spring security2.0+hibernate3.2笔记之配置文件

目录结构：src/applicationContext.xml;WebRoot/WEB-INF/security.xml;WebRoot/WEB-INF/web.xml;

配置文件：

1. web.xml

   <?xml version="1.0" encoding="UTF-8"?>
   <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
   	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
   	http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
   	
   	<context-param>
   		<param-name>contextConfigLocation</param-name>
   		<param-value>
   			classpath:applicationContext.xml
   			/WEB-INF/security.xml
   		</param-value>
   	</context-param>
   	
   	<welcome-file-list>
   		<welcome-file>index.jsp</welcome-file>
   	</welcome-file-list>
   	<!-- 延迟加载  开始-->
   	<filter>
   		<filter-name>lazy</filter-name>
   		<filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
   	</filter>
   	<filter-mapping>
   		<filter-name>lazy</filter-name>
   		<url-pattern>/*</url-pattern>
   	</filter-mapping>
   	<!-- 延迟加载  结束-->
   
   	<!-- Spring 开始-->
   	<listener>
   		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
   	</listener>
   	<!-- Spring 结束-->
   
   	<!-- Spring Security 开始-->
   	<filter>
   		<filter-name>springSecurityFilterChain</filter-name>
   		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
   	</filter>
   	<filter-mapping>
   		<filter-name>springSecurityFilterChain</filter-name>
   		<url-pattern>/*</url-pattern>
   	</filter-mapping>
   	<!-- Spring Security 结束-->
   	
   	<!-- Spring Security 会话管理  开始-->
   	<listener>
   		<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
   	</listener>
   	<!-- Spring Security 会话管理  结束-->
   </web-app>
   

    
2. applicationContext.xml

   <?xml version="1.0" encoding="UTF-8"?>
   <beans xmlns="http://www.springframework.org/schema/beans"
   	xmlns:context="http://www.springframework.org/schema/context"
   	xmlns:tx="http://www.springframework.org/schema/tx"
   	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
   	xsi:schemaLocation="http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/tx
   		 http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
            http://www.springframework.org/schema/context
            http://www.springframework.org/schema/context/spring-context-3.0.xsd
            http://www.springframework.org/schema/aop
            http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"
   	default-autowire="byType">
   	
   	<!-- 启动注解 -->
   	<context:annotation-config />
   	<!-- 指定使用了注解的类所在包  -->
   	<context:component-scan base-package="com.ss3" />
   	<!-- 启用注解事务 -->
   	<bean id="transactionManager"
   		class="org.springframework.orm.hibernate3.HibernateTransactionManager"></bean>
   	<tx:annotation-driven />
   
   	<!-- 配置文件读取 -->
   	<bean
   		class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
   		autowire="no">
   		<property name="locations">
   			<list>
   				<value>classpath:jdbc.properties</value>
   			</list>
   		</property>
   	</bean>
   
   	<bean id="dataSource"
   		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
   		<property name="driverClassName" value="${jdbc.driverClassName}">
   		</property>
   		<property name="url" value="${jdbc.url}">
   		</property>
   		<property name="username" value="${jdbc.userName}"></property>
   		<property name="password" value="${jdbc.pwd}"></property>
   	</bean>
   
   	<bean id="sessionFactory"
   		class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean" autowire="byName">
   		<property name="dataSource" ref="dataSource"></property>
   		<property name="configLocation" value="classpath:hibernate.cfg.xml">
   		</property>
   	</bean>
   	
   </beans>
   

    
3. security.xml
   

   <?xml version="1.0" encoding="UTF-8"?>
   <beans:beans xmlns="http://www.springframework.org/schema/security"
   	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   	xsi:schemaLocation="http://www.springframework.org/schema/beans
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/security
   		 http://www.springframework.org/schema/security/spring-security-3.0.xsd"
   	default-autowire="byType">
   
   
   	<http auto-config="true" access-denied-page="/deny.html">
   		<intercept-url pattern="/index.jsp" filters="none" />
   		<!-- 控制多用户登陆 -->
   		<session-management>
   			<concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
   		</session-management>
   		<!--
   			增加一个filter位于FILTER_SECURITY_INTERCEPTOR之前
   		-->
   		<custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" />
   	</http>
   	<!--
   		一个自定义的filter，必须包含authenticationManager,accessDecisionManager,securityMetadataSource三个属性
   	-->
   	<beans:bean id="myFilter" class="com.ss3.filter.MyFilterSecurityInterceptor"
   		autowire="no">
   		<beans:property name="authenticationManager" ref="myAuthenticationManager" />
   		<!-- 访问决策器，决定某个用户具有的角色，是否有足够的权限去访问某个资源     注解-->
   		<beans:property name="accessDecisionManager" ref="myAccessDecisionManager" />
   		<!-- 资源源数据定义，将所有的资源和权限对应关系建立起来，即定义某一资源被允许访问的角色 	-->
   		<beans:property name="securityMetadataSource" ref="myInvocationSecurityMetadataSourceService" />
   	</beans:bean>
   	
   	<!-- 验证配置 ， 认证管理器，实现用户认证的入口，实现UserDetailsService接口即可 -->
   	<authentication-manager alias="myAuthenticationManager">
   		<authentication-provider user-service-ref="myUserDetailsService">
   			<password-encoder hash="md5">
   				<salt-source user-property="username" />
   			</password-encoder>
   		</authentication-provider>
   	</authentication-manager>
   
   </beans:beans>