cas+acegi中app-config-acegi-security.xml的配置

最新推荐文章于 2019-03-20 09:24:44 发布
最新推荐文章于 2019-03-20 09:24:44 发布
阅读量1.3k 收藏
点赞数 1
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/soyestrellafortuna/article/details/8281350
版权 
 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

<beans>
	<!-- ======================== Filter Chain ======================= -->
	<!-- if you need to use channel security, add "channelProcessingFilter," 
		before "httpSessionContextIntegrationFilter" -->
	<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
		<property name="filterInvocationDefinitionSource">
			<value>
        <![CDATA[
        CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
        PATTERN_TYPE_APACHE_ANT
        /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
        ]]>
			</value>
		</property>
	</bean>
	<!-- ======================== authentication ======================= -->
	<!-- 调整的bean -->
	<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
		<property name="providers">
			<list>
				<ref local="casAuthenticationProvider" />
				<ref local="anonymousAuthenticationProvider" />
				<ref local="rememberMeAuthenticationProvider" />
			</list>
		</property>
	</bean>
	<!-- userDetailsService -->
	<bean id="userDetailsService" class="com.sinosoft.application.common.UserDetailsServiceImpl">
		<property name="dataSource">
			<ref bean="dataSource" />
		</property>
	</bean>
	<!-- passwordEncoder -->
	<bean id="passwordEncoder" class="com.sinosoft.application.common.SinosoftPasswordEncoder" />
	<bean id="daoAuthenticationProvider"
		class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
		<property name="userDetailsService">
			<ref local="userDetailsService" />
		</property>
		<property name="userCache">
			<ref local="userCache" />
		</property>
		<property name="passwordEncoder">
			<ref local="passwordEncoder" />
		</property>
	</bean>
	<bean id="cacheManager"
		class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
	<bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
		<property name="cacheManager">
			<ref local="cacheManager" />
		</property>
		<property name="cacheName">
			<value>userCache</value>
		</property>
	</bean>
	<bean id="userCache"
		class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
		<property name="cache">
			<ref local="userCacheBackend" />
		</property>
	</bean>
	<!-- Automatic recevie AuthenticationEvent -->
	<bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener" />
	<bean id="basicProcessingFilter" class="org.acegisecurity.ui.basicauth.BasicProcessingFilter">
		<property name="authenticationManager">
			<ref local="authenticationManager" />
		</property>
		<property name="authenticationEntryPoint">
			<ref local="basicProcessingFilterEntryPoint" />
		</property>
	</bean>
	<bean id="basicProcessingFilterEntryPoint"
		class="org.acegisecurity.ui.basicauth.BasicProcessingFilterEntryPoint">
		<property name="realmName">
			<value>Contacts Realm</value>
		</property>
	</bean>
	<bean id="anonymousProcessingFilter"
		class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
		<property name="key">
			<value>foobar</value>
		</property>
		<property name="userAttribute">
			<value>anonymousUser,ROLE_ANONYMOUS</value>
		</property>
	</bean>
	<bean id="anonymousAuthenticationProvider"
		class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
		<property name="key">
			<value>foobar</value>
		</property>
	</bean>
	<bean id="httpSessionContextIntegrationFilter"
		class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
	</bean>
	<bean id="rememberMeProcessingFilter"
		class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
		<property name="authenticationManager">
			<ref local="authenticationManager" />
		</property>
		<property name="rememberMeServices">
			<ref local="rememberMeServices" />
		</property>
	</bean>
	<bean id="rememberMeServices"
		class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
		<property name="userDetailsService">
			<ref local="userDetailsService" />
		</property>
		<property name="key">
			<value>springRocks</value>
		</property>
	</bean>
	<bean id="rememberMeAuthenticationProvider"
		class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
		<property name="key">
			<value>springRocks</value>
		</property>
	</bean>
	<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
		<constructor-arg value="/index.jsp" /><!-- URL at logout -->
		<constructor-arg>
			<list>
				<ref bean="rememberMeServices" />
				<bean class="com.sinosoft.application.common.CustomAcegiLogoutHandler" />
			</list>
		</constructor-arg>
	</bean>
	<bean id="securityContextHolderAwareRequestFilter"
		class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />

	<bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter">
		<property name="channelDecisionManager">
			<ref local="channelDecisionManager" />
		</property>
		<property name="filterInvocationDefinitionSource">
			<value>
        <![CDATA[
          CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
          PATTERN_TYPE_APACHE_ANT
          /common/login.jsp=REQUIRES_SECURE_CHANNEL
          /*.do=REQUIRES_SECURE_CHANNEL 
          /*.jsp=REQUIRES_SECURE_CHANNEL          
        ]]>
			</value>
		</property>
	</bean>
	<bean id="channelDecisionManager"
		class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
		<property name="channelProcessors">
			<list>
				<ref local="secureChannelProcessor" />
				<ref local="insecureChannelProcessor" />
			</list>
		</property>
	</bean>
	<bean id="secureChannelProcessor" class="org.acegisecurity.securechannel.SecureChannelProcessor" />
	<bean id="insecureChannelProcessor"
		class="org.acegisecurity.securechannel.InsecureChannelProcessor" />
	<!-- ===================== HTTP REQUEST Secrity ==================== -->
	<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
		<property name="authenticationEntryPoint">
			<ref local="authenticationProcessingFilterEntryPoint" />
		</property>
		<property name="accessDeniedHandler">
			<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
				<property name="errorPage" value="/common/LoginError.jsp" />
			</bean>
		</property>
	</bean>
	<!-- 调整的bean -->
	<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.cas.CasProcessingFilter">
		<property name="authenticationManager">
			<ref bean="authenticationManager" />
		</property>
		<property name="authenticationFailureUrl">
			<value>/common/LoginError.jsp</value>
		</property>
		<property name="defaultTargetUrl">
			<value>/</value>
		</property>
		<property name="filterProcessesUrl">
			<value>/j_acegi_security_check</value>
		</property>
		<!-- <property name="rememberMeServices"> <ref local="rememberMeServices" 
			/> </property> -->
	</bean>
	<!-- 调整的bean -->
	<bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.cas.CasProcessingFilterEntryPoint">
		<property name="loginUrl">
			<value>http://127.0.0.1:7001/casserver/login</value>
		</property>
		<property name="serviceProperties">
			<ref bean="serviceProperties" />
		</property>
	</bean>
	<bean id="httpRequestAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
		<property name="allowIfAllAbstainDecisions">
			<value>false</value>
		</property>
		<property name="decisionVoters">
			<list>
				<ref bean="roleVoter" />
			</list>
		</property>
	</bean>

	<bean id="filterInvocationInterceptor"
		class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
		<property name="authenticationManager">
			<ref bean="authenticationManager" />
		</property>
		<property name="accessDecisionManager">
			<ref local="httpRequestAccessDecisionManager" />
		</property>
		<property name="objectDefinitionSource">
			<value>
        <![CDATA[
          CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
          PATTERN_TYPE_APACHE_ANT
          /*.do=ROLE_USER 
          /*.jsp=ROLE_USER     
        ]]>
			</value>
		</property>
	</bean>
	<!-- switch user Filter. -->
	<bean id="switchUserProcessingFilter"
		class="org.acegisecurity.ui.switchuser.SwitchUserProcessingFilter">
		<property name="userDetailsService" ref="userDetailsService" />
		<property name="switchUserUrl">
			<value>/j_acegi_switch_user</value>
		</property>
		<property name="exitUserUrl">
			<value>/j_acegi_exit_user</value>
		</property>
		<property name="targetUrl">
			<value>/index.jsp</value>
		</property>
	</bean>
	<bean id="messageSource"
		class="org.springframework.context.support.ResourceBundleMessageSource">
		<property name="basenames">
			<list>
				<value>classpath:/org/acegisecurity/messages</value>
			</list>
		</property>
	</bean>

	<bean id="org.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION"
		class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
		<property name="staticField">
			<value>org.acegisecurity.acl.basic.SimpleAclEntry.ADMINISTRATION</value>
		</property>
	</bean>
	<bean id="org.acegisecurity.acl.basic.SimpleAclEntry.READ"
		class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
		<property name="staticField">
			<value>org.acegisecurity.acl.basic.SimpleAclEntry.READ</value>
		</property>
	</bean>
	<bean id="org.acegisecurity.acl.basic.SimpleAclEntry.DELETE"
		class="org.springframework.beans.factory.config.FieldRetrievingFactoryBean">
		<property name="staticField">
			<value>org.acegisecurity.acl.basic.SimpleAclEntry.DELETE</value>
		</property>
	</bean>
	<!-- An access decision voter that reads ROLE_* configuration settings -->
	<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter" />
	<!-- An access decision manager used by the business objects -->
	<bean id="businessAccessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
		<property name="allowIfAllAbstainDecisions">
			<value>false</value>
		</property>
		<property name="decisionVoters">
			<list>
				<ref local="roleVoter" />
			</list>
		</property>
	</bean>
	<!-- ========= ACCESS CONTROL LIST========= -->
	<bean id="aclManager" class="org.acegisecurity.acl.AclProviderManager">
		<property name="providers">
			<list>
				<ref local="basicAclProvider" />
			</list>
		</property>
	</bean>
	<bean id="basicAclProvider" class="org.acegisecurity.acl.basic.BasicAclProvider">
		<property name="basicAclDao">
			<ref local="basicAclExtendedDao" />
		</property>
	</bean>
	<bean id="basicAclExtendedDao" class="org.acegisecurity.acl.basic.jdbc.JdbcExtendedDaoImpl">
		<property name="dataSource">
			<ref bean="dataSource" />
		</property>
		<property name="aclsByObjectIdentityQuery">
			<value>SELECT 'ROLE_USER', '1' FROM UtiUserGrade WHERE 1=1 OR
				userCode != ?</value>
		</property>
	</bean>
	<!-- ============== "AFTER INTERCEPTION" AUTHORIZATION DEFINITIONS =========== -->
	<bean id="afterInvocationManager"
		class="org.acegisecurity.afterinvocation.AfterInvocationProviderManager">
		<property name="providers">
			<list>
				<ref local="afterAclRead" />
				<ref local="afterAclCollectionRead" />
			</list>
		</property>
	</bean>
	<!-- Processes AFTER_ACL_COLLECTION_READ configuration settings -->
	<bean id="afterAclCollectionRead"
		class="org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationCollectionFilteringProvider">
		<property name="aclManager">
			<ref local="aclManager" />
		</property>
		<property name="requirePermission">
			<list>
				<ref local="org.acegisecurity.acl.basic.SimpleAclEntry.READ" />
			</list>
		</property>
	</bean>
	<!-- Processes AFTER_ACL_READ configuration settings -->
	<bean id="afterAclRead"
		class="org.acegisecurity.afterinvocation.BasicAclEntryAfterInvocationProvider">
		<property name="aclManager">
			<ref local="aclManager" />
		</property>
		<property name="requirePermission">
			<list>
				<ref local="org.acegisecurity.acl.basic.SimpleAclEntry.READ" />
			</list>
		</property>
	</bean>
	<!-- ================= METHOD INVOCATION AUTHORIZATION ==================== -->
	<!-- securityInterceptor. -->
	<bean id="securityInterceptor"
		class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
		<property name="authenticationManager">
			<ref bean="authenticationManager" />
		</property>
		<property name="accessDecisionManager">
			<ref local="businessAccessDecisionManager" />
		</property>
		<property name="afterInvocationManager">
			<ref local="afterInvocationManager" />
		</property>
		<property name="objectDefinitionSource">
			<value>
				<!-- com.sinosoft.application.exam.service.facade.ExQuestionService.*=ROLE_USER 
					com.sinosoft.application.exam.service.facade.ExUserService.*=ROLE_USER -->
			</value>
		</property>
	</bean>

	<!-- 以下为新添bean -->
	<bean id="casAuthenticationProvider"
		class="org.acegisecurity.providers.cas.CasAuthenticationProvider">
		<property name="ticketValidator">
			<ref bean="ticketValidator" />
		</property>
		<property name="casProxyDecider">
			<ref bean="casProxyDecider" />
		</property>
		<property name="statelessTicketCache">
			<ref bean="statelessTicketCache" />
		</property>
		<property name="casAuthoritiesPopulator">
			<ref bean="casAuthritiesPopulator" />
		</property>
		<property name="key">
			<value>some_unique_key</value>
		</property>
	</bean>

	<bean id="ticketValidator"
		class="org.acegisecurity.providers.cas.ticketvalidator.CasProxyTicketValidator">
		<property name="casValidate">
			<value>http://127.0.0.1:7001/casserver/proxyValidate</value>
		</property>
		<property name="serviceProperties">
			<ref bean="serviceProperties" />
		</property>
	</bean>

	<bean id="serviceProperties" class="org.acegisecurity.ui.cas.ServiceProperties">
		<property name="service">
			<value>http://127.0.0.1:7001/index-origin.jsp</value>
		</property>
	</bean>
	<bean id="casProxyDecider"
		class="org.acegisecurity.providers.cas.proxy.RejectProxyTickets" />


	<bean id="statelessTicketCache"
		class="org.acegisecurity.providers.cas.cache.EhCacheBasedTicketCache">
		<property name="cache">
			<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
				<property name="cacheManager">
					<bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" />
				</property>
				<property name="cacheName" value="userCache" />
			</bean>
		</property>
	</bean>

	<bean id="casAuthritiesPopulator"
		class="org.acegisecurity.providers.cas.populator.DaoCasAuthoritiesPopulator">
		<property name="userDetailsService">
			<ref bean="userDetailsService" />
		</property>
	</bean>
	
	<!-- 以上为新添bean -->
</beans>

soyestrellafortuna
关注
  • 1
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
acegi-security-tiger-1.0.0-RC2.jar.zip
07-17
如果项目是基于Spring的,需要在配置文件启用Acegi Security,并根据应用需求配置相应的安全策略。同时,需要阅读并遵守`license.txt`的条款,以确保合法合规地使用该框架。 值得注意的是,Acegi Security后来...
acegi-security-1.0.0-sources.jar
06-23
spring-security的早期版本,acegi-security-1.0.0的源码。
acegi配置文件:applicationContext-acegi-security.xml
Mokily的专栏
07-27 817
(View Source for full doctype...)> - beans default-lazy-init="false" default-autowire="no" default-dependency-check="none"> FilterChainProxy会按顺序来调用这些filter,使这些filter能享用Spring ioc的功能,
acegi集成cas
西瓜
01-09 2032
http://www.open-open.com/home/space-31167-do-blog-id-4556.html https://blog.csdn.net/wenzi_li/article/details/83220232 https://sunjiesh.iteye.com/blog/405327 https://blog.csdn.net/pengchua/article/...
acegi-security.xml配置解释
huandie86的专栏
05-20 131
原文请参看:http://lizhx.blog.163.com/blog/static/1187184820071126113854657/
Acegi applicationContext-acegi-security.xml配置
cocojiji5的专栏
12-09 1117
 在applicationContext-acegi-security.xml1.FILTER CHAIN  FilterChainProxy会按顺序来调用这些filter,使这些 filter能享用Spring ioc的功能,CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON定义了url比较前先转为小写,PATTERN_TYPE_APACHE_
CAS及客户端Acegi的安装配置指南
MaryStone
06-11 1855
作者:龙智 (Dragon)时间:2006-07-09         CAS(Central Authentication Service)是耶鲁大学开发的一个开源的SSO(single sign on,单点登录)系统。它提供了丰富的客户端库,如Java, .NET, PHP, Perl等版本,使用这些库用户可以方便地给自己的应用程序加上CAS支持。Acegi security sy
acegi-security-cas-1.0.7.jar
07-25
Acegi是一个专门为SpringFramework提供安全机制的项目,全称为Acegi Security System for Spring.
acegi-security-jetty-0.8.2.jar
03-01
官方版本,亲测可用
acegi-security-jetty-1.0.0.jar
03-01
官方版本,亲测可用
Spring 各种过滤器配置大全
03-18
FilterChainProxy会按顺序来调用这些filter,使这些filter能享用Spring Ioc的功能, CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON 定义url比较前先转为小写 PATTERN_TYPE_APACHE_ANT 定义使用Apache ant的匹配模式
spring过滤器大全 代码
03-14
FilterChainProxy会按顺序来调用这些filter,使这些filter能享用Spring Ioc的功能, CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON 定义url比较前先转为小写 PATTERN_TYPE_APACHE_ANT 定义使用Apache ant的匹配模式
Acegi安全系统介绍
zzh_0221的专栏
06-07 935
一 Acegi安全系统介绍     Author: cac 差沙     Acegi是Spring Framework下最成熟的安全系统,它提供了强大灵活的企业级安全服务,如完善的认证和授权机制,Http资源访问控制,Method 调用访问控制,AccessControl List (ACL) 基于对象实例的访问控制,Yale Central Authentication Service
整合Acegi使用HTTPS安全通道(SSL)
EternalSnow
05-15 289
首先在你使用application server上激活SSL,让项目能使用HTTPS。 下面以我使用的tomcat为例(其实网上也很多了,再啰嗦一遍方法): 1、生成及导入证书。 生成keystore keytool -genkey -alias projectName -keypass changeit -storepass changeit -keyalg RSA -v...
acegi-security 学习笔记
soleghost的专栏
09-05 4762
acegi security 是基于spring framework 开源安全解决方案。按自己的理解,其功能主要是提供了一个WEB应用安全解决方案框架。并提供了一些缺省的实现。所以,如果我们的应用需要引入这套解决方案的话,可以根据自己的应用需求进行相应的扩充。另外,由于acegi security 是基于spring framework 的,所以可以和现有的基于spring framework
Acegi Security -- Spring下最优秀的安全系统
溺水的鱼 - Later equals never.
08-20 3783
 一 Acegi安全系统介绍    Author: cac 差沙     Acegi是Spring Framework下最成熟的安全系统,它提供了强大灵活的企业级安全服务,如完善的认证和授权机制,Http资源访问控制,Method 调用访问控制,AccessControl List (ACL) 基于对象实例的访问控制,Yale Central Authentication
Acegicas整合
hitman9099的BLOG
07-11 3214
 一.配置证书首先,打开cmd,将路径指到c盘跟目录(其实指到哪里无所谓,主要是好找)。1.       配置CAS服务器端CAS服务器端一般指一个单独的应用,并且为独立的服务器。客户端的应用需要验证时直接到CAS服务器端的机器上验证。● 生成服务端密匙keytool -genkey -alias casserver -keyalg RSA -keypass changei
Spring Boot Security 详解
程序员果果的博客
03-20 463
简介 Spring Security,这是一种基于 Spring AOP 和 Servlet 过滤器的安全框架。它提供全面的安全性解决方案,同时在 Web 请求级和方法调用级处理身份确认和授权。 工作流程 从网上找了一张Spring Security 的工作流程图,如下。 图标记的MyXXX,就是我们项目需要配置的。 快速上手 建表 表结构 建表语句 DROP TABLE IF EXIST...
Spring-Security深度解析:企业级安全控制与应用教程
Spring-Security的核心理念是将安全逻辑从业务代码独立出来,通过在Spring应用上下文配置Bean,利用IoC和DI技术,实现了安全控制的自动化和模块化。 框架的主要特点包括: 1. **声明式安全控制**:Spring-...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值