Spring security Spring Security 3.2:Servlet中的JavaConfig springSecurityFilterChain设置<;3.0环境
我正在尝试在Servlet2.5环境中使用JavaConfig设置SpringSecurity3.2。参考()仅涵盖springSecurityFilterChain的Servlet 3.0+设置Spring security Spring Security 3.2:Servlet中的JavaConfig springSecurityFilterChain设置<;3.0环境,spring-security,Spring Security,我正在尝试在Servlet2.5环境中使用JavaConfig设置SpringSecurity3.2。参考()仅涵盖springSecurityFilterChain的Servlet 3.0+设置 感谢您提供如何在Servlet 2.5环境中正确设置此筛选器链的提示/链接。下面的代码使用Servlet 2.5环境中的JavaConfig配置了Spring Security 3.2 web.xml <filter> <filter-name>springSecuri
感谢您提供如何在Servlet 2.5环境中正确设置此筛选器链的提示/链接。下面的代码使用Servlet 2.5环境中的JavaConfig配置了Spring Security 3.2 web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
javaconfig和xml配置中有一些相似之处和不同之处,在
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder registry)
throws Exception {
registry.userDetailsService(userDetailsService).passwordEncoder(
new BCryptPasswordEncoder());
}
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity.ignoring().antMatchers("/resources");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/admin.htm")
.hasAuthority("ROLE_ADMIN")
.antMatchers("/personal/myPhotos.htm")
.hasAnyAuthority("ROLE_USER", "ROLE_FAMILY", "ROLE_ADMIN")
.antMatchers("/personal/familyPhotos.htm")
.hasAnyAuthority("ROLE_FAMILY", "ROLE_ADMIN")
.antMatchers("/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.usernameParameter("j_username") // default is username
.passwordParameter("j_password") // default is password
.loginPage("/login.htm")
.loginProcessingUrl("/j_spring_security_check")
.failureUrl("/login.htm?login_error=t")
.permitAll()
.and()
.logout().logoutSuccessUrl("/")
.logoutUrl("/j_spring_security_logout")
.and()
.rememberMe().key("myAppKey").tokenValiditySeconds(864000);
}
}