说明:
URL的授权写到了数据库里了,所以更改URL授权的时候不需要更改配置文件
<?xml version="1.0" encoding="GB2312"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
<bean id="concurrentSessionFilter"
class="org.acegisecurity.concurrent.ConcurrentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry"></property>
<property name="expiredUrl">
<value>/timeout.jsp</value>
</property>
</bean>
<bean id="sessionRegistry"
class="org.acegisecurity.concurrent.SessionRegistryImpl" />
<bean id="concurrentSessionController"
class="org.acegisecurity.concurrent.ConcurrentSessionControllerImpl">
<property name="maximumSessions" value="10"></property>
<property name="sessionRegistry" ref="sessionRegistry"></property>
<property name="exceptionIfMaximumExceeded" value="true"></property>
</bean>
<bean id="logoutFilter"
class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/login.jsp" />
<constructor-arg>
<list>
<bean
class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
</list>
</constructor-arg>
</bean>
<bean id="dataSource"
class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName">
<!--tomcat-->
<value>java:comp/env/jdbc/mysql</value>
<!--websphere-->
<!--<value>jdbc/mysql</value>-->
</property>
</bean>
<bean id="filterChainProxy"
class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter,logoutFilter,concurrentSessionFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
</value>
</property>
</bean>
<!--
/**=httpSessionContextIntegrationFilter,logoutFilter,concurrentSessionFilter,authenticationProcessingFilter,securityContextHolderAwareRequestFilter,anonymousProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
-->
<bean id="httpSessionContextIntegrationFilter"
class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />
<bean id="authenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager"
ref="authenticationManager" />
<property name="authenticationFailureUrl"
value="/login.jsp" />
<property name="defaultTargetUrl" value="/index.jsp" />
<property name="filterProcessesUrl"
value="/j_acegi_security_check" />
</bean>
<bean id="securityContextHolderAwareRequestFilter"
class="org.acegisecurity.wrapper.SecurityContextHolderAwareRequestFilter" />
<bean id="exceptionTranslationFilter"
class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<!-- <property name="loginFormUrl" value="/index.jsp"/>-->
<property name="loginFormUrl" value="/timeout.jsp" />
<property name="forceHttps" value="false" />
</bean>
</property>
<property name="accessDeniedHandler">
<bean
class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessdenied.jsp" />
</bean>
</property>
</bean>
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"
ref="authenticationManager" />
<!--<property name="alwaysReauthenticate" value="true"/>-->
<property name="accessDecisionManager">
<bean class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"
value="false" />
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
<bean
class="org.acegisecurity.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
</property>
<property name="objectDefinitionSource" ref="rdbmsFilterInvocationDefinitionSource" />
</bean>
<bean id="rdbmsFilterInvocationDefinitionSource"
class="org.apache.easframework.security.RdbmsFilterInvocationDefinitionSource">
<property name="dataSource" ref="dataSource" />
<property name="webresdbCache" ref="userCacheBackend" />
<!--<property name="webresdbCache" ref="webresCacheBackend" />-->
</bean>
<!--
<bean id="webresCacheBackend"
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<ref local="cacheManager"/>
</property>
<property name="cacheName">
<value>webresdbCache</value>
</property>
</bean>
-->
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<!-- <ref local="mybean"/> -->
<ref local="daoAuthenticationProvider" />
<ref local="anonymousAuthenticationProvider" />
</list>
</property>
<property name="sessionController"
ref="concurrentSessionController" />
</bean>
<bean id="anonymousProcessingFilter"
class="org.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
<property name="key">
<value>foobar</value>
</property>
<property name="userAttribute">
<value>anonymousUser,AUTH_ANONYMOUS</value>
</property>
</bean>
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="jdbcDaoImpl" />
<!-- 注释掉下面的chache是因为导致权限更改不能立即生效 -->
<!--<property name="userCache"><ref local="userCache"/></property>-->
<!--if you do not want encode password -->
<property name="passwordEncoder" ref="passwordEncoder" />
</bean>
<bean id="passwordEncoder"
class="org.acegisecurity.providers.encoding.Md5PasswordEncoder" />
<bean id="loggerListener"
class="org.acegisecurity.event.authentication.LoggerListener" />
<bean id="jdbcDaoImpl"
class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="dataSource">
<ref bean="dataSource" />
</property>
<property name="usersByUsernameQuery">
<value>
SELECT user_id, user_password,1 FROM eas_login_user
WHERE user_id=?
</value>
<!--<value>SELECT user_sAccount, User_sPassword,User_nIsEnabled FROM Sys_user WHERE User_sAccount=?</value>-->
</property>
<property name="authoritiesByUsernameQuery">
<value> select distinct a.user_id,b.auth_code from eas_login_user a ,eas_auth b,eas_roleauth_rel c ,eas_roleorg_rel d
where a.user_id=? and b.obj_id=c.auth_id and c.role_id = d.role_id and a.is_enabled=1 and d.org_id=a.obj_id and d.org_id in
( select org_id from eas_org_node where tree_code in
(select eas_org_node.tree_code from eas_org_node,eas_login_user where eas_login_user.user_id=a.user_id and eas_login_user.obj_id=eas_org_node.obj_id))
</value>
</property>
</bean>
<bean id="anonymousAuthenticationProvider"
class="org.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key">
<value>foobar</value>
</property>
</bean>
<bean id="userCacheBackend"
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<ref local="cacheManager" />
</property>
<property name="cacheName">
<value>userCache</value>
</property>
</bean>
<bean id="userCache"
class="org.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache">
<ref local="userCacheBackend" />
</property>
</bean>
<bean id="cacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
<property name="configLocation">
<value>classpath:ehcache.xml</value>
<!--<value>classpath:com/iss/config/ehcache.xml</value> -->
</property>
</bean>
<bean id="methodCache"
class="org.springframework.cache.ehcache.EhCacheFactoryBean">
<property name="cacheManager">
<ref local="cacheManager" />
</property>
<property name="cacheName">
<value>szairCache</value>
</property>
</bean>
<bean id="transactionManager"
class="org.springframework.jdbc.datasource.DataSourceTransactionManager">
<property name="dataSource">
<ref local="dataSource" />
</property>
</bean>
<bean id="jdbcTemplate"
class="org.springframework.jdbc.core.JdbcTemplate">
<property name="dataSource">
<ref bean="dataSource" />
</property>
</bean>
<bean id="businessAccessDecisionManager"
class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions">
<value>false</value>
</property>
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
</list>
</property>
</bean>
<bean id="customEditorConfigurer"
class="org.springframework.beans.factory.config.CustomEditorConfigurer">
<property name="customEditors">
<map>
<entry
key="org.acegisecurity.intercept.method.MethodDefinitionSource">
<bean
class="org.apache.easframework.core.acegi.DataSourceMethodDefinitionSourceEditor">
<property name="jdbcTemplate">
<ref bean="jdbcTemplate" />
</property>
</bean>
</entry>
</map>
</property>
</bean>
<bean id="contactManagerSecurity"
class="org.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
<property name="authenticationManager">
<ref bean="authenticationManager" />
</property>
<property name="accessDecisionManager">
<ref bean="businessAccessDecisionManager" />
</property>
<property name="objectDefinitionSource">
<value>
select auth.auth_code,auth.auth_resource from eas_auth
auth where auth.auth_type='METHOD' and auth.auth_code
like 'AUTH_METHOD_%'
</value>
</property>
</bean>
<bean id="roleVoter" class="org.acegisecurity.vote.RoleVoter">
<property name="rolePrefix">
<value>AUTH_</value>
</property>
</bean>
<!--
<bean id="DWRSecure" class="org.springframework.aop.framework.ProxyFactoryBean">
<property name="target" ref=
</bean>-->
</beans>