spring security3 配置 -

lbyzx123

浏览: 468149 次
性别:
来自: 杭州

最近访客更多访客>>

songhait

chenminghui1103

zuoguodong

地方疙瘩人

博主相关

博客

微博

相册

留言

关于我

文章分类

社区版块

存档分类

spring security3 配置

博客分类：

J2EE

   <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
 xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
 <debug />
 <http pattern="/js/**" security="none" />
 <http pattern="/images/**" security="none" />
 <http pattern="/skin/**" security="none" />
 <http pattern="/test/**" security="none" />
 <http use-expressions="true" entry-point-ref="authenticationProcessingFilterEntryPoint">
  <intercept-url pattern="/login.jsp" access="permitAll" />
  <intercept-url pattern="/verifyCode.do" access="permitAll" />
  <intercept-url pattern="/*/*_pda*.action" access="permitAll" />
  <intercept-url pattern="/**" access="isAuthenticated()" />
  <!--使用security提供的basic form -->
  <!--<form-login login-page="/login.jsp" login-processing-url="/j_spring_security_check" 
   default-target-url="/main.action" /> -->
  <!-- error-if-maximum-exceeded 后登陆的账号会挤掉第一次登陆的账号 session-fixation-protection 
   防止伪造sessionid攻击,用户登录成功后会销毁用户当前的session。 -->
  <!-- <session-management invalid-session-url="/login.jsp" session-fixation-protection="none"> 
   <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/> 
   </session-management> -->
  <!-- 使用自定义带验证码的from认证 -->
  <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
  <custom-filter ref="validateCodeAuthenticationFilter"
   position="FORM_LOGIN_FILTER" />
  <!-- 自定义系统退出前的操作success-handler-ref -->
  <logout logout-url="/j_spring_security_exit_user"
   success-handler-ref="logoutSuccessHandler" />
  <session-management
   session-authentication-strategy-ref="sas" invalid-session-url="/login.jsp" />
 </http>
 <beans:bean id="concurrencyFilter"
  class="com.tlm.services.security.CustomConcurrentSessionFilter">
  <beans:property name="sessionRegistry" ref="sessionRegistry" />
  <beans:property name="expiredUrl" value="/login.jsp" />
 </beans:bean>
 <beans:bean id="validateCodeAuthenticationFilter"
  class="com.tlm.services.security.ValidateCodeUsernamePasswordAuthenticationFilter">
  <beans:property name="filterProcessesUrl" value="/j_spring_security_check"></beans:property>
  <beans:property name="authenticationSuccessHandler"
   ref="loginLogAuthenticationSuccessHandler"></beans:property>
  <beans:property name="authenticationFailureHandler"
   ref="simpleUrlAuthenticationFailureHandler"></beans:property>
  <beans:property name="sessionAuthenticationStrategy"
   ref="sas" />
  <beans:property name="authenticationManager" ref="authenticationManager"></beans:property>
 </beans:bean>
 <beans:bean id="sas"
  class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
  <beans:constructor-arg name="sessionRegistry"
   ref="sessionRegistry" />
  <beans:property name="maximumSessions" value="1" />
  <beans:property name="exceptionIfMaximumExceeded"
   value="false" />
 </beans:bean>
 <beans:bean id="sessionRegistry"
  class="org.springframework.security.core.session.SessionRegistryImpl" />
 <beans:bean id="loginLogAuthenticationSuccessHandler"
  class="com.tlm.services.security.CustomSavedRequestAwareAuthenticationSuccessHandler">
  <beans:property name="alwaysUseDefaultTargetUrl" value="true"></beans:property>
  <beans:property name="defaultTargetUrl" value="/main.action"></beans:property>
 </beans:bean>
 <beans:bean id="simpleUrlAuthenticationFailureHandler"
  class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
  <beans:property name="defaultFailureUrl" value="/login.jsp"></beans:property>
 </beans:bean>
 <beans:bean id="logoutSuccessHandler"
  class="com.tlm.services.security.CustomSimpleUrlLogoutSuccessHandler">
 </beans:bean>
 <beans:bean id="userDetailsService"
  class="com.tlm.services.security.userdetail.impl.UserDetailsServiceImpl">
 </beans:bean>
 <authentication-manager alias="authenticationManager">
  <authentication-provider user-service-ref="userDetailsService">
   <!-- <password-encoder hash="md5" /> -->
  </authentication-provider>
 </authentication-manager>
 <beans:bean id="authenticationProcessingFilterEntryPoint"
  class="com.tlm.services.security.CustomLoginUrlAuthenticationEntryPoint">
  <beans:property name="loginFormUrl" value="/login.jsp"></beans:property>
 </beans:bean>
 <beans:bean id="messageSource"
  class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
  <beans:property name="basename" value="classpath:messages_zh_CN" />
 </beans:bean>
</beans:beans>

分享到：

Tomcat去除项目名称和端口号，直接使用ip地 ... | 一电脑能开多少线程

2021-06-20 11:15
浏览 241
评论(0)
分类:企业架构
查看更多

发表评论

您还没有登录,请您登录后再发表评论

最近访客更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

spring security3 配置

评论

发表评论

相关推荐

最近访客 更多访客>>

博主相关

文章分类

社区版块

存档分类

最新评论

spring security3 配置

评论

发表评论

相关推荐

JSP禁用缓存常用方法

forward和redirect的区别

禁用浏览器的后退按钮

限制同一个会话只允许一个账号登录，针对ie7、e8多标签同一会话问题

Servlet、Filter、Listener执行的先后顺序

jdbc连接Software caused connection abort: socket write error

解决Tomcat出现内存溢出的问题

memcached,windows版本环境搭建

url中的参数含有空格，导致请求失败的问题

struts 2 result的type值解释

如何解决安装阻止了的未知发行商的软件？

No Hibernate Session bound to thread, and configuration does not allow creation

Thread: ADMU3011E: Server launched but failed initialization. Server logfiles sh

Linux系统上websphere7.0的安装和配置

Criteria和DetachedCriteria的区别(转)

Spring框架下PropertyPlaceholderConfigurer类

自己用jasperreports写一个pdf格式报表

jasperreport生成html,Excel,PDF报表，数据源使用List

JasperReport的使用

最近访客更多访客>>