`
anson_xu
  • 浏览: 513111 次
  • 性别: Icon_minigender_1
  • 来自: 惠州
社区版块
存档分类

一个acegi配置文件applicationContext-security-acegi.xm

    博客分类:
  • SSH
AcegiSecurity配置管理SpringBean 
阅读更多
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

<!--
- A simple "base bones" Acegi Security configuration.
-
- The sample includes the "popular" features that people tend to use.
- Specifically, form authentication, remember-me, and anonymous processing.
- Other features aren't setup, as these can be added later by inserting
- the relevant XML fragments as specified in the Reference Guide.
-
- To assist new users, the filters specified in the FilterChainProxy are
- declared in the application context in the same order. Collaborators
- required by those filters are placed at the end of the file.
-
- $Id: applicationContext-acegi-security.xml 1513 2006-05-29 13:32:12Z benalex $
-->

<beans>

<bean id="filterChainProxy"
  class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>

<bean id="httpSessionContextIntegrationFilter"
  class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>

<bean id="logoutFilter"
  class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/login.jsp"/>
<!-- URL redirected to after logout -->
<constructor-arg>
<list>
<ref bean="rememberMeServices"/>
<bean
class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>

<bean id="authenticationProcessingFilter"
  class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager"
  ref="authenticationManager"/>
<property name="authenticationFailureUrl"
  value="/login.jsp?login_error=1"/>
<property name="defaultTargetUrl" value="/login.do?method=acegiLogin"/>
<property name="filterProcessesUrl" value="/j_acegi_security_check"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>

<bean id="securityContextHolderAwareRequestFilter"
  class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>

<bean id="rememberMeProcessingFilter"
  class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
<property name="authenticationManager"
  ref="authenticationManager"/>
<property name="rememberMeServices" ref="rememberMeServices"/>
</bean>

<bean id="anonymousProcessingFilter"
  class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="changeThis"/>
<property name="userAttribute"
  value="anonymousUser,ROLE_ANONYMOUS"/>
</bean>

<bean id="exceptionTranslationFilter"
  class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/login.jsp"/>
<property name="forceHttps" value="false"/>
</bean>
</property>
<property name="accessDeniedHandler">
<bean
class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp"/>
</bean>
</property>
</bean>

<bean id="filterInvocationInterceptor"
  class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"
  ref="authenticationManager"/>
<property name="accessDecisionManager">
   <ref local="accessDecisionManager"/>
</property>
<!-- property name="objectDefinitionSource"
  ref="filterDefinitionSource"/-->
  <!--
         filterInvocationInterceptor在执行转向url前检查objectDefinitionSource中设定的用户权限信息
         过程:
         首先,objectDefinitionSource中定义了访问URL需要的属性信息(这里的属性信息仅仅是标志,告诉accessDecisionManager要用哪些voter来投票)
         然后,authenticationManager掉用自己的provider来对用户的认证信息进行校验。
         最后,有投票者根据用户持有认证和访问url需要的属性,调用自己的voter来投票,决定是否允许访问。
     -->
<property name="objectDefinitionSource">
    <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /admin/**=ROLE_ADMIN,ROLE_USER
    /users/**=ROLE_USER,ROLE_ADMINISTRATOR
    /web-inf/users/**=ROLE_ADMINISTRATOR
   </value>
   
</property>
</bean>
<!-- 现在没用filterDefinitionSource -->
<!-- 
<bean id="filterDefinitionSource"
  class="org.springside.bookstore.components.acegi.intercept.web.DBFilterInvocationDefinitionSource">
<property name="convertUrlToLowercaseBeforeComparison"
  value="true"/>
<property name="useAntPath" value="true"/>
<property name="acegiCacheManager" ref="acegiCacheManager"/>
</bean>

-->

<bean id="rememberMeServices"
  class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="userDetailsService"/>
<property name="key" value="changeThis"/>
</bean>
<!--1 ========================= 认证管理器 ========================= -->
<bean id="authenticationManager"
  class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider"/>
<bean
class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
<bean
class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="changeThis"/>
</bean>
</list>
</property>
</bean>

<!-- 使用Md5算法加密 -->
<bean id="passwordEncoder"
  class="org.acegisecurity.providers.encoding.Md5PasswordEncoder"/>

<bean id="daoAuthenticationProvider"
  class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
  <!-- 此处可以自己写DAO实现userDetailsService -->
<property name="userDetailsService" ref="userDetailsService"/>
<property name="userCache" ref="userCache"/>
<!-- <property name="passwordEncoder" ref="passwordEncoder"/>   -->
</bean>

<bean name="userCache" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache">
<bean
class="org.springframework.cache.ehcache.EhCacheFactoryBean" autowire="byName">
<property name="cacheManager" ref="cacheManager"/>
<property name="cacheName" value="userCache"/>
</bean>
</property>
</bean>

<!-- 自建一个resourceCache以存放resource对应的role关系 -->
<!--
resource缓存实际执行对象

<bean id="resourceCache"
  class="org.springside.bookstore.components.acegi.resourcedetails.ResourceCache"
  autowire="byName">
<property name="cache">
<bean id="resourceCacheBackend"
  class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager" ref="cacheManager"/>
<property name="cacheName" value="resourceCache"/>
</bean>
</property>
</bean>
-->

<!-- UserDetailsService is the most commonly frequently Acegi Security interface implemented by end users -->
<!-- 可用自己的service实现 -->
<!--  <bean id="userDetailsService"
  class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource" ref="dbManager"/>
<property name="usersByUsernameQuery">
<value>
select username,password,1 from lottery_users where enabled='1'
and username = ?
</value>
</property>
<property name="authoritiesByUsernameQuery">
<value>
select u.username,g.name from lottery_users u,lottery_groups g where u.group_id=g.id and u.enabled='1'
and u.username = ?
</value>
</property>
</bean>
-->
<bean id="userDetailsService"
class="com.lottery.service.AcegiUserDeitailsService">
<property name="dbManager" ref="dbManager" />
</bean>

<!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
<bean id="loggerListener"
  class="org.acegisecurity.event.authentication.LoggerListener"/>

<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
<property name="configLocation">
<value>classpath:ehcache.xml</value>
</property>
</bean>
   <!--
<bean id="acegiCacheManager" class="org.springframework.transaction.interceptor.TransactionProxyFactoryBean"
  abstract="false" autowire="byName">
<property name="transactionManager" ref="transactionManager"/>
<property name="proxyTargetClass" value="true"/>
<property name="target">
<bean class="org.springside.bookstore.components.acegi.cache.AcegiCacheManagerImpl">
<property name="resourceCache" ref="resourceCache"></property>
<property name="userCache" ref="userCache"></property>
<property name="sessionFactory" ref="sessionFactory"></property>
</bean>
</property>
<property name="transactionAttributes">
<props>
<prop key="modify*">PROPAGATION_REQUIRED</prop>
<prop key="auth*">PROPAGATION_REQUIRED</prop>
<prop key="init*">PROPAGATION_REQUIRED,readOnly</prop>
<prop key="refresh*">PROPAGATION_REQUIRED,readOnly</prop>
<prop key="get*">PROPAGATION_REQUIRED,readOnly</prop>
</props>
</property>
</bean>
-->
    <!-- ========================= 决策管理器 ========================= -->
    <bean id="accessDecisionManager"
    class="org.acegisecurity.vote.AffirmativeBased">
    <property name="decisionVoters">
    <list>
    <ref bean="roleVoter" />
    </list>
    </property>
    <!-- 是否全部弃权就通过 -->
    <property name="allowIfAllAbstainDecisions" value="false" />
    </bean>

    <!--
         必须是以rolePrefix设定的value开头的才会进行投票,否则为弃权
     -->
  <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
    <property name="rolePrefix"><value>ROLE_</value></property>
  </bean>
</beans>
分享到:
| 一个proxool连接池的applicationContext.x ...
评论
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

Magicbox
Global site tag (gtag.js) - Google Analytics