<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<!-- 配置登陆页面的切入点 -->
<!-- entry-point-ref:安全退出后,再次请求受限资源时所跳转的URL -->
<security:http use-expressions="true" entry-point-ref="authenticationEntryPoint"
access-denied-page="/noAuth.jsp">
<security:logout invalidate-session="true" logout-url="/logout"
success-handler-ref="logoutFilter" />
<security:intercept-url pattern="/admin/login.jsp"
filters="none" />
<security:intercept-url pattern="/views/shop/login.jsp"
filters="none" />
<security:intercept-url pattern="/admin/login"
filters="none" />
<security:intercept-url pattern="/admin/user/isonly"
filters="none" />
<!-- 配置session超时后跳转的页面,以及一个用户只能登陆一次 -->
<security:session-management
invalid-session-url="/sessionTimeOut.jsp">
<security:concurrency-control
max-sessions="1" />
</security:session-management>
<!-- 替换默认的登陆验证Filter -->
<security:custom-filter ref="loginFilter"
position="FORM_LOGIN_FILTER" />
<security:custom-filter ref="FilterSecurityInterceptor"
before="FILTER_SECURITY_INTERCEPTOR" />
</security:http>
<!-- ====================================================模块分割线==================================================== -->
<!-- 配置登陆页面 -->
<bean id="authenticationEntryPoint"
class="com.softcj.security.login.MultipleAuthenticationEntryPoint">
<property name="directUrlResolvers">
<list>
<ref bean="forendLoginEntry" />
<ref bean="backLoginEntry" />
</list>
</property>
</bean>
<!-- 配置前台登陆 -->
<bean id="forendLoginEntry" class="com.softcj.security.shared.DirectUrlResolverImpl">
<property name="pattern" value="/shop"></property>
<property name="directUrl" value="/views/shop/login.jsp"></property>
</bean>
<!-- 配置后台登陆 -->
<bean id="backLoginEntry" class="com.softcj.security.shared.DirectUrlResolverImpl">
<property name="pattern" value="/admin"></property>
<property name="directUrl" value="/admin/login.jsp"></property>
</bean>
<!-- ====================================================模块分割线==================================================== -->
<!-- 配置登出页面 -->
<bean id="logoutFilter" class="com.softcj.security.logout.MultipleLogoutSuccessHandler">
<property name="directUrlResolvers">
<list>
<ref bean="forendLogoutSuccessUrlResolver" />
<ref bean="backendLogoutSuccessUrlResolver" />
</list>
</property>
</bean>
<!-- 配置前台登出 -->
<bean id="forendLogoutSuccessUrlResolver" class="com.softcj.security.shared.ParameterDirectUrlResolverImpl">
<property name="parameterName" value="token"></property>
<property name="pattern" value="forend"></property>
<property name="directUrl" value="/views/shop/login.jsp" />
</bean>
<!-- 配置后台登出 -->
<bean id="backendLogoutSuccessUrlResolver" class="com.softcj.security.shared.ParameterDirectUrlResolverImpl">
<property name="parameterName" value="token"></property>
<property name="pattern" value="backend"></property>
<property name="directUrl" value="/admin/login.jsp" />
</bean>
<!-- ====================================================模块分割线==================================================== -->
<!-- 自定义登陆验证过滤器 -->
<bean id="loginFilter"
class="com.softcj.security.authentication.filter.MultipleUsernamePasswordAuthenticationFilter">
<!-- 登陆页面URL -->
<property name="filterProcessesUrl" value="/login_check" />
<!-- 注入不同类型的用户凭证 -->
<property name="tokenResolvers">
<list>
<ref bean="forendAuthenticationTokenResolver" />
<ref bean="backendAuthenticationTokenResolver" />
</list>
</property>
<!-- 校验用户名及密码,并对用户授权 -->
<property name="authenticationManager" ref="authenticationManager" />
<!-- 验证通过所执行的请求 -->
<property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
<!-- 验证未通过所执行的请求 -->
<property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
<!-- 自动登录 -->
<property name="rememberMeServices" ref="rememberMeServices"></property>
</bean>
<!-- ====================================================模块分割线==================================================== -->
<!-- 构建前台登陆用户凭证 -->
<bean id="forendAuthenticationTokenResolver"
class="com.softcj.security.authentication.filter.ForendAuthenticationTokenResolver">
<property name="parameterName" value="token" />
<property name="parameterValue" value="forend" />
</bean>
<!-- 构建后台登陆用户凭证 -->
<bean id="backendAuthenticationTokenResolver"
class="com.softcj.security.authentication.filter.BackendAuthenticationTokenResolver">
<property name="parameterName" value="token" />
<property name="parameterValue" value="backend" />
</bean>
<!-- 登陆验证成功后的处理结果 -->
<bean id="authenticationSuccessHandler"
class="com.softcj.security.authentication.handler.MultipleAuthenticationSuccessHandler">
<property name="directUrlResolvers">
<list>
<ref bean="forendAuthenticationSuccessUrlResolver" />
<ref bean="backendAuthenticationSuccessUrlResolver" />
</list>
</property>
</bean>
<!-- 登陆验证失败后的处理结果 -->
<bean id="authenticationFailureHandler"
class="com.softcj.security.authentication.handler.MultipleAuthenticationFailureHandler">
<property name="directUrlResolvers">
<list>
<ref bean="forendAuthenticationFailureUrlResolver" />
<ref bean="backendAuthenticationFailureUrlResolver" />
</list>
</property>
</bean>
<!-- 前台验证成功后的处理结果 -->
<bean id="forendAuthenticationSuccessUrlResolver" class="com.softcj.security.shared.ParameterDirectUrlResolverImpl">
<property name="parameterName" value="token" />
<property name="pattern" value="forend" />
<property name="directUrl" value="/shop/forend_page!main.action" />
</bean>
<!-- 前台验证失败后的处理结果 -->
<bean id="forendAuthenticationFailureUrlResolver" class="com.softcj.security.shared.ParameterDirectUrlResolverImpl">
<property name="parameterName" value="token" />
<property name="pattern" value="forend" />
<property name="directUrl" value="/views/shop/login.jsp" />
</bean>
<!-- 后台验证成功后的处理结果 -->
<bean id="backendAuthenticationSuccessUrlResolver" class="com.softcj.security.shared.ParameterDirectUrlResolverImpl">
<property name="parameterName" value="token" />
<property name="pattern" value="backend" />
<property name="directUrl" value="/admin/index" />
</bean>
<!-- 后台验证失败后的处理结果 -->
<bean id="backendAuthenticationFailureUrlResolver" class="com.softcj.security.shared.ParameterDirectUrlResolverImpl">
<property name="parameterName" value="token" />
<property name="pattern" value="backend" />
<property name="directUrl" value="/admin/login" />
</bean>
<!-- ====================================================模块分割线==================================================== -->
<!-- 配置Cookies自动登录 -->
<bean id="rememberMeServices"
class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
<!-- Cookies保存的属性名 -->
<property name="key" value="ZYL" />
<!-- 页面多选框标签的属性名 -->
<property name="parameter" value="rememberMe" />
<!-- Cookies时间(秒) -->
<property name="tokenValiditySeconds" value="1209600"></property>
<property name="userDetailsService" ref="backendUserDetailsService" />
<!-- <property name="tokenRepository" ref="tokenRepository" /> -->
</bean>
<!-- ====================================================模块分割线==================================================== -->
<!-- 自定义权限认证过滤器 -->
<bean id="FilterSecurityInterceptor"
class="com.softcj.security.manage.filter.MultipleFilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
<property name="securityMetadataSource" ref="multipleSecurityMetadataSource" />
<property name="accessDecisionManager" ref="multipleAccessDecisionManager" />
</bean>
<!-- 配置访问的资源属性 -->
<bean id="multipleSecurityMetadataSource"
class="com.softcj.security.manage.metadata.MultipleFilterInvocationSecurityMetadataSource">
<property name="metadataSources">
<list>
<ref bean="forendSecurityMetadataSource" />
<ref bean="backendSecurityMetadataSource" />
</list>
</property>
</bean>
<!-- 前台资源 -->
<bean id="forendSecurityMetadataSource"
class="com.softcj.security.manage.metadata.ForendSecurityMetadataSource">
<property name="pattern" value="/shop"></property>
</bean>
<!-- 后台资源 -->
<bean id="backendSecurityMetadataSource"
class="com.softcj.security.manage.metadata.BackendSecurityMetadataSource">
<property name="pattern" value="/admin"></property>
</bean>
<!-- 配置访问决策器 -->
<bean id="multipleAccessDecisionManager"
class="com.softcj.security.manage.decide.MultipleAccessDecisionManager" />
<!-- ====================================================模块分割线==================================================== -->
<!-- 配置身份验证管理器 -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="multipleAuthenticationProvider">
</security:authentication-provider>
</security:authentication-manager>
<!-- 配置身份验证器 -->
<bean id="multipleAuthenticationProvider"
class="com.softcj.security.authentication.provider.MultipleAuthenticationProvider">
<property name="authenticationProviders">
<list>
<ref bean="forendAuthenticationProvider" />
<ref bean="backendAuthenticationProvider" />
</list>
</property>
</bean>
<!-- 前台身份验证 -->
<bean id="forendUserDetailsService"
class="com.softcj.security.authentication.details.ForendUserDetailsService"></bean>
<!-- 后台身份验证 -->
<bean id="backendUserDetailsService"
class="com.softcj.security.authentication.details.BackendUserDetailsService"></bean>
<!-- 配置加密策略 -->
<bean id="shaPasswordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<!-- 加密方式 SHA-256 -->
<constructor-arg value="256" />
</bean>
<!-- 配置密码的盐值 -->
<bean id="saltSource"
class="org.springframework.security.authentication.dao.ReflectionSaltSource">
<!-- 以用户名作为加密盐值 -->
<property name="userPropertyToUse" value="username"></property>
</bean>
<!-- 前台验证器并构建新用户凭证 -->
<bean id="forendAuthenticationProvider"
class="com.softcj.security.authentication.provider.ForendAuthenticationProvider">
<property name="userDetailsService" ref="forendUserDetailsService"></property>
<property name="passwordEncoder" ref="shaPasswordEncoder"></property>
<property name="saltSource" ref="saltSource"></property>
</bean>
<!-- 后台验证器并构建新用户凭证 -->
<bean id="backendAuthenticationProvider"
class="com.softcj.security.authentication.provider.BackendAuthenticationProvider">
<property name="userDetailsService" ref="backendUserDetailsService"></property>
<property name="passwordEncoder" ref="shaPasswordEncoder"></property>
<property name="saltSource" ref="saltSource"></property>
</bean>
</beans>
这是XML配置文件
public class User extends BaseEntity implements UserDetails {
private static final long serialVersionUID = -2400769758495080278L;
private String username; // 用户名
private String password; // 密码
private String name;// 姓名
private String email; // 邮箱
private Date loginDate;// 最后登录日期
private String loginIp;// 最后登录IP
private String userAccountNonExpired; // 账号是否未过期
private String userAccountNonLocked; // 账号是否未锁定
private String userCredentialsNonExpired; // 账号凭证是否未过期
private String userEnabled; // 账号是否可用
private String roleIds;//该用户拥有角色ID集合
private String roleNames;//该用户拥有角色名字集合
private String organizationId;//所属机构ID
private String organizationName;//所属机构名称
// UserDetails的角色资源属性集合
private Collection<GrantedAuthority> authorities;
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getEmail() {
return email;
}
public void setEmail(String email) {
this.email = email;
}
@JsonSerialize(using =CustomDateSerializer.class)
public Date getLoginDate() {
return loginDate;
}
public void setLoginDate(Date loginDate) {
this.loginDate = loginDate;
}
public String getLoginIp() {
return loginIp;
}
public void setLoginIp(String loginIp) {
this.loginIp = loginIp;
}
public String getUserAccountNonExpired() {
return userAccountNonExpired;
}
public void setUserAccountNonExpired(String userAccountNonExpired) {
this.userAccountNonExpired = userAccountNonExpired;
}
public String getUserAccountNonLocked() {
return userAccountNonLocked;
}
public void setUserAccountNonLocked(String userAccountNonLocked) {
this.userAccountNonLocked = userAccountNonLocked;
}
public String getUserCredentialsNonExpired() {
return userCredentialsNonExpired;
}
public void setUserCredentialsNonExpired(String userCredentialsNonExpired) {
this.userCredentialsNonExpired = userCredentialsNonExpired;
}
public String getUserEnabled() {
return userEnabled;
}
public void setUserEnabled(String userEnabled) {
this.userEnabled = userEnabled;
}
public String getRoleIds() {
return roleIds;
}
public void setRoleIds(String roleIds) {
this.roleIds = roleIds;
}
public String getRoleNames() {
return roleNames;
}
public void setRoleNames(String roleNames) {
this.roleNames = roleNames;
}
public String getOrganizationId() {
return organizationId;
}
public void setOrganizationId(String organizationId) {
this.organizationId = organizationId;
}
public String getOrganizationName() {
return organizationName;
}
public void setOrganizationName(String organizationName) {
this.organizationName = organizationName;
}
// 重写此方法,获取用户权限集合
@Transient
public Collection<GrantedAuthority> getAuthorities() {
return authorities;
}
public void setAuthorities(Collection<GrantedAuthority> authorities) {
this.authorities = authorities;
}
@Transient
public boolean isEnabled() {
return false;
}
@Transient
public boolean isAccountNonLocked() {
return false;
}
@Transient
public boolean isAccountNonExpired() {
return false;
}
@Transient
public boolean isCredentialsNonExpired() {
return false;
}
}
这是javabean 这个user我返回的都是false了 为什么还是可以登录 是配置错误还是什么
