1 <?xml version="1.0" encoding="UTF-8"?> 2 <beans:beans xmlns="http://www.springframework.org/schema/security" 3 xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 4 xsi:schemaLocation="http://www.springframework.org/schema/beans 5 http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 6 http://www.springframework.org/schema/security 7 http://www.springframework.org/schema/security/spring-security.xsd"> 8 9 <!-- 自定义Spring Security过滤链 --> 10 <beans:bean id="springSecurityFilterChain" 11 class="org.springframework.security.web.FilterChainProxy"> 12 <beans:constructor-arg> 13 <beans:list> 14 <filter-chain pattern="/resources/**" filters="channelProcessingFilter" /> 15 <filter-chain pattern="/login" filters="channelProcessingFilter" /> 16 <filter-chain pattern="/" filters="channelProcessingFilter" /> 17 <filter-chain pattern="/error" filters="channelProcessingFilter" /> 18 <filter-chain pattern="/**" 19 filters="channelProcessingFilter,securityContextPersistenceFilter,usernamePasswordAuthenticationFilter,rememberMeAuthenticationFilter,logoutFilter, 20 exceptionTranslationFilter,concurrentSessionFilter,felicityFilterSecurityInterceptor" /> 21 </beans:list> 22 </beans:constructor-arg> 23 </beans:bean> 24 25 <authentication-manager alias="authenticationManager"> 26 <authentication-provider user-service-ref="felicityUserDetailService"> 27 <password-encoder hash="md5" /> 28 </authentication-provider> 29 </authentication-manager> 30 31 <beans:bean id="passwordEncoder" 32 class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" /> 33 34 <beans:bean id="felicityUserDetailService" 35 class="com.sds.eci.security.FelicityUserDetailsService"> 36 <beans:property name="dataSource" ref="dataSource"></beans:property> 37 <beans:property name="usersByUsernameQuery" value="select singleid as username, password, realname, userid, empno, ssoid, enabled from felicity_user where singleid = ?"></beans:property> 38 <beans:property name="authoritiesByUsernameQuery" value="select u.singleid as username,ro.name as authority 39 from felicity_user u 40 right join felicity_userrole ur on u.userid=ur.userid 41 right join felicity_role ro on ur.roleid=ro.roleid 42 where u.singleid=?"></beans:property> 43 </beans:bean> 44 45 <!-- 信道拦截 --> 46 <beans:bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter"> 47 <beans:property name="channelDecisionManager" ref="channelDecisionManager"/> 48 <beans:property name="securityMetadataSource"> 49 <filter-security-metadata-source> 50 <intercept-url pattern="/**" access="REQUIRES_SECURE_CHANNEL"/> 51 <!-- <intercept-url pattern="/**" access="REQUIRES_INSECURE_CHANNEL"/>--> 52 </filter-security-metadata-source> 53 </beans:property> 54 </beans:bean> 55 <beans:bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl"> 56 <beans:property name="channelProcessors"> 57 <beans:list> 58 <beans:ref bean="secureChannelProcessor"/> 59 <beans:ref bean="insecureChannelProcessor"/> 60 </beans:list> 61 </beans:property> 62 </beans:bean> 63 <beans:bean id="secureChannelProcessor" class="org.springframework.security.web.access.channel.SecureChannelProcessor"> 64 <beans:property name="entryPoint"> 65 <beans:bean class="org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint"> 66 <beans:property name="portMapper" ref="portMapper"></beans:property> 67 <beans:property name="portResolver" ref="portResolver"></beans:property> 68 </beans:bean> 69 </beans:property> 70 </beans:bean> 71 <beans:bean id="insecureChannelProcessor" class="org.springframework.security.web.access.channel.InsecureChannelProcessor"> 72 <beans:property name="entryPoint"> 73 <beans:bean class="org.springframework.security.web.access.channel.RetryWithHttpEntryPoint"> 74 <beans:property name="portMapper" ref="portMapper"></beans:property> 75 <beans:property name="portResolver" ref="portResolver"></beans:property> 76 </beans:bean> 77 </beans:property> 78 </beans:bean> 79 <beans:bean id="portMapper" class="org.springframework.security.web.PortMapperImpl"> 80 <beans:property name="portMappings"> 81 <beans:map> 82 <beans:entry key="8080" value="443"></beans:entry> 83 <beans:entry key="80" value="443"></beans:entry> 84 <beans:entry key="9090" value="9443"></beans:entry> 85 </beans:map> 86 </beans:property> 87 </beans:bean> 88 <beans:bean id="portResolver" class="org.springframework.security.web.PortResolverImpl"> 89 <beans:property name="portMapper" ref="portMapper"></beans:property> 90 </beans:bean> 91 92 <!-- securityContext拦截 --> 93 <beans:bean id="securityContextPersistenceFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"> 94 <beans:property name="forceEagerSessionCreation" value="true"></beans:property> 95 </beans:bean> 96 97 <!-- usernamePassword授权拦截 --> 98 <beans:bean id="usernamePasswordAuthenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> 99 <beans:property name="usernameParameter" value="username"></beans:property> 100 <beans:property name="passwordParameter" value="password"></beans:property> 101 <beans:property name="authenticationManager" ref="authenticationManager"></beans:property> 102 <beans:property name="authenticationSuccessHandler"> 103 <beans:bean class="com.sds.eci.security.FelicityAuthenticationSuccessHandler"> 104 <beans:property name="defaultTargetUrl" value="/questions"></beans:property> 105 <beans:property name="securityMetadataSource" ref="felicitysecurityMetadataSource" /> 106 </beans:bean> 107 </beans:property> 108 <beans:property name="authenticationFailureHandler"> 109 <beans:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> 110 <beans:property name="defaultFailureUrl" value="/login?para=loginfailure"></beans:property> 111 </beans:bean> 112 </beans:property> 113 <beans:property name="sessionAuthenticationStrategy" ref="sessionAuthenticationStrategy" /> 114 </beans:bean> 115 116 <!-- 2注销过滤器 --> 117 <beans:bean id="logoutFilter" 118 class="org.springframework.security.web.authentication.logout.LogoutFilter"> 119 <beans:constructor-arg value="/login" /><!-- 退出成功后处理URL --> 120 <beans:constructor-arg> 121 <beans:array> 122 <beans:ref bean="logoutHandler" /> 123 <beans:ref bean="rememberMeServices" /> 124 </beans:array> 125 </beans:constructor-arg> 126 <beans:property name="filterProcessesUrl" value="/j_spring_security_logout" /><!-- 退出处理URL --> 127 </beans:bean> 128 <!-- 注销监听器 --> 129 <beans:bean id="logoutHandler" 130 class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"> 131 </beans:bean> 132 133 <!-- 7记住密码功能(COOKIE方式) --> 134 <beans:bean id="rememberMeAuthenticationFilter" 135 class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter"> 136 <beans:property name="rememberMeServices" ref="rememberMeServices" /> 137 <beans:property name="authenticationManager" 138 ref="authenticationManager" /> 139 </beans:bean> 140 <!-- --> 141 <beans:bean id="rememberMeServices" 142 class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices"> 143 <beans:constructor-arg name="key" value="springRocks"></beans:constructor-arg> 144 <beans:constructor-arg name="userDetailsService" ref="felicityUserDetailService"></beans:constructor-arg> 145 <!-- 默认时间604800秒(一个星期) --> 146 <beans:property name="tokenValiditySeconds" value="604800" /> 147 </beans:bean> 148 <beans:bean id="rememberMeAuthenticationProvider" 149 class="org.springframework.security.authentication.RememberMeAuthenticationProvider"> 150 <beans:property name="key" value="springRocks" /> 151 </beans:bean> 152 153 <beans:bean id="felicityFilterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> 154 <beans:property name="rejectPublicInvocations" value="true"></beans:property> 155 <beans:property name="authenticationManager" 156 ref="authenticationManager" /> 157 <beans:property name="accessDecisionManager" 158 ref="felicityAccessDecisionManagerBean" /> 159 <beans:property name="securityMetadataSource" 160 ref="felicitysecurityMetadataSource" /> 161 </beans:bean> 162 163 <!-- 访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源 --> 164 <beans:bean id="felicityAccessDecisionManagerBean" 165 class="com.sds.eci.security.FelicityAccessDecisionManager"> 166 </beans:bean> 167 168 <!-- 资源源数据定义,即定义某一资源可以被哪些角色访问 --> 169 <beans:bean id="felicitysecurityMetadataSource" 170 class="com.sds.eci.security.FelicitySecurityMetadataSource"> 171 <beans:constructor-arg ref="dataSource"></beans:constructor-arg> 172 <beans:constructor-arg type="java.lang.String" value="select rce.url, r.name, rce.pid from felicity_role r inner join felicity_roleresource rrce on r.roleid = rrce.roleid inner join felicity_resource rce on rrce.resourceid = rce.resourceid order by pid, sort"></beans:constructor-arg> 173 </beans:bean> 174 175 <!-- 页面标签权限功能依赖 --> 176 <beans:bean id="webInvocationFilter" 177 class="org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator"> 178 <beans:constructor-arg ref="felicityFilterSecurityInterceptor" /> 179 </beans:bean> 180 181 <!-- 9异常处理过滤器 --> 182 <beans:bean id="exceptionTranslationFilter" 183 class="org.springframework.security.web.access.ExceptionTranslationFilter"> 184 <beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint" /> 185 <beans:property name="accessDeniedHandler"> 186 <!-- 拒绝未授权访问跳转 --> 187 <beans:bean 188 class="com.sds.eci.security.FelicityAccessDeniedHandler"> 189 <beans:property name="errorPage" value="/403" /> 190 </beans:bean> 191 </beans:property> 192 </beans:bean> 193 <beans:bean id="authenticationEntryPoint" 194 class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> 195 <beans:property name="loginFormUrl" value="/login?para=errorauth"></beans:property> 196 </beans:bean> 197 198 <!-- sessionManagementFilter --> 199 <beans:bean id="concurrentSessionFilter" 200 class="org.springframework.security.web.session.ConcurrentSessionFilter"> 201 <beans:property name="sessionRegistry" ref="sessionRegistry" /> 202 <beans:property name="expiredUrl" value="/login?para=multi" /> 203 </beans:bean> 204 <beans:bean id="sessionAuthenticationStrategy" 205 class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"> 206 <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" /> 207 <beans:property name="maximumSessions" value="1" /> 208 </beans:bean> 209 <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> 210 211 </beans:beans>
Spring Security学习笔记-自定义Spring Security过滤链
原文:http://www.cnblogs.com/mingluosunshan/p/5328830.html