日期:2014-05-16  浏览次数:20407 次

springsecurity学习笔之二:实现一个基于数据库的简单权限系统
这里在一个web工程中,通过三张表,实现用户、角色、权限的关系实现一个相对简单的权限系统。没有考虑对资源(URL)的控制
一、在web工程中加入springsecurity的支持,主要jar包

二、配置web容器:web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
	http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">


	<!--
		- Location of the XML file that defines the root application context -
		Applied by ContextLoaderListener.
	-->
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			classpath:applicationContext.xml
            classpath:applicationContext-sec.xml
            <!-- classpath:applicationContext-common-business.xml
            classpath:applicationContext-common-authorization.xml
            classpath:applicationContext-security.xml -->
		</param-value>
	</context-param>


	<filter>
		<filter-name>localizationFilter</filter-name>
		<filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
	</filter>

	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>


	<filter-mapping>
		<filter-name>localizationFilter</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<filter>
		<filter-name>struts2</filter-name>
		<filter-class>
			org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>struts2</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

	<!--
		- Loads the root application context of this web app at startup. - The
		application context is then available via -
		WebApplicationContextUtils.getWebApplicationContext(servletContext).
	-->
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	<error-page></error-page>

	<session-config>
		<session-timeout>20</session-timeout>
	</session-config>

	<!-- 出错页面定义 -->
	<error-page>
		<exception-type>java.lang.Throwable</exception-type>
		<location>/commons/error.jsp</location>
	</error-page>
	<error-page>
		<error-code>500</error-code>
		<location>/commons/500.jsp</location>
	</error-page>
	<error-page>
		<error-code>404</error-code>
		<location>/commons/404.jsp</location>
	</error-page>
	<error-page>
		<error-code>403</error-code>
		<location>/commons/403.jsp</location>
	</error-page>

	<welcome-file-list>
		<welcome-file>index.jsp</welcome-file>
	</welcome-file-list>
</web-app>



三、配置spring : applicationContext-springsecurity.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
	xsi:schemaLocation="  
       http://www.springframework.org/schema/beans  
       http://www.springframework.org/schema/beans/spring-beans.xsd  
       http://www.springframework.org/schema/security  
       http://www.springframework.org/schema/security/spring-security-3.0.xsd">
	<http auto-config="true">
		<form-login login-page="/login.js