Spring Security学习笔记-自定义Spring Security过滤链
Spring Security使用一系列过滤器处理用户请求,下面是spring-security.xml配置文件。
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd"> <!-- 自定义Spring Security过滤链 -->
<beans:bean id="springSecurityFilterChain"
class="org.springframework.security.web.FilterChainProxy">
<beans:constructor-arg>
<beans:list>
<filter-chain pattern="/resources/**" filters="channelProcessingFilter" />
<filter-chain pattern="/login" filters="channelProcessingFilter" />
<filter-chain pattern="/" filters="channelProcessingFilter" />
<filter-chain pattern="/error" filters="channelProcessingFilter" />
<filter-chain pattern="/**"
filters="channelProcessingFilter,securityContextPersistenceFilter,concurrentSessionFilter,usernamePasswordAuthenticationFilter,
rememberMeAuthenticationFilter,logoutFilter,exceptionTranslationFilter,felicityFilterSecurityInterceptor" />
</beans:list>
</beans:constructor-arg>
</beans:bean> <beans:bean id="authenticationManager"
class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref bean="authenticationProvider" />
<beans:ref bean="rememberMeAuthenticationProvider" />
</beans:list>
</beans:property>
<beans:property name="eraseCredentialsAfterAuthentication" value="false"></beans:property>
</beans:bean>
<beans:bean id="authenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="felicityUserDetailService" />
<beans:property name="passwordEncoder" ref="passwordEncoder"></beans:property>
</beans:bean> <beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" /> <beans:bean id="felicityUserDetailService"
class="com.sds.eci.security.FelicityUserDetailsService">
<beans:property name="dataSource" ref="dataSource"></beans:property>
<beans:property name="usersByUsernameQuery" value="select singleid as username, password, realname, userid, empno, ssoid, enabled from felicity_user where singleid = ?"></beans:property>
<beans:property name="authoritiesByUsernameQuery" value="select u.singleid as username,ro.name as authority
from felicity_user u
right join felicity_userrole ur on u.userid=ur.userid
right join felicity_role ro on ur.roleid=ro.roleid
where u.singleid=?"></beans:property>
</beans:bean> <!-- 信道拦截 -->
<beans:bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter">
<beans:property name="channelDecisionManager" ref="channelDecisionManager"/>
<beans:property name="securityMetadataSource">
<filter-security-metadata-source>
<intercept-url pattern="/**" access="REQUIRES_SECURE_CHANNEL"/>
<!-- <intercept-url pattern="/**" access="REQUIRES_INSECURE_CHANNEL"/>-->
</filter-security-metadata-source>
</beans:property>
</beans:bean>
<beans:bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl">
<beans:property name="channelProcessors">
<beans:list>
<beans:ref bean="secureChannelProcessor"/>
<beans:ref bean="insecureChannelProcessor"/>
</beans:list>
</beans:property>
</beans:bean>
<beans:bean id="secureChannelProcessor" class="org.springframework.security.web.access.channel.SecureChannelProcessor">
<beans:property name="entryPoint">
<beans:bean class="org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint">
<beans:property name="portMapper" ref="portMapper"></beans:property>
<beans:property name="portResolver" ref="portResolver"></beans:property>
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="insecureChannelProcessor" class="org.springframework.security.web.access.channel.InsecureChannelProcessor">
<beans:property name="entryPoint">
<beans:bean class="org.springframework.security.web.access.channel.RetryWithHttpEntryPoint">
<beans:property name="portMapper" ref="portMapper"></beans:property>
<beans:property name="portResolver" ref="portResolver"></beans:property>
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="portMapper" class="org.springframework.security.web.PortMapperImpl">
<beans:property name="portMappings">
<beans:map>
<beans:entry key="8080" value="443"></beans:entry>
<beans:entry key="80" value="443"></beans:entry>
<beans:entry key="9090" value="9443"></beans:entry>
</beans:map>
</beans:property>
</beans:bean>
<beans:bean id="portResolver" class="org.springframework.security.web.PortResolverImpl">
<beans:property name="portMapper" ref="portMapper"></beans:property>
</beans:bean> <!-- securityContext拦截 -->
<beans:bean id="securityContextPersistenceFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
<beans:property name="securityContextRepository" ref="securityContextRepository" />
</beans:bean>
<beans:bean id="securityContextRepository" class="org.springframework.security.web.context.HttpSessionSecurityContextRepository">
<beans:property name="allowSessionCreation" value="true" />
<beans:property name="disableUrlRewriting" value="false" />
</beans:bean> <!-- usernamePassword授权拦截 -->
<beans:bean id="usernamePasswordAuthenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="usernameParameter" value="username"></beans:property>
<beans:property name="passwordParameter" value="password"></beans:property>
<beans:property name="authenticationManager" ref="authenticationManager"></beans:property>
<beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"></beans:property>
<beans:property name="authenticationFailureHandler">
<beans:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login?para=loginfailure"></beans:property>
</beans:bean>
</beans:property>
<beans:property name="sessionAuthenticationStrategy" ref="sessionAuthenticationStrategy" />
<beans:property name="rememberMeServices" ref="rememberMeServices" />
</beans:bean>
<beans:bean id="authenticationSuccessHandler" class="com.sds.eci.security.FelicityAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/questions"></beans:property>
<beans:property name="securityMetadataSource" ref="felicitysecurityMetadataSource" />
</beans:bean> <!-- 2注销过滤器 -->
<beans:bean id="logoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg value="/login" /><!-- 退出成功后处理URL -->
<beans:constructor-arg>
<beans:array>
<beans:ref bean="logoutHandler" />
<beans:ref bean="rememberMeServices" />
</beans:array>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/j_spring_security_logout" /><!-- 退出处理URL -->
</beans:bean>
<!-- 注销监听器 -->
<beans:bean id="logoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
</beans:bean> <!-- 7记住密码功能(COOKIE方式) -->
<beans:bean id="rememberMeAuthenticationFilter"
class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
<beans:property name="rememberMeServices" ref="rememberMeServices" />
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"></beans:property>
</beans:bean>
<!-- rememberMe -->
<beans:bean id="rememberMeServices"
class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
<beans:constructor-arg name="key" value="springRocks"></beans:constructor-arg>
<beans:constructor-arg name="userDetailsService" ref="felicityUserDetailService"></beans:constructor-arg>
<!-- 默认时间604800秒(一个星期) -->
<beans:property name="tokenValiditySeconds" value="604800" />
</beans:bean>
<beans:bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
<beans:property name="key" value="springRocks" />
</beans:bean> <!-- 用户的权限控制过滤器 -->
<beans:bean id="felicityFilterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<beans:property name="rejectPublicInvocations" value="true"></beans:property>
<beans:property name="authenticationManager"
ref="authenticationManager" />
<beans:property name="accessDecisionManager"
ref="felicityAccessDecisionManagerBean" />
<beans:property name="securityMetadataSource"
ref="felicitysecurityMetadataSource" />
</beans:bean> <!-- 访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源 -->
<beans:bean id="felicityAccessDecisionManagerBean"
class="com.sds.eci.security.FelicityAccessDecisionManager">
</beans:bean> <!-- 资源源数据定义,即定义某一资源可以被哪些角色访问 -->
<beans:bean id="felicitysecurityMetadataSource"
class="com.sds.eci.security.FelicitySecurityMetadataSource">
<beans:constructor-arg ref="dataSource"></beans:constructor-arg>
<beans:constructor-arg type="java.lang.String" value="select rce.url, r.name, rce.pid from felicity_role r inner join felicity_roleresource rrce on r.roleid = rrce.roleid inner join felicity_resource rce on rrce.resourceid = rce.resourceid order by pid, sort"></beans:constructor-arg>
</beans:bean> <!-- 页面标签权限功能依赖 -->
<beans:bean id="webInvocationFilter"
class="org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator">
<beans:constructor-arg ref="felicityFilterSecurityInterceptor" />
</beans:bean> <!-- 9异常处理过滤器 -->
<beans:bean id="exceptionTranslationFilter"
class="org.springframework.security.web.access.ExceptionTranslationFilter">
<beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
<beans:property name="accessDeniedHandler">
<!-- 拒绝未授权访问跳转 -->
<beans:bean
class="com.sds.eci.security.FelicityAccessDeniedHandler">
<beans:property name="errorPage" value="/403" />
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login?para=errorauth"></beans:property>
</beans:bean> <!-- sessionManagementFilter -->
<beans:bean id="concurrentSessionFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/login?para=multi" />
</beans:bean>
<beans:bean id="sessionAuthenticationStrategy"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> </beans:beans>
Spring Security学习笔记-自定义Spring Security过滤链的更多相关文章
- spring揭密学习笔记(1) --spring的由来
1.spring起源于在EJB暴露出各种严重问题的情况应运而生. Spring是于2003年兴起的一个轻量级的Java开发框架, Spring倡导一切从实际出发,以实用的态度来选择适合当前开发场景的解 ...
- Spring Boot 学习笔记 - 认识Spring Boot框架
因各种原因,.NET前端工程师重新接触JAVA,真是向全栈的路上又迈出了无奈的一步. 下面正文: Spring Boot是由Pivotal团队提供的全新框架,其设计目的是用来简化新Spring应用的初 ...
- spring揭密学习笔记(3)-spring ioc容器:Spring的IoC容器之BeanFactory
1. Spring的IoC容器和IoC Service Provider的关系 Spring的IoC容器和IoC Service Provider所提供的服务之间存在一定的交集,二者的关系如图4-1所 ...
- spring揭密学习笔记(3)-spring ioc容器:掌管大局的IoC Service Provider
1.IOC service Provider的概念.IoC Service Provider在这里是一个抽象出来的概念,它可以指代任何将IoC场景中的业务对象绑定到一起的实现方式.它可以是一段代码,也 ...
- spring揭密学习笔记(2)-spring ioc容器:IOC的基本概念
1. IoC的理念就是,让别人为你服务!2. 其实IoC就这么简单!原来是需要什么东西自己去拿,现在是需要什么东西就让别人送过来.一个生动的示例 3.三种依赖注入的方式 IoC模式最权威的总结和解释, ...
- spring揭密学习笔记
spring揭密学习笔记 spring揭密学习笔记(1) --spring的由来 spring揭密学习笔记(2)-spring ioc容器:IOC的基本概念
- SpringBoot + Spring Security 学习笔记(五)实现短信验证码+登录功能
在 Spring Security 中基于表单的认证模式,默认就是密码帐号登录认证,那么对于短信验证码+登录的方式,Spring Security 没有现成的接口可以使用,所以需要自己的封装一个类似的 ...
- SpringBoot + Spring Security 学习笔记(三)实现图片验证码认证
整体实现逻辑 前端在登录页面时,自动从后台获取最新的验证码图片 服务器接收获取生成验证码请求,生成验证码和对应的图片,图片响应回前端,验证码保存一份到服务器的 session 中 前端用户登录时携带当 ...
- Spring Security 学习笔记-securityContext过滤器
位于过滤器顶端,第一个起作用的过滤器.SecurityContextPersistenceFilter 在执行其他过滤器之前,率先判断用户的session中是否已经存在一个SecurityContex ...
随机推荐
- 通过IP地址訪问Jbossserver上的应用
版权声明:本文为博主原创文章.未经博主同意不得转载. https://blog.csdn.net/liu765023051/article/details/28882533 环境介绍 Web项目中.在 ...
- Python学习之路8☞迭代器协议和生成器
一 什么是迭代器协议 1.迭代器协议是指:对象必须提供一个next方法,执行该方法要么返回迭代中的下一项,要么就引起一个StopIteration异常,以终止迭代 (只能往后走不能往前退) 2.可迭代 ...
- HZOJ 集合论
考场用的set,代码复杂度很低,时间复杂度$O(sum log)$,一发过了大样例,以为1e6的数据很稳了就没再管(然后就挂掉了……) 考后把set化成unordered_set就A了.其实$sum ...
- 【Linux】根目录命名的意义
1./bin :获得最小的系统可操作性所需要的命令2./boot :内核和加载内核所需的文件3./dev :终端.磁盘.调制解调器等的设备项4./etc :关键的启动文件和配置文件5./home :用 ...
- nodeJs学习-02 fs模块(文件操作)
读文件: const fs = require('fs'); //读文件(异步) readFile(文件名,回调函数) fs.readFile('section03/testData/aaa.txt' ...
- HZOJ Drink
神仙题,打了个whs式暴力卡常卡A了(我没脸),正解还是要打的,然而作者的题解看不懂…… Drink: 看惯了罗马音的小朋友们都会知道r发l的音,题目名:D Link. 每次修改都会改变O( N ^ ...
- 12-3 DOM操作
一 DOM基础 1 DOM介绍 DOM:文档对象模型.DOM 为文档提供了结构化表示,并定义了如何通过脚本来访问文档结构.目的其实就是为了能让js操作html元素而制定的一个规范. DOM就是由节点组 ...
- IDEA使用中文api鼠标提示的设置
最近都在用IDEA来练习,发现有的方面确实比eclipse好用,eclipse里面可添加中文的API 提示,对初期的我帮助很大,但是IDEA却没有找到添加的地方,一直以来还以为不支持这个功能,比较遗憾 ...
- CSS常用函数calc等
>>CSS常用函数<<
- uva 11916 Emoogle Grid (BSGS)
UVA 11916 BSGS的一道简单题,不过中间卡了一下没有及时取模,其他这里的100000007是素数,所以不用加上拓展就能做了. 代码如下: #include <cstdio> #i ...