spring-security 2.0.2 초기 설정
spring security , , spring security 。
web.xml
<!-- spring acegi com.work.core.QxglConstants.USE_ACEGI=true
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener-class>
org.springframework.security.ui.session.HttpSessionEventPublisher
</listener-class>
</listener>
-->
applicationContext-spring-security-2.0.2.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<authentication-manager alias="authenticationManager" />
<beans:bean id="accessDecisionManager"
class="org.springframework.security.vote.AffirmativeBased">
<beans:property name="allowIfAllAbstainDecisions" value="false" /><!-- allowIfAllAbstainDecisions : :“ ” -->
<beans:property name="decisionVoters"><!-- -->
<beans:list>
<beans:bean class="org.springframework.security.vote.RoleVoter" />
<beans:bean class="org.springframework.security.vote.AuthenticatedVoter" />
</beans:list>
</beans:property>
</beans:bean>
<beans:bean id="filterInvocationInterceptor"
class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<!-- secureResourceFilter ! 。 , ?-->
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="accessDecisionManager" ref="accessDecisionManager" />
<beans:property name="objectDefinitionSource" ref="secureResourceFilter" />
</beans:bean>
<beans:bean id="secureResourceFilter" class="com.work.qxgl.springsecurity.MySecureResourceFilter" />
<http auto-config="true" access-denied-page="/commons/403.jsp">
<intercept-url pattern="/" access="ROLE_USER"/>
<intercept-url pattern="/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/imageszhuye/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/js/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/ganjian*/**" access="ROLE_SUPERVISOR,ROLE_enterprise_manager"/>
<intercept-url pattern="/qxgl/menutree/**" access="ROLE_SUPERVISOR,ROLE_USER"/>
<intercept-url pattern="/qxgl*/**" access="ROLE_SUPERVISOR,ROLE_PERMITMANAGER"/>
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <!-- access="ROLE_ANONYMOUS" -->
<concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" />
<form-login login-page="/acegilogin.jsp" authentication-failure-url="/acegilogin.jsp"
default-target-url="/sysmain.action" />
<!-- ,sysmain.action 。 !-->
<logout logout-success-url="/logout.jsp" /><!-- j_spring_security_logout URL, logout.jsp logout 。 -->
</http>
<!-- Automatically receives AuthenticationEvent messages -->
<beans:bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener" />
<authentication-provider >
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT U.user_account as username, U.user_password as password, 'true' AS enabled FROM qxgl_user U where U.user_issysuser=1 and U.user_account=?"
authorities-by-username-query="select a.user_account as username,c.role_name as authority from qxgl_user a ,qxgl_user_role b,qxgl_role c where a.user_id=b.user_id and b.role_id=c.role_id and a.user_account=?" />
<!-- group-authorities-by-username-query -->
</authentication-provider>
</beans:beans>
java MySecureResourceFilter
package com.work.qxgl.springsecurity;
import java.util.Collection;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttributeEditor;
import org.springframework.security.intercept.web.FilterInvocation;
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;
import com.work.core.spring.MyBeanUtil;
import com.work.qxgl.model.QxglRole;
import com.work.qxgl.usermodel.UserModelServiceDao;
/**
* TODO ! 。 !!!
* @author wangmingjie
*
*/
public class MySecureResourceFilter implements FilterInvocationDefinitionSource {
private static Log log = LogFactory.getLog(MySecureResourceFilter.class);
public ConfigAttributeDefinition getAttributes(Object filter)
throws IllegalArgumentException {
FilterInvocation filterInvocation = (FilterInvocation) filter;
String url = filterInvocation.getRequestUrl();
if(log.isDebugEnabled()){
log.debug("UR :"+url);
}
UserModelServiceDao userModelServiceDao = (UserModelServiceDao) MyBeanUtil
.getBean("userModelServiceDao");
List<QxglRole> urlRoles = userModelServiceDao.getRolesByUrl(url);
ConfigAttributeEditor configAttrEditor = new ConfigAttributeEditor();
// get the Roles that can access this Url
// resource, ;
// , , 。
// , , 。 , 。
StringBuffer rolesList = new StringBuffer();
if (urlRoles == null || urlRoles.size() < 1) {
// URL , form 。
if(log.isDebugEnabled()){
log.debug("URL , form ROLE_USER。");
}
rolesList.append("ROLE_USER,");
} else {
for (QxglRole role : urlRoles) {
rolesList.append(role.getRoleName());
rolesList.append(",");
}
// don't want to end with a "," so remove the last ","
if (rolesList.length() > 0)
rolesList.replace(rolesList.length() - 1,
rolesList.length() + 1, "");
}
if(log.isDebugEnabled()){
log.debug("URL"+url+" :"+rolesList.toString());
}
configAttrEditor.setAsText(rolesList.toString());
return (ConfigAttributeDefinition) configAttrEditor.getValue();
}
public Collection getConfigAttributeDefinitions() {
return null;
}
public boolean supports(Class arg0) {
return true;
}
}
이 내용에 흥미가 있습니까?
현재 기사가 여러분의 문제를 해결하지 못하는 경우 AI 엔진은 머신러닝 분석(스마트 모델이 방금 만들어져 부정확한 경우가 있을 수 있음)을 통해 가장 유사한 기사를 추천합니다:
thymeleaf로 HTML 페이지를 동적으로 만듭니다 (spring + gradle)지난번에는 에서 화면에 HTML을 표시했습니다. 이번에는 화면을 동적으로 움직여보고 싶기 때문에 입력한 문자를 화면에 표시시키고 싶습니다. 초보자의 비망록이므로 이상한 점 등 있으면 지적 받을 수 있으면 기쁩니다! ...
텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
CC BY-SA 2.5, CC BY-SA 3.0 및 CC BY-SA 4.0에 따라 라이센스가 부여됩니다.