applicationContext-security-acegi.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN 2.0//EN" "http://www.springframework.org/dtd/spring-beans-2.0.dtd">
<beans default-lazy-init="true" default-autowire="byName">
<bean id="channelProcessingFilter"
class="org.acegisecurity.securechannel.ChannelProcessingFilter">
<property name="channelDecisionManager">
<ref local="channelDecisionManager"/>
</property>
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/j_security_check=REQUIRES_CAPTCHA_ONCE_ABOVE_THRESOLD_REQUESTS
</value>
</property>
</bean>
<bean id="channelDecisionManager"
class="org.acegisecurity.securechannel.ChannelDecisionManagerImpl">
<property name="channelProcessors">
<list>
<ref local="testOnceAfterMaxRequestsCaptchaChannelProcessor"/>
<ref local="alwaysTestAfterTimeInMillisCaptchaChannelProcessor"/>
<ref local="alwaysTestAfterMaxRequestsCaptchaChannelProcessor"/>
<ref local="alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor"/>
</list>
</property>
</bean>
<!-- REQUIRES_CAPTCHA_ONCE_ABOVE_THRESOLD_REQUESTS -->
<bean id="testOnceAfterMaxRequestsCaptchaChannelProcessor"
class="org.acegisecurity.captcha.TestOnceAfterMaxRequestsCaptchaChannelProcessor">
<property name="thresold">
<value>0</value>
</property>
<property name="entryPoint">
<ref bean="captchaEntryPoint"/>
</property>
</bean>
<!-- REQUIRES_CAPTCHA_ABOVE_THRESOLD_REQUESTS -->
<bean id="alwaysTestAfterMaxRequestsCaptchaChannelProcessor"
class="org.acegisecurity.captcha.AlwaysTestAfterMaxRequestsCaptchaChannelProcessor">
<property name="thresold">
<value>5</value>
</property>
<property name="entryPoint">
<ref bean="captchaEntryPoint"/>
</property>
</bean>
<!-- REQUIRES_CAPTCHA_AFTER_THRESOLD_IN_MILLIS -->
<bean id="alwaysTestAfterTimeInMillisCaptchaChannelProcessor"
class="org.acegisecurity.captcha.AlwaysTestAfterTimeInMillisCaptchaChannelProcessor">
<property name="thresold">
<value>5000</value>
</property>
<property name="entryPoint">
<ref bean="captchaEntryPoint"/>
</property>
</bean>
<!-- REQUIRES_CAPTCHA_BELOW_AVERAGE_TIME_IN_MILLIS_REQUESTS -->
<bean
id="alwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor"
class="org.acegisecurity.captcha.AlwaysTestBelowAverageTimeInMillisBetweenRequestsChannelProcessor">
<property name="thresold">
<value>20000</value>
</property>
<property name="entryPoint">
<ref bean="captchaEntryPoint"/>
</property>
</bean>
<bean id="captchaEntryPoint"
class="org.acegisecurity.captcha.CaptchaEntryPoint">
<property name="captchaFormUrl">
<value>/login.jsp?login_error=code_error</value>
</property>
<property name="includeOriginalRequest">
<value>false</value>
</property>
<property name="includeOriginalParameters">
<value>false</value>
</property>
</bean>
<bean id="captchaValidationProcessingFilter"
class="org.acegisecurity.captcha.CaptchaValidationProcessingFilter">
<property name="captchaService">
<ref bean="captchaService"/>
</property>
<property name="captchaValidationParameter" value="j_captcha_response"/>
</bean>
<!-- imageCaptchaService is injected into captchaImageCreateController as well as to captchaService beans -->
<bean id="captchaService" class="com.systop.common.security.jcaptcha.JCaptchaServiceProxyImpl">
<property name="jcaptchaService" ref="imageCaptchaService"/>
</bean>
<bean id="imageCaptchaService" class="com.octo.captcha.service.image.DefaultManageableImageCaptchaService">
<constructor-arg type="com.octo.captcha.service.captchastore.CaptchaStore" index="0">
<ref bean="fastHashMapCaptchaStore"/>
</constructor-arg>
<!-- (1) which captcha Engine you use -->
<constructor-arg type="com.octo.captcha.engine.CaptchaEngine" index="1">
<ref bean="captchaEngineEx"/>
</constructor-arg>
<constructor-arg index="2">
<value>180</value>
</constructor-arg>
<constructor-arg index="3">
<value>100000</value>
</constructor-arg>
<constructor-arg index="4">
<value>75000</value>
</constructor-arg>
</bean>
<bean id="fastHashMapCaptchaStore" class="com.octo.captcha.service.captchastore.FastHashMapCaptchaStore"/>
<!-- (2) you can define more than one captcha engine here -->
<bean id="captchaEngineEx"
class="com.systop.common.security.jcaptcha.engine.CaptchaEngineEx"/>
</beans>
applicationContext-security-captcha.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans-2.0.dtd">
<beans default-lazy-init="true" default-autowire="byName">
<!-- ======================== FILTER CHAIN ======================= -->
<!-- if you wish to use channel security, add "channelProcessingFilter," in front
of "httpSessionContextIntegrationFilter" in the list below -->
<!--
FilterChainProxy会按顺序来调用这些filter,使这些filter能享用Spring ioc的功能,
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON定义了url比较前先转为小写
PATTERN_TYPE_APACHE_ANT定义了使用Apache ant的匹配模式
如果加入了验证码,则在logoutFilter后加入captchaValidationProcessingFilter
如果加入channel验证,把channelProcessingFilter加到authenticationProcessingFilter之前
-->
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,captchaValidationProcessingFilter,channelProcessingFilter,authenticationProcessingFilter,basicProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<!-- ======================== AUTHENTICATION ======================= -->
<!--
通过Providers提供认证者列表,如果一个认证提供者失败可以尝试另外一个认证提供者,以保证获取不同来源的身份认证,如
DaoAuthenticationProvider 从数据库中读取用户信息验证身份
AnonymousAuthenticationProvider 匿名用户身份认证
RememberMeAuthenticationProvider 已存cookie中的用户信息身份认证
其它的还有
AuthByAdapterProvider 使用容器的适配器验证身份
CasAuthenticationProvider 根据Yale中心认证服务验证身份, 用于实现单点登陆
JaasAuthenticationProvider 从JAAS登陆配置中获取用户信息验证身份
RemoteAuthenticationProvider 根据远程服务验证用户身份
RunAsImplAuthenticationProvider 对身份已被管理器替换的用户进行验证
X509AuthenticationProvider 从X509认证中获取用户信息验证身份
TestingAuthenticationProvider 单元测试时使用
每个认证者会对自己指定的证明信息进行认证,如DaoAuthenticationProvider仅对UsernamePasswordAuthenticationToken这个证明信息进行认证。
-->
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref local="daoAuthenticationProvider" />
<ref local="anonymousAuthenticationProvider" />
<ref local="rememberMeAuthenticationProvider" />
<!-- testingAuthenticationProvider仅供测试环境用,正式生产平台请去除
<ref local="testingAuthenticationProvider"/> -->
</list>
</property>
<!-- property name="sessionController">
<ref bean="concurrentSessionController" />
</property-->
</bean>
<!-- 可以阻止某个用户名在已经成功登录进web应用的同时再进行一次成功的登录 -->
<bean id="concurrentSessionController"
class="org.acegisecurity.concurrent.ConcurrentSessionControllerImpl">
<property name="maximumSessions">
<value>1</value>
</property>
<property name="sessionRegistry">
<ref local="sessionRegistry" />
</property>
<property name="exceptionIfMaximumExceeded" value="true" />
</bean>
<bean id="sessionRegistry"
class="org.acegisecurity.concurrent.SessionRegistryImpl" />
<!--
jdbcDaoImpl 用于在数据中获取用户信息。
acegi提供了用户及授权的表结构,但是您也可以自己来实现。
-->
<bean id="jdbcDaoImpl" class="com.systop.common.security.acegi.UserDetailService">
<property name="userManager" ref="userManager"></property>
<!-- property name="userCache" ref="userCache"></property-->
</bean>
<!-- 缓存用户和资源相对应的权限信息 -->
<bean id="userCache" class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache"><ref local="userCacheBackend"/></property>
</bean>
<bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<ref local="cacheManager"/>
</property>
<property name="cacheName">
<value>userCache</value>
</property>
</bean>
<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
<!-- 使用Md5算法加密 -->
<bean id="passwordEncoder"
class="org.acegisecurity.providers.encoding.Md5PasswordEncoder" />
<!--
userDetailsService 定义jdbcDaoImpl从数据库获取用户信息
userCache ehcache缓存user信息。
passwordEncoder 取得密码后作加密
-->
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="jdbcDaoImpl" />
<property name="userCache" ref="userCache" />
<property name="passwordEncoder" ref="passwordEncoder" />
<property name="saltSource"><null/></property>
</bean>
<!--
<bean id="testingAuthenticationProvider"
class="org.acegisecurity.providers.TestingAuthenticationProvider"/>
-->
<!-- 自动接收 AuthenticationEvent 信息 -->
<bean id="loggerListener"
class="org.acegisecurity.event.authentication.LoggerListener" />
<!--
用于处理HTTP头的认证信息,如从Spring远程协议(如Hessian和Burlap)或普通的浏览器如IE,Navigator的HTTP头中获取用户信息
-->
<bean id="basicProcessingFilter"<
http://wtnhwbb.iteye.com/blog/107740
分享到:
相关推荐
被解剖的acegi配置文件. 博文链接:https://rmn190.iteye.com/blog/175041
Acegi配置.mhtAcegi配置的相关配置的信息在里面有一些
acegi配置文件清单
Acegi配置指南[整理].pdf
Acegi是基于Spring Web应用的安全框架,即是“声明式”的访问安全控制的解决方案,用户基本上不需编写代码而仅通过配置就可以实施应用系统的安全。
acegi配置,让你更好的合理的了解acegi是什么
acegi实例,acegi详细配置和代码实现
applicationContext-acegi-security.xml acegi配置文件 博文链接:https://yahaitt.iteye.com/blog/143432
<br>真正高效的acegi权限配置,有效为你节省大量时间,因为你不需要再花费大量时间耗费在网络上查找“关于acegi的配置”; <br>acegi中高级配置在后文将陆续推出,敬请时刻关注; <br>下载资源仅需4分,相信你...
CAS及客户端Acegi的安装配置指南 CAS及客户端Acegi的安装配置指南
jar包 博文链接:https://fengzgxing.iteye.com/blog/248761
如何定义spring security的安全认证框架,对url和系统类method进行过滤以及权限分配和控制
详解acegi的实现方法,附有acegi的解释说明,不过是英文版的,请下载之前考虑好哦
acegi在spring中的完整配置 spring与acegi的结合