springsecurity3配置
2012-05-16 16:16
197 查看
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <!-- auto-config = true 则使用from-login. 如果不使用该属性 则默认为http-basic(没有session). access-denied-page:出错后跳转到的错误页面; --> <http auto-config="true" access-denied-page="/common/403.jsp" > <!-- intercept-url:拦截器,可以设定哪些路径需要哪些权限来访问. filters=none 不使用过滤,也可以理解为忽略 <intercept-url pattern="/index.jsp" access="ROLE_ADMIN"/> <intercept-url pattern="/save" filters="none" /> --> <intercept-url pattern="/login.jsp" filters="none" /> <intercept-url pattern="/common/**" filters="none" /> <intercept-url pattern="/js/**" filters="none" /> <intercept-url pattern="/main/**" filters="none"/> <intercept-url pattern="/mission/**" filters="none"/> <intercept-url pattern="/index.jsp" filters="none"/> <intercept-url pattern="/**" filters="none"/> <!-- session-management是针对session的管理. 这里可以不配置. 如有需求可以配置. --> <!-- id登陆唯一. 后登陆的账号会挤掉第一次登陆的账号 error-if-maximum-exceeded="true" 禁止2次登陆; session-fixation-protection="none" 防止伪造sessionid攻击. 用户登录成功后会销毁用户当前的session. 创建新的session,并把用户信息复制到新session中. --> <session-management session-fixation-protection="none" > <concurrency-control error-if-maximum-exceeded="true"/> </session-management> <!-- login-page:默认指定的登录页面. authentication-failure-url:出错后跳转页面. default-target-url:成功登陆后跳转页面 --> <form-login login-page="/login.jsp" authentication-success-handler-ref="jsonSuccessHandler" authentication-failure-url="/login.jsp?error=true" authentication-failure-handler-ref="jsonFailureHandler" default-target-url="/main.jsp" /> <!-- logout-success-url:成功注销后跳转到的页面; --> <logout logout-success-url="/login.jsp" /> <http-basic /> <custom-filter ref="bdFilter" before="FILTER_SECURITY_INTERCEPTOR" /> </http> <beans:bean id="jsonSuccessHandler" class="com.security.JsonSimpleUrlAuthenticationSuccessHandler"> <beans:property name="defaultTargetUrl" value="/main.jsp"></beans:property> </beans:bean> <beans:bean id="jsonFailureHandler" class="com.security.JsonSimpleUrlAuthenticationFailureHandler"> <beans:property name="defaultTargetUrl" value="/"></beans:property> </beans:bean> <beans:bean id="bdFilter" class="com.security.BdFilter"> <beans:property name="authenticationManager" ref="bdAuthenticationManager" /> <beans:property name="accessDecisionManager" ref="bdAccessDecisionManager" /> <beans:property name="securityMetadataSource" ref="bdSecurityMetadataSource" /> </beans:bean> <!-- 权限管理操作 --> <authentication-manager alias="bdAuthenticationManager"> <authentication-provider user-service-ref="userDetailsServiceImpl"> <!-- 密码加密方式. 常用的有md5 和 sha. salt-source: . . 类似在md5上又加了一层. 防止暴力破解. 追加安全性. <password-encoder hash="md5"> <salt-source user-property="username" /> </password-encoder> --> </authentication-provider> </authentication-manager> <beans:bean id="bdAccessDecisionManager" class="com.security.BdAccessDecision" /> <beans:bean id="bdSecurityMetadataSource" class="com.security.BdSecurityMetadataSoruce"> <beans:property name="resourceDaoImpl" ref="resourceDaoImpl"></beans:property> </beans:bean> <beans:bean id="userDetailsServiceImpl" class="com.security.BdUserService"> <beans:property name="userDaoImpl" ref="userDaoImpl"></beans:property> </beans:bean> <!-- --> <beans:bean id="userDaoImpl" class="com.persistence.impl.UserDaoImpl"> <beans:property name="sessionFactory" ref="sessionFactory"></beans:property> </beans:bean> <beans:bean id="resourceDaoImpl" class="com.persistence.impl.ResourceDaoImpl"> <beans:property name="sessionFactory" ref="sessionFactory"></beans:property> </beans:bean> </beans:beans>
相关文章推荐
- SpringSecurity4.1配置
- springsecurity3.0.5 filterSecurityInterceptor 使用和配置
- SpringSecurity3.0.5的配置文件及相关类
- SpringSecurity相关配置【SpringSecurityConfig】
- java配置springMvc--springSecurity、jdbc
- springsecurity中的配置文件设置remember-me 的原因及其安全性
- SpringSecurity安全配置—SSH整合
- SSM整合SpringSecurity实现权限管理实例 javaconfig配置方式
- springsecurity 登录form添加其他字段(基于java配置)
- springSecurity 登出logout配置
- Spring Security 3 配置
- SpringSecurity配置
- 使用SpringMVC创建Web工程并使用SpringSecurity进行权限控制的详细配置方法
- 手工配置springboot + spring security + thymeleaf + thymeleaf-extras-springsecurity
- SpringSecurity配置
- 关于springsecurity 的视图解析器(InternalResourceViewResolver)的三种配置方式
- springSecurity配置详解
- SpringSecurity (Spring权限验证) 之 配置1
- SpringSecurity | spring security oauth2.0 配置源码分析(一)
- springsecurity中的配置文件设置remember-me 的原因及其安全性