xzzn/SIPAIIS_WMS_JSSW
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
SIPAIIS_WMS_JSSW/bin/WebRoot/WEB-INF/spring-security.xml
dashixiong 903ff8d495 first commit
2026-01-16 14:13:44 +08:00

87 lines
5.2 KiB
XML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- 配置不需要安全管理的界面 -->
<http pattern="/CSS/**" security="none"></http>
<http pattern="/JS/**" security="none"></http>
<http pattern="/IMG/**" security="none"></http>
<http pattern="/jsp/login.jsp" security="none" />
<http pattern="/jsp/main.jsp" security="none" />
<http pattern="/index.jsp" security="none" />
<http use-expressions='true' entry-point-ref="myAuthenticationEntryPoint" > <!-- access-denied-page="/accessDenied.jsp" -->
<access-denied-handler error-page="/accessDenied"/>
<!-- 使用自己自定义的登陆认证过滤器 --><!-- 这里一定要注释掉,因为我们需要重写它的过滤器 -->
<form-login login-page="/jsp/login.jsp"
authentication-failure-url="/Login/doFail.do"
default-target-url="/Login/doPass.do"
/>
<!--访问/admin.jsp资源的用户必须具有ROLE_ADMIN的权限 -->
<!-- <intercept-url pattern="/admin.jsp" access="ROLE_ADMIN" /> -->
<!--访问/**资源的用户必须具有ROLE_USER的权限 -->
<!-- <intercept-url pattern="/**" access="ROLE_USER" /> -->
<!--防止多个用户同时登陆一个账号 -->
<session-management>
<concurrency-control max-sessions="1"
error-if-maximum-exceeded="false" />
</session-management>
<!-- 认证和授权 --><!-- 重写登陆认证的过滤器,使我们可以拿到任何参数 -->
<!-- <custom-filter ref="myAuthenticationFilter" position="FORM_LOGIN_FILTER" /> -->
<custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" />
<!-- 登出管理 -->
<logout invalidate-session="true" logout-url="/j_spring_security_logout" />
</http>
<!-- 未登录的切入点 --><!-- 需要有个切入点 -->
<b:bean id="myAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<b:property name="loginFormUrl" value="/jsp/login.jsp"></b:property>
</b:bean>
<!-- 登录验证器:用户有没有登录的资格 --><!-- 这个就是重写的认证过滤器 -->
<!-- <b:bean id="myAuthenticationFilter" class="com.lcy.springSecurity.MyAuthenticationFilter">
<b:property name="authenticationManager" ref="authenticationManager" />
<b:property name="filterProcessesUrl" value="/j_spring_security_check" />
<b:property name="authenticationSuccessHandler">
<b:bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<b:property name="defaultTargetUrl" value="/index.jsp" />
</b:bean>
</b:property>
<b:property name="authenticationFailureHandler">
<b:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<b:property name="defaultFailureUrl" value="/accessDenied.jsp" />
</b:bean>
</b:property>
</b:bean> -->
<!--一个自定义的filter必须包含 authenticationManager,accessDecisionManager,securityMetadataSource三个属性
我们的所有控制将在这三个类中实现,解释详见具体配置 -->
<b:bean id="myFilter"
class="com.sipai.security.MyFilterSecurityInterceptor">
<b:property name="authenticationManager" ref="authenticationManager" />
<b:property name="accessDecisionManager" ref="myAccessDecisionManagerBean" />
<b:property name="securityMetadataSource" ref="securityMetadataSource" />
</b:bean>
<!--验证配置认证管理器实现用户认证的入口主要实现UserDetailsService接口即可 -->
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="myUserDetailService">
<!--如果用户的密码采用加密的话 -->
<password-encoder hash="md5" />
</authentication-provider>
</authentication-manager>
<!--在这个类中,你就可以从数据库中读入用户的密码,角色信息,是否锁定,账号是否过期等 -->
<b:bean id="myUserDetailService" class="com.sipai.security.MyUserDetailServiceImpl" />
<!--访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源 -->
<b:bean id="myAccessDecisionManagerBean"
class="com.sipai.security.MyAccessDecisionManager">
</b:bean>
<!--资源源数据定义,将所有的资源和权限对应关系建立起来,即定义某一资源可以被哪些角色访问 -->
<b:bean id="securityMetadataSource"
class="com.sipai.security.MySecurityMetadataSource" />
</b:beans>
Reference in New Issue View Git Blame Copy Permalink