Sping acegi 配置文件

applicationContext-acegi-security.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">

<!--
    - A simple "base bones" Acegi Security configuration.
    -
    - The sample includes the "popular" features that people tend to use.
    - Specifically, form authentication, remember-me, and anonymous processing.
    - Other features aren't setup, as these can be added later by inserting
    - the relevant XML fragments as specified in the Reference Guide.
    -
    - To assist new users, the filters specified in the FilterChainProxy are
    - declared in the application context in the same order. Collaborators
    - required by those filters are placed at the end of the file.
    -
    - $Id: applicationContext-acegi-security.xml,v 1.2 2007/04/06 10:16:01 zhangxiaofeng Exp $
-->

<beans>

    <bean id="filterChainProxy"
        class="org.acegisecurity.util.FilterChainProxy">
        <property name="filterInvocationDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT
                /**=httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
            </value>
        </property>
    </bean>

    <bean id="httpSessionContextIntegrationFilter"
        class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />

    <bean id="logoutFilter"
        class="org.acegisecurity.ui.logout.LogoutFilter">
        <constructor-arg value="https://10.100.2.12:8443/cas/logout" />
        <!-- URL redirected to after logout -->
        <constructor-arg>
            <list>
                <ref bean="rememberMeServices" />
                <bean
                    class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
            </list>
        </constructor-arg>
    </bean>

    <bean id="authenticationProcessingFilter"
        class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
        <property name="authenticationManager">
            <ref local="authenticationManager" />
        </property>
        <property name="authenticationFailureUrl">
            <value>/acegilogin.jsp?login_error=1</value>
        </property>
        <property name="defaultTargetUrl">
            <value>/</value>
        </property>
        <property name="filterProcessesUrl">
            <value>/j_acegi_security_check</value>
        </property>
    </bean>

    <bean id="securityContextHolderAwareRequestFilter"
        class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />

    <bean id="rememberMeProcessingFilter"
        class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
        <property name="authenticationManager"
            ref="authenticationManager" />
        <property name="rememberMeServices" ref="rememberMeServices" />
    </bean>

    <bean id="anonymousProcessingFilter"
        class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
        <property name="key" value="changeThis" />
        <property name="userAttribute"
            value="anonymousUser,ROLE_ANONYMOUS" />
    </bean>

    <bean id="exceptionTranslationFilter"
        class="org.acegisecurity.ui.ExceptionTranslationFilter">
        <property name="authenticationEntryPoint">
            <bean id="casProcessingFilterEntryPoint"
                class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
                <property name="loginFormUrl">
                    <value>/index.jsp</value>
                </property>
            </bean>
        </property>
        <property name="accessDeniedHandler">
            <bean
                class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
                <property name="errorPage" value="/index.jsp" />
            </bean>
        </property>
    </bean>

    <bean id="filterInvocationInterceptor"
        class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
        <property name="authenticationManager"
            ref="authenticationManager" />
        <property name="accessDecisionManager">
            <bean class="org.acegisecurity.vote.AffirmativeBased">
                <property name="allowIfAllAbstainDecisions"
                    value="false" />
                <property name="decisionVoters">
                    <list>
                        <bean class="org.acegisecurity.vote.RoleVoter" />
                        <bean
                            class="org.acegisecurity.vote.AuthenticatedVoter" />
                    </list>
                </property>
            </bean>
        </property>
        <property name="objectDefinitionSource">
            <value>
                CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
                PATTERN_TYPE_APACHE_ANT 
                /finance/index.jsp = ROLE_NORMAL
            </value>
        </property>
    </bean>

    <bean id="rememberMeServices"
        class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
        <property name="userDetailsService" ref="inMemoryDaoImpl" />
        <property name="key" value="changeThis" />
    </bean>

    <bean id="authenticationManager"
        class="org.acegisecurity.providers.ProviderManager">
        <property name="providers">
            <list>
                <ref local="daoAuthenticationProvider" />
            </list>
        </property>
    </bean>
<bean id="daoAuthenticationProvider" class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
  <property name="userDetailsService"><ref bean="inMemoryDaoImpl"/></property>
</bean>   
        
    <bean id="inMemoryDaoImpl"
        class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
        <property name="userMap">
            <value>
                admin=1234,ROLE_NORMAL
                dianne=emu,ROLES_IGNORED_BY_CAS
                scott=wombat,ROLES_IGNORED_BY_CAS
                peter=opal,disabled,ROLES_IGNORED_BY_CAS
            </value>
        </property>
    </bean>



    <!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
    <bean id="loggerListener"
        class="org.acegisecurity.event.authentication.LoggerListener" />

</beans>

web.xml

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/classes/applicationContext.xml,/WEB-INF/classes/applicationContext-finance.xml,/WEB-INF/classes/applicationContext-acegi-security.xml</param-value>
  </context-param>
    
    <filter>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <filter-class>
            org.acegisecurity.util.FilterToBeanProxy
        </filter-class>
        <init-param>
            <param-name>targetClass</param-name>
            <param-value>
                org.acegisecurity.util.FilterChainProxy
            </param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>Acegi Filter Chain Proxy</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>