`
blaiu
  • 浏览: 130886 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

spring-security 学习笔记

阅读更多
security:http是整个spring security框架的入口,把filter按顺序组装成一个链条
auto-config="true"相当于配置了基本的一些组件:form-login、anonymous、http-basic、logout、remember-me
    <security:http auto-config="true"
        entry-point-ref="formAuthenticationEntryPoint"  指定登录的入口点,可以切换成CAS
        session-fixation-protection="none"
        access-decision-manager-ref="accessDecisionManager">
        <security:intercept-url pattern="/*/.jpg" filters="none" />为了性能,忽略图片、js等无需保护的资源
        <security:intercept-url pattern="/*/.gif" filters="none" />
        <security:intercept-url pattern="/*/.js" filters="none" />
        <security:intercept-url pattern="/*/.css" filters="none" />
        <security:intercept-url pattern="/*/.png" filters="none" />
        <security:intercept-url pattern="/j_spring_security_check*"  requires-channel="https" />登录url和页面强制采用https协议
        <security:intercept-url pattern="/login.jsp*" requires-channel="https" />
        <security:intercept-url pattern="/loginError.jsp*" requires-channel="https" />
        <security:intercept-url pattern="/**" requires-channel="http" />非敏感资源采用http协议即可,以免影响性能
        <security:port-mappings>
            <security:port-mapping http="8080" https="8443" />指定https和http协议如何切换端口
            <security:port-mapping http="80" https="443" />
        </security:port-mappings>
        <security:form-login login-processing-url="${acegi.login_url}"
            default-target-url="${acegi.login_success_url}"  authentication-failure-url="${acegi.login_failure_url}" />
        <security:remember-me  key="e37f4b31-0c45-11dd-bd0b-0800200c9a66" />
        <security:logout logout-success-url="/index.bms" />
    </security:http>
    <bean id="formAuthenticationEntryPoint"  表单登录的入口
        class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
        <property name="loginFormUrl" value="${acegi.login_page}" />
        <property name="forceHttps" value="true" />
    </bean>
    <security:authentication-manager alias="authenticationManager" />把authentication-manager声明为一个bean,供后面复用
    <security:authentication-provider  user-service-ref="userDetailsService">
        <security:password-encoder hash="md5" />
    </security:authentication-provider>
    <bean id="roleVoter"  class="org.springframework.security.vote.RoleVoter">
        <property name="rolePrefix" value="ROLE_" />角色需要加前缀
    </bean>
    <!- =================CAS CAS================== ->
    <bean id="serviceProperties"  class="org.springframework.security.ui.cas.ServiceProperties">
        <property name="service" value="${cas.securityContext.serviceProperties.service}" />从cas返回后验证serviceTicket的URL
        <property name="sendRenew" value="false" />
    </bean>
    <bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">CAS serviceTicket 处理器
        <!-- Uncomment to integrate CAS
            <security:custom-filter position="CAS_PROCESSING_FILTER" />将其加入处理器链
        -->
        <property name="authenticationManager"  ref="authenticationManager" />
        <property name="authenticationFailureUrl"  value="${acegi.login_failure_url}" />
        <property name="alwaysUseDefaultTargetUrl" value="false" />
        <property name="defaultTargetUrl"  value="${acegi.login_success_url}" />
        <property name="filterProcessesUrl" value="${acegi.login_url}" />
    </bean>
    <bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">CAS登录的入口
        <property name="loginUrl" value="${cas.securityContext.casProcessingFilterEntryPoint.loginUrl}" />
        <property name="serviceProperties" ref="serviceProperties" />
    </bean>
    CAS认证提供者:通过HTTPS与CAS通信,认证serviceTicket
    <bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
        <security:custom-authentication-provider />只有这样声明才能使casAuthenticationProvider注册到authenticationManager并生效
        <property name="userDetailsService" ref="userDetailsService" />
        <property name="serviceProperties" ref="serviceProperties" />
        <property name="ticketValidator">
            <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
                <constructor-arg index="0"
                    value="${cas.securityContext.casProxyTicketValidator.casValidate}"/> CAS认证入口------https://ingrid:8443/cas
            </bean>
        </property>
        <property name="key" value="an_id_for_this_auth_provider_only" />
    </bean>
    <bean id="accessDecisionManager"  class="org.springframework.security.vote.AffirmativeBased">
        <property name="decisionVoters">
            <list>
                <ref bean="roleVoter" />
                <bean class="org.springframework.security.vote.AuthenticatedVoter" />
            </list>
        </property>
    </bean>
    <!- ================= UAAS Extends ================== ->
    <bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">拦截、保护URL资源
        <security:custom-filter before="FILTER_SECURITY_INTERCEPTOR" />
        <property name="authenticationManager"  ref="authenticationManager" />
        <property name="accessDecisionManager"  ref="accessDecisionManager" />
        <property name="objectDefinitionSource"  ref="filterDefinitionSource" />
    </bean>
    <bean id="filterDefinitionSource"
        class="com.ema.uaas.springsecurity.resource.UrlDefinitionSourceHbmImpl">从数据库获取URL资源及其相关角色
        <property name="convertUrlToLowercaseBeforeComparison"  value="true" />
        <property name="useAntPath" value="true" />
        <property name="protectAllResource" value="false" />
        <property name="userDetailsService" ref="userDetailsService" />
    </bean>
  <!--   从数据库获取method资源及其相关角色 -->
    <bean id="objectDefinitionSource" class="com.ema.uaas.springsecurity.resource.MethodDefinitionSourceHbmImpl">
        <property name="userDetailsService" ref="userDetailsService" />
        <property name="protectAllResource" value="false" />
    </bean>
    <bean id="authenticationUtil"
        class="com.ema.uaas.springsecurity.util.AuthenticationUtil">鉴权工具类:getCurrentUser()、isAccessableTo(String accessPattern)
        <property name="accessDecisionVoter" ref="roleVoter" />
        <property name="filterInvocationDefinitionSource" ref="filterDefinitionSource" />
    </bean>
    <bean id="userDetailsService" parent="baseTransactionProxy">
        <property name="proxyTargetClass" value="true" />
        <property name="target">
            <bean class="com.ema.uaas.springsecurity.service.UserDetailsServiceHbmImpl">
                <property name="subSystemKey" value="${acegi.uaas.subSystemKey}" />子系统的标识
                <property name="orgManager" ref="orgManagerImpl" />
                <property name="privilegeManager" ref="privilegeManagerImpl" />
            </bean>
        </property>
    </bean>
    <bean id="orgManagerImpl" class="com.ema.uaas.manager.OrgManager">
        <property name="dao" ref="dao" />
    </bean>
    <bean id="privilegeManagerImpl"    class="com.ema.uaas.manager.PrivilegeManager">
        <property name="dao" ref="dao" />
    </bean>

<?xml version="1.0" encoding="UTF-8"?>
<beans 
    xmlns="http://www.springframework.org/schema/beans"
   	xmlns:security="http://www.springframework.org/schema/security"	
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"   
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    					http://www.springframework.org/schema/beans/spring-beans-2.0.xsd    
               			http://www.springframework.org/schema/security
               			http://www.springframework.org/schema/security/spring-security-2.0.xsd">

    <bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener" />

    <security:http auto-config='true' access-denied-page="/access.jsp">
		<!-- 
			ROLE_SUPERVISOR:			超级管理员<超级用户,拥有所有权限>
			ROLE_USER:					普通管理员<只能浏览的用户> 
		--> 
		<security:intercept-url pattern="/*/.jpg" filters="none"/><!--为了性能,忽略图片,js等无需保护的资源 -->
		<security:intercept-url pattern="/*/.gif" filters="none"/>
		<security:intercept-url pattern="/*/.png" filters="none"/>
		<security:intercept-url pattern="/*/.wmv" filters="none"/>
		<security:intercept-url pattern="/*/.css" filters="none"/>
		<security:intercept-url pattern="/*/.js" filters="none"/>
		<security:intercept-url pattern="/layout/*" access="ROLE_ADMIN"/>
		<security:intercept-url pattern="/manage/*" access="ROLE_ADMIN"/>
		<security:intercept-url pattern="/source/*" access="ROLE_ADMIN"/>
		<security:intercept-url pattern="/generalmanage/*" access="ROLE_ADMIN"/>
		<security:intercept-url pattern="/supermanage/*" access="ROLE_SUPERADMIN"/>
  		
  		<security:port-mappings>
  			<security:port-mapping http="8080" https="8443"/>
  			<security:port-mapping http="80" https="443"/>
  		</security:port-mappings>
  		 
        <security:form-login 
        			login-page="/index.jsp"
                	authentication-failure-url="/index.jsp?flag=error"
                	default-target-url="/generalmanage/login.do?method=login" 
                	login-processing-url="/j_spring_security_check" />
         
        <security:concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="false" expired-url="/expired.jsp"/>
        <security:logout logout-success-url="/login.do?method=exit" invalidate-session="true" logout-url="/j_spring_security_logout"/>
        <security:http-basic />
    </security:http>
    
    
    <security:authentication-manager alias="authenticationManager" />	

    <security:authentication-provider user-service-ref="authManager" >
		<security:password-encoder hash="md5">
	  		<security:salt-source user-property="username"/>
		</security:password-encoder>
    </security:authentication-provider>
    
    <bean id="authManager" class="cn.com.sohocat.security.AdminLogin" />
 
	<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
		<property name="allowIfAllAbstainDecisions" value="false"/>
		<property name="decisionVoters">
			<list>  
		    	<bean class="org.springframework.security.vote.RoleVoter" />  
		    	<bean class="org.springframework.security.vote.AuthenticatedVoter" />  
	   		</list>
   		</property>
	</bean>

	<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
		<property name="accessDeniedHandler" ref="accessDeniedHandler"/>
		<property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
	</bean>
	
	<bean id="accessDeniedHandler" class="org.springframework.security.ui.AccessDeniedHandlerImpl">
		<property name="errorPage" value="/access.jsp"/>
	</bean>
	
	<bean id="authenticationEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
		<property name="loginFormUrl" value="/index.jsp"/>
	</bean>
	

	</beans>


/**
 * @此方法描述的是:
 * @Dec 8, 2009
 */
package cn.com.sohocat.security;

import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;

import cn.com.sohocat.api.IHoAdmin;
import cn.com.sohocat.pojo.HoAdministrator;
import cn.com.sohocat.util.BeanHelp;
import cn.com.sohocat.util.LogClass;

public class AdminLogin extends LogClass implements UserDetailsService {

	public UserDetails loadUserByUsername(String userName)
			throws UsernameNotFoundException, DataAccessException {
		HoAdministrator admin = ScurityUserHolder.getCurrentUser();
		if(null==admin){
			IHoAdmin iHoAdmin = (IHoAdmin) BeanHelp.getBean("iHoAdmin");	
			admin = iHoAdmin.queryHoAdministratorByAdminName(userName);
		}
		if(null==admin){										
			this.log.debug("***"+userName+"*** 用户名不从在或是用户名密码不匹配");
			throw new UsernameNotFoundException("User " + userName + " has no GrantedAuthority");
		} else {												
			this.log.debug("新用户登陆:***"+userName+"***");
			String auth = "";
			for(GrantedAuthority authority : admin.getAuthorities()) {   
				auth = auth + ","+ authority.getAuthority().toString();
			}
			this.log.debug("***"+userName+"***拥有权限:"+auth);
			return admin;									
		}
	}

}

<%@ page language="java" contentType="text/html; charset=UTF-8"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<sec:authorize ifAllGranted="ROLE_ADMIN"><div class='unit'><h5>Admin管理</h5><ul><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/linkAdmin.jsp'>账户管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/linkGroup.jsp'>组管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/linkRole.jsp'>角色管理</a></li></sec:authorize></ul></div></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><div class='unit'><h5>User管理</h5><ul><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>账户管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>组管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>角色管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>积分管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>货币管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>群发功能</a></li></sec:authorize></ul></div></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><div class='unit'><h5>基础数据管理</h5><ul><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/importcorpus.jsp'>语料批量导入</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/importterminology.jsp'>术语批量导入</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/corpus.jsp'>语料单条操作</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/terminology.jsp'>术语单条操作</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/category.jsp'>术语类别操作</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>CAT统计</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/menu.jsp'>菜单管理</a></li></sec:authorize></ul></div></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><div class='unit'><h5>系统参数管理</h5><ul><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/fault_tolerance.jsp'>语料插入容错</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='/supermanage/corpora_host_map.do?method=query'>语料数据映射</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/glossary_fault_tolerance.jsp'>术语插入容错</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/glossary_host_map.jsp'>术语数据映射</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/host_data.jsp'>主机档案</a></li></sec:authorize></ul></div></sec:authorize>

分享到:
评论
1 楼 bingfengfzl 2012-08-10  
新手上路,求源码
按着你上面搭了可是还是不行。。求源码
高手求源码,bingfengfzl@163.com

相关推荐

    springsecurity学习笔记

    在"springsecurity学习笔记"中,你可能会涉及以下主题: - Spring Security的基本配置,包括web安全配置和全局安全配置。 - 如何自定义认证和授权流程,比如实现自定义的AuthenticationProvider和...

    SpringSecurity笔记2-SpringSecurity命名空间

    在"SpringSecurity笔记2-SpringSecurity命名空间"的学习中,还会涉及到如何自定义过滤器链,以及如何通过`&lt;custom-filter&gt;`元素插入自定义的SpringSecurity过滤器。同时,理解`&lt;access-denied-handler&gt;`和`...

    最详细Spring Security学习资料(源码)

    Spring Security是一个功能强大且高度可定制的身份验证和授权框架,专门用于保护Java应用程序的安全性。它构建在Spring Framework基础之上,提供了全面的安全解决方案,包括身份验证、授权、攻击防护等功能。 Spring...

    Spring学习笔记+学习源码.zip

    这份"Spring学习笔记+学习源码.zip"资源包含了深入学习Spring及其相关技术的知识点,以及实践代码,对提升Spring技能将大有裨益。 首先,我们来详细讨论Spring框架的主要组件和功能: 1. **依赖注入(Dependency ...

    SpringBoot学习笔记

    ### SpringBoot学习笔记 #### 一、SpringBoot入门 ##### 1、SpringBoot简介 - **简化Spring应用开发**:SpringBoot是简化Spring应用开发的一个框架,它通过默认配置极大地减少了开发过程中的样板代码,使得开发者...

    SpringSecurity笔记,编程不良人笔记

    SpringSecurity是Java领域中一款强大的安全框架,主要用于Web应用程序的安全管理。它提供了全面的身份验证、授权、会话...通过深入学习和实践,我们可以更好地掌握SpringSecurity,为我们的应用构建坚固的安全防线。

    Spring Security OAuth2.0学习笔记.zip

    Spring Security OAuth2.0学习笔记 什么是认证、授权、会话。 Java Servlet为支持http会话做了哪些事儿。 基于session认证机制的运作流程。 基于token认证机制的运作流程。 理解Spring Security的工作原理,Spring ...

    spring security学习笔记

    spring security学习笔记

    spring security学习资料

    spring security方面的学习资料,包含:Spring+Security+3+与+CAS单点登录配置;Spring+Security3中文教程;Spring-Security安全权限管理手册;Spring+Security文库;还有一个学习笔记!

    spring-note spring 读书笔记

    7. **Spring安全(Spring Security)**: `spring_security.sql`和`spring_security.txt`可能涉及到Spring Security的基本概念,如用户认证、权限控制、基于角色的访问控制(RBAC),以及如何配置和定制安全规则。...

    Spring Security 资料合集

    Spring Security 是一个强大的安全框架,主要用于Java应用的安全管理,它为Web应用和企业级应用提供了全面的...通过学习这些文档,开发者可以更好地理解Spring Security的工作原理,从而更有效地实现应用的安全控制。

    Spring Security tutorial 学习笔记(一)

    这篇教程的学习笔记将带你深入理解其核心概念和工作原理。首先,我们来概述 Spring Security 的基本架构和主要组件。 **1. ** **Spring Security 架构** Spring Security 的架构基于过滤器链,它拦截并处理应用...

    spring security3笔记

    《Spring Security 3笔记》 在深入探讨Spring Security 3的知识点之前,我们先了解下这个框架的基本概念。Spring Security是Spring生态系统中的一个组件,它为Java应用提供了全面的安全服务,包括认证、授权以及Web...

    Spring Security学习笔记(一)

    本篇学习笔记将带你走进Spring Security的世界,逐步理解并掌握其基本用法。 首先,要开始使用Spring Security,我们需要在项目中添加依赖。在Maven工程中,可以通过在`pom.xml`中引入Spring Boot的`spring-boot-...

    SpringBoot3 全栈指南教程-尚硅谷学习笔记 2023年

    这份尚硅谷的学习笔记涵盖了Spring Boot 3的各个方面,无论你是初学者还是有经验的开发者,都能从中受益。通过阅读`.md`和`.pdf`文件,你可以逐步学习并掌握这些知识点,从而提升自己的技能水平。

    Spring Security笔记.rar

    Spring Security 是一个强大的且高度可定制的框架,用于为Java应用程序提供身份验证和授权服务。它主要用于保护基于Spring的...通过学习本笔记,你可以逐步掌握Spring Security的基础知识,并将其运用到实际项目中。

    spring-boot学习代码

    在 "spring-boot-learning-gitbook_column2.0" 这个文件夹中,你可能会找到关于以上知识点的代码示例、配置文件以及相关的学习笔记,帮助你深入理解并实践 Spring Boot。每个子目录可能对应一个特定的主题,如“Web ...

    Spring_Security权限管理_学习笔记

    在本学习笔记中,我们将深入探讨Spring Security的核心概念和配置,以及如何设计数据库表来支持权限管理。 首先,Spring Security的配置始于Web应用的入口点——`web.xml`文件。在这里,我们需要定义一个名为`...

    springsecurity3 学习笔记源码分析所得

    Spring Security 是一个强大的Java安全框架,用于...总的来说,Spring Security 3的学习笔记和源码分析对提升安全开发技能大有裨益,不仅可以加深理论理解,还能在实际项目中灵活运用,构建更加健壮、安全的应用系统。

    springboot学习思维笔记.xmind

    springboot学习笔记 spring基础 Spring概述 Spring的简史 xml配置 注解配置 java配置 Spring概述 Spring的模块 核心容器CoreContainer Spring-Core Spring-Beans ...

Global site tag (gtag.js) - Google Analytics