一、在web.xml中配置acegi的Filter二、新建一个spring的配置文件applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<! DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
</beans>
<! DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
"http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
</beans>
添加 filterChainProxy,主要是来设置URL的过滤与Acegi的Filter的关联,可以使用正则表达式
<bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/j_security_check*=httpSessionContextIntegrationFilter,authenticationProcessingFilter
/**/*.html*=httpSessionContextIntegrationFilter,anonymousProcessingFilter,securityEnforcementFilter
/**/*.jsp*=httpSessionContextIntegrationFilter,securityEnforcementFilter
</value>
</property>
</bean>
添加filterInvocationInterceptor,主要对URL和role直接的对应,可以使用正则表达式<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/j_security_check*=httpSessionContextIntegrationFilter,authenticationProcessingFilter
/**/*.html*=httpSessionContextIntegrationFilter,anonymousProcessingFilter,securityEnforcementFilter
/**/*.jsp*=httpSessionContextIntegrationFilter,securityEnforcementFilter
</value>
</property>
</bean>
<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/signup.html=ROLE_ANONYMOUS,admin,tomcat
/passwordhint.html*=ROLE_ANONYMOUS,admin,tomcat
/**/*.html*=admin,tomcat
/clickstreams.jsp=admin
</value>
</property>
</bean>
添加authenticationManager<property name="authenticationManager"><ref local="authenticationManager"/></property>
<property name="accessDecisionManager"><ref local="accessDecisionManager"/></property>
<property name="objectDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/signup.html=ROLE_ANONYMOUS,admin,tomcat
/passwordhint.html*=ROLE_ANONYMOUS,admin,tomcat
/**/*.html*=admin,tomcat
/clickstreams.jsp=admin
</value>
</property>
</bean>
<
bean
id
="authenticationManager"
class
="net.sf.acegisecurity.providers.ProviderManager"
>
< property name ="providers" >
< list >
< ref local ="daoAuthenticationProvider" />
< ref local ="anonymousAuthenticationProvider" />
</ list >
</ property >
</ bean >
添加loggerListener< property name ="providers" >
< list >
< ref local ="daoAuthenticationProvider" />
< ref local ="anonymousAuthenticationProvider" />
</ list >
</ property >
</ bean >
<bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/>
添加daoAuthenticationProvider
<
bean
id
="daoAuthenticationProvider"
class
="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider"
>
< property name ="authenticationDao" >< ref local ="jdbcAuthenticationDao" /></ property >
< property name ="userCache" >< ref local ="userCache" /></ property >
</ bean >
添加
jdbcAuthenticationDao,从数据库中查询出用户信息和用户权限信息
< property name ="authenticationDao" >< ref local ="jdbcAuthenticationDao" /></ property >
< property name ="userCache" >< ref local ="userCache" /></ property >
</ bean >
<
bean
id
="jdbcAuthenticationDao"
class
="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl"
>
< property name ="dataSource" >< ref bean ="dataSource" /></ property >
< property name ="usersByUsernameQuery" >
< value > SELECT username,password,enabled FROM app_user WHERE username = ? </ value >
</ property >
< property name ="authoritiesByUsernameQuery" >
< value > SELECT username,role_name FROM user_role WHERE username = ? </ value >
</ property >
</ bean >
添加
userCache,添加缓存机制
< property name ="dataSource" >< ref bean ="dataSource" /></ property >
< property name ="usersByUsernameQuery" >
< value > SELECT username,password,enabled FROM app_user WHERE username = ? </ value >
</ property >
< property name ="authoritiesByUsernameQuery" >
< value > SELECT username,role_name FROM user_role WHERE username = ? </ value >
</ property >
</ bean >
<
bean
id
="userCache"
class
="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache"
>
< property name ="cache" >
< bean class ="org.springframework.cache.ehcache.EhCacheFactoryBean" >
< property name ="cacheManager" >
< bean class ="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
</ property >
< property name ="cacheName" >< value > userCache </ value ></ property >
</ bean >
</ property >
</ bean >
添加
anonymousAuthenticationProvider,添加匿名用户的Bean
< property name ="cache" >
< bean class ="org.springframework.cache.ehcache.EhCacheFactoryBean" >
< property name ="cacheManager" >
< bean class ="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
</ property >
< property name ="cacheName" >< value > userCache </ value ></ property >
</ bean >
</ property >
</ bean >
<
bean
id
="anonymousAuthenticationProvider"
class
="net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"
>
< property name ="key" >< value > anonymous </ value ></ property >
</ bean >
添加投票策略
< property name ="key" >< value > anonymous </ value ></ property >
</ bean >
<
bean
id
="roleVoter"
class
="net.sf.acegisecurity.vote.RoleVoter"
>
< property name ="rolePrefix" >< value /></ property >
</ bean >
< property name ="rolePrefix" >< value /></ property >
</ bean >
<
bean
id
="accessDecisionManager"
class
="net.sf.acegisecurity.vote.AffirmativeBased"
>
< property name ="allowIfAllAbstainDecisions" >< value > false </ value ></ property >
< property name ="decisionVoters" >
< list >
< ref local ="roleVoter" />
</ list >
</ property >
</ bean >
开始http请求的安全配置
< property name ="allowIfAllAbstainDecisions" >< value > false </ value ></ property >
< property name ="decisionVoters" >
< list >
< ref local ="roleVoter" />
</ list >
</ property >
</ bean >
<
bean
id
="httpSessionContextIntegrationFilter"
class
="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter"
>
< property name ="context" >< value > net.sf.acegisecurity.context.security.SecureContextImpl </ value ></ property >
</ bean >
< property name ="context" >< value > net.sf.acegisecurity.context.security.SecureContextImpl </ value ></ property >
</ bean >
<
bean
id
="authenticationProcessingFilter"
class
="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter"
>
< property name ="authenticationManager" >< ref local ="authenticationManager" /></ property >
< property name ="authenticationFailureUrl" >< value > /login.jsp?error=true </ value ></ property >
< property name ="defaultTargetUrl" >< value > / </ value ></ property >
< property name ="filterProcessesUrl" >< value > /j_security_check </ value ></ property >
</ bean >
< property name ="authenticationManager" >< ref local ="authenticationManager" /></ property >
< property name ="authenticationFailureUrl" >< value > /login.jsp?error=true </ value ></ property >
< property name ="defaultTargetUrl" >< value > / </ value ></ property >
< property name ="filterProcessesUrl" >< value > /j_security_check </ value ></ property >
</ bean >
<
bean
id
="anonymousProcessingFilter"
class
="net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter"
>
< property name ="key" >< value > anonymous </ value ></ property >
< property name ="userAttribute" >< value > anonymous,ROLE_ANONYMOUS </ value ></ property >
</ bean >
< property name ="key" >< value > anonymous </ value ></ property >
< property name ="userAttribute" >< value > anonymous,ROLE_ANONYMOUS </ value ></ property >
</ bean >
<
bean
id
="securityEnforcementFilter"
class
="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter"
>
< property name ="filterSecurityInterceptor" >< ref local ="filterInvocationInterceptor" /></ property >
< property name ="authenticationEntryPoint" >< ref local ="authenticationProcessingFilterEntryPoint" /></ property >
</ bean >
< property name ="filterSecurityInterceptor" >< ref local ="filterInvocationInterceptor" /></ property >
< property name ="authenticationEntryPoint" >< ref local ="authenticationProcessingFilterEntryPoint" /></ property >
</ bean >
<
bean
id
="authenticationProcessingFilterEntryPoint"
class
="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"
>
< property name ="loginFormUrl" >< value > /login.jsp </ value ></ property >
< property name ="forceHttps" >< value > false </ value ></ property >
</ bean >
< property name ="loginFormUrl" >< value > /login.jsp </ value ></ property >
< property name ="forceHttps" >< value > false </ value ></ property >
</ bean >
<filter>
<filter-name>securityFilter</filter-name>
<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>net.sf.acegisecurity.util.FilterChainProxy</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>securityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-name>securityFilter</filter-name>
<filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>net.sf.acegisecurity.util.FilterChainProxy</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>securityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>