1.引入依赖pom.xml
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.security.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.security.version}</version>
</dependency>
2.配置spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
">
<!--拦截规则 use-expressions 是否使用springEL表达式默认为true/hasRole('ROLE_') access 角色名称,必须是ROLE_开头 --> <security:http use-expressions="false"> <security:intercept-url pattern="/**" access="ROLE_USER"/> <!--开启表单登录--> <security:form-login></security:form-login> </security:http>
<!-- 认证管理器--> <security:authentication-manager> <security:authentication-provider> <security:user-service> <!--authorities 用户为name 密码为password的 ROLE_USER角色 {noop} 不加密 --> <security:user name="admin" password="{noop}123456" authorities="ROLE_USER"/> </security:user-service> </security:authentication-provider> </security:authentication-manager>
如果没有{noop}
3.web.xml配置
<!-- 指定配置文件--> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath*:spring/*.xml</param-value> </context-param> <!--配置过滤器 编码过滤器&&springSecurity过滤器 --> <filter> <filter-name>characterEncodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> </filter> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>characterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 监听器--> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener>