Spring security 3.x (2) learn while you

The following describes how will (1) inside the XML configuration of the fixed user using database form, that is more close to the daily project.

 

(1)Spring-security.xml authentication-manager configuration

 

<sec:authentication-manager>
	<sec:authentication-provider>
		<sec:user-service>
			<sec:user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN"/>
			<sec:user name="jack" password="jack" authorities="ROLE_USER" />
		</sec:user-service>
	</sec:authentication-provider>
</sec:authentication-manager>

User is fixed configuration.

 

 

The authentication-manager modification

 

<sec:authentication-manager>
	<sec:authentication-provider>
		<sec:password-encoder hash="md5"></sec:password-encoder>
		<sec:jdbc-user-service data-source-ref="dataSource" 
			users-by-username-query="select name,pwd,status from user where name=?" 
			authorities-by-username-query="select u.name,a.authority from user u left join authorities a on u.id=a.user_id where u.name=?"/>
	</sec:authentication-provider>
</sec:authentication-manager>

As configuration two SQL back out the information required by jdbc-user-service can complete the registration certification

 

 

Filter ps: questions about static resource spring in MVC can be the following configuration, use sever own default filter filter instead of the spring-mvc filter, there are several configuration

 

A. Default filter

<servlet-mapping>       
    <servlet-name>default</servlet-name>    
    <url-pattern>*.js</url-pattern>    
</servlet-mapping>    
<servlet-mapping>        
    <servlet-name>default</servlet-name>       
    <url-pattern>*.css</url-pattern>      
</servlet-mapping>    
<servlet-mapping>        
    <servlet-name>default</servlet-name>       
    <url-pattern>*.html</url-pattern>      
</servlet-mapping> 

 

 

 

Posted by Doris at December 18, 2013 - 5:48 AM