1.web.xml配置文件
加载Spring Security,将DelegatingFilterProxy配置在DispatcherServlet之前。
<filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <servlet-name>appServlet</servlet-name> </filter-mapping>
<servlet> <servlet-name>appServlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>classpath:spring/appServlet/servlet-context.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet>
2.security-context配置文件
<http auto-config='true' use-expressions="true" access-denied-page="/403.jsp"> <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" /> <intercept-url pattern="/**" access="permitAll"/> <form-login login-page="/login" authentication-success-handler-ref="loginSuccessHandler" authentication-failure-url="/login?error=true" default-target-url="/user/welcome" /> <logout invalidate-session="true" logout-url="/j_spring_security_logout" logout-success-url="/index" /> </http>