xml 代码
- <?xml version="1.0" encoding="UTF-8"?>
- <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
- <beans>
- <!-- Acegi security-->
- <!-- FilterChainProxy -->
- <!--注意:配置时要按业务要求排定过滤链处理的顺序-->
- <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
- <property name="filterInvocationDefinitionSource">
- <value>
- CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
- PATTERN_TYPE_APACHE_ANT
- /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,remeberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor
- </value>
- </property>
- </bean>
- <!-- Channel Servlet 过滤器 -->
- <bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter">
- <property name="channelDecisionManager">
- <ref bean="channelDecisionManager"/>
- </property>
- <property name="filterInvocationDefinitionSource">
- <value>
- CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
- PATTERN_TYPE_APACHE_ANT
- /usersjsp/**=REQUIRES_INSECURE_CHANNEL
- /*.do=REQUIRES_INSECURE_CHANNEL
- /*=REQUIRES_INSECURE_CHANNEL
- </value>
- </property>
- </bean>
- <bean id="channelDecisionManager" class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
- <property name="channelProcessors">
- <list>
- <ref bean="secureChannelProcessor"/>
- <ref bean="insecureChannelProcessor"/>
- </list>
- </property>
- </bean>
- <bean id="secureChannelProcessor" class="org.acegisecurity.securechannel.SecureChannelProcessor"></bean>
- <bean id="insecureChannelProcessor" class="org.acegisecurity.securechannel.InsecureChannelProcessor"/>
- <!-- LogOut Filter -->
- <!-- SecurityContextHolderAwareRequestFilter 过滤器 -->
- <bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter">
- </bean>
- <!-- ExceptionTranslationFilter 过滤器 -->
- <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
- <property name="authenticationEntryPoint">
- <ref local="authenticationProcessingFilterEntryPoint"/>
- </property>
- <property name="accessDeniedHandler">
- <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
- <property name="errorPage" value="/ErrorJSP/accessDenied.jsp"/>
- </bean>
- </property>
- </bean>
- <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
- <property name="loginFormUrl"><value>/security/SecurityLogin.jsp?error=2</value></property>
- <property name="forceHttps"><value>false</value></property>
- </bean>
- <!-- Authenication Process Filter 过滤器 -->
- <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
- <property name="filterProcessesUrl">
- <value>/security/j_acegi_security_check</value>
- </property>
- <property name="authenticationManager">
- <ref local="authenticationManager"/>
- </property>
- <property name="defaultTargetUrl">
- <value>/forumShow.do</value>
- </property>
- <property name="authenticationFailureUrl">
- <value>/security/SecurityLogin.jsp?error=1</value>
- </property>
- <property name="rememberMeServices">
- <ref local="rememberMeServices"/>
- </property>
- </bean>
- <!-- DAO authentication Provider -->
- <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
- <property name="userDetailsService"><ref local="userDetailsService"/></property>
- </bean>
- <!-- In memory DAO Implmention -->
- <bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
- <property name="userMap">
- <value>
- victor=1234,ROLE_SUPERVISOR
- kevin=1234,ROLE_USER
- </value>
- </property>
- </bean>
- <!-- Concurrent Session Controller -->
- <bean id="concurrentSessionController" class="org.acegisecurity.concurrent.ConcurrentSessionControllerImpl">
- <property name="maximumSessions"><value>1</value></property>
- <property name="sessionRegistry">
- <bean class="org.acegisecurity.concurrent.SessionRegistryImpl"></bean>
- </property>
- </bean>
- <!-- HttpSession Integration Filter-->
- <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">
- </bean>
- <!-- 过滤安全拦截器 -->
- <bean id="filterSecurityInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
- <property name="authenticationManager">
- <ref local="authenticationManager"/>
- </property>
- <property name="accessDecisionManager">
- <ref local="accessDecisionManager"/>
- </property>
- <property name="objectDefinitionSource">
- <value>
- CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
- PATTERN_TYPE_APACHE_ANT
- /security/securitylogin.jsp=ROLE_ANONYMOUS,ROLE_SUPERVISOR
- /forumshow.do=ROLE_ANONYMOUS,ROLE_SUPERVISOR,ROLE_USER
- /viewjsp/index.jsp=ROLE_ANONYMOUS,ROLE_SUPERVISOR,ROLE_USER
- /**=ROLE_SUPERVISOR,ROLE_ANONYMOUS
- </value>
- </property>
- </bean>
- <!--================== Access decision Manager ======================-->
- <bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
- <property name="decisionVoters">
- <list>
- <ref bean="roleVoter"/>
- </list>
- </property>
- <property name="allowIfAllAbstainDecisions">
- <value>false</value>
- </property>
- </bean>
- <!-- Role voter -->
- <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"></bean>
- <!-- Authenication Manager -->
- <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
- <property name="providers">
- <list>
- <ref local="daoAuthenticationProvider"/>
- <bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
- <property name="key" value="changeThis"></property>
- </bean>
- <bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
- <property name="key">
- <value>victorOK</value>
- </property>
- </bean>
- </list>
- </property>
- </bean>
- <!-- Remember me Process Filter -->
- <bean id="remeberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
- <property name="authenticationManager">
- <ref local="authenticationManager"/>
- </property>
- <property name="rememberMeServices">
- <ref local="rememberMeServices"/>
- </property>
- </bean>
- <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
- <property name="userDetailsService">
- <ref local="userDetailsService"/>
- </property>
- <property name="key">
- <value>victor</value>
- </property>
- </bean>
- <!-- 密码 编码器 -->
- <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"></bean>
- <!-- 登录事件监听器 -->
- <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"></bean>
- <!-- 匿名 过滤器 -->
- <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
- <property name="key">
- <value>victorOK</value>
- </property>
- <property name="userAttribute">
- <value>anonymousUser,ROLE_ANONYMOUS</value>
- </property>
- </bean>
- </beans>