• ▸ PHP
• ▸ Java
• ▸ Java SE
• ▸ Python
• ▸ C#
• ▸ C&C++
• ▸ Ruby
• ▸ VB
• ▸ asp.Net
• ▸ Go
• ▸ Perl
• ▸ netty
• ▸ Django
• ▸ Delphi
• ▸ Jsp
• ▸ .NET Core
• ▸ Spring
• ▸ Flask
• ▸ Springboot
• ▸ SpringMVC
• ▸ Lua
• ▸ Laravel
• ▸ Mybatis
• ▸ Asp
• ▸ Groovy
• ▸ ThinkPHP
• ▸ Yii
• ▸ swoole
• ▸ HTML
• ▸ HTML5
• ▸ JavaScript
• ▸ CSS
• ▸ jQuery
• ▸ Bootstrap
• ▸ Angularjs
• ▸ TypeScript
• ▸ Vue
• ▸ Dojo
• ▸ Json
• ▸ Electron
• ▸ Node.js
• ▸ extjs
• ▸ Express
• ▸ XML
• ▸ ES6
• ▸ Ajax
• ▸ Flash
• ▸ Unity
• ▸ React
• ▸ Flex
• ▸ Ant Design
• ▸ Web前端
• ▸ 微信小程序
• ▸ 微信公众号
• ▸ iOS
• ▸ Android
• ▸ Swift
• ▸ Hybrid
• ▸ Cocos2d-x
• ▸ Flutter
• ▸ Xcode
• ▸ Silverlight
• ▸ cocoa
• ▸ Cordova

• 前端之家
• XML
• xml ：spring-security 配置

<properties>
	<jdk.version>1.6</jdk.version<spring.version>3.2.8.RELEASE</spring.version<spring.security.version>3.2.3.RELEASE</spring.security.version<jstl.version>1.2</jstl.version>
</properties>

<dependencies>

	<!-- Spring dependencies -->
	<dependency>
		<groupId>org.springframework</groupId<artifactId>spring-core</artifactId<version>${spring.version}</version</dependency>

	>spring-web>spring-webmvc>

	<!-- Spring Security -->
	>org.springframework.security>spring-security-web>${spring.security.version}>spring-security-config>

	<!-- jstl for jsp page -->
	>jstl>${jstl.version}</dependencies>

package com.mkyong.web.controller;

import org.springframework.stereotype.Controller;
.bind.annotation.RequestMapping.RequestMethod.servlet.ModelAndView;

@Controller
public class HelloController {

	@RequestMapping(value = { "/", "/welcome**" }= RequestMethod.GET)
	public ModelAndView welcomePage() {

		ModelAndView model = new ModelAndView);
		model.addObject("title""Spring Security Hello World""message""This is welcome page!"setViewName"hello";
		return model;

	}

	= "/admin**"adminPage"This is protected page!""admin";

		}

}

<%@page session="false"%>
<html<body<h1>Title : ${title}</h1>Message : ${message}</body</html>

<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<c:if test="${pageContext.request.userPrincipal.name != null}">
	   <h2>Welcome : ${pageContext.request.userPrincipal.name}
           | <a href="<c:url value"/j_spring_security_logout" />" > logout</a></h2</c:if
  mvc-dispatcher-servlet.xml 

<beans xmlns"http://www.springframework.org/schema/beans" xmlns:context"http://www.springframework.org/schema/contextxmlns:xsi"http://www.w3.org/2001/XMLSchema-instancexsi:schemaLocation" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd<context:component-scan base-package"com.mkyong.*/>

	<bean class"org.springframework.web.servlet.view.InternalResourceViewResolver>
	  <property name"prefix<value>/WEB-INF/pages/</value</property"suffix>.jsp</bean</beans 5. Spring Security : User Authentication 
 Create a Spring Security XML file.
 

  spring-security.xml 
 
<beans:beans "http://www.springframework.org/schema/securityxmlns:beans"http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd<http auto-config"true<intercept-url pattern"/admin**access"ROLE_USER/>
	</http<authentication-manager<authentication-provider>
	    <user-service<user "mkyongpassword"123456authorities/>
	    </user-service</authentication-provider</authentication-manager</beans:beans>
 
 It tells,only user “mkyong” is allowed to access the/adminURL.
 
 6. Integrate Spring Security
 
 To integrate Spring security with a Spring MVC web application,just declaresDelegatingFilterProxyas a servlet filter to intercept any incoming request.
 

  web.xml 
 
<web-app id"WebApp_IDversion"2.4"http://java.sun.com/xml/ns/j2ee"http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd<display-name>Spring MVC Application</display-name>

	<!-- Spring MVC -->
	<servlet<servlet-name>mvc-dispatcher</servlet-name<servlet-class>org.springframework.web.servlet.DispatcherServlet
		</servlet-class<load-on-startup>1</load-on-startup</servlet<servlet-mapping<url-pattern>/</url-pattern</servlet-mapping<listener<listener-class>org.springframework.web.context.ContextLoaderListener
		</listener-class</listener>

        <!-- Loads Spring Security config file -->
	<context-param<param-name>contextConfigLocation</param-name<param-value>
			/WEB-INF/spring-security.xml
		</param-value</context-param<filter<filter-name>springSecurityFilterChain</filter-name<filter-class>org.springframework.web.filter.DelegatingFilterProxy
		</filter-class</filter<filter-mapping>/*</filter-mapping</web-app 7. Demo 
 That’s all,but wait… where’s the login form? No worry,if you do not define any custom login form,Spring will create a simple login form automatically.
 
 
 Custom Login Form 
 
 Read this “ 
 Spring Security form login example” to understand how to create a custom login form in Spring Security. 
 
 1. Welcome Page –http://localhost:8080/spring-security-helloworld-xml/welcome
 
 
  
 
 2. Try to access/adminpage,Spring Security will intercept the request and redirect to/spring_security_login,and a predefined login form is displayed.
 
 3. If username and password is incorrect,error messages will be displayed,and Spring will redirect to this URL/spring_security_login?login_error.
 
 4. If username and password are correct,Spring will redirect the request to the original requested URL and display the page.
 
 
  
 
 Download Source Code
 

  Download it – 
 spring-security-helloworld-xml.zip(9 KB) 
 
 References
 
 
 
Spring Security Official Site
 
 
Spring 3 MVC hello world example
 
 
Spring Security form login example (authentication)
 

      

      
                 

        
上一篇：[随笔]repo manifest.xml修改下一篇：使用XmlPullParser把xml文件转换成