blaiu
- 浏览: 130583 次
- 性别:
- 来自: 北京
-
文章分类
最新评论
-
djp_java:
信息中心.平台系统部
IBM MQ 简单例子 -
clamking:
相关jar包能不能提供下下载链接啊?分享精神值得学习。
IBM MQ 简单例子 -
bingfengfzl:
新手上路,求源码按着你上面搭了可是还是不行。。求源码高手求源码 ...
spring-security 学习笔记 -
blaiu:
很感谢你的share, class MQReveiver有异常 ...
IBM MQ 简单例子 -
rokily:
很感谢你的share, class MQReveiver有异常 ...
IBM MQ 简单例子
security:http是整个spring security框架的入口,把filter按顺序组装成一个链条
auto-config="true"相当于配置了基本的一些组件:form-login、anonymous、http-basic、logout、remember-me
<security:http auto-config="true"
entry-point-ref="formAuthenticationEntryPoint" 指定登录的入口点,可以切换成CAS
session-fixation-protection="none"
access-decision-manager-ref="accessDecisionManager">
<security:intercept-url pattern="/*/.jpg" filters="none" />为了性能,忽略图片、js等无需保护的资源
<security:intercept-url pattern="/*/.gif" filters="none" />
<security:intercept-url pattern="/*/.js" filters="none" />
<security:intercept-url pattern="/*/.css" filters="none" />
<security:intercept-url pattern="/*/.png" filters="none" />
<security:intercept-url pattern="/j_spring_security_check*" requires-channel="https" />登录url和页面强制采用https协议
<security:intercept-url pattern="/login.jsp*" requires-channel="https" />
<security:intercept-url pattern="/loginError.jsp*" requires-channel="https" />
<security:intercept-url pattern="/**" requires-channel="http" />非敏感资源采用http协议即可,以免影响性能
<security:port-mappings>
<security:port-mapping http="8080" https="8443" />指定https和http协议如何切换端口
<security:port-mapping http="80" https="443" />
</security:port-mappings>
<security:form-login login-processing-url="${acegi.login_url}"
default-target-url="${acegi.login_success_url}" authentication-failure-url="${acegi.login_failure_url}" />
<security:remember-me key="e37f4b31-0c45-11dd-bd0b-0800200c9a66" />
<security:logout logout-success-url="/index.bms" />
</security:http>
<bean id="formAuthenticationEntryPoint" 表单登录的入口
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="${acegi.login_page}" />
<property name="forceHttps" value="true" />
</bean>
<security:authentication-manager alias="authenticationManager" />把authentication-manager声明为一个bean,供后面复用
<security:authentication-provider user-service-ref="userDetailsService">
<security:password-encoder hash="md5" />
</security:authentication-provider>
<bean id="roleVoter" class="org.springframework.security.vote.RoleVoter">
<property name="rolePrefix" value="ROLE_" />角色需要加前缀
</bean>
<!- =================CAS CAS================== ->
<bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
<property name="service" value="${cas.securityContext.serviceProperties.service}" />从cas返回后验证serviceTicket的URL
<property name="sendRenew" value="false" />
</bean>
<bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">CAS serviceTicket 处理器
<!-- Uncomment to integrate CAS
<security:custom-filter position="CAS_PROCESSING_FILTER" />将其加入处理器链
-->
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureUrl" value="${acegi.login_failure_url}" />
<property name="alwaysUseDefaultTargetUrl" value="false" />
<property name="defaultTargetUrl" value="${acegi.login_success_url}" />
<property name="filterProcessesUrl" value="${acegi.login_url}" />
</bean>
<bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">CAS登录的入口
<property name="loginUrl" value="${cas.securityContext.casProcessingFilterEntryPoint.loginUrl}" />
<property name="serviceProperties" ref="serviceProperties" />
</bean>
CAS认证提供者:通过HTTPS与CAS通信,认证serviceTicket
<bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
<security:custom-authentication-provider />只有这样声明才能使casAuthenticationProvider注册到authenticationManager并生效
<property name="userDetailsService" ref="userDetailsService" />
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0"
value="${cas.securityContext.casProxyTicketValidator.casValidate}"/> CAS认证入口------https://ingrid:8443/cas
</bean>
</property>
<property name="key" value="an_id_for_this_auth_provider_only" />
</bean>
<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
<bean class="org.springframework.security.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
<!- ================= UAAS Extends ================== ->
<bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">拦截、保护URL资源
<security:custom-filter before="FILTER_SECURITY_INTERCEPTOR" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager" ref="accessDecisionManager" />
<property name="objectDefinitionSource" ref="filterDefinitionSource" />
</bean>
<bean id="filterDefinitionSource"
class="com.ema.uaas.springsecurity.resource.UrlDefinitionSourceHbmImpl">从数据库获取URL资源及其相关角色
<property name="convertUrlToLowercaseBeforeComparison" value="true" />
<property name="useAntPath" value="true" />
<property name="protectAllResource" value="false" />
<property name="userDetailsService" ref="userDetailsService" />
</bean>
<!-- 从数据库获取method资源及其相关角色 -->
<bean id="objectDefinitionSource" class="com.ema.uaas.springsecurity.resource.MethodDefinitionSourceHbmImpl">
<property name="userDetailsService" ref="userDetailsService" />
<property name="protectAllResource" value="false" />
</bean>
<bean id="authenticationUtil"
class="com.ema.uaas.springsecurity.util.AuthenticationUtil">鉴权工具类:getCurrentUser()、isAccessableTo(String accessPattern)
<property name="accessDecisionVoter" ref="roleVoter" />
<property name="filterInvocationDefinitionSource" ref="filterDefinitionSource" />
</bean>
<bean id="userDetailsService" parent="baseTransactionProxy">
<property name="proxyTargetClass" value="true" />
<property name="target">
<bean class="com.ema.uaas.springsecurity.service.UserDetailsServiceHbmImpl">
<property name="subSystemKey" value="${acegi.uaas.subSystemKey}" />子系统的标识
<property name="orgManager" ref="orgManagerImpl" />
<property name="privilegeManager" ref="privilegeManagerImpl" />
</bean>
</property>
</bean>
<bean id="orgManagerImpl" class="com.ema.uaas.manager.OrgManager">
<property name="dao" ref="dao" />
</bean>
<bean id="privilegeManagerImpl" class="com.ema.uaas.manager.PrivilegeManager">
<property name="dao" ref="dao" />
</bean>
<?xml version="1.0" encoding="UTF-8"?>
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener" />
<security:http auto-config='true' access-denied-page="/access.jsp">
<!--
ROLE_SUPERVISOR: 超级管理员<超级用户,拥有所有权限>
ROLE_USER: 普通管理员<只能浏览的用户>
-->
<security:intercept-url pattern="/*/.jpg" filters="none"/><!--为了性能,忽略图片,js等无需保护的资源 -->
<security:intercept-url pattern="/*/.gif" filters="none"/>
<security:intercept-url pattern="/*/.png" filters="none"/>
<security:intercept-url pattern="/*/.wmv" filters="none"/>
<security:intercept-url pattern="/*/.css" filters="none"/>
<security:intercept-url pattern="/*/.js" filters="none"/>
<security:intercept-url pattern="/layout/*" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/manage/*" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/source/*" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/generalmanage/*" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/supermanage/*" access="ROLE_SUPERADMIN"/>
<security:port-mappings>
<security:port-mapping http="8080" https="8443"/>
<security:port-mapping http="80" https="443"/>
</security:port-mappings>
<security:form-login
login-page="/index.jsp"
authentication-failure-url="/index.jsp?flag=error"
default-target-url="/generalmanage/login.do?method=login"
login-processing-url="/j_spring_security_check" />
<security:concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="false" expired-url="/expired.jsp"/>
<security:logout logout-success-url="/login.do?method=exit" invalidate-session="true" logout-url="/j_spring_security_logout"/>
<security:http-basic />
</security:http>
<security:authentication-manager alias="authenticationManager" />
<security:authentication-provider user-service-ref="authManager" >
<security:password-encoder hash="md5">
<security:salt-source user-property="username"/>
</security:password-encoder>
</security:authentication-provider>
<bean id="authManager" class="cn.com.sohocat.security.AdminLogin" />
<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.vote.RoleVoter" />
<bean class="org.springframework.security.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="accessDeniedHandler" ref="accessDeniedHandler"/>
<property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
</bean>
<bean id="accessDeniedHandler" class="org.springframework.security.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/access.jsp"/>
</bean>
<bean id="authenticationEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/index.jsp"/>
</bean>
</beans>
/**
* @此方法描述的是:
* @Dec 8, 2009
*/
package cn.com.sohocat.security;
import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;
import cn.com.sohocat.api.IHoAdmin;
import cn.com.sohocat.pojo.HoAdministrator;
import cn.com.sohocat.util.BeanHelp;
import cn.com.sohocat.util.LogClass;
public class AdminLogin extends LogClass implements UserDetailsService {
public UserDetails loadUserByUsername(String userName)
throws UsernameNotFoundException, DataAccessException {
HoAdministrator admin = ScurityUserHolder.getCurrentUser();
if(null==admin){
IHoAdmin iHoAdmin = (IHoAdmin) BeanHelp.getBean("iHoAdmin");
admin = iHoAdmin.queryHoAdministratorByAdminName(userName);
}
if(null==admin){
this.log.debug("***"+userName+"*** 用户名不从在或是用户名密码不匹配");
throw new UsernameNotFoundException("User " + userName + " has no GrantedAuthority");
} else {
this.log.debug("新用户登陆:***"+userName+"***");
String auth = "";
for(GrantedAuthority authority : admin.getAuthorities()) {
auth = auth + ","+ authority.getAuthority().toString();
}
this.log.debug("***"+userName+"***拥有权限:"+auth);
return admin;
}
}
}
<%@ page language="java" contentType="text/html; charset=UTF-8"%> <%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %> <sec:authorize ifAllGranted="ROLE_ADMIN"><div class='unit'><h5>Admin管理</h5><ul><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/linkAdmin.jsp'>账户管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/linkGroup.jsp'>组管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/linkRole.jsp'>角色管理</a></li></sec:authorize></ul></div></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><div class='unit'><h5>User管理</h5><ul><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>账户管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>组管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>角色管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>积分管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>货币管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>群发功能</a></li></sec:authorize></ul></div></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><div class='unit'><h5>基础数据管理</h5><ul><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/importcorpus.jsp'>语料批量导入</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/importterminology.jsp'>术语批量导入</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/corpus.jsp'>语料单条操作</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/terminology.jsp'>术语单条操作</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/category.jsp'>术语类别操作</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>CAT统计</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/menu.jsp'>菜单管理</a></li></sec:authorize></ul></div></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><div class='unit'><h5>系统参数管理</h5><ul><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/fault_tolerance.jsp'>语料插入容错</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='/supermanage/corpora_host_map.do?method=query'>语料数据映射</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/glossary_fault_tolerance.jsp'>术语插入容错</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/glossary_host_map.jsp'>术语数据映射</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/host_data.jsp'>主机档案</a></li></sec:authorize></ul></div></sec:authorize>
分享到:
发表评论
-
spring mvc3 配置<mvc:resources/> @Controller失效
2015-06-01 16:33 0修改restful spring mvc3 配置<mv ... -
SPR 1
2014-11-17 11:22 0public static void initSprBea ... -
spring-源码浅析-bean加载
2014-11-15 18:31 0本文分析基于spring web 应用 一般我 ... -
spring 注解
2013-05-16 16:44 0spring全注解配置 可用注解有: 有用于声明bean的An ... -
Spring事务传播机制
2013-05-08 18:02 0当我们调用一个基于Spring的Service接口方法(如Us ... -
模仿spring 获取dao
2010-02-04 14:17 709public final class BeanFactor ... -
spring 代理struts的配置
2009-07-12 11:36 996struts-config.xml 配置: &l ... -
spring 事务管理,拦截,权限验证
2009-07-12 11:26 1358<?xml version="1.0&qu ... -
spring 代理javamail 自动发送注册验证邮件
2009-07-12 10:52 3029spring applicationContext.xml 配 ... -
spring applicationContext.xml配置
2009-07-12 10:41 958<?xml version="1.0" ... -
spring 代理 hibernate 的配置
2009-07-12 10:26 1029<?xml version="1.0" ... -
spring web.xml配置
2009-07-12 10:15 1168<context-param> <pa ... -
spring 过滤器web.xml配置
2009-07-12 10:13 2089<filter> <filter ... -
配置Spring的定时器
2009-04-02 16:28 889applicationContext.xml: < ...
相关推荐
在"springsecurity学习笔记"中,你可能会涉及以下主题: - Spring Security的基本配置,包括web安全配置和全局安全配置。 - 如何自定义认证和授权流程,比如实现自定义的AuthenticationProvider和...
在"SpringSecurity笔记2-SpringSecurity命名空间"的学习中,还会涉及到如何自定义过滤器链,以及如何通过`<custom-filter>`元素插入自定义的SpringSecurity过滤器。同时,理解`<access-denied-handler>`和`...
Spring Security是一个功能强大且高度可定制的身份验证和授权框架,专门用于保护Java应用程序的安全性。它构建在Spring Framework基础之上,提供了全面的安全解决方案,包括身份验证、授权、攻击防护等功能。 Spring...
这份"Spring学习笔记+学习源码.zip"资源包含了深入学习Spring及其相关技术的知识点,以及实践代码,对提升Spring技能将大有裨益。 首先,我们来详细讨论Spring框架的主要组件和功能: 1. **依赖注入(Dependency ...
### SpringBoot学习笔记 #### 一、SpringBoot入门 ##### 1、SpringBoot简介 - **简化Spring应用开发**:SpringBoot是简化Spring应用开发的一个框架,它通过默认配置极大地减少了开发过程中的样板代码,使得开发者...
SpringSecurity是Java领域中一款强大的安全框架,主要用于Web应用程序的安全管理。它提供了全面的身份验证、授权、会话...通过深入学习和实践,我们可以更好地掌握SpringSecurity,为我们的应用构建坚固的安全防线。
Spring Security OAuth2.0学习笔记 什么是认证、授权、会话。 Java Servlet为支持http会话做了哪些事儿。 基于session认证机制的运作流程。 基于token认证机制的运作流程。 理解Spring Security的工作原理,Spring ...
spring security学习笔记
spring security方面的学习资料,包含:Spring+Security+3+与+CAS单点登录配置;Spring+Security3中文教程;Spring-Security安全权限管理手册;Spring+Security文库;还有一个学习笔记!
7. **Spring安全(Spring Security)**: `spring_security.sql`和`spring_security.txt`可能涉及到Spring Security的基本概念,如用户认证、权限控制、基于角色的访问控制(RBAC),以及如何配置和定制安全规则。...
Spring Security 是一个强大的安全框架,主要用于Java应用的安全管理,它为Web应用和企业级应用提供了全面的...通过学习这些文档,开发者可以更好地理解Spring Security的工作原理,从而更有效地实现应用的安全控制。
这篇教程的学习笔记将带你深入理解其核心概念和工作原理。首先,我们来概述 Spring Security 的基本架构和主要组件。 **1. ** **Spring Security 架构** Spring Security 的架构基于过滤器链,它拦截并处理应用...
《Spring Security 3笔记》 在深入探讨Spring Security 3的知识点之前,我们先了解下这个框架的基本概念。Spring Security是Spring生态系统中的一个组件,它为Java应用提供了全面的安全服务,包括认证、授权以及Web...
本篇学习笔记将带你走进Spring Security的世界,逐步理解并掌握其基本用法。 首先,要开始使用Spring Security,我们需要在项目中添加依赖。在Maven工程中,可以通过在`pom.xml`中引入Spring Boot的`spring-boot-...
这份尚硅谷的学习笔记涵盖了Spring Boot 3的各个方面,无论你是初学者还是有经验的开发者,都能从中受益。通过阅读`.md`和`.pdf`文件,你可以逐步学习并掌握这些知识点,从而提升自己的技能水平。
Spring Security 是一个强大的且高度可定制的框架,用于为Java应用程序提供身份验证和授权服务。它主要用于保护基于Spring的...通过学习本笔记,你可以逐步掌握Spring Security的基础知识,并将其运用到实际项目中。
在 "spring-boot-learning-gitbook_column2.0" 这个文件夹中,你可能会找到关于以上知识点的代码示例、配置文件以及相关的学习笔记,帮助你深入理解并实践 Spring Boot。每个子目录可能对应一个特定的主题,如“Web ...
在本学习笔记中,我们将深入探讨Spring Security的核心概念和配置,以及如何设计数据库表来支持权限管理。 首先,Spring Security的配置始于Web应用的入口点——`web.xml`文件。在这里,我们需要定义一个名为`...
Spring Security 是一个强大的Java安全框架,用于...总的来说,Spring Security 3的学习笔记和源码分析对提升安全开发技能大有裨益,不仅可以加深理论理解,还能在实际项目中灵活运用,构建更加健壮、安全的应用系统。
springboot学习笔记 spring基础 Spring概述 Spring的简史 xml配置 注解配置 java配置 Spring概述 Spring的模块 核心容器CoreContainer Spring-Core Spring-Beans ...