Spring-securety和shiro的比较:
Spring-securety与springMVC结合使用起来方便,shiro可用与非springMVC框架。
Spring-securety比shiro功能强大。
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
spring-security.xml
<http pattern="/.html" security="none"/>
<http pattern="/css/" security="none"/>
<http pattern="/img/" security="none"/>
<http pattern="/js/" security="none"/>
<http pattern="/plugins/*" security="none"/>
<http pattern="/seller/add.do" security="none"/>
<http use-expressions="false">
<!-拥有 USER角色的可以任意访问 -->
<intercept-url pattern="/**" access="ROLE_SELLER"/>
<!-表单登录信息 -->
<form-login login-page="/shoplogin.html" default-targeturl="/admin/index.html"
authentication-failure-url="/shoplogin.html" always-usedefault-target="true"/>
<!-禁止跨站请求伪造校验 -->
<csrf disabled="true"/>
<!-如果使用了 iframe等框架,希望跳转也是在框架内跳转的话 -->
<headers>
<frame-options policy="SAMEORIGIN"/>
</headers>
<logout/>
</http>
</beans:beans>
web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter
class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/</url-pattern>
</filter-mapping>
<listener>
<listener
class>org.springframework.web.context.ContextLoaderListener</listener
class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/spring-.xml</param-value>
</context-param>
