本文介绍如何在 Spring 应用中配置 Acegi 安全框架,包括 Filter 的设置、用户认证及授权过程,并详细解释了每个配置项的作用。
一、在web.xml中配置acegi的Filter二、新建一个spring的配置文件applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"><beans></beans>
添加filterChainProxy,主要是来设置URL的过滤与Acegi的Filter的关联,可以使用正则表达式
<bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /j_security_check*=httpSessionContextIntegrationFilter,authenticationProcessingFilter /**/*.html*=httpSessionContextIntegrationFilter,anonymousProcessingFilter,securityEnforcementFilter /**/*.jsp*=httpSessionContextIntegrationFilter,securityEnforcementFilter </value> </property> </bean><bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="accessDecisionManager"><ref local="accessDecisionManager"/></property> <property name="objectDefinitionSource"> <value> CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON PATTERN_TYPE_APACHE_ANT /signup.html=ROLE_ANONYMOUS,admin,tomcat /passwordhint.html*=ROLE_ANONYMOUS,admin,tomcat /**/*.html*=admin,tomcat /clickstreams.jsp=admin </value> </property> </bean> <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager"> <property name="providers"> <list> <ref local="daoAuthenticationProvider"/> <ref local="anonymousAuthenticationProvider"/> </list> </property> </bean><bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/> <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider"> <property name="authenticationDao"><ref local="jdbcAuthenticationDao"/></property> <property name="userCache"><ref local="userCache"/></property> </bean> <bean id="jdbcAuthenticationDao" class="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl"> <property name="dataSource"><ref bean="dataSource"/></property> <property name="usersByUsernameQuery"> <value>SELECT username,password,enabled FROM app_user WHERE username = ?</value> </property> <property name="authoritiesByUsernameQuery"> <value>SELECT username,role_name FROM user_role WHERE username = ?</value> </property> </bean> <bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache"> <property name="cache"> <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean"> <property name="cacheManager"> <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/> </property> <property name="cacheName"><value>userCache</value></property> </bean> </property> </bean> <bean id="anonymousAuthenticationProvider" class="net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider"> <property name="key"><value>anonymous</value></property> </bean> <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"> <property name="rolePrefix"><value/></property> </bean> <bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased"> <property name="allowIfAllAbstainDecisions"><value>false</value></property> <property name="decisionVoters"> <list> <ref local="roleVoter"/> </list> </property> </bean> <bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter"> <property name="context"><value>net.sf.acegisecurity.context.security.SecureContextImpl</value></property> </bean> <bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter"> <property name="authenticationManager"><ref local="authenticationManager"/></property> <property name="authenticationFailureUrl"><value>/login.jsp?error=true</value></property> <property name="defaultTargetUrl"><value>/</value></property> <property name="filterProcessesUrl"><value>/j_security_check</value></property> </bean> <bean id="anonymousProcessingFilter" class="net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter"> <property name="key"><value>anonymous</value></property> <property name="userAttribute"><value>anonymous,ROLE_ANONYMOUS</value></property> </bean> <bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter"> <property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property> <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property> </bean> <bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint"> <property name="loginFormUrl"><value>/login.jsp</value></property> <property name="forceHttps"><value>false</value></property> </bean><filter> <filter-name>securityFilter</filter-name> <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class> <init-param> <param-name>targetClass</param-name> <param-value>net.sf.acegisecurity.util.FilterChainProxy</param-value> </init-param></filter><filter-mapping> <filter-name>securityFilter</filter-name> <url-pattern>/*</url-pattern></filter-mapping>
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
