原创 Acegi 1.03 安全机制

xml 代码

1. <?xml version="1.0" encoding="UTF-8"?>  
2. <!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">  
3. <beans>  
4.   
5.  <!-- Acegi  security-->  
6.     
7.  <!-- FilterChainProxy -->  
8.  <!--注意:配置时要按业务要求排定过滤链处理的顺序-->  
9.  <bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">  
10.    <property name="filterInvocationDefinitionSource">  
11.      <value>  
12.      CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON   
13.      PATTERN_TYPE_APACHE_ANT   
14.      /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,remeberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor   
15.      </value>  
16.    </property>  
17.  </bean>  
18. <!-- Channel Servlet 过滤器 -->  
19.      <bean id="channelProcessingFilter" class="org.acegisecurity.securechannel.ChannelProcessingFilter">  
20.       <property name="channelDecisionManager">  
21.         <ref bean="channelDecisionManager"/>  
22.       </property>  
23.       <property name="filterInvocationDefinitionSource">  
24.         <value>  
25.            CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON   
26.            PATTERN_TYPE_APACHE_ANT   
27.            /usersjsp/**=REQUIRES_INSECURE_CHANNEL   
28.            /*.do=REQUIRES_INSECURE_CHANNEL  
29.            /*=REQUIRES_INSECURE_CHANNEL   
30.         </value>  
31.       </property>  
32.      </bean>  
33.      <bean id="channelDecisionManager" class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">  
34.        <property name="channelProcessors">  
35.          <list>  
36.            <ref bean="secureChannelProcessor"/>  
37.            <ref bean="insecureChannelProcessor"/>  
38.          </list>  
39.        </property>  
40.      </bean>  
41.      <bean id="secureChannelProcessor" class="org.acegisecurity.securechannel.SecureChannelProcessor"></bean>  
42.      <bean id="insecureChannelProcessor" class="org.acegisecurity.securechannel.InsecureChannelProcessor"/>  
43.     
44.  <!-- LogOut Filter -->  
45.   
46.  <!-- SecurityContextHolderAwareRequestFilter 过滤器 -->  
47.   <bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter">  
48.   </bean>  
49.      
50.        
51. <!-- ExceptionTranslationFilter 过滤器 -->  
52.  <bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">  
53.   <property name="authenticationEntryPoint">  
54.     <ref local="authenticationProcessingFilterEntryPoint"/>  
55.   </property>  
56.   <property name="accessDeniedHandler">  
57.     <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">  
58.       <property name="errorPage" value="/ErrorJSP/accessDenied.jsp"/>  
59.     </bean>  
60.   </property>  
61.  </bean>  
62.  <bean id="authenticationProcessingFilterEntryPoint" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">  
63.   <property name="loginFormUrl"><value>/security/SecurityLogin.jsp?error=2</value></property>  
64.   <property name="forceHttps"><value>false</value></property>  
65.      
66.  </bean>  
67.     
68.  <!-- Authenication Process Filter 过滤器 -->  
69.  <bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">  
70.    <property name="filterProcessesUrl">  
71.      <value>/security/j_acegi_security_check</value>  
72.    </property>  
73.    <property name="authenticationManager">  
74.      <ref local="authenticationManager"/>  
75.    </property>  
76.    <property name="defaultTargetUrl">  
77.    <value>/forumShow.do</value>  
78.    </property>  
79.    <property name="authenticationFailureUrl">  
80.     <value>/security/SecurityLogin.jsp?error=1</value>  
81.    </property>  
82.    <property name="rememberMeServices">  
83.     <ref local="rememberMeServices"/>  
84.    </property>  
85.  </bean>  
86.  <!-- DAO authentication Provider -->  
87.  <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">  
88.   <property name="userDetailsService"><ref local="userDetailsService"/></property>  
89.     
90.  </bean>  
91.  <!-- In memory DAO Implmention -->  
92.  <bean id="userDetailsService" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">  
93.   <property name="userMap">  
94.     <value>  
95.        victor=1234,ROLE_SUPERVISOR   
96.        kevin=1234,ROLE_USER   
97.     </value>  
98.   </property>  
99.  </bean>  
100.     
101.  <!-- Concurrent Session Controller -->  
102.  <bean id="concurrentSessionController" class="org.acegisecurity.concurrent.ConcurrentSessionControllerImpl">  
103.   <property name="maximumSessions"><value>1</value></property>  
104.   <property name="sessionRegistry">  
105.   <bean class="org.acegisecurity.concurrent.SessionRegistryImpl"></bean>  
106.   </property>  
107.  </bean>  
108.   
109. <!-- HttpSession Integration Filter-->    
110. <bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter">  
111. </bean>  
112. <!-- 过滤安全拦截器 -->  
113. <bean id="filterSecurityInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">  
114.  <property name="authenticationManager">  
115.    <ref local="authenticationManager"/>  
116.  </property>  
117.  <property name="accessDecisionManager">  
118.    <ref local="accessDecisionManager"/>  
119.  </property>  
120.   
121.  <property name="objectDefinitionSource">  
122.    <value>  
123.    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON   
124.    PATTERN_TYPE_APACHE_ANT   
125.       
126.    /security/securitylogin.jsp=ROLE_ANONYMOUS,ROLE_SUPERVISOR   
127.    /forumshow.do=ROLE_ANONYMOUS,ROLE_SUPERVISOR,ROLE_USER   
128.    /viewjsp/index.jsp=ROLE_ANONYMOUS,ROLE_SUPERVISOR,ROLE_USER   
129.    /**=ROLE_SUPERVISOR,ROLE_ANONYMOUS   
130.    </value>  
131.  </property>  
132. </bean>  
133.   
134.  <!--================== Access decision Manager ======================-->  
135.  <bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">  
136.  <property name="decisionVoters">  
137.    <list>  
138.     <ref bean="roleVoter"/>  
139.    </list>  
140.  </property>  
141.  <property name="allowIfAllAbstainDecisions">  
142.    <value>false</value>  
143.  </property>  
144.  </bean>  
145.     
146.  <!-- Role voter -->  
147.  <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter"></bean>  
148.     
149.  <!-- Authenication Manager -->  
150.  <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">  
151.  <property name="providers">  
152.   <list>  
153.    <ref local="daoAuthenticationProvider"/>  
154.    <bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">  
155.      <property name="key" value="changeThis"></property>  
156.    </bean>  
157.    <bean  class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">  
158.    <property name="key">  
159.      <value>victorOK</value>  
160.    </property>  
161.    </bean>  
162.   </list>  
163.  </property>  
164.  </bean>  
165.  <!-- Remember me Process Filter -->  
166.  <bean id="remeberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">  
167.     <property name="authenticationManager">  
168.      <ref local="authenticationManager"/>  
169.     </property>  
170.    <property name="rememberMeServices">  
171.     <ref local="rememberMeServices"/>  
172.    </property>  
173.   </bean>  
174.  <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">  
175.    <property name="userDetailsService">  
176.      <ref local="userDetailsService"/>  
177.    </property>  
178.    <property name="key">  
179.      <value>victor</value>  
180.    </property>  
181.  </bean>  
182. <!-- 密码 编码器 -->  
183.  <bean id="passwordEncoder" class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"></bean>  
184.     
185.  <!-- 登录事件监听器 -->  
186.  <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"></bean>  
187.     
188.   
189.  <!-- 匿名 过滤器 -->  
190.     
191.  <bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">  
192.    <property name="key">  
193.      <value>victorOK</value>  
194.    </property>  
195.    <property name="userAttribute">  
196.      <value>anonymousUser,ROLE_ANONYMOUS</value>  
197.    </property>  
198.  </bean>  
199. </beans>