityConfig.java

@Configuration 
@EnableWebSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 

@Autowired 
private UserDetailsService userDetailsService; 

@Override 
protected void configure(AuthenticationManagerBuilder registry) 
     throws Exception { 
    registry.userDetailsService(userDetailsService).passwordEncoder(
      new BCryptPasswordEncoder()); 
} 

@Override 
public void configure(WebSecurity webSecurity) throws Exception { 
    webSecurity.ignoring().antMatchers("/resources"); 
} 

@Override 
protected void configure(HttpSecurity http) throws Exception { 

http.csrf().disable() 
    .authorizeRequests() 
     .antMatchers("/admin.htm") 
     .hasAuthority("ROLE_ADMIN") 
     .antMatchers("/personal/myPhotos.htm") 
     .hasAnyAuthority("ROLE_USER", "ROLE_FAMILY", "ROLE_ADMIN") 
     .antMatchers("/personal/familyPhotos.htm") 
     .hasAnyAuthority("ROLE_FAMILY", "ROLE_ADMIN") 
     .antMatchers("/**").permitAll() 
     .anyRequest().authenticated() 
    .and() 
     .formLogin() 
     .usernameParameter("j_username") // default is username 
     .passwordParameter("j_password") // default is password 
     .loginPage("/login.htm") 
     .loginProcessingUrl("/j_spring_security_check") 
     .failureUrl("/login.htm?login_error=t") 
     .permitAll() 
    .and() 
     .logout().logoutSuccessUrl("/") 
     .logoutUrl("/j_spring_security_logout") 
    .and() 
     .rememberMe().key("myAppKey").tokenValiditySeconds(864000); 
} 
} 

有一些相似性和差異在javaconfig和XML配置了在this blog

很好解釋
相關問題