<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <debug /> <http pattern="/js/**" security="none" /> <http pattern="/images/**" security="none" /> <http pattern="/skin/**" security="none" /> <http pattern="/test/**" security="none" /> <http use-expressions="true" entry-point-ref="authenticationProcessingFilterEntryPoint"> <intercept-url pattern="/login.jsp" access="permitAll" /> <intercept-url pattern="/verifyCode.do" access="permitAll" /> <intercept-url pattern="/*/*_pda*.action" access="permitAll" /> <intercept-url pattern="/**" access="isAuthenticated()" /> <!--使用security提供的basic form --> <!--<form-login login-page="/login.jsp" login-processing-url="/j_spring_security_check" default-target-url="/main.action" /> --> <!-- error-if-maximum-exceeded 后登陆的账号会挤掉第一次登陆的账号 session-fixation-protection 防止伪造sessionid攻击,用户登录成功后会销毁用户当前的session。 --> <!-- <session-management invalid-session-url="/login.jsp" session-fixation-protection="none"> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/> </session-management> --> <!-- 使用自定义带验证码的from认证 --> <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" /> <custom-filter ref="validateCodeAuthenticationFilter" position="FORM_LOGIN_FILTER" /> <!-- 自定义系统退出前的操作success-handler-ref --> <logout logout-url="/j_spring_security_exit_user" success-handler-ref="logoutSuccessHandler" /> <session-management session-authentication-strategy-ref="sas" invalid-session-url="/login.jsp" /> </http> <beans:bean id="concurrencyFilter" class="com.tlm.services.security.CustomConcurrentSessionFilter"> <beans:property name="sessionRegistry" ref="sessionRegistry" /> <beans:property name="expiredUrl" value="/login.jsp" /> </beans:bean> <beans:bean id="validateCodeAuthenticationFilter" class="com.tlm.services.security.ValidateCodeUsernamePasswordAuthenticationFilter"> <beans:property name="filterProcessesUrl" value="/j_spring_security_check"></beans:property> <beans:property name="authenticationSuccessHandler" ref="loginLogAuthenticationSuccessHandler"></beans:property> <beans:property name="authenticationFailureHandler" ref="simpleUrlAuthenticationFailureHandler"></beans:property> <beans:property name="sessionAuthenticationStrategy" ref="sas" /> <beans:property name="authenticationManager" ref="authenticationManager"></beans:property> </beans:bean> <beans:bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"> <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" /> <beans:property name="maximumSessions" value="1" /> <beans:property name="exceptionIfMaximumExceeded" value="false" /> </beans:bean> <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> <beans:bean id="loginLogAuthenticationSuccessHandler" class="com.tlm.services.security.CustomSavedRequestAwareAuthenticationSuccessHandler"> <beans:property name="alwaysUseDefaultTargetUrl" value="true"></beans:property> <beans:property name="defaultTargetUrl" value="/main.action"></beans:property> </beans:bean> <beans:bean id="simpleUrlAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> <beans:property name="defaultFailureUrl" value="/login.jsp"></beans:property> </beans:bean> <beans:bean id="logoutSuccessHandler" class="com.tlm.services.security.CustomSimpleUrlLogoutSuccessHandler"> </beans:bean> <beans:bean id="userDetailsService" class="com.tlm.services.security.userdetail.impl.UserDetailsServiceImpl"> </beans:bean> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="userDetailsService"> <!-- <password-encoder hash="md5" /> --> </authentication-provider> </authentication-manager> <beans:bean id="authenticationProcessingFilterEntryPoint" class="com.tlm.services.security.CustomLoginUrlAuthenticationEntryPoint"> <beans:property name="loginFormUrl" value="/login.jsp"></beans:property> </beans:bean> <beans:bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource"> <beans:property name="basename" value="classpath:messages_zh_CN" /> </beans:bean> </beans:beans>
相关推荐
spring security3配置.pdf 参照网上的资料自己配了个,实现URL与权限关系动态在数据库里配置(即配置文件中不用配置URL权限控制信息),个人授权信息动态从数据库里取.
NULL 博文链接:https://zhaobohao.iteye.com/blog/701238
spring-security3 配置和使用挺有用的。
之前的版本里面没有带数据库建表语句,该版本完整代码(包含所需jar包)+注释+教程+sql代码,元芳说这段代码绝对可以运行。也可按照附带的教程一步一个脚印,包学包会,亲测。
该项目的历史,然后看看如何开始在程序中使用框架。特别是,我们将看看命名控件配置提供了一个更加简单的方式,在使用传统的spring bean配置时,你不得不实现所有类。 我们也会看看可用的范例程序。
最近项目中要使用到spring-security,闲来没事就研究了下。发现入门挺简单的,在这里把自己的心得发下,希望对没有接触过想接触的朋友有帮助
spring security 使用及配置
Security3具体代码和配置信息
springsecurity使用配置详解,压缩包里包含主要的代码和详细的word文件说明。
代码 博文链接:https://zhoualine.iteye.com/blog/1754626
Spring Security 2 配置精讲
Spring Security 3.1.3配置实例
spring security 2 配置说明
Spring Security2 配置 精讲。
spring security 项目配置源码,项目是在eclipse启动的jdk1.8 tomcat1.8能正常运行,有助于学习.zip
项目应用到spring3,security3,hibernate4,struts2;应用中涉及到安全认证,目前项目有独立的统一认证网关,所以登录时只需要将安全认证网关的认证后信息塞到spring security中,由security3来管理用户的权限设置。...