CREATE TABLE `authorities` (
|
CREATE TABLE `authtype` ( `type_ID` int(11) NOT NULL auto_increment, `typeName` varchar(20) NOT NULL, `typeState` int(11) NOT NULL default '0', PRIMARY KEY (`type_ID`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; |
CREATE TABLE `role` ( `role_ID` int(11) NOT NULL auto_increment, `roleName` varchar(20) NOT NULL, `roleNote` varchar(50) default NULL, `roleState` int(11) NOT NULL default '0', PRIMARY KEY (`role_ID`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; |
CREATE TABLE `role_auth` ( `role_auth_ID` int(11) NOT NULL auto_increment, `role_ID` int(11) NOT NULL, `auth_ID` int(11) NOT NULL, PRIMARY KEY (`role_auth_ID`), KEY `FK_role_auth` (`role_ID`), KEY `FK_auth_role` (`auth_ID`), CONSTRAINT `role_auth_ibfk_1` FOREIGN KEY (`role_ID`) REFERENCES `role` (`role_ID`) ON UPDATE CASCADE, CONSTRAINT `role_auth_ibfk_2` FOREIGN KEY (`auth_ID`) REFERENCES `authorities` (`auth_ID`) ON UPDATE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; |
CREATE TABLE `users` ( `user_ID` int(11) NOT NULL auto_increment, `userName` varchar(40) NOT NULL, `userPass` varchar(40) NOT NULL, `enabled` int(1) NOT NULL default '0', PRIMARY KEY (`user_ID`), UNIQUE KEY `userName` (`userName`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; |
CREATE TABLE `user_role` ( `user_role_ID` int(11) NOT NULL auto_increment, `user_ID` int(11) NOT NULL, `role_ID` int(11) NOT NULL, PRIMARY KEY (`user_role_ID`), KEY `FK_user_role` (`user_ID`), KEY `FK_role_users` (`role_ID`), CONSTRAINT `user_role_ibfk_1` FOREIGN KEY (`user_ID`) REFERENCES `users` (`user_ID`) ON UPDATE CASCADE, CONSTRAINT `user_role_ibfk_2` FOREIGN KEY (`role_ID`) REFERENCES `role` (`role_ID`) ON UPDATE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; |
<context-param> <!-- set acegi filter --> |
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,basicProcessingFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<!-- 1. set httpSessionContextIntegrationFilter -->
<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>
集成所有过滤器的,没什么好说
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/admin_login.jsp"/>
<constructor-arg>
<list>
<ref bean="rememberMeServices"/>
<ref bean="securityContextLogoutHanlder"/>
</list>
</constructor-arg>
<property name="filterProcessesUrl" value="/logout"/>
</bean>
<!-- set rememberMeServices -->
<bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="hibernateDaoImpl"/>
<property name="key" value="rememberMeUser"/>
<property name="parameter" value="rememberMe"/>
<property name="authenticationDetailsSource" ref="authenticationDetailsSourceHandler"/>
</bean>
<!-- set SecurityContextLogoutHandler -->
<bean id="securityContextLogoutHanlder" class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
这个过滤器用来注销用户信息,如果用了cookie保存的话,需要进行设置.
public class AuthenticationDetailsSourceHandler extends /** |
基本处理过滤器,设置了登录入口页面,这个可以不要
<!-- 3.set basicProcessingFilter --> <bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationEntryPoint"> <bean class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint"> <property name="realmName" value="www.runsa.cn"/> </bean> </property> </bean> |
认证处理过滤器,应该是最重要的一个了吧
<!-- 4.set authenticationProcessingFilter --> <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationFailureUrl" value="/admin_login.jsp?login_error=loginError"/> <property name="defaultTargetUrl" value="/admin/adminIndex.do"/> <property name="filterProcessesUrl" value="/check"/> <property name="rememberMeServices" ref="rememberMeServices"/> <property name="alwaysUseDefaultTargetUrl" value="true"/> </bean> |
<!-- 5.set securityContextHolderAwareRequestFilter --> <bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/> |
<!-- 6.set rememberMeProcessingFilter --> <bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="rememberMeServices" ref="rememberMeServices"/> </bean> |
<!-- 7.set anonymousProcessingFilter --> <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter"> <property name="key" value="anonymousUser"/> <property name="userAttribute" value="isAnonymous,ROLE_ANONYMOUS"/> </bean> |
<!-- 8. set exceptionTranslationFilter --> <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter"> <property name="authenticationEntryPoint"> <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <property name="loginFormUrl" value="/admin_login.jsp?login_error=noLogin"/> <property name="forceHttps" value="false"/> </bean> </property> <property name="accessDeniedHandler"> <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl"> <property name="errorPage" value="/admin/deny.jsp"/> </bean> </property> </bean> |
<!-- 9. set filterInvocationInterceptor --> <bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager"/> <property name="accessDecisionManager" ref="httpAccessDecisionManager"/> <property name="objectDefinitionSource" ref="filterDefinitionSource"/> </bean> |
<!-- set httpAccessDecisionManager --> <bean id="httpAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions" value="false"/> <property name="decisionVoters"> <list> <bean class="org.acegisecurity.vote.RoleVoter"> <property name="rolePrefix" value="ROLE_"/> </bean> <bean class="org.acegisecurity.vote.AuthenticatedVoter"/> </list> </property> </bean> |
晕 超过2W了 换一页