Spring Security使用一系列过滤器处理用户请求,下面是spring-security.xml配置文件。

 <?xml version="1.0" encoding="UTF-8"?>

 <beans:beans xmlns="http://www.springframework.org/schema/security"

     xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

     xsi:schemaLocation="http://www.springframework.org/schema/beans

            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd

            http://www.springframework.org/schema/security

            http://www.springframework.org/schema/security/spring-security.xsd">

     <!-- 自定义Spring Security过滤链 -->

     <beans:bean id="springSecurityFilterChain"

         class="org.springframework.security.web.FilterChainProxy">

         <beans:constructor-arg>

             <beans:list>

                 <filter-chain pattern="/resources/**" filters="channelProcessingFilter" />

                 <filter-chain pattern="/login" filters="channelProcessingFilter" />

                 <filter-chain pattern="/" filters="channelProcessingFilter" />

                 <filter-chain pattern="/error" filters="channelProcessingFilter" />

                 <filter-chain pattern="/**"

                     filters="channelProcessingFilter,securityContextPersistenceFilter,concurrentSessionFilter,usernamePasswordAuthenticationFilter,

                     rememberMeAuthenticationFilter,logoutFilter,exceptionTranslationFilter,felicityFilterSecurityInterceptor" />

             </beans:list>

         </beans:constructor-arg>

     </beans:bean>

     <beans:bean id="authenticationManager"

         class="org.springframework.security.authentication.ProviderManager">

         <beans:property name="providers">

             <beans:list>

                 <beans:ref bean="authenticationProvider" />

                 <beans:ref bean="rememberMeAuthenticationProvider" />

             </beans:list>

         </beans:property>

         <beans:property name="eraseCredentialsAfterAuthentication" value="false"></beans:property>

     </beans:bean>

     <beans:bean id="authenticationProvider"

         class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">

         <beans:property name="userDetailsService" ref="felicityUserDetailService" />

         <beans:property name="passwordEncoder" ref="passwordEncoder"></beans:property>

     </beans:bean>

     <beans:bean id="passwordEncoder"

         class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />

     <beans:bean id="felicityUserDetailService"

          class="com.sds.eci.security.FelicityUserDetailsService">

          <beans:property name="dataSource" ref="dataSource"></beans:property>

         <beans:property name="usersByUsernameQuery" value="select singleid as username, password, realname, userid, empno, ssoid, enabled from felicity_user where singleid = ?"></beans:property>

         <beans:property name="authoritiesByUsernameQuery" value="select u.singleid as username,ro.name as authority

                                                                 from felicity_user u

                                                                 right join felicity_userrole ur on u.userid=ur.userid

                                                                 right join felicity_role ro on ur.roleid=ro.roleid

                                                                 where u.singleid=?"></beans:property>

     </beans:bean>

     <!-- 信道拦截 -->

     <beans:bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter">

         <beans:property name="channelDecisionManager" ref="channelDecisionManager"/>

             <beans:property name="securityMetadataSource">

             <filter-security-metadata-source>

                 <intercept-url pattern="/**" access="REQUIRES_SECURE_CHANNEL"/>

                 <!-- <intercept-url pattern="/**" access="REQUIRES_INSECURE_CHANNEL"/>-->

             </filter-security-metadata-source>

         </beans:property>

     </beans:bean>

     <beans:bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl">

       <beans:property name="channelProcessors">

           <beans:list>

           <beans:ref bean="secureChannelProcessor"/>

           <beans:ref bean="insecureChannelProcessor"/>

           </beans:list>

        </beans:property>

     </beans:bean>

     <beans:bean id="secureChannelProcessor" class="org.springframework.security.web.access.channel.SecureChannelProcessor">

        <beans:property name="entryPoint">

             <beans:bean class="org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint">

                 <beans:property name="portMapper" ref="portMapper"></beans:property>

                 <beans:property name="portResolver" ref="portResolver"></beans:property>

             </beans:bean>

         </beans:property>

     </beans:bean>

     <beans:bean id="insecureChannelProcessor" class="org.springframework.security.web.access.channel.InsecureChannelProcessor">

         <beans:property name="entryPoint">

             <beans:bean class="org.springframework.security.web.access.channel.RetryWithHttpEntryPoint">

                 <beans:property name="portMapper" ref="portMapper"></beans:property>

                 <beans:property name="portResolver" ref="portResolver"></beans:property>

             </beans:bean>

         </beans:property>

     </beans:bean>

     <beans:bean id="portMapper" class="org.springframework.security.web.PortMapperImpl">

         <beans:property name="portMappings">

             <beans:map>

                 <beans:entry key="8080" value="443"></beans:entry>

                 <beans:entry key="80" value="443"></beans:entry>

                 <beans:entry key="9090" value="9443"></beans:entry>

             </beans:map>

         </beans:property>

     </beans:bean>

     <beans:bean id="portResolver" class="org.springframework.security.web.PortResolverImpl">

         <beans:property name="portMapper" ref="portMapper"></beans:property>

     </beans:bean>

     <!-- securityContext拦截 -->

     <beans:bean  id="securityContextPersistenceFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter">

         <beans:property name="securityContextRepository" ref="securityContextRepository" />

     </beans:bean>

     <beans:bean id="securityContextRepository" class="org.springframework.security.web.context.HttpSessionSecurityContextRepository">

         <beans:property name="allowSessionCreation" value="true" />

         <beans:property name="disableUrlRewriting" value="false" />

     </beans:bean> 

     <!-- usernamePassword授权拦截 -->

     <beans:bean id="usernamePasswordAuthenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">

         <beans:property name="usernameParameter" value="username"></beans:property>

         <beans:property name="passwordParameter" value="password"></beans:property>

         <beans:property name="authenticationManager"  ref="authenticationManager"></beans:property>

         <beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"></beans:property>

         <beans:property name="authenticationFailureHandler">

             <beans:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">

                 <beans:property name="defaultFailureUrl" value="/login?para=loginfailure"></beans:property>

             </beans:bean>

         </beans:property>

         <beans:property name="sessionAuthenticationStrategy" ref="sessionAuthenticationStrategy" />

         <beans:property name="rememberMeServices" ref="rememberMeServices" />

     </beans:bean>

     <beans:bean id="authenticationSuccessHandler" class="com.sds.eci.security.FelicityAuthenticationSuccessHandler">

         <beans:property name="defaultTargetUrl" value="/questions"></beans:property>

         <beans:property name="securityMetadataSource" ref="felicitysecurityMetadataSource" />

     </beans:bean>

     <!-- 2注销过滤器 -->

     <beans:bean id="logoutFilter"

         class="org.springframework.security.web.authentication.logout.LogoutFilter">

         <beans:constructor-arg value="/login" /><!-- 退出成功后处理URL -->

         <beans:constructor-arg>

             <beans:array>

                 <beans:ref bean="logoutHandler" />

                 <beans:ref bean="rememberMeServices" />

             </beans:array>

         </beans:constructor-arg>

         <beans:property name="filterProcessesUrl" value="/j_spring_security_logout" /><!-- 退出处理URL -->

     </beans:bean>

     <!-- 注销监听器  -->

     <beans:bean id="logoutHandler"

         class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">

     </beans:bean>

     <!-- 7记住密码功能(COOKIE方式) -->

     <beans:bean id="rememberMeAuthenticationFilter"

         class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">

         <beans:property name="rememberMeServices" ref="rememberMeServices" />

         <beans:property name="authenticationManager" ref="authenticationManager" />

         <beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"></beans:property>

     </beans:bean>

     <!-- rememberMe -->

     <beans:bean id="rememberMeServices"

         class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">

         <beans:constructor-arg name="key" value="springRocks"></beans:constructor-arg>

         <beans:constructor-arg name="userDetailsService" ref="felicityUserDetailService"></beans:constructor-arg>

         <!-- 默认时间604800秒(一个星期) -->

         <beans:property name="tokenValiditySeconds" value="604800" />

     </beans:bean>

     <beans:bean id="rememberMeAuthenticationProvider"

         class="org.springframework.security.authentication.RememberMeAuthenticationProvider">

         <beans:property name="key" value="springRocks" />

     </beans:bean>

     <!-- 用户的权限控制过滤器 -->

     <beans:bean id="felicityFilterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">

         <beans:property name="rejectPublicInvocations" value="true"></beans:property>

         <beans:property name="authenticationManager"

              ref="authenticationManager" />

         <beans:property name="accessDecisionManager"

              ref="felicityAccessDecisionManagerBean" />

         <beans:property name="securityMetadataSource"

              ref="felicitysecurityMetadataSource" />

     </beans:bean>

     <!-- 访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源 -->

     <beans:bean id="felicityAccessDecisionManagerBean"

          class="com.sds.eci.security.FelicityAccessDecisionManager">

     </beans:bean>  

     <!-- 资源源数据定义,即定义某一资源可以被哪些角色访问 -->

     <beans:bean id="felicitysecurityMetadataSource"

          class="com.sds.eci.security.FelicitySecurityMetadataSource">

         <beans:constructor-arg ref="dataSource"></beans:constructor-arg>

         <beans:constructor-arg type="java.lang.String" value="select rce.url, r.name, rce.pid from felicity_role r inner join felicity_roleresource rrce on r.roleid = rrce.roleid inner join felicity_resource rce on rrce.resourceid = rce.resourceid order by pid, sort"></beans:constructor-arg>

     </beans:bean>

     <!-- 页面标签权限功能依赖 -->

     <beans:bean id="webInvocationFilter"

        class="org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator">

        <beans:constructor-arg ref="felicityFilterSecurityInterceptor" />

     </beans:bean>

     <!-- 9异常处理过滤器 -->

     <beans:bean id="exceptionTranslationFilter"

         class="org.springframework.security.web.access.ExceptionTranslationFilter">

         <beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint" />

         <beans:property name="accessDeniedHandler">

             <!-- 拒绝未授权访问跳转 -->

             <beans:bean

                 class="com.sds.eci.security.FelicityAccessDeniedHandler">

                 <beans:property name="errorPage" value="/403" />

             </beans:bean>

         </beans:property>

     </beans:bean>

     <beans:bean id="authenticationEntryPoint"

         class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">

         <beans:property name="loginFormUrl" value="/login?para=errorauth"></beans:property>

     </beans:bean>

     <!-- sessionManagementFilter -->

     <beans:bean id="concurrentSessionFilter"

         class="org.springframework.security.web.session.ConcurrentSessionFilter">

         <beans:property name="sessionRegistry" ref="sessionRegistry" />

         <beans:property name="expiredUrl" value="/login?para=multi" />

     </beans:bean>

     <beans:bean id="sessionAuthenticationStrategy"

         class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">

         <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />

         <beans:property name="maximumSessions" value="1" />

     </beans:bean>

     <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />

 </beans:beans>

Spring Security学习笔记-自定义Spring Security过滤链的更多相关文章

  1. spring揭密学习笔记(1) --spring的由来

    1.spring起源于在EJB暴露出各种严重问题的情况应运而生. Spring是于2003年兴起的一个轻量级的Java开发框架, Spring倡导一切从实际出发,以实用的态度来选择适合当前开发场景的解 ...

  2. Spring Boot 学习笔记 - 认识Spring Boot框架

    因各种原因,.NET前端工程师重新接触JAVA,真是向全栈的路上又迈出了无奈的一步. 下面正文: Spring Boot是由Pivotal团队提供的全新框架,其设计目的是用来简化新Spring应用的初 ...

  3. spring揭密学习笔记(3)-spring ioc容器:Spring的IoC容器之BeanFactory

    1. Spring的IoC容器和IoC Service Provider的关系 Spring的IoC容器和IoC Service Provider所提供的服务之间存在一定的交集,二者的关系如图4-1所 ...

  4. spring揭密学习笔记(3)-spring ioc容器:掌管大局的IoC Service Provider

    1.IOC service Provider的概念.IoC Service Provider在这里是一个抽象出来的概念,它可以指代任何将IoC场景中的业务对象绑定到一起的实现方式.它可以是一段代码,也 ...

  5. spring揭密学习笔记(2)-spring ioc容器:IOC的基本概念

    1. IoC的理念就是,让别人为你服务!2. 其实IoC就这么简单!原来是需要什么东西自己去拿,现在是需要什么东西就让别人送过来.一个生动的示例 3.三种依赖注入的方式 IoC模式最权威的总结和解释, ...

  6. spring揭密学习笔记

    spring揭密学习笔记 spring揭密学习笔记(1) --spring的由来 spring揭密学习笔记(2)-spring ioc容器:IOC的基本概念

  7. SpringBoot + Spring Security 学习笔记(五)实现短信验证码+登录功能

    在 Spring Security 中基于表单的认证模式,默认就是密码帐号登录认证,那么对于短信验证码+登录的方式,Spring Security 没有现成的接口可以使用,所以需要自己的封装一个类似的 ...

  8. SpringBoot + Spring Security 学习笔记(三)实现图片验证码认证

    整体实现逻辑 前端在登录页面时,自动从后台获取最新的验证码图片 服务器接收获取生成验证码请求,生成验证码和对应的图片,图片响应回前端,验证码保存一份到服务器的 session 中 前端用户登录时携带当 ...

  9. Spring Security 学习笔记-securityContext过滤器

    位于过滤器顶端,第一个起作用的过滤器.SecurityContextPersistenceFilter 在执行其他过滤器之前,率先判断用户的session中是否已经存在一个SecurityContex ...

随机推荐

  1. hdu3879 最大权闭合图

    若a,b 2点能够相连,那么可以得到ci的价值,也就是说a,b是得到c的前提条件,对于每一个点,又有耗费. 对于本题,先求出最多能够得到的利益有多少,最小割=未被 选的用户的收益之和 + 被选择的站点 ...

  2. oracle如何检查用户是否用了默认密码

    如果使用默认密码,很可能就对你的数据库造成一定的安全隐患,那么可以使用如下的查询获得那些用户使用默认密码 select username "User(s) with Default Pass ...

  3. 跟我一起认识axure(二)

    创建企业网站页面步骤 第一步修改这里 变成 第一部分就完成了 第二部分部件窗口 在Axure中设计页面像小时候玩的拼图游戏,那么部件窗口就是专门用来存放拼图块的容器 使用部件窗口中常用的部件设计欢迎页 ...

  4. 通过在__init__.py中定义__all__变量,来简化from*import*的书写

    下图是一个带被引入使用的包的结构,包名比较长,给书写from*import*带来很多麻烦 为了解决麻烦,在__init__.py编写了如下内容 from .httputil import HTTPUt ...

  5. poj3532 Round Numbers

      题意:给出l.r,求区间[l,r]内二进制中0的个数大于等于1的个数的数字有多少个. 简单的数位dp. //Serene #include<algorithm> #include< ...

  6. 【To Read】LeetCode | Jump Game II(转载)

    题目: Given an array of non-negative integers, you are initially positioned at the first index of the ...

  7. NS2学习笔记

    这两天在调一个仿真程序,比较奇怪的错误,就是一个节点广播消息,在它通信半径内的节点收不到消息,一直在通信上找问题,找了半天也没找到. 最后,用gdb调试,发现在一个操作指针处发生了段错误,引起的原因时 ...

  8. HZOJ Dash Speed

    测试点1-2:暴力. 测试点3-4:可以将边按r从大到小排序不断加入,然后用并茶几维护深度.好像也可以用猫树做. 好吧其他的部分分并没有看懂. 正解: 线段树分治,求出每个速度的答案. 对于速度区间$ ...

  9. 【NS2】Installing ns-2.29 in Ubuntu 12.04

    Installing ns-2.29 in Ubuntu 12.04     Off late, we try to use(install) a old software in a new Oper ...

  10. SQL注入原理讲解,很不错!

    SQL注入原理讲解,很不错! 原文地址:http://www.cnblogs.com/rush/archive/2011/12/31/2309203.html 1.1.1 摘要 日前,国内最大的程序员 ...