<?
xml version="1.0" encoding="UTF-8"
?>
<!
DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"
>
<
beans
>
<!--
filter chain
-->
<
bean
id
="filterChainProxy"
class
="org.acegisecurity.util.FilterChainProxy"
>
<
property
name
="filterInvocationDefinitionSource"
>
<!--
no filter: #TOKEN_NONE
-->
<
value
>
<![CDATA[
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /**=concurrentSessionFilter,httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
]]>
</
value
>
</
property
>
</
bean
>
<!--
filter
-->
<!--
invalidate expired session and record last request time
-->
<
bean
id
="concurrentSessionFilter"
class
="sinosafecmb.web.security.ConcurrentSessionFilterModify"
>
<
property
name
="sessionRegistry"
ref
="sessionRegistry"
></
property
>
<
property
name
="expiredUrl"
value
="/login.jsp?error=1"
></
property
>
</
bean
>
<!--
create context in session and update that when response
-->
<
bean
id
="httpSessionContextIntegrationFilter"
class
="org.acegisecurity.context.HttpSessionContextIntegrationFilter"
>
<
property
name
="forceEagerSessionCreation"
value
="true"
></
property
>
</
bean
>
<!--
logout: /j_acegi_logout
-->
<
bean
id
="logoutFilter"
class
="org.acegisecurity.ui.logout.LogoutFilter"
>
<
constructor-arg
value
="/login.jsp"
/>
<!--
URL redirected to after logout
-->
<
constructor-arg
>
<
list
>
<
ref
bean
="rememberMeServices"
/>
<!--
deleteCookie
-->
<
bean
class
="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"
/>
<!--
invalidate session; clear context
-->
</
list
>
</
constructor-arg
>
</
bean
>
<!--
login: j_username, j_password, /j_acegi_security_check, ACEGI_SECURITY_LAST_USERNAME(session)
-->
<!--
fail: set exception in ACEGI_SECURITY_LAST_EXCEPTION_KEY(session) and redirect
-->
<!--
success: set context and redirect
-->
<
bean
id
="authenticationProcessingFilter"
class
="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter"
>
<
property
name
="authenticationManager"
ref
="authenticationManager"
/>
<!--
invoke to authenticate
-->
<
property
name
="authenticationFailureUrl"
value
="/login.jsp?error=3"
/>
<
property
name
="defaultTargetUrl"
value
="/login.do"
/>
<
property
name
="filterProcessesUrl"
value
="/j_acegi_security_check"
/>
<
property
name
="rememberMeServices"
ref
="rememberMeServices"
/>
<!--
success or fail to handle cookie
-->
</
bean
>
<!--
auto login and authenticate
-->
<!--
fail: delete cookie
-->
<!--
success: set context
-->
<
bean
id
="rememberMeProcessingFilter"
class
="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter"
>
<
property
name
="rememberMeServices"
ref
="rememberMeServices"
/>
<!--
auto login
-->
<
property
name
="authenticationManager"
ref
="authenticationManager"
/>
<!--
invoke to authenticate
-->
</
bean
>
<!--
anonymous login: clear authentication after request by default
-->
<
bean
id
="anonymousProcessingFilter"
class
="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter"
>
<
property
name
="key"
value
="changeThis"
/>
<!--
to identify if this object made by an authorised client
-->
<
property
name
="userAttribute"
value
="anonymous,ROLE_ANONYMOUS"
/>
</
bean
>
<!--
handle exception
-->
<!--
AuthenticationException: clear authentication and redirect to entry point
-->
<!--
AccessDeniedException
-->
<
bean
id
="exceptionTranslationFilter"
class
="org.acegisecurity.ui.ExceptionTranslationFilter"
>
<
property
name
="authenticationEntryPoint"
>
<
bean
class
="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"
>
<
property
name
="loginFormUrl"
value
="/login.jsp"
/>
<
property
name
="forceHttps"
value
="false"
/>
</
bean
>
</
property
>
<
property
name
="accessDeniedHandler"
>
<
bean
class
="org.acegisecurity.ui.AccessDeniedHandlerImpl"
>
<!--
ACEGI_SECURITY_ACCESS_DENIED_EXCEPTION_KEY(request)
-->
<
property
name
="errorPage"
value
="/login.jsp?error=2"
/>
</
bean
>
</
property
>
</
bean
>
<!--
authority
-->
<
bean
id
="filterSecurityInterceptor"
class
="org.acegisecurity.intercept.web.FilterSecurityInterceptor"
>
<
property
name
="authenticationManager"
ref
="authenticationManager"
/>
<
property
name
="accessDecisionManager"
>
<
bean
class
="org.acegisecurity.vote.AffirmativeBased"
>
<
property
name
="allowIfAllAbstainDecisions"
value
="false"
/>
<
property
name
="decisionVoters"
>
<
list
>
<
bean
class
="org.acegisecurity.vote.RoleVoter"
/>
<
bean
class
="org.acegisecurity.vote.AuthenticatedVoter"
/>
</
list
>
</
property
>
</
bean
>
</
property
>
<
property
name
="objectDefinitionSource"
>
<
value
>
<![CDATA[
PATTERN_TYPE_APACHE_ANT /login.jsp=ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_OPERATOR_DATA,
]]>
</
value
>
</
property
>
</
bean
>
<
bean
id
="rememberMeServices"
class
="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices"
>
<
property
name
="tokenValiditySeconds"
value
="1209600"
/>
<
property
name
="userDetailsService"
ref
="userDetailsService"
/>
<
property
name
="key"
value
="changeThis"
/>
</
bean
>
<
bean
id
="authenticationManager"
class
="org.acegisecurity.providers.ProviderManager"
>
<
property
name
="providers"
>
<
list
>
<
ref
local
="daoAuthenticationProvider"
/>
<
bean
class
="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"
>
<
property
name
="key"
value
="changeThis"
/>
</
bean
>
<
bean
class
="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider"
>
<
property
name
="key"
value
="changeThis"
/>
</
bean
>
</
list
>
</
property
>
<
property
name
="sessionController"
><
ref
bean
="concurrentSessionController"
/></
property
>
</
bean
>
<!--
concurrent session
-->
<
bean
id
="concurrentSessionController"
class
="org.acegisecurity.concurrent.ConcurrentSessionControllerImpl"
>
<
property
name
="maximumSessions"
><
value
>
1
</
value
></
property
>
<
property
name
="sessionRegistry"
><
ref
local
="sessionRegistry"
/></
property
>
</
bean
>
<
bean
id
="sessionRegistry"
class
="org.acegisecurity.concurrent.SessionRegistryImpl"
/>
<
bean
id
="anonymousAuthenticationProvider"
class
="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"
>
<
property
name
="key"
><
value
>
changeThis
</
value
></
property
>
</
bean
>
<
bean
id
="rememberMeAuthenticationProvider"
class
="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider"
>
<
property
name
="key"
><
value
>
changeThis
</
value
></
property
>
</
bean
>
<
bean
id
="daoAuthenticationProvider"
class
="org.acegisecurity.providers.dao.DaoAuthenticationProvider"
>
<
property
name
="userDetailsService"
ref
="userDetailsService"
/>
</
bean
>
<!--
data source
-->
<
bean
id
="huafademoDS"
class
="org.springframework.jndi.JndiObjectFactoryBean"
>
<
property
name
="jndiName"
>
<
value
>
java:huafademoDS
</
value
>
</
property
>
<
property
name
="jndiTemplate"
>
<
ref
bean
="jndiTemplate"
/>
</
property
>
</
bean
>
<!--
UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users
-->
<!--
bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl"> <property name="userProperties"> <bean class="org.springframework.beans.factory.config.PropertiesFactoryBean"> <property name="location" value="/WEB-INF/users.properties"/> </bean> </property> </bean
-->
<
bean
id
="userDetailsService"
class
="sinosafecmb.web.security.UserDetailsServiceProxy"
>
<
property
name
="applicationController"
ref
="huafademoAC"
/>
</
bean
>
<!--
bean id="userDetailsService" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl"> <property name="dataSource"><ref bean="huafademoDS"/></property> <property name="usersByUsernameQuery"> <value>SELECT c_user, c_password, 1 FROM zs_users WHERE c_user=?</value> </property> <property name="authoritiesByUsernameQuery"> <value>SELECT c_user, c_privilege FROM zs_authority WHERE c_user=?</value> </property> </bean
-->
<!--
This bean is optional; it isn't used by any other bean as it only listens and logs
-->
<
bean
id
="loggerListener"
class
="org.acegisecurity.event.authentication.LoggerListener"
/>
<!--
messages
-->
<
bean
id
="messageSource"
class
="org.springframework.context.support.ResourceBundleMessageSource"
>
<
property
name
="basename"
><
value
>
org/acegisecurity/messages
</
value
></
property
>
</
bean
>
</
bean
>
</
beans
>
代码中加入了自己的注释,针对项目需要,对acegi做了几个修改。
1. 因为项目是分布式部署的,所以在页面的控制层中做了一个代理userDetailsService,用来从ejb中获得需要的数据。
2. 原来的acegi在控制同一用户登陆的时候有点小问题:被踢出去的用户session未超时,所以必须打开一个新窗口登陆。于是修改了concurrentSessionFilter中的代码,在踢用户的时候,让session失效
3045
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
