会员投稿
投稿指南我的spring security配置demo文件
虽然用的是spring security, 但是还是用的acegi的配置方式:
<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<beans xmlns=\"http://www.springframework.org/schema/beans\"
xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"
xmlns:security=\"http://www.springframework.org/schema/security\"
xmlns:p=\"http://www.springframework.org/schema/p\"
xsi:schemaLocation=\"http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd\">
<import resource=\"datasourceSetting.xml\"/>
<!--
FilterChainProxy会按顺序来调用这些filter,使这些filter能享用Spring Ioc的功能,
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON 定义url比较前先转为小写
PATTERN_TYPE_APACHE_ANT 定义使用Apache ant的匹配模式
-->
<bean id=\"filterChainProxy\"
class=\"org.springframework.security.util.FilterChainProxy\">
<property name=\"filterInvocationDefinitionSource\">
<value><![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=concurrentSessionFilter,httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
]]></value>
</property>
</bean>
<bean id=\"httpSessionContextIntegrationFilter\"
class=\"org.springframework.security.context.HttpSessionContextIntegrationFilter\"/>
<bean id=\"logoutFilter\"
class=\"org.springframework.security.ui.logout.LogoutFilter\">
<!-- 退出系统后系统跳转到此URL -->
<constructor-arg value=\"/index.jsp\"/>
<!-- 退出系统后的操作(调用logout方法) -->
<constructor-arg>
<list>
<!-- 实现了LogoutHandler接口(logout方法) -->
<ref bean=\"rememberMeServices\"/>
<bean class=\"org.springframework.security.ui.logout.SecurityContextLogoutHandler\"/>
</list>
</constructor-arg>
</bean>
<!--
处理表单认证filter:
1.authenticationManager 认证管理器
2.authenticationFailureUrl 定义登录失败时转向的页面
3.defaultTargetUrl 定义登录成功时转向的页面
4.filterProcessesUrl 定义登录请求的地址
5.rememberMeServices 在验证成功后添加cookie信息
-->
<bean id=\"authenticationProcessingFilter\"
class=\"org.springframework.security.ui.webapp.AuthenticationProcessingFilter\"
p:authenticationManager-ref=\"authenticationManager\"
p:authenticationFailureUrl=\"/login.jsp?messcode=-1\"
p:defaultTargetUrl=\"/index.jsp\"
p:rememberMeServices-ref=\"rememberMeServices\"
p:filterProcessesUrl=\"/spring_security_login\"
/>
<!--
通过Providers提供认证者列表,如果一个认证提供者失败可以尝试另外一个认证提供者,以保证获取不同来源的身份认证,如
DaoAuthenticationProvider 从数据库中读取用户信息验证身份
AnonymousAuthenticationProvider 匿名用户身份认证
RememberMeAuthenticationProvider 已存cookie中的用户信息身份认证
每个认证者会对自己指定的证明信息进行认证,如DaoAuthenticationProvider仅对UsernamePasswordAuthenticationToken这个证明信息进行认证。
-->
<bean id=\"authenticationManager\"
class=\"org.springframework.security.providers.ProviderManager\"
p:sessionController-ref=\"concurrentSessionController\">
<property name=\"providers\">
<list>
<ref bean=\"daoAuthenticationProvider\"/>
<bean
class=\"org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider\"
p:key=\"springsecurity\"/>
<bean
class=\"org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider\"
p:key=\"springsecurity\"/>
</list>
</property>
</bean>
<bean id=\"daoAuthenticationProvider\"
class=\"org.springframework.security.providers.dao.DaoAuthenticationProvider\"
p:userCache-ref=\"userCache\"
p:passwordEncoder-ref=\"passwordEncoder\"
p:saltSource-ref=\"saltSource\"
p:userDetailsService-ref=\"userDetailsService\"/>
<!-- 使用动态盐值MD5的方式加密解密 -->
<bean id=\"passwordEncoder\"
class=\"org.springframework.security.providers.encoding.Md5PasswordEncoder\"/>
<bean id=\"saltSource\" class=\"org.springframework.security.providers.dao.salt.ReflectionSaltSource\">
<property name=\"userPropertyToUse\" value=\"getUsername\" />
</bean>
<!-- 自定义UserDetailsService实现 -->
<bean id=\"userDetailsService\"
class=\"security.authentication.MySecurityJdbcDaoImpl\"
p:dataSource-ref=\"dataSource\"
p:usersByUsernameQuery=\"select userName, passWord, enabled, userId, email from users where userName=?\"
p:authoritiesByUsernameQuery=\"select u.userName,r.roleName from users u,roles r,users_roles ur where u.userId=ur.userId and r.roleId=ur.roleId and u.userName=?\"/>
<!-- 阻止用户在成功登录之后再进行一次成功登录
exceptionIfMaximumExceeded: false, it means: the later login user will kick off the
previous login user, the previous user cannot use again
-->
<bean id=\"concurrentSessionController\"
class=\"org.springframework.security.concurrent.ConcurrentSessionControllerImpl\"
p:maximumSessions=\"1\"
p:exceptionIfMaximumExceeded=\"false\"
p:sessionRegistry-ref=\"sessionRegistry\"
p:messageSource-ref=\"messageSource\"/>
<bean id=\"sessionRegistry\"
class=\"org.springframework.security.concurrent.SessionRegistryImpl\"/>
<bean id=\"concurrentSessionFilter\" class=\"org.springframework.security.concurrent.ConcurrentSessionFilter\">
Tags:
- 【转】Hibernate性能“暴差”引发的考证
- Struts2+hibernate3.3+spirng2.5配置要点
- jpa规范下的shh2配置要点
- Spring 自动定时任务配置
- Socket代理转发小记
- OSGi,Java模块化框架的另类进化(1)
- OSGi,Java模块化框架的另类进化(2)
- OSGi依赖性管理:Bundle访问域
- 海量图层管理的新希望——ArcGIS Server 动态图层服务
- 思想行动之Tips提示框引擎的索引结构
- OSGi,Java模块化框架的另类进化(3)
- Java实践之路(设计模式)——工厂模式(抽象工厂)
- IBM Lombardi介绍
- Tomcat 设置编码
- Ajax异步提交