Everyone else is best practice, because my current settings do not follow the reference document recommendation, or the use of delegatingfilterproxy, so I can only say concise practice. Put my applicationcontext-security.xml first.
<?XML version= "1.0" encoding= "UTF-8"?> <Beans:beansxmlns= "Http://www.springframework.org/schema/security"Xmlns:beans= "Http://www.springframework.org/schema/beans"Xmlns:xsi= "Http://www.w3.org/2001/XMLSchema-instance"xsi:schemalocation= "Http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/<a href="Http://lib.csdn.net/base/javaee "Class= ' Replace_word 'title= "Java ee Knowledge Base"Target= ' _blank 'style= ' color: #df3434; font-weight:bold; '>Spring</a>-beans-2.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/ Schema/security/spring-security-2.0.4.xsd "><global-method-securitysecured-annotations= "Enabled"> </global-method-security> <httpAuto-config= "true"> <!--intercept-url pattern= "/**" filters= "none"/ - <Intercept-urlpattern= "/login.jsp*"Filters= "None"/> <Intercept-urlpattern= "/common/pages/**"Access= "Is_authenticated_remembered" /> <Intercept-urlpattern= "/common/**"Filters= "None" /> <Intercept-urlpattern= "/secure/extreme/**"Access= "Role_supervisor"/> <Intercept-urlpattern= "/secure/**"Access= "Is_authenticated_remembered" /> <Intercept-urlpattern="/**"Access= "Is_authenticated_remembered" /> <Form-loginLogin-page= '/login.jsp 'Authentication-failure-url= "/login.jsp?login_error=1"Default-target-url= '/index.jsp ' /> </http> <Authentication-provider> <Jdbc-user-serviceData-source-ref= "DataSource"Group-authorities-by-username-query= "Select U.username,g.group_name,ga.authority as ' authority ' from the users U join Group_members GM on U.username=gm.use Rname join groups G on Gm.group_id=g.id join Group_authorities GA on g.id=ga.group_id where u.username=? " /> <Password-encoderHash= "PlainText"/> </Authentication-provider> </Beans:beans>
For the above configuration, the Form-login Authentication-failure-url and Default-target-url property settings are basically exempt from the hassle of using Exceptiontranslationfilter, Authentication-provider using the above configuration is the most convenient, as my database is built on SQL Server, so the Group-authorities-by-username-query property is added, Password-encoder I personally recommend the reference document recommended by the username salt of the SHA code, I use plaintext here, because I am currently in the development of this project testing phase, user management This module has not been fully established, So for the convenience of testing, with the plaintext code. That datasource, I was following the API documentation recommendation, set up a container jndi, and then use the Jndiobjectfactorybean Proxy in spring.
User management of the facility code to Jdbcuserdetailsmanager-based, JdbcTemplate supplemented by the way, where the former should not be established under the Springcontext, otherwise it will lead to many userdetailservice conflicts.
Here's a look at Spring security internationalization (i18n) configuration processing, first post code:
<BeanID= "Messagesource"class= "Org.springframework.context.support.ReloadableResourceBundleMessageSource"> < Propertyname= "BaseName"value= "/WEB-INF/SSM"/> </Bean> <BeanID= "Localeresolver"class= "Org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver"/>
Note: My bean definition above is not in Applicationcontext-security.xml, but in a applicationcontext-beans.xml with beans as the default namespace, I said the above configuration to do when the problem occurs, where the basename value, I just started to use the development guide said the "Org/springframework/security/messages", But always can not find the jar package inside of the messages file, later, I saw a foreigner with the problem paste, he used the above way, put messages file under the/web-inf/, anyway, this configuration mode, messages file is finally found, I18N can run normally, as for that messages file, or something extracted from the jar package.
Spring Security concise practice and related internationalization processing