Read the Official document first: http://docs.spring.io/spring-security/site/docs/4.0.x/reference/htmlsingle/
Spring Security4 has added a way to annotate, but in order to get a clearer picture, the configuration is used.
Step one: Web. XML joins intercept
<!--configuration Springsecurityfilter--<filter> <filter-name>springsecurityfilterchain</filter-name& Gt <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*< ;/url-pattern> </filter-mapping>
Step Two: Write the configuration file: Spring-security.xml
<beans:beans xmlns= "Http://www.springframework.org/schema/security" xmlns:beans = "Http://www.springframework.org/schema/beans" xmlns:xsi= "Http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation= "http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/security http:// www.springframework.org/schema/security/spring-security-3.2.xsd "> step three: Write the login authentication function
Package com.eshore.upsweb.service;import java.util.arraylist;import java.util.hashset;import java.util.List;import java.util.Set;import org.springframework.beans.factory.annotation.autowired;import org.springframework.security.core.grantedauthority;import org.springframework.security.core.authority.simplegrantedauthority;import org.springframework.security.core.userdetails.user;import org.springframework.security.core.userdetails.userdetails;import org.springframework.security.core.userdetails.userdetailsservice;import org.springframework.security.core.userdetails.usernamenotfoundexception;import org.springframework.stereotype.service;import com.eshore.upsweb.dao.cwsysuserdao;import com.eshore.upsweb.model.cwsysuser;import com.eshore.upsweb.model.cwsysuserrole; @Service (value= " Cwsysuserdetailsservice ") public class cwsysuserdetailsservice implements Userdetailsservice{ &nbSP; @Autowired CwSysUserDAO cwSysUserDAO; @Override public userdetails loaduserbyusername (String username) throws usernamenotfoundexception { system.out.println ("username is " + username); cwsysuser user = Cwsysuserdao.finduser (username); list<grantedauthority> authorities = builduserauthority (User.getuserroles ()); return builduserforauthentication ( User, authorities); } /** * return to validation role * @param userRoles * @return */ private list<grantedauthority> builduserauthority (set<cwsysuserrole> userroles) { Set<GrantedAuthority> Setauths = new hashset<grantedauthority> (); for (CwSysUserRole userrole:userroles) { setauths.add (new simplegrantedauthority ( Userrole.getrole (). Getroleid (). toString ()); } list< Grantedauthority> result = new arraylist<grantedauthority> (setAuths); return result; } /** * return to Authenticated users * @param user * @param authorities * @ Return */ private user builduserforauthentication (CwSysUser user, list<grantedauthority> authorities) { return new user ( User.getuserno (), User.getpassword (), true,true,true,true,authorities); } /** * */ }
Fifth step: write the corresponding login JSP
<%@ page language= "java" contenttype= "Text/html; charset=utf-8" pageEncoding = "UTF-8"%> <%@ taglib prefix= "C" uri= "Http://java.sun.com/jsp/jstl/core"%> <! Doctype html ">
Simply say Spring Security use (additional verification code login, custom authentication)