继续我们的Spring Roo之旅,今天看看站点安全的使用,roo中集成了Spring security,命令行下输入
security setup,即自动建立相关的配置和依赖。然后可以使用spring security的各种基础设施了。
不过对于一般的网站设置也很简单,具体如下:
1、 Spring Security XML configuration file 配置文件
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd
">
<http auto-config="true">
<intercept-url pattern="/*" access="ROLE_USER"/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user authorities="ROLE_USER" name="guest" password="guest"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
2、 Adding the Spring DelegatingFilterProxy to your web.xml file
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filterclass>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
3、 Adding the Spring Security XML configuration file reference to web.xml
两个形式:
A: web.xml中有Servlet
<servlet>
<servlet-name>dogstore</servlet-name>
<servletclass>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
As the name of the servlet (<servlet-name>) is dogstore, Spring's Convention over Configuration (CoC) rules will search for an XML configuration file called dogstore-servlet.xml in WEB-INF.
B:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/dogstore-security.xml
/WEB-INF/dogstore-base.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
详细的可以参考如下的这本书,特别是附书的代码很有参考价值
Spring Security 3 Secure your web applications against malicious intruders with this easy to follow practical guide
http://www.packtpub.com/spring-security-3/book
如果需要更方便的权限处理,可以参考国人开源的一个中间件 ralasfe
