本帖最后由 Mylo 于 2019-1-10 14:38 编辑
spring-security的配置文件思路:
springSecurity是对请求进行拦截,然后判断当前用户是否有这个权限去访问这个请求!所以,我们首先设置我们拦截的请求,同时,设置访问该请求所需要的权限,第二,我们需要给当前使用者赋值角色,然后给角色绑定权限。我们只需要在拦截请求的时候,判断使用者的使用角色里,是否有访问当前请求的权限即可。
参数讲解:
1.1 security:intercept-url
pattern:拦截的请求
access:访问当前请求所需要的权限
1.2 security:form-login
login-page:设置登录的首页
authentication-failure-url :访问失败的跳转页面
1.3 security:form-logout
logout-success-url: 退出的指定页面
<security:intercept-url pattern="/welcome**" access="ROLE_USER"></security:intercept-url>
<security:intercept-url pattern="/admin**" access="ROLE_ADMIN"></security:intercept-url><security:form-login login-page="/pages/login.jsp" authentication-failure-url="/pages/error.jsp"></security:form-login><security:logout logout-success-url="/pages/login.jsp"></security:logout>
<security:csrf disabled="true"></security:csrf>
2.1 security:
user:登录的账号
password:登录的密码,{noop}不加密
authorities:赋予角色
<security:user name="mylo" password="{noop}123456" authorities="ROLE_USER"></security:user> <security:user name="admin" password="{noop}123456" authorities="ROLE_ADMIN"></security:user>
<?xml version="1.0" encoding="UTF-8"?><beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/s ... spring-security.xsd">
<security:http auto-config="true" use-expressions="false">
<security:intercept-url pattern="/welcome**" access="ROLE_USER"></security:intercept-url>
<security:intercept-url pattern="/admin**" access="ROLE_ADMIN"></security:intercept-url>
<security:form-login login-page="/pages/login.jsp" authentication-failure-url="/pages/error.jsp"></security:form-login>
<security:logout logout-success-url="/pages/login.jsp"></security:logout>
<security:csrf disabled="true"></security:csrf>
</security:http>
<security:authentication-manager id="authenticationManager">
<security:authentication-provider >
<security:user-service>
<security:user name="mylo" password="{noop}123456" authorities="ROLE_USER"></security:user>
<security:user name="admin" password="{noop}123456" authorities="ROLE_ADMIN"></security:user>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans> |
|
|