acegi详细配置实例

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
        "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>

	<bean id="filterChainProxy"
		class="org.acegisecurity.util.FilterChainProxy">
		<property name="filterInvocationDefinitionSource">
			<value><![CDATA[
				CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
				PATTERN_TYPE_APACHE_ANT
				/**=loginFilter,httpSessionContextIntegrationFilter,logoutFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,rememberMeProcessingFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
			]]></value>
		</property>
	</bean>

	<bean id="httpSessionContextIntegrationFilter"
		class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />

     <bean id="loginFilter" class="cn.itownet.pdms.filter.LoginFilter">
    	<property name="xaUserService" ref="userDetailsService"></property>
    	<property name="filterProcessesUrl" value="/j_acegi_security_check"/>
    </bean> 


	<bean id="logoutFilter"
		class="org.acegisecurity.ui.logout.LogoutFilter">
		<constructor-arg value="/Login.jsp" /><!-- 注销后跳转的页面 -->
		<constructor-arg><!-- list中的每一项必须实现LogoutHandler接口 -->
			<list>
				<ref bean="rememberMeServices" /><!-- 清除cookie中的rememberme标志,如果系统没有自动登录功能，此项可不用 -->
				<bean class="cn.itownet.pdms.filter.ClearOnlineUserLogoutHandler"/><!-- 将前当用户从在线用户列表中清除 -->
				<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" /><!-- 清除securityContextHolder中的securityContext,session并未注销-->
			</list>
		</constructor-arg>
	</bean>
	
	<!-- 手动logoutFilter -->
	<!--<bean id="selfLogoutFilter" class="cn.itownet.pdms.filter.LogoutFilter">
		<property name="filterProcessesUrl" value="/j_acegi_logout"/>
	</bean>-->
	
	<bean id="authenticationProcessingFilter"
		class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
		<property name="authenticationManager"
			ref="authenticationManager" />
		<property name="authenticationFailureUrl"
			value="/Failure.jsp" />
		<property name="defaultTargetUrl" value="/index.jsp" /><!-- 直接从登录页面进才有效 -->
		<property name="filterProcessesUrl"
			value="/j_acegi_security_check" />
		<property name="rememberMeServices" ref="rememberMeServices" /><!-- 将remember标记添加到cookie中 -->
	</bean>

	<bean id="securityContextHolderAwareRequestFilter"
		class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />

    <!-- 用于自动登录，首先 从cookie中取出remember标记并包装成authentication对象,然后进行authenticationManager认证（
    	如果authenticationManage不再支持RememberMeAuthenticationProvider,认证将不会通过，自动登录也就无效),认证失败将清除cookie中
    	remember标记
     -->
	<bean id="rememberMeProcessingFilter"
		class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
		<property name="authenticationManager"
			ref="authenticationManager" />
		<property name="rememberMeServices" ref="rememberMeServices" /><!-- 从cookie中取出remember标记并包装成authentication对象 -->
	</bean>

	<bean id="anonymousProcessingFilter"
		class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
		<property name="key" value="pdms" /><!-- 标识，凭证中的username也为pdms -->
		<property name="userAttribute"
			value="pdms,ROLE_ANONYMOUS" /><!-- 凭证的pwd为pdms，权限为ROLE_ANONYMOUS -->
	</bean>

	<bean id="exceptionTranslationFilter"
		class="org.acegisecurity.ui.ExceptionTranslationFilter">
		<property name="authenticationEntryPoint">
			<bean
				class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
				<property name="loginFormUrl" value="/Login.jsp" />
				<property name="forceHttps" value="false" />
			</bean>
		</property>
		<property name="accessDeniedHandler">
			<bean
				class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
				<property name="errorPage" value="/accessDenied.jsp" />
			</bean>
		</property>
	</bean>

	<bean id="filterInvocationInterceptor"
		class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
		<property name="authenticationManager"
			ref="authenticationManager" />
		<property name="accessDecisionManager">
			<bean class="org.acegisecurity.vote.AffirmativeBased">
				<property name="allowIfAllAbstainDecisions"
					value="false" />
				<property name="decisionVoters">
					<list>
						<bean class="org.acegisecurity.vote.RoleVoter" />
						<bean
							class="org.acegisecurity.vote.AuthenticatedVoter" />
					</list>
				</property>
			</bean>
		</property>
		<property name="objectDefinitionSource">
			<value>
				PATTERN_TYPE_APACHE_ANT
				/*.htm=IS_AUTHENTICATED_REMEMBERED
				/Home.jsp=IS_AUTHENTICATED_REMEMBERED
				/**=IS_AUTHENTICATED_ANONYMOUSLY
			</value>
		</property>
	</bean>

	<bean id="rememberMeServices"
		class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
		<property name="userDetailsService" ref="userDetailsService" /><!-- 根据username从数据库中读用户信息，以判断remember标记是否有效 -->
		<property name="key" value="pdms" /><!-- 用作cookie中remember标记的标识 -->
	</bean>

	<bean id="authenticationManager"
		class="org.acegisecurity.providers.ProviderManager">
		<property name="providers">
			<list>
				<ref local="daoAuthenticationProvider" />
				<bean
					class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
					<property name="key" value="pdms" />
				</bean>
				<bean
					class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider"><!-- 根据key判断，如果authentication中key与处key相等，认证通过 -->
					<property name="key" value="pdms" />
				</bean>
			</list>
		</property>
	</bean>

	<bean id="daoAuthenticationProvider"
		class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
		<property name="userDetailsService" ref="userDetailsService" />
	</bean>
</beans>

 

web.xml中相关配置如下:

<filter>
		<filter-name>Acegi Filter Chain Proxy</filter-name>
		<filter-class>
				org.acegisecurity.util.FilterToBeanProxy
		</filter-class>
		<init-param>
			<param-name>targetClass</param-name>
			<param-value>
					org.acegisecurity.util.FilterChainProxy
			</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>Acegi Filter Chain Proxy</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>