Spring Security 3.0

Source: Internet
Author: User
Spring Security 3.0----Personal Base Understanding (1)

Because I am still in the internship, the task assigned to me in the project is also very simple. But also because of graduation design my thesis topic is I do the project, the teacher said must have the bright spot.

I added a project in the article about single sign-on and permission verification. But, since it was written. I have always understood the truth of it.

So, these days looking at the related article about spring security, watching three days plus the code written by colleagues, is finally a bit of a clue. Here's a little summary.

I hope I can find my problem again in the future.

---------------------------------------------Gorgeous split Line-----------------------------------------------------

I like to read the program by a line. Spring security is no exception.

Because of our single sign-on and permission verification, I just follow the login process.

Before you log in, configure the Spring security configuration in Web.xml.

1. Read the spring configuration file, as for the following listening, there is an article on the web that says, either listen, or use a servlet to mark the Contextloaderlistener. Then you can read it. (Understanding is very vague, the first summary of their own, later find their own mistakes.) )

<!--read the spring configuration file-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>

<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>

2. Filters for spring security. The default spring security framework has its own filter chain. As long as the following code is configured, all requests pass through the filter chain. Of course, you can configure your own filters in it. The method is to add a bean to the Applicationcontext.xml file in spring and then mark the <sec:custom-filter/> with attributes after, before, and position. Used to mark your own filter before or after loading the filter in spring security.

<!--springsecurity config-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>

3. There are such a section of configuration in ApplicationContext

Login page, no access rights required
<sec:intercept-url pattern= "/login.jsp" filters= "None" access= "is_authenticated_anonymously"/>

Admin page requires Administrator privileges

<sec:intercept-url pattern= "/admin.jsp" access= "Role_admin"/>

All other pages require user privileges
<sec:intercept-url pattern= "/**" access= "Role_user"/>

The permissions are set by a remote server database that adds the following three tables to the database: Users,role,users_role

The following configuration is the default login page that configures Spring security. That is, after authentication, if no permissions, the default entry to the login page. The following string should be added to the spring security's default logon request: J_spring_security_check; This is the spring security default login request contains a string (this piece I don't understand, or is a bit biased to understand), I heard that this can be manually modified, because after all, are not familiar with. So my colleagues have not changed, I will follow his this view.
<sec:form-login login-page= "/page/login/login.faces" default-target-url= "/"
Authentication-failure-url= "/page/login/login.faces?error=true"/>

4. In spring security, this method is used to get the current user's Session:SecurityContextHolder.getContext (). Getauthentication () (Accurate to obtain user information). My colleague said to get the session.

======================== Split Line ====================================

At present understand this point. Learn more about it later ...


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.