Spring Security and Shiro

Spring Security  看了第一篇的一部分，后几个还没看：

http://www.cnblogs.com/javay/p/5822879.html

http://blog.csdn.net/zmx729618/article/details/51096593

http://www.importnew.com/20612.html

http://hotstrong.iteye.com/blog/1160153

Shiro 还没看：

http://blog.csdn.net/donggua3694857/article/details/52157313

------------------------------------------

手敲了第一篇的一些代码，记录一下：

<dependecy>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.1.2.RELEASE</version>
</dependecy>
<dependecy>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.1.2.RELEASE</version>
</dependecy>
<dependecy>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.1.2.RELEASE</version>
</dependecy>

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<http security="none" pattern="/login.jsp"/>
<http security="none" pattern="/static/**"/>
<http use-expressions="true" auto-config="true">
<intercept url-pattern="/**" access="hasRole('ROLE_USER')"/>

<session-management>
<concurrency-control max-sessions="4" error-if-maximum-exceeded="true"/>
</session-management>
<csrf disabled="true"/>
<form-login login-page="/login.jsp" authentication-failure-handler-ref="authenticationFailureHandlerImpl"
authentication-success-handler-ref="authenticationSuccessHandlerImpl"/>
<logout logout-success-url="/logout.jsp" logout-url="logout" invalidate-session="true" delete-cookies="JSESSIONID">
</http>

<authentication-manager>
<authentication-provider user-service-ref="userService">
<password-encoder hash="bcrypt"/>
</authentication-provider>
</authentication-manager>

<beans:bean id="userService" class="com.**.user.service.impl.UserServiceImpl"/>

<beans:bean id="authenticationSuccessHandlerImpl" class="com.**.utils.springsecurity.AuthenticationSuccessHandlerImpl">
<beans:property name="url" value="/welcome.jsp"/>
</beans:bean>

<beans:bean id="authenticationFailureHandlerImpl" class="com.**.utils.springsecutity.AuthenticationFailureHandlerImpl">
<beans:property name="errorUrl" value="/error.jsp"/>
</beans:bean>

</beans:beans>