- xml配置:
<global-method-security access-decision-manager-ref="accessDecisionManager"/>
<http pattern="/loggedout.jsp" security="none"/>
<http pattern="/login.jsp" security="none"/>
<http auto-config="true" access-decision-manager-ref="accessDecisionManager">
<intercept-url pattern="/**" access="permitAll" />
<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?login_error=1"
default-target-url="/listAccounts.html"/>
<http-basic/>
<logout logout-success-url="/loggedout.jsp" delete-cookies="JSESSIONID"/>
<remember-me />
<session-management invalid-session-url="/timeout.jsp">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>
</http>
<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<beans:property name="allowIfAllAbstainDecisions" value="false"/>
<beans:property name="decisionVoters">
<beans:list>
<beans:bean class="net.mantis.security.auth.DatabaseRoleVoter"/>
<beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
</beans:list>
</beans:property>
</beans:bean>
- java code: DatabaseRoleVoter
public class DatabaseRoleVoter implements AccessDecisionVoter {
@Override
public boolean supports(ConfigAttribute arg0) {
System.out.println(this.getClass().getName()
+ ".supports(ConfigAttribute arg0)");
return true;
}
@Override
public boolean supports(Class arg0) {
System.out.println(this.getClass().getName() + ".supports(Class arg0)");
return true;
}
@Override
public int vote(Authentication au, Object arg1, Collection arg2) {
int result = 0;
String name = au.getName();
if (name.equalsIgnoreCase("Rod")) {
result = 1;
} else {
result = -1;
}
System.out.println(this.getClass().getName() + ".vote");
System.out.println(arg1);
System.out.println(arg2);
return result;
}
}
扫一扫
1436
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
