87 lines
5.2 KiB
XML
87 lines
5.2 KiB
XML
|
<?xml version="1.0" encoding="UTF-8"?>
|
|||
|
|
<b:beans xmlns="http://www.springframework.org/schema/security"
|
|||
|
|
xmlns:b="http://www.springframework.org/schema/beans"
|
|||
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|||
|
|
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
|
|||
|
|
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
|
|||
|
|
|
|||
|
|
<!-- 配置不需要安全管理的界面 -->
|
|||
|
|
<http pattern="/CSS/**" security="none"></http>
|
|||
|
|
<http pattern="/JS/**" security="none"></http>
|
|||
|
|
<http pattern="/IMG/**" security="none"></http>
|
|||
|
|
<http pattern="/jsp/login.jsp" security="none" />
|
|||
|
|
<http pattern="/jsp/main.jsp" security="none" />
|
|||
|
|
<http pattern="/index.jsp" security="none" />
|
|||
|
|
|
|||
|
|
<http use-expressions='true' entry-point-ref="myAuthenticationEntryPoint" > <!-- access-denied-page="/accessDenied.jsp" -->
|
|||
|
|
<access-denied-handler error-page="/accessDenied"/>
|
|||
|
|
<!-- 使用自己自定义的登陆认证过滤器 --><!-- 这里一定要注释掉,因为我们需要重写它的过滤器 -->
|
|||
|
|
<form-login login-page="/jsp/login.jsp"
|
|||
|
|
authentication-failure-url="/Login/doFail.do"
|
|||
|
|
default-target-url="/Login/doPass.do"
|
|||
|
|
/>
|
|||
|
|
<!--访问/admin.jsp资源的用户必须具有ROLE_ADMIN的权限 -->
|
|||
|
|
<!-- <intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" /> -->
|
|||
|
|
<!--访问/**资源的用户必须具有ROLE_USER的权限 -->
|
|||
|
|
<!-- <intercept-url pattern="/**" access="ROLE_USER" /> -->
|
|||
|
|
<!--防止多个用户同时登陆一个账号 -->
|
|||
|
|
<session-management>
|
|||
|
|
<concurrency-control max-sessions="1"
|
|||
|
|
error-if-maximum-exceeded="false" />
|
|||
|
|
</session-management>
|
|||
|
|
|
|||
|
|
<!-- 认证和授权 --><!-- 重写登陆认证的过滤器,使我们可以拿到任何参数 -->
|
|||
|
|
<!-- <custom-filter ref="myAuthenticationFilter" position="FORM_LOGIN_FILTER" /> -->
|
|||
|
|
<custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" />
|
|||
|
|
|
|||
|
|
<!-- 登出管理 -->
|
|||
|
|
<logout invalidate-session="true" logout-url="/j_spring_security_logout" />
|
|||
|
|
|
|||
|
|
</http>
|
|||
|
|
|
|||
|
|
<!-- 未登录的切入点 --><!-- 需要有个切入点 -->
|
|||
|
|
<b:bean id="myAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
|
|||
|
|
<b:property name="loginFormUrl" value="/jsp/login.jsp"></b:property>
|
|||
|
|
</b:bean>
|
|||
|
|
|
|||
|
|
<!-- 登录验证器:用户有没有登录的资格 --><!-- 这个就是重写的认证过滤器 -->
|
|||
|
|
<!-- <b:bean id="myAuthenticationFilter" class="com.lcy.springSecurity.MyAuthenticationFilter">
|
|||
|
|
<b:property name="authenticationManager" ref="authenticationManager" />
|
|||
|
|
<b:property name="filterProcessesUrl" value="/j_spring_security_check" />
|
|||
|
|
<b:property name="authenticationSuccessHandler">
|
|||
|
|
<b:bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
|
|||
|
|
<b:property name="defaultTargetUrl" value="/index.jsp" />
|
|||
|
|
</b:bean>
|
|||
|
|
</b:property>
|
|||
|
|
<b:property name="authenticationFailureHandler">
|
|||
|
|
<b:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
|
|||
|
|
<b:property name="defaultFailureUrl" value="/accessDenied.jsp" />
|
|||
|
|
</b:bean>
|
|||
|
|
</b:property>
|
|||
|
|
</b:bean> -->
|
|||
|
|
<!--一个自定义的filter,必须包含 authenticationManager,accessDecisionManager,securityMetadataSource三个属性,
|
|||
|
|
我们的所有控制将在这三个类中实现,解释详见具体配置 -->
|
|||
|
|
<b:bean id="myFilter"
|
|||
|
|
class="com.sipai.security.MyFilterSecurityInterceptor">
|
|||
|
|
<b:property name="authenticationManager" ref="authenticationManager" />
|
|||
|
|
<b:property name="accessDecisionManager" ref="myAccessDecisionManagerBean" />
|
|||
|
|
<b:property name="securityMetadataSource" ref="securityMetadataSource" />
|
|||
|
|
</b:bean>
|
|||
|
|
<!--验证配置,认证管理器,实现用户认证的入口,主要实现UserDetailsService接口即可 -->
|
|||
|
|
<authentication-manager alias="authenticationManager">
|
|||
|
|
<authentication-provider user-service-ref="myUserDetailService">
|
|||
|
|
<!--如果用户的密码采用加密的话 -->
|
|||
|
|
<password-encoder hash="md5" />
|
|||
|
|
</authentication-provider>
|
|||
|
|
</authentication-manager>
|
|||
|
|
<!--在这个类中,你就可以从数据库中读入用户的密码,角色信息,是否锁定,账号是否过期等 -->
|
|||
|
|
<b:bean id="myUserDetailService" class="com.sipai.security.MyUserDetailServiceImpl" />
|
|||
|
|
<!--访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源 -->
|
|||
|
|
<b:bean id="myAccessDecisionManagerBean"
|
|||
|
|
class="com.sipai.security.MyAccessDecisionManager">
|
|||
|
|
</b:bean>
|
|||
|
|
<!--资源源数据定义,将所有的资源和权限对应关系建立起来,即定义某一资源可以被哪些角色访问 -->
|
|||
|
|
<b:bean id="securityMetadataSource"
|
|||
|
|
class="com.sipai.security.MySecurityMetadataSource" />
|
|||
|
|
|
|||
|
|
</b:beans>
|