<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">
<bean id="springSecurityFilterChain" class="org.springframework.security.util.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain pattern="/css/**" filters="none" />
<security:filter-chain pattern="/images/**" filters="none" />
<security:filter-chain pattern="/script/**" filters="none" />
<security:filter-chain pattern="/admin/denied.action" filters="none" />
<security:filter-chain pattern="/denied.action" filters="none" />
<security:filter-chain pattern="/admin/**"
filters="httpSessionContextIntegrationFilter, logoutFilter, adminAuthenticationProcessingFilter, basicProcessingFilter, securityContextHolderAwareRequestFilter, rememberMeProcessingFilter, anonymousProcessingFilter, adminExceptionTranslationFilter, sessionFixationProtectionFilter, adminFilterSecurityInterceptor" />
<security:filter-chain pattern="/**"
filters="httpSessionContextIntegrationFilter, logoutFilter, accessLogFilter, userAuthenticationProcessingFilter, basicProcessingFilter, securityContextHolderAwareRequestFilter, rememberMeProcessingFilter, anonymousProcessingFilter, userExceptionTranslationFilter, sessionFixationProtectionFilter, userFilterSecurityInterceptor" />
</security:filter-chain-map>
</bean>
<!-- ======================== Security Filters ======================= -->
<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
<property name="allowSessionCreation" value="true" />
<property name="forceEagerSessionCreation" value="false" />
<property name="contextClass" value="org.springframework.security.context.SecurityContextImpl" />
</bean>
<!-- Multi authenticationProcessingFilter -->
<bean id="adminAuthenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
<property name="rememberMeServices" ref="rememberMeServices" />
<property name="invalidateSessionOnSuccessfulAuthentication" value="true" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureUrl" value="/admin/logon.action?login_error=1" />
<property name="defaultTargetUrl" value="/admin/account!list.action?account.accountType=COMMON" />
<property name="filterProcessesUrl" value="/admin/j_spring_security_check" />
</bean>
<bean id="userAuthenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
<property name="rememberMeServices" ref="rememberMeServices" />
<property name="invalidateSessionOnSuccessfulAuthentication" value="true" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureUrl" value="/account/logon.action?login_error=1" />
<property name="defaultTargetUrl" value="/index.action" />
<property name="filterProcessesUrl" value="/j_spring_security_check" />
</bean>
<bean id="securityContextHolderAwareRequestFilter" class="org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter" />
<bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationEntryPoint" ref="basicProcessingFilterEntryPoint" />
<property name="rememberMeServices" ref="rememberMeServices" />
</bean>
<bean id="logoutFilter" class="org.springframework.security.ui.logout.LogoutFilter">
<constructor-arg value="/index.action" />
<constructor-arg>
<list>
<bean class="org.springframework.security.ui.logout.SecurityContextLogoutHandler" />
<ref local="rememberMeServices" />
</list>
</constructor-arg>
<property name="filterProcessesUrl" value="/j_spring_security_logout" />
</bean>
<bean id="rememberMeProcessingFilter" class="org.springframework.security.ui.rememberme.RememberMeProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="rememberMeServices" ref="rememberMeServices" />
</bean>
<bean id="anonymousProcessingFilter" class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="doesNotMatter" />
<property name="userAttribute" value="roleAnonymous, ROLE_ANONYMOUS" />
</bean>
<!-- Multi exceptionTranslationFilter -->
<bean id="adminExceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/admin/logon.action" />
<property name="forceHttps" value="false" />
</bean>
</property>
<property name="accessDeniedHandler">
<bean class="com.ef.delivery.handler.AccessDeniedHandlerImpl">
<property name="deniedUrl" value="/admin/denied.action" />
</bean>
</property>
</bean>
<bean id="userExceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/account/logon.action" />
<property name="forceHttps" value="false" />
</bean>
</property>
<property name="accessDeniedHandler">
<bean class="org.springframework.security.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/denied.jsp" />
</bean>
</property>
</bean>
<bean id="sessionFixationProtectionFilter" class="org.springframework.security.ui.SessionFixationProtectionFilter" />
<bean id="accessLogFilter" class="com.ef.delivery.filters.AccessLogFilter"></bean>
<!-- ======================== Interceptor ======================= -->
<bean id="adminFilterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="objectDefinitionSource">
<security:filter-invocation-definition-source>
<security:intercept-url pattern="/admin/logon.action" access="ROLE_ANONYMOUS" />
<security:intercept-url pattern="/admin/*" access="ROLE_SUPERVISOR" />
</security:filter-invocation-definition-source>
</property>
</bean>
<bean id="userFilterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="objectDefinitionSource">
<security:filter-invocation-definition-source>
<security:intercept-url pattern="/account/shopRegister*" access="ROLE_SHOP, ROLE_SUPERVISOR" />
<security:intercept-url pattern="/myzone/*.action" access="ROLE_USER" />
<security:intercept-url pattern="/community/*!create.action" access="ROLE_USER" />
<security:intercept-url pattern="/shop/*!create.action" access="ROLE_USER" />
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
</security:filter-invocation-definition-source>
</property>
</bean>
<!-- ======================== Dao Service ======================= -->
<bean id="securityDataSource" class="com.ef.delivery.persistence.ibatis.SecurityDaoSqlMap" />
<!-- ======================== Manager ======================= -->
<bean id="httpRequestAccessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false" />
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.vote.RoleVoter" />
<bean class="org.springframework.security.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
<bean id="authenticationManager" class="org.springframework.security.config.NamespaceAuthenticationManager">
<property name="providerBeanNames">
<list>
<value>anonymousAuthenticationProvider</value>
<value>rememberMeAuthenticationProvider</value>
<value>authenticationProvider</value>
</list>
</property>
</bean>
<!-- ======================== Entry Point ======================= -->
<bean id="basicProcessingFilterEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName" value="Spring Security Application" />
</bean>
<!-- ======================== Service ======================= -->
<bean id="rememberMeServices" class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="securityDataSource" />
<property name="tokenValiditySeconds" value="1800"></property>
<property name="key" value="SpringSecured" />
</bean>
<!-- ======================== Provider ================================== -->
<bean id="anonymousAuthenticationProvider" class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key" value="doesNotMatter" />
</bean>
<bean id="rememberMeAuthenticationProvider" class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="SpringSecured" />
</bean>
<bean id="authenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<property name="hideUserNotFoundExceptions" value="false" />
<property name="userDetailsService" ref="securityDataSource" />
<property name="passwordEncoder">
<bean class="org.springframework.security.providers.encoding.PlaintextPasswordEncoder" />
</property>
</bean>
<!-- ======================== Message Source ================================== -->
<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames">
<list>
<value>org.springframework.security.messages</value>
</list>
</property>
</bean>
</beans>[url]http://protory.tistory.com/entry/Spring-Security-Multi-login-page-setting[/url]
扫一扫
4043
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
