applicationContext-acegi-security.xml
<?
xml version="1.0" encoding="UTF-8"
?>
<! DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd" >
<!--
- A simple "base bones" Acegi Security configuration.
-
- The sample includes the "popular" features that people tend to use.
- Specifically, form authentication, remember-me, and anonymous processing.
- Other features aren't setup, as these can be added later by inserting
- the relevant XML fragments as specified in the Reference Guide.
-
- To assist new users, the filters specified in the FilterChainProxy are
- declared in the application context in the same order. Collaborators
- required by those filters are placed at the end of the file.
-
- $Id: applicationContext-acegi-security.xml,v 1.2 2007/04/06 10:16:01 zhangxiaofeng Exp $
-->
< beans >
< bean id ="filterChainProxy"
class ="org.acegisecurity.util.FilterChainProxy" >
< property name ="filterInvocationDefinitionSource" >
< value >
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</ value >
</ property >
</ bean >
< bean id ="httpSessionContextIntegrationFilter"
class ="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />
< bean id ="logoutFilter"
class ="org.acegisecurity.ui.logout.LogoutFilter" >
< constructor-arg value ="https://10.100.2.12:8443/cas/logout" />
<!-- URL redirected to after logout -->
< constructor-arg >
< list >
< ref bean ="rememberMeServices" />
< bean
class ="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
</ list >
</ constructor-arg >
</ bean >
< bean id ="authenticationProcessingFilter"
class ="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter" >
< property name ="authenticationManager" >
< ref local ="authenticationManager" />
</ property >
< property name ="authenticationFailureUrl" >
< value > /acegilogin.jsp?login_error=1 </ value >
</ property >
< property name ="defaultTargetUrl" >
< value > / </ value >
</ property >
< property name ="filterProcessesUrl" >
< value > /j_acegi_security_check </ value >
</ property >
</ bean >
< bean id ="securityContextHolderAwareRequestFilter"
class ="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
< bean id ="rememberMeProcessingFilter"
class ="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter" >
< property name ="authenticationManager"
ref ="authenticationManager" />
< property name ="rememberMeServices" ref ="rememberMeServices" />
</ bean >
< bean id ="anonymousProcessingFilter"
class ="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter" >
< property name ="key" value ="changeThis" />
< property name ="userAttribute"
value ="anonymousUser,ROLE_ANONYMOUS" />
</ bean >
< bean id ="exceptionTranslationFilter"
class ="org.acegisecurity.ui.ExceptionTranslationFilter" >
< property name ="authenticationEntryPoint" >
< bean id ="casProcessingFilterEntryPoint"
class ="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint" >
< property name ="loginFormUrl" >
< value > /index.jsp </ value >
</ property >
</ bean >
</ property >
< property name ="accessDeniedHandler" >
< bean
class ="org.acegisecurity.ui.AccessDeniedHandlerImpl" >
< property name ="errorPage" value ="/index.jsp" />
</ bean >
</ property >
</ bean >
< bean id ="filterInvocationInterceptor"
class ="org.acegisecurity.intercept.web.FilterSecurityInterceptor" >
< property name ="authenticationManager"
ref ="authenticationManager" />
< property name ="accessDecisionManager" >
< bean class ="org.acegisecurity.vote.AffirmativeBased" >
< property name ="allowIfAllAbstainDecisions"
value ="false" />
< property name ="decisionVoters" >
< list >
< bean class ="org.acegisecurity.vote.RoleVoter" />
< bean
class ="org.acegisecurity.vote.AuthenticatedVoter" />
</ list >
</ property >
</ bean >
</ property >
< property name ="objectDefinitionSource" >
< value >
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/finance/index.jsp = ROLE_NORMAL
</ value >
</ property >
</ bean >
< bean id ="rememberMeServices"
class ="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices" >
< property name ="userDetailsService" ref ="inMemoryDaoImpl" />
< property name ="key" value ="changeThis" />
</ bean >
< bean id ="authenticationManager"
class ="org.acegisecurity.providers.ProviderManager" >
< property name ="providers" >
< list >
< ref local ="daoAuthenticationProvider" />
</ list >
</ property >
</ bean >
< bean id ="daoAuthenticationProvider" class ="org.acegisecurity.providers.dao.DaoAuthenticationProvider" >
< property name ="userDetailsService" >< ref bean ="inMemoryDaoImpl" /></ property >
</ bean >
< bean id ="inMemoryDaoImpl"
class ="org.acegisecurity.userdetails.memory.InMemoryDaoImpl" >
< property name ="userMap" >
< value >
admin=1234,ROLE_NORMAL
dianne=emu,ROLES_IGNORED_BY_CAS
scott=wombat,ROLES_IGNORED_BY_CAS
peter=opal,disabled,ROLES_IGNORED_BY_CAS
</ value >
</ property >
</ bean >
<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
< bean id ="loggerListener"
class ="org.acegisecurity.event.authentication.LoggerListener" />
</ beans >
<! DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd" >
<!--
- A simple "base bones" Acegi Security configuration.
-
- The sample includes the "popular" features that people tend to use.
- Specifically, form authentication, remember-me, and anonymous processing.
- Other features aren't setup, as these can be added later by inserting
- the relevant XML fragments as specified in the Reference Guide.
-
- To assist new users, the filters specified in the FilterChainProxy are
- declared in the application context in the same order. Collaborators
- required by those filters are placed at the end of the file.
-
- $Id: applicationContext-acegi-security.xml,v 1.2 2007/04/06 10:16:01 zhangxiaofeng Exp $
-->
< beans >
< bean id ="filterChainProxy"
class ="org.acegisecurity.util.FilterChainProxy" >
< property name ="filterInvocationDefinitionSource" >
< value >
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</ value >
</ property >
</ bean >
< bean id ="httpSessionContextIntegrationFilter"
class ="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />
< bean id ="logoutFilter"
class ="org.acegisecurity.ui.logout.LogoutFilter" >
< constructor-arg value ="https://10.100.2.12:8443/cas/logout" />
<!-- URL redirected to after logout -->
< constructor-arg >
< list >
< ref bean ="rememberMeServices" />
< bean
class ="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
</ list >
</ constructor-arg >
</ bean >
< bean id ="authenticationProcessingFilter"
class ="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter" >
< property name ="authenticationManager" >
< ref local ="authenticationManager" />
</ property >
< property name ="authenticationFailureUrl" >
< value > /acegilogin.jsp?login_error=1 </ value >
</ property >
< property name ="defaultTargetUrl" >
< value > / </ value >
</ property >
< property name ="filterProcessesUrl" >
< value > /j_acegi_security_check </ value >
</ property >
</ bean >
< bean id ="securityContextHolderAwareRequestFilter"
class ="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
< bean id ="rememberMeProcessingFilter"
class ="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter" >
< property name ="authenticationManager"
ref ="authenticationManager" />
< property name ="rememberMeServices" ref ="rememberMeServices" />
</ bean >
< bean id ="anonymousProcessingFilter"
class ="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter" >
< property name ="key" value ="changeThis" />
< property name ="userAttribute"
value ="anonymousUser,ROLE_ANONYMOUS" />
</ bean >
< bean id ="exceptionTranslationFilter"
class ="org.acegisecurity.ui.ExceptionTranslationFilter" >
< property name ="authenticationEntryPoint" >
< bean id ="casProcessingFilterEntryPoint"
class ="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint" >
< property name ="loginFormUrl" >
< value > /index.jsp </ value >
</ property >
</ bean >
</ property >
< property name ="accessDeniedHandler" >
< bean
class ="org.acegisecurity.ui.AccessDeniedHandlerImpl" >
< property name ="errorPage" value ="/index.jsp" />
</ bean >
</ property >
</ bean >
< bean id ="filterInvocationInterceptor"
class ="org.acegisecurity.intercept.web.FilterSecurityInterceptor" >
< property name ="authenticationManager"
ref ="authenticationManager" />
< property name ="accessDecisionManager" >
< bean class ="org.acegisecurity.vote.AffirmativeBased" >
< property name ="allowIfAllAbstainDecisions"
value ="false" />
< property name ="decisionVoters" >
< list >
< bean class ="org.acegisecurity.vote.RoleVoter" />
< bean
class ="org.acegisecurity.vote.AuthenticatedVoter" />
</ list >
</ property >
</ bean >
</ property >
< property name ="objectDefinitionSource" >
< value >
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/finance/index.jsp = ROLE_NORMAL
</ value >
</ property >
</ bean >
< bean id ="rememberMeServices"
class ="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices" >
< property name ="userDetailsService" ref ="inMemoryDaoImpl" />
< property name ="key" value ="changeThis" />
</ bean >
< bean id ="authenticationManager"
class ="org.acegisecurity.providers.ProviderManager" >
< property name ="providers" >
< list >
< ref local ="daoAuthenticationProvider" />
</ list >
</ property >
</ bean >
< bean id ="daoAuthenticationProvider" class ="org.acegisecurity.providers.dao.DaoAuthenticationProvider" >
< property name ="userDetailsService" >< ref bean ="inMemoryDaoImpl" /></ property >
</ bean >
< bean id ="inMemoryDaoImpl"
class ="org.acegisecurity.userdetails.memory.InMemoryDaoImpl" >
< property name ="userMap" >
< value >
admin=1234,ROLE_NORMAL
dianne=emu,ROLES_IGNORED_BY_CAS
scott=wombat,ROLES_IGNORED_BY_CAS
peter=opal,disabled,ROLES_IGNORED_BY_CAS
</ value >
</ property >
</ bean >
<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
< bean id ="loggerListener"
class ="org.acegisecurity.event.authentication.LoggerListener" />
</ beans >
web.xml
<
context-param
>
< param-name > contextConfigLocation </ param-name >
< param-value > /WEB-INF/classes/applicationContext.xml,/WEB-INF/classes/applicationContext-finance.xml,/WEB-INF/classes/applicationContext-acegi-security.xml </ param-value >
</ context-param >
< filter >
< filter-name > Acegi Filter Chain Proxy </ filter-name >
< filter-class >
org.acegisecurity.util.FilterToBeanProxy
</ filter-class >
< init-param >
< param-name > targetClass </ param-name >
< param-value >
org.acegisecurity.util.FilterChainProxy
</ param-value >
</ init-param >
</ filter >
< filter-mapping >
< filter-name > Acegi Filter Chain Proxy </ filter-name >
< url-pattern > /* </ url-pattern >
</ filter-mapping >
< param-name > contextConfigLocation </ param-name >
< param-value > /WEB-INF/classes/applicationContext.xml,/WEB-INF/classes/applicationContext-finance.xml,/WEB-INF/classes/applicationContext-acegi-security.xml </ param-value >
</ context-param >
< filter >
< filter-name > Acegi Filter Chain Proxy </ filter-name >
< filter-class >
org.acegisecurity.util.FilterToBeanProxy
</ filter-class >
< init-param >
< param-name > targetClass </ param-name >
< param-value >
org.acegisecurity.util.FilterChainProxy
</ param-value >
</ init-param >
</ filter >
< filter-mapping >
< filter-name > Acegi Filter Chain Proxy </ filter-name >
< url-pattern > /* </ url-pattern >
</ filter-mapping >