Spring Security使用一系列过滤器处理用户请求,下面是spring-security.xml配置文件。

 <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd"> <!-- 自定义Spring Security过滤链 -->
<beans:bean id="springSecurityFilterChain"
class="org.springframework.security.web.FilterChainProxy">
<beans:constructor-arg>
<beans:list>
<filter-chain pattern="/resources/**" filters="channelProcessingFilter" />
<filter-chain pattern="/login" filters="channelProcessingFilter" />
<filter-chain pattern="/" filters="channelProcessingFilter" />
<filter-chain pattern="/error" filters="channelProcessingFilter" />
<filter-chain pattern="/**"
filters="channelProcessingFilter,securityContextPersistenceFilter,concurrentSessionFilter,usernamePasswordAuthenticationFilter,
rememberMeAuthenticationFilter,logoutFilter,exceptionTranslationFilter,felicityFilterSecurityInterceptor" />
</beans:list>
</beans:constructor-arg>
</beans:bean> <beans:bean id="authenticationManager"
class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref bean="authenticationProvider" />
<beans:ref bean="rememberMeAuthenticationProvider" />
</beans:list>
</beans:property>
<beans:property name="eraseCredentialsAfterAuthentication" value="false"></beans:property>
</beans:bean>
<beans:bean id="authenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="felicityUserDetailService" />
<beans:property name="passwordEncoder" ref="passwordEncoder"></beans:property>
</beans:bean> <beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" /> <beans:bean id="felicityUserDetailService"
class="com.sds.eci.security.FelicityUserDetailsService">
<beans:property name="dataSource" ref="dataSource"></beans:property>
<beans:property name="usersByUsernameQuery" value="select singleid as username, password, realname, userid, empno, ssoid, enabled from felicity_user where singleid = ?"></beans:property>
<beans:property name="authoritiesByUsernameQuery" value="select u.singleid as username,ro.name as authority
from felicity_user u
right join felicity_userrole ur on u.userid=ur.userid
right join felicity_role ro on ur.roleid=ro.roleid
where u.singleid=?"></beans:property>
</beans:bean> <!-- 信道拦截 -->
<beans:bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter">
<beans:property name="channelDecisionManager" ref="channelDecisionManager"/>
<beans:property name="securityMetadataSource">
<filter-security-metadata-source>
<intercept-url pattern="/**" access="REQUIRES_SECURE_CHANNEL"/>
<!-- <intercept-url pattern="/**" access="REQUIRES_INSECURE_CHANNEL"/>-->
</filter-security-metadata-source>
</beans:property>
</beans:bean>
<beans:bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl">
<beans:property name="channelProcessors">
<beans:list>
<beans:ref bean="secureChannelProcessor"/>
<beans:ref bean="insecureChannelProcessor"/>
</beans:list>
</beans:property>
</beans:bean>
<beans:bean id="secureChannelProcessor" class="org.springframework.security.web.access.channel.SecureChannelProcessor">
<beans:property name="entryPoint">
<beans:bean class="org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint">
<beans:property name="portMapper" ref="portMapper"></beans:property>
<beans:property name="portResolver" ref="portResolver"></beans:property>
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="insecureChannelProcessor" class="org.springframework.security.web.access.channel.InsecureChannelProcessor">
<beans:property name="entryPoint">
<beans:bean class="org.springframework.security.web.access.channel.RetryWithHttpEntryPoint">
<beans:property name="portMapper" ref="portMapper"></beans:property>
<beans:property name="portResolver" ref="portResolver"></beans:property>
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="portMapper" class="org.springframework.security.web.PortMapperImpl">
<beans:property name="portMappings">
<beans:map>
<beans:entry key="8080" value="443"></beans:entry>
<beans:entry key="80" value="443"></beans:entry>
<beans:entry key="9090" value="9443"></beans:entry>
</beans:map>
</beans:property>
</beans:bean>
<beans:bean id="portResolver" class="org.springframework.security.web.PortResolverImpl">
<beans:property name="portMapper" ref="portMapper"></beans:property>
</beans:bean> <!-- securityContext拦截 -->
<beans:bean id="securityContextPersistenceFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
<beans:property name="securityContextRepository" ref="securityContextRepository" />
</beans:bean>
<beans:bean id="securityContextRepository" class="org.springframework.security.web.context.HttpSessionSecurityContextRepository">
<beans:property name="allowSessionCreation" value="true" />
<beans:property name="disableUrlRewriting" value="false" />
</beans:bean> <!-- usernamePassword授权拦截 -->
<beans:bean id="usernamePasswordAuthenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="usernameParameter" value="username"></beans:property>
<beans:property name="passwordParameter" value="password"></beans:property>
<beans:property name="authenticationManager" ref="authenticationManager"></beans:property>
<beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"></beans:property>
<beans:property name="authenticationFailureHandler">
<beans:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login?para=loginfailure"></beans:property>
</beans:bean>
</beans:property>
<beans:property name="sessionAuthenticationStrategy" ref="sessionAuthenticationStrategy" />
<beans:property name="rememberMeServices" ref="rememberMeServices" />
</beans:bean>
<beans:bean id="authenticationSuccessHandler" class="com.sds.eci.security.FelicityAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/questions"></beans:property>
<beans:property name="securityMetadataSource" ref="felicitysecurityMetadataSource" />
</beans:bean> <!-- 2注销过滤器 -->
<beans:bean id="logoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg value="/login" /><!-- 退出成功后处理URL -->
<beans:constructor-arg>
<beans:array>
<beans:ref bean="logoutHandler" />
<beans:ref bean="rememberMeServices" />
</beans:array>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/j_spring_security_logout" /><!-- 退出处理URL -->
</beans:bean>
<!-- 注销监听器 -->
<beans:bean id="logoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
</beans:bean> <!-- 7记住密码功能(COOKIE方式) -->
<beans:bean id="rememberMeAuthenticationFilter"
class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
<beans:property name="rememberMeServices" ref="rememberMeServices" />
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"></beans:property>
</beans:bean>
<!-- rememberMe -->
<beans:bean id="rememberMeServices"
class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
<beans:constructor-arg name="key" value="springRocks"></beans:constructor-arg>
<beans:constructor-arg name="userDetailsService" ref="felicityUserDetailService"></beans:constructor-arg>
<!-- 默认时间604800秒(一个星期) -->
<beans:property name="tokenValiditySeconds" value="604800" />
</beans:bean>
<beans:bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
<beans:property name="key" value="springRocks" />
</beans:bean> <!-- 用户的权限控制过滤器 -->
<beans:bean id="felicityFilterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<beans:property name="rejectPublicInvocations" value="true"></beans:property>
<beans:property name="authenticationManager"
ref="authenticationManager" />
<beans:property name="accessDecisionManager"
ref="felicityAccessDecisionManagerBean" />
<beans:property name="securityMetadataSource"
ref="felicitysecurityMetadataSource" />
</beans:bean> <!-- 访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源 -->
<beans:bean id="felicityAccessDecisionManagerBean"
class="com.sds.eci.security.FelicityAccessDecisionManager">
</beans:bean> <!-- 资源源数据定义,即定义某一资源可以被哪些角色访问 -->
<beans:bean id="felicitysecurityMetadataSource"
class="com.sds.eci.security.FelicitySecurityMetadataSource">
<beans:constructor-arg ref="dataSource"></beans:constructor-arg>
<beans:constructor-arg type="java.lang.String" value="select rce.url, r.name, rce.pid from felicity_role r inner join felicity_roleresource rrce on r.roleid = rrce.roleid inner join felicity_resource rce on rrce.resourceid = rce.resourceid order by pid, sort"></beans:constructor-arg>
</beans:bean> <!-- 页面标签权限功能依赖 -->
<beans:bean id="webInvocationFilter"
class="org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator">
<beans:constructor-arg ref="felicityFilterSecurityInterceptor" />
</beans:bean> <!-- 9异常处理过滤器 -->
<beans:bean id="exceptionTranslationFilter"
class="org.springframework.security.web.access.ExceptionTranslationFilter">
<beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
<beans:property name="accessDeniedHandler">
<!-- 拒绝未授权访问跳转 -->
<beans:bean
class="com.sds.eci.security.FelicityAccessDeniedHandler">
<beans:property name="errorPage" value="/403" />
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login?para=errorauth"></beans:property>
</beans:bean> <!-- sessionManagementFilter -->
<beans:bean id="concurrentSessionFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/login?para=multi" />
</beans:bean>
<beans:bean id="sessionAuthenticationStrategy"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> </beans:beans>

Spring Security学习笔记-自定义Spring Security过滤链的更多相关文章

  1. spring揭密学习笔记(1) --spring的由来

    1.spring起源于在EJB暴露出各种严重问题的情况应运而生. Spring是于2003年兴起的一个轻量级的Java开发框架, Spring倡导一切从实际出发,以实用的态度来选择适合当前开发场景的解 ...

  2. Spring Boot 学习笔记 - 认识Spring Boot框架

    因各种原因,.NET前端工程师重新接触JAVA,真是向全栈的路上又迈出了无奈的一步. 下面正文: Spring Boot是由Pivotal团队提供的全新框架,其设计目的是用来简化新Spring应用的初 ...

  3. spring揭密学习笔记(3)-spring ioc容器:Spring的IoC容器之BeanFactory

    1. Spring的IoC容器和IoC Service Provider的关系 Spring的IoC容器和IoC Service Provider所提供的服务之间存在一定的交集,二者的关系如图4-1所 ...

  4. spring揭密学习笔记(3)-spring ioc容器:掌管大局的IoC Service Provider

    1.IOC service Provider的概念.IoC Service Provider在这里是一个抽象出来的概念,它可以指代任何将IoC场景中的业务对象绑定到一起的实现方式.它可以是一段代码,也 ...

  5. spring揭密学习笔记(2)-spring ioc容器:IOC的基本概念

    1. IoC的理念就是,让别人为你服务!2. 其实IoC就这么简单!原来是需要什么东西自己去拿,现在是需要什么东西就让别人送过来.一个生动的示例 3.三种依赖注入的方式 IoC模式最权威的总结和解释, ...

  6. spring揭密学习笔记

    spring揭密学习笔记 spring揭密学习笔记(1) --spring的由来 spring揭密学习笔记(2)-spring ioc容器:IOC的基本概念

  7. SpringBoot + Spring Security 学习笔记(五)实现短信验证码+登录功能

    在 Spring Security 中基于表单的认证模式,默认就是密码帐号登录认证,那么对于短信验证码+登录的方式,Spring Security 没有现成的接口可以使用,所以需要自己的封装一个类似的 ...

  8. SpringBoot + Spring Security 学习笔记(三)实现图片验证码认证

    整体实现逻辑 前端在登录页面时,自动从后台获取最新的验证码图片 服务器接收获取生成验证码请求,生成验证码和对应的图片,图片响应回前端,验证码保存一份到服务器的 session 中 前端用户登录时携带当 ...

  9. Spring Security 学习笔记-securityContext过滤器

    位于过滤器顶端,第一个起作用的过滤器.SecurityContextPersistenceFilter 在执行其他过滤器之前,率先判断用户的session中是否已经存在一个SecurityContex ...

随机推荐

  1. 【Django入坑之路】Django后台上传图片,以及前端的显示

    #setting配置: MEDIA_URL = "/media/" MEDIA_ROOT = os.path.join(BASE_DIR, "media") # ...

  2. D3D10/11中的遮挡查询的使用

    原文:D3D10/11中的遮挡查询的使用       在D3D10/11中,有D3D10_QUERY/D3D11_QUERY接口,通过QUERY接口,我们可以查询GPU的一些状态,比如GPU的时间戳信 ...

  3. WPF 2048游戏的实现

    原文:WPF 2048游戏的实现         前几天空闲的时候,实现了一个2048游戏.除了可以设置行数和列数之外,支持修改显示名称,比如下面,改成神雕侠侣中的角色名称:           游戏 ...

  4. Redis源码解析:05跳跃表

    一:基本概念 跳跃表是一种随机化的数据结构,在查找.插入和删除这些字典操作上,其效率可比拟于平衡二叉树(如红黑树),大多数操作只需要O(log n)平均时间,但它的代码以及原理更简单.跳跃表的定义如下 ...

  5. css3制作动画性能问题

    这篇文章主要讲的是怎样制作流畅动画,特别是针对移动端.在这里我首先介绍制作动画的几种方法的优缺点:接着会着重介绍用css3制作动画的注意事项. 1.用canvas.css3.jquery制作动画 Ca ...

  6. 云原生生态周报 Vol. 5 | etcd性能知多少

    业界要闻 1 Azure Red Hat OpenShift已经GA.在刚刚结束的Red Hat Summit 2019上,Azure Red Hat OpenShift正式宣布GA,这是一个微软和红 ...

  7. ORACLE SQL数据类型转换

    ORACLE SQL数据类型转换 2019-04-07 22:35:53 广小白 阅读数 429更多 分类专栏: Oracle   版权声明:本文为博主原创文章,遵循CC 4.0 BY-SA版权协议, ...

  8. 深度学习(二十九)Batch Normalization 学习笔记

    Batch Normalization 学习笔记 原文地址:http://blog.csdn.net/hjimce/article/details/50866313 作者:hjimce 一.背景意义 ...

  9. C# Brush Color String 互相转换

    using System.Windows.Media; //String转换成Color Color color = (Color)ColorConverter.ConvertFromString(s ...

  10. 2018-9-1-win10-uwp-轻量级-MVVM-框架入门-2.1.5.3199

    title author date CreateTime categories win10 uwp 轻量级 MVVM 框架入门 2.1.5.3199 lindexi 2018-09-01 16:24: ...