OpenJweb平台中acegi的配置

说明:

URL的授权写到了数据库里了,所以更改URL授权的时候不需要更改配置文件

<?xml version="1.0" encoding="GB2312"?>
<beans xmlns="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="http://www.springframework.org/schema/beans
  http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">

 <bean id="concurrentSessionFilter"
  class="org.acegisecurity.concurrent.ConcurrentSessionFilter">
  <property name="sessionRegistry" ref="sessionRegistry"></property>
  <property name="expiredUrl">
   <value>/timeout.jsp</value>
  </property>
 </bean>
 <bean id="sessionRegistry"
  class="org.acegisecurity.concurrent.SessionRegistryImpl" />
 <bean id="concurrentSessionController"
  class="org.acegisecurity.concurrent.ConcurrentSessionControllerImpl">
  <property name="maximumSessions" value="10"></property>
  <property name="sessionRegistry" ref="sessionRegistry"></property>
  <property name="exceptionIfMaximumExceeded" value="true"></property>
 </bean>

 <bean id="logoutFilter"
  class="org.acegisecurity.ui.logout.LogoutFilter">
  <constructor-arg value="/login.jsp" />
  <constructor-arg>
   <list>
    <bean
     class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
   </list>
  </constructor-arg>
 </bean>

 <bean id="dataSource"
  class="org.springframework.jndi.JndiObjectFactoryBean">
  <property name="jndiName">
   <!--tomcat-->
   <value>java:comp/env/jdbc/mysql</value>
   <!--websphere-->
   <!--<value>jdbc/mysql</value>-->
  </property>
 </bean>

 <bean id="filterChainProxy"
  class="org.acegisecurity.util.FilterChainProxy">
  <property name="filterInvocationDefinitionSource">
   <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    PATTERN_TYPE_APACHE_ANT
    /**=httpSessionContextIntegrationFilter,logoutFilter,concurrentSessionFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
   </value>
  </property>
 </bean>
 <!--
  /**=httpSessionContextIntegrationFilter,logoutFilter,concurrentSessionFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
 -->
 <bean id="httpSessionContextIntegrationFilter"
  class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />

 <bean id="authenticationProcessingFilter"
  class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
  <property name="authenticationManager"
   ref="authenticationManager" />
  <property name="authenticationFailureUrl"
   value="/login.jsp" />
  <property name="defaultTargetUrl" value="/index.jsp" />
  <property name="filterProcessesUrl"
   value="/j_acegi_security_check" />
 </bean>
 <bean id="securityContextHolderAwareRequestFilter"
  class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
 <bean id="exceptionTranslationFilter"
  class="org.acegisecurity.ui.ExceptionTranslationFilter">
  <property name="authenticationEntryPoint">
   <bean
    class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
    <!-- <property name="loginFormUrl" value="/index.jsp"/>-->
    <property name="loginFormUrl" value="/timeout.jsp" />
    <property name="forceHttps" value="false" />
   </bean>
  </property>
  <property name="accessDeniedHandler">
   <bean
    class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
    <property name="errorPage" value="/accessdenied.jsp" />
   </bean>
  </property>
 </bean>
 <bean id="filterInvocationInterceptor"
  class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
  <property name="authenticationManager"
   ref="authenticationManager" />
  <!--<property name="alwaysReauthenticate" value="true"/>-->
  <property name="accessDecisionManager">
   <bean class="org.acegisecurity.vote.AffirmativeBased">
    <property name="allowIfAllAbstainDecisions"
     value="false" />
    <property name="decisionVoters">
     <list>
      <ref bean="roleVoter" />
      <bean
       class="org.acegisecurity.vote.AuthenticatedVoter" />
     </list>
    </property>
   </bean>
  </property>
   <property name="objectDefinitionSource" ref="rdbmsFilterInvocationDefinitionSource" />
 </bean>

        <bean id="rdbmsFilterInvocationDefinitionSource" 
     class="org.apache.easframework.security.RdbmsFilterInvocationDefinitionSource">
     <property name="dataSource" ref="dataSource" />
                <property name="webresdbCache" ref="userCacheBackend" />
     <!--<property name="webresdbCache" ref="webresCacheBackend" />-->
        </bean>
      <!--
      <bean id="webresCacheBackend"
     class="org.springframework.cache.ehcache.EhCacheFactoryBean">
      <property name="cacheManager">
         <ref local="cacheManager"/>
      </property>
      <property name="cacheName">
         <value>webresdbCache</value>
      </property>
      </bean>
      -->

 <bean id="authenticationManager"
  class="org.acegisecurity.providers.ProviderManager">
  <property name="providers">
   <list>
    <!--  <ref local="mybean"/> -->
    <ref local="daoAuthenticationProvider" />
    <ref local="anonymousAuthenticationProvider" />
   </list>
  </property>
  <property name="sessionController"
   ref="concurrentSessionController" />
 </bean>

 <bean id="anonymousProcessingFilter"
  class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
  <property name="key">
   <value>foobar</value>
  </property>
  <property name="userAttribute">
   <value>anonymousUser,AUTH_ANONYMOUS</value>
  </property>
 </bean>

 <bean id="daoAuthenticationProvider"
  class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
  <property name="userDetailsService" ref="jdbcDaoImpl" />
  <!-- 注释掉下面的chache是因为导致权限更改不能立即生效 -->
  <!--<property name="userCache"><ref local="userCache"/></property>-->
  <!--if you  do not want encode password -->
  <property name="passwordEncoder" ref="passwordEncoder" />
 </bean>
 <bean id="passwordEncoder"
  class="org.acegisecurity.providers.encoding.Md5PasswordEncoder" />

 <bean id="loggerListener"
  class="org.acegisecurity.event.authentication.LoggerListener" />

 <bean id="jdbcDaoImpl"
  class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
  <property name="dataSource">
   <ref bean="dataSource" />
  </property>
  <property name="usersByUsernameQuery">
   <value>
    SELECT user_id, user_password,1 FROM eas_login_user
    WHERE user_id=?
   </value>
   <!--<value>SELECT user_sAccount, User_sPassword,User_nIsEnabled FROM Sys_user WHERE User_sAccount=?</value>-->
  </property>
  <property name="authoritiesByUsernameQuery">
   <value> select distinct a.user_id,b.auth_code from eas_login_user a ,eas_auth b,eas_roleauth_rel c ,eas_roleorg_rel d
 where a.user_id=? and b.obj_id=c.auth_id and c.role_id  = d.role_id and a.is_enabled=1  and   d.org_id=a.obj_id and  d.org_id in
 ( select org_id from eas_org_node  where tree_code in 
 (select eas_org_node.tree_code from eas_org_node,eas_login_user where eas_login_user.user_id=a.user_id and eas_login_user.obj_id=eas_org_node.obj_id))
   </value>
  </property>
 </bean>

 <bean id="anonymousAuthenticationProvider"
  class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
  <property name="key">
   <value>foobar</value>
  </property>
 </bean>

 <bean id="userCacheBackend"
  class="org.springframework.cache.ehcache.EhCacheFactoryBean">
  <property name="cacheManager">
   <ref local="cacheManager" />
  </property>
  <property name="cacheName">
   <value>userCache</value>
  </property>
 </bean>

 <bean id="userCache"
  class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
  <property name="cache">
   <ref local="userCacheBackend" />
  </property>
 </bean>

 <bean id="cacheManager"
  class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
  <property name="configLocation">
   <value>classpath:ehcache.xml</value>
   <!--<value>classpath:com/iss/config/ehcache.xml</value>  -->
  </property>
 </bean>

 <bean id="methodCache"
  class="org.springframework.cache.ehcache.EhCacheFactoryBean">
  <property name="cacheManager">
   <ref local="cacheManager" />
  </property>
  <property name="cacheName">
   <value>szairCache</value>
  </property>
 </bean>

 <bean id="transactionManager"
  class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
  <property name="dataSource">
   <ref local="dataSource" />
  </property>
 </bean>

 <bean id="jdbcTemplate"
  class="org.springframework.jdbc.core.JdbcTemplate">
  <property name="dataSource">
   <ref bean="dataSource" />
  </property>
 </bean>

 <bean id="businessAccessDecisionManager"
  class="org.acegisecurity.vote.AffirmativeBased">
  <property name="allowIfAllAbstainDecisions">
   <value>false</value>
  </property>
  <property name="decisionVoters">
   <list>
    <ref bean="roleVoter" />
   </list>
  </property>
 </bean>

 <bean id="customEditorConfigurer"
  class="org.springframework.beans.factory.config.CustomEditorConfigurer">
  <property name="customEditors">
   <map>
    <entry
     key="org.acegisecurity.intercept.method.MethodDefinitionSource">
     <bean
      class="org.apache.easframework.core.acegi.DataSourceMethodDefinitionSourceEditor">
      <property name="jdbcTemplate">
       <ref bean="jdbcTemplate" />
      </property>
     </bean>
    </entry>
   </map>
  </property>
 </bean>


 <bean id="contactManagerSecurity"
  class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
  <property name="authenticationManager">
   <ref bean="authenticationManager" />
  </property>
  <property name="accessDecisionManager">
   <ref bean="businessAccessDecisionManager" />
  </property>
  <property name="objectDefinitionSource">
   <value>
    select auth.auth_code,auth.auth_resource from eas_auth
    auth where auth.auth_type='METHOD' and auth.auth_code
    like 'AUTH_METHOD_%'
   </value>
  </property>
 </bean>

 <bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
  <property name="rolePrefix">
   <value>AUTH_</value>
  </property>
 </bean>
        <!--
        <bean id="DWRSecure" class="org.springframework.aop.framework.ProxyFactoryBean">
           <property name="target" ref=
        </bean>-->


</beans>
 

你可能感兴趣的:(Acegi)