说明:
URL的授权写到了数据库里了,所以更改URL授权的时候不需要更改配置文件
<?xml version="1.0" encoding="GB2312"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<bean id="concurrentSessionFilter"
class="org.acegisecurity.concurrent.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry"></property>
<property name="expiredUrl">
<value>/timeout.jsp</value>
</property>
</bean>
<bean id="sessionRegistry"
class="org.acegisecurity.concurrent.SessionRegistryImpl" />
<bean id="concurrentSessionController"
class="org.acegisecurity.concurrent.ConcurrentSessionControllerImpl">
<property name="maximumSessions" value="10"></property>
<property name="sessionRegistry" ref="sessionRegistry"></property>
<property name="exceptionIfMaximumExceeded" value="true"></property>
</bean>
<bean id="logoutFilter"
class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/login.jsp" />
<constructor-arg>
<list>
<bean
class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
</list>
</constructor-arg>
</bean>
<bean id="dataSource"
class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName">
<!--tomcat-->
<value>java:comp/env/jdbc/mysql</value>
<!--websphere-->
<!--<value>jdbc/mysql</value>-->
</property>
</bean>
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,concurrentSessionFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<!--
/**=httpSessionContextIntegrationFilter,logoutFilter,concurrentSessionFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
-->
<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />
<bean id="authenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager"
ref="authenticationManager" />
<property name="authenticationFailureUrl"
value="/login.jsp" />
<property name="defaultTargetUrl" value="/index.jsp" />
<property name="filterProcessesUrl"
value="/j_acegi_security_check" />
</bean>
<bean id="securityContextHolderAwareRequestFilter"
class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<!-- <property name="loginFormUrl" value="/index.jsp"/>-->
<property name="loginFormUrl" value="/timeout.jsp" />
<property name="forceHttps" value="false" />
</bean>
</property>
<property name="accessDeniedHandler">
<bean
class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessdenied.jsp" />
</bean>
</property>
</bean>
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"
ref="authenticationManager" />
<!--<property name="alwaysReauthenticate" value="true"/>-->
<property name="accessDecisionManager">
<bean class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"
value="false" />
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
<bean
class="org.acegisecurity.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
</property>
<property name="objectDefinitionSource" ref="rdbmsFilterInvocationDefinitionSource" />
</bean>
<bean id="rdbmsFilterInvocationDefinitionSource"
class="org.apache.easframework.security.RdbmsFilterInvocationDefinitionSource">
<property name="dataSource" ref="dataSource" />
<property name="webresdbCache" ref="userCacheBackend" />
<!--<property name="webresdbCache" ref="webresCacheBackend" />-->
</bean>
<!--
<bean id="webresCacheBackend"
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<ref local="cacheManager"/>
</property>
<property name="cacheName">
<value>webresdbCache</value>
</property>
</bean>
-->
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<!-- <ref local="mybean"/> -->
<ref local="daoAuthenticationProvider" />
<ref local="anonymousAuthenticationProvider" />
</list>
</property>
<property name="sessionController"
ref="concurrentSessionController" />
</bean>
<bean id="anonymousProcessingFilter"
class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key">
<value>foobar</value>
</property>
<property name="userAttribute">
<value>anonymousUser,AUTH_ANONYMOUS</value>
</property>
</bean>
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="jdbcDaoImpl" />
<!-- 注释掉下面的chache是因为导致权限更改不能立即生效 -->
<!--<property name="userCache"><ref local="userCache"/></property>-->
<!--if you do not want encode password -->
<property name="passwordEncoder" ref="passwordEncoder" />
</bean>
<bean id="passwordEncoder"
class="org.acegisecurity.providers.encoding.Md5PasswordEncoder" />
<bean id="loggerListener"
class="org.acegisecurity.event.authentication.LoggerListener" />
<bean id="jdbcDaoImpl"
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource" />
</property>
<property name="usersByUsernameQuery">
<value>
SELECT user_id, user_password,1 FROM eas_login_user
WHERE user_id=?
</value>
<!--<value>SELECT user_sAccount, User_sPassword,User_nIsEnabled FROM Sys_user WHERE User_sAccount=?</value>-->
</property>
<property name="authoritiesByUsernameQuery">
<value> select distinct a.user_id,b.auth_code from eas_login_user a ,eas_auth b,eas_roleauth_rel c ,eas_roleorg_rel d
where a.user_id=? and b.obj_id=c.auth_id and c.role_id = d.role_id and a.is_enabled=1 and d.org_id=a.obj_id and d.org_id in
( select org_id from eas_org_node where tree_code in
(select eas_org_node.tree_code from eas_org_node,eas_login_user where eas_login_user.user_id=a.user_id and eas_login_user.obj_id=eas_org_node.obj_id))
</value>
</property>
</bean>
<bean id="anonymousAuthenticationProvider"
class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key">
<value>foobar</value>
</property>
</bean>
<bean id="userCacheBackend"
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<ref local="cacheManager" />
</property>
<property name="cacheName">
<value>userCache</value>
</property>
</bean>
<bean id="userCache"
class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache">
<ref local="userCacheBackend" />
</property>
</bean>
<bean id="cacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
<property name="configLocation">
<value>classpath:ehcache.xml</value>
<!--<value>classpath:com/iss/config/ehcache.xml</value> -->
</property>
</bean>
<bean id="methodCache"
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<ref local="cacheManager" />
</property>
<property name="cacheName">
<value>szairCache</value>
</property>
</bean>
<bean id="transactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource">
<ref local="dataSource" />
</property>
</bean>
<bean id="jdbcTemplate"
class="org.springframework.jdbc.core.JdbcTemplate">
<property name="dataSource">
<ref bean="dataSource" />
</property>
</bean>
<bean id="businessAccessDecisionManager"
class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions">
<value>false</value>
</property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
</list>
</property>
</bean>
<bean id="customEditorConfigurer"
class="org.springframework.beans.factory.config.CustomEditorConfigurer">
<property name="customEditors">
<map>
<entry
key="org.acegisecurity.intercept.method.MethodDefinitionSource">
<bean
class="org.apache.easframework.core.acegi.DataSourceMethodDefinitionSourceEditor">
<property name="jdbcTemplate">
<ref bean="jdbcTemplate" />
</property>
</bean>
</entry>
</map>
</property>
</bean>
<bean id="contactManagerSecurity"
class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref bean="businessAccessDecisionManager" />
</property>
<property name="objectDefinitionSource">
<value>
select auth.auth_code,auth.auth_resource from eas_auth
auth where auth.auth_type='METHOD' and auth.auth_code
like 'AUTH_METHOD_%'
</value>
</property>
</bean>
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
<property name="rolePrefix">
<value>AUTH_</value>
</property>
</bean>
<!--
<bean id="DWRSecure" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="target" ref=
</bean>-->
</beans>
分享到:
相关推荐
acegi配置文件清单
在 Acegi 配置指南中,我们主要关注如何设置和配置 Acegi 框架来保护 Web 应用程序的安全。 首先,我们需要在 `web.xml` 文件中配置 Acegi 的过滤器。在示例代码中,定义了一个名为 `Acegi Filter Chain Proxy` 的...
被解剖的acegi配置文件. 博文链接:https://rmn190.iteye.com/blog/175041
Acegi配置.mhtAcegi配置的相关配置的信息在里面有一些
在本文中,我们将深入探讨Acegi的详细配置,并通过实际示例来理解其工作原理。 首先,我们要明白Acegi的核心功能是提供身份验证(Authentication)和授权(Authorization)服务。身份验证是确认用户的身份,而授权...
在配置Acegi时,首先需要在`web.xml`文件中定义一个名为`Acegi Filter Chain Proxy`的过滤器。这个过滤器是Acegi安全机制的核心,它负责拦截所有请求并根据配置执行相应的安全策略。下面是一段典型的`web.xml`配置...
Acegi 是一个在Java开发领域,特别是Spring框架中曾经广泛使用的安全组件,全称为Acegi Security。这个系统为Spring应用程序提供了全面的安全管理解决方案,包括身份验证、授权、会话管理以及安全事件处理等功能。...
Acegi 安全框架是Spring生态中的一个早期的安全组件,它提供了一套强大的基于数据库的配置来实现应用程序的安全策略。本资源由王政创作并分享,主要涉及如何将XML配置转换为数据库动态配置,这对于那些需要灵活管理...
在本实例中,我们将探讨Acegi Security的配置、详细设置以及如何通过代码实现其功能。 首先,让我们理解Acegi Security的核心概念。该框架提供了一种基于角色的访问控制(RBAC)机制,允许开发人员定义用户权限并...
随着 Spring Security 的发展,Acegi 已被 Spring Security 继承并进一步增强,但理解 Acegi 在 Spring 中的配置仍然对理解 Spring Security 的工作原理有所帮助。 在 Spring 中配置 Acegi,主要涉及以下几个关键...
本软件压缩包内附acegi的相关使用... <br>acegi中高级配置在后文将陆续推出,敬请时刻关注; <br>下载资源仅需4分,相信你会说值得!希望下载后给予评价 <br>版权所有 Ecol QQ:114948587 Email:zyyceo@gmail.com
Acegi是一个专门为SpringFramework应用提供安全机制的开放源代码项目,全称为Acegi Security System for Spring,当前版本为 0.8.3。它使用了Spring的方式提供了安全和认证安全服务...使其能够从数据库中读取配置信息。
在《实战Acegi:使用Acegi作为基于Spring框架的WEB应用的安全框架.pdf》中,可能会详细讲解如何配置和使用Acegi。以下是一些关键步骤: 1. **添加依赖**:首先,在项目中引入Acegi的依赖库,通常是通过Maven或...
2. **配置Acegi**:在Spring配置文件中定义Acegi的安全配置。这通常涉及创建一个名为`<security:global-method-security>`的元素,并在其中指定预授权和后授权规则。 3. **定义认证和授权策略**:Acegi允许自定义...
### Acegi的详细配置实现 #### 一、整体架构概览 **Acegi Security** 是一个为Spring框架设计的安全管理工具,它提供了丰富的安全服务,包括认证(Authentication)、授权(Authorization)以及会话管理(Session ...
3. **配置**:在Spring配置文件中,我们需要定义`<security:global-method-security>`来启用Acegi,然后配置`<security:http>`元素来设置URL过滤规则,如登录页面、访问权限等。 4. ** acegi.sql**:这个文件可能...