posts - 431,  comments - 344,  trackbacks - 0

applicationContext-acegi-security.xml
1.filterChainProxy配置
<bean id="filterChainProxy" class="org.acegisecurity.util.FilterChainProxy">
  <property name="filterInvocationDefinitionSource">
   <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
   </value>
  </property>
 </bean>

2.httpSessionContextIntegrationFilter配置
<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter"/>

3.logoutFilter配置
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
  <constructor-arg value="/index.jsp"/> <!-- URL redirected to after logout -->
  <constructor-arg>
   <list>
    <ref bean="rememberMeServices"/>
    <bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler"/>
   </list>
  </constructor-arg>
 </bean>

4.authenticationProcessingFilter配置
<bean id="authenticationProcessingFilter" class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
  <property name="authenticationManager" ref="authenticationManager"/>
  <property name="authenticationFailureUrl" value="/login.jsp?login_error=1"/>
  <property name="defaultTargetUrl" value="/"/>
  <property name="filterProcessesUrl" value="/j_acegi_security_check"/>
  <property name="rememberMeServices" ref="rememberMeServices"/>
 </bean>

5.securityContextHolderAwareRequestFilter配置
<bean id="securityContextHolderAwareRequestFilter" class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter"/>

6.rememberMeProcessingFilter配置
<bean id="rememberMeProcessingFilter" class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
  <property name="authenticationManager" ref="authenticationManager"/>
  <property name="rememberMeServices" ref="rememberMeServices"/>
 </bean>

7.anonymousProcessingFilter配置
<bean id="anonymousProcessingFilter" class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
  <property name="key" value="changeThis"/>
  <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
 </bean>

8.exceptionTranslationFilter配置
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
  <property name="authenticationEntryPoint">
   <bean class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    <property name="loginFormUrl" value="/login.jsp"/>
    <property name="forceHttps" value="false"/>
   </bean>
  </property>
  <property name="accessDeniedHandler">
   <bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
    <property name="errorPage" value="/accessDenied.jsp"/>
   </bean>
  </property>
 </bean>

9.filterInvocationInterceptor配置
<bean id="filterInvocationInterceptor" class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
  <property name="authenticationManager" ref="authenticationManager"/>
  <property name="accessDecisionManager" ref="accessDecisionManager"/>
  <property name="objectDefinitionSource">
   <value>
    PATTERN_TYPE_APACHE_ANT
    /mainFrame.html=admin,user
    /文件夹1/*.html*=admin,user
    /文件夹2/*.html*=admin,user
    /文件夹3/*.html*=admin
    /accessDenied.jsp*=ROLE_ANONYMOUS
   </value>
  </property>
 </bean>

10.accessDecisionManager配置
<bean id="accessDecisionManager" class="org.acegisecurity.vote.AffirmativeBased">
  <property name="allowIfAllAbstainDecisions" value="false"/>
  <property name="decisionVoters">
   <list>
    <bean class="org.acegisecurity.vote.RoleVoter">
     <property name="rolePrefix" value=""/>
    </bean>
    <bean class="org.acegisecurity.vote.AuthenticatedVoter"/>
   </list>
  </property>
 </bean>

11.rememberMeServices配置

 <bean id="rememberMeServices" class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
  <property name="userDetailsService" ref="userDetailsService"/>
  <property name="key" value="changeThis"/>
 </bean>

12.authenticationManager配置

 <bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
  <property name="providers">
   <list>
    <ref local="daoAuthenticationProvider"/>
    <bean class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
     <property name="key" value="changeThis"/>
    </bean>
    <bean class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
     <property name="key" value="changeThis"/>
    </bean>
   </list>
  </property>
 </bean>

13.daoAuthenticationProvider配置

 <bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
  <property name="userDetailsService" ref="userDetailsService"/>
  <property name="userCache">
   <bean class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
    <property name="cache">
     <bean class="org.springframework.cache.ehcache.EhCacheFactoryBean">
      <property name="cacheManager">
       <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
        <property name="configLocation" value="classpath:ehcache.xml"/>
       </bean>
      </property>
      <property name="cacheName" value="userCache"/>
     </bean>
    </property>
   </bean>
  </property>
 </bean>

14.methodSecurityInterceptor配置
 
 <bean id="methodSecurityInterceptor" class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
  <property name="authenticationManager" ref="authenticationManager"/>
  <property name="accessDecisionManager" ref="accessDecisionManager"/>
  <property name="objectDefinitionSource">
    <value>
     com.rain.wsh.service.IUserService.get*=IS_AUTHENTICATED_ANONYMOUSLY
      com.rain.wsh.service.IUserService.create*=IS_AUTHENTICATED_ANONYMOUSLY
      com.rain.wsh.service.IUserService.update*=IS_AUTHENTICATED_ANONYMOUSLY
      com.rain.wsh.service.IUserService.delete*=IS_AUTHENTICATED_ANONYMOUSLY 
   </value>
  </property>
 </bean>

15.loggerListener配置

 <!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
 <bean id="loggerListener" class="org.acegisecurity.event.authentication.LoggerListener"/>

注:userDetailsService定义为:
<bean id="userDetailsService" class="com.rain.wsh.service.impl.UserDetailsServiceImpl"/>

package com.rain.wsh.service.impl;

import org.acegisecurity.userdetails.UserDetails;
import org.acegisecurity.userdetails.UserDetailsService;
import org.acegisecurity.userdetails.UsernameNotFoundException;
import org.springframework.dao.DataAccessException;

import com.rain.wsh.dao.IUserDAO;

public class UserDetailsServiceImpl implements UserDetailsService {
 private final Logger log = Logger.getLogger(getClass());
 
 private IUserDAO userDAO;
 
 /**
  * @return the userDAO
  */
 public IUserDAO getUserDAO() {
  return userDAO;
 }

 /**
  * @param userDAO the userDAO to set
  */
 public void setUserDAO(IUserDAO userDAO) {
  this.userDAO = userDAO;
 }
 
 /*
  * (non-Javadoc)
  * @see org.acegisecurity.userdetails.UserDetailsService#loadUserByUsername(java.lang.String)
  */
 public UserDetails loadUserByUsername(String userName) throws UsernameNotFoundException, DataAccessException {
  
  UserDetails user = userDAO.getUserByName(userName);
  if (user == null) {
   log.error("The user was not found:" + userName);
   throw new UsernameNotFoundException("The user was not found:" + userName);
  }
  return user;
 }

}

注意user必须实现Serializable, UserDetails

posted on 2007-03-29 10:32 周锐 阅读(724) 评论(0)  编辑  收藏 所属分类: Spring

只有注册用户登录后才能发表评论。


网站导航: