morcble的blog

<bean id="inMemoryDaoImpl" class="net.sf.acegisecurity.providers.dao.memory.InMemoryDaoImpl">
  <property name="userMap">
    <value>
      admin=admin,ROLE_TELLER,ROLE_SUPERVISOR   <!--用戶=密碼，角色，角色，-->
      dianne=emu,ROLE_TELLER
      scott=wombat,ROLE_TELLER
      peter=opal,disabled,ROLE_TELLER
    </value>
  </property>
</bean>

<!--##########類控制開始##########-->
<bean id="bankManagerSecurity" class="net.sf.acegisecurity.intercept.method.aopalliance.MethodSecurityInterceptor">
  <property name="validateConfigAttributes"><value>true</value></property>
  <property name="authenticationManager"><ref bean="authenticationManager"/></property><!--100行-->
  <property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property><!--136行-->
  <property name="runAsManager"><ref bean="runAsManager"/></property>
  <!--<property name="afterInvocationManager"><ref bean="afterInvocationManager"/></property>-->
  <property name="objectDefinitionSource">
    <value>
       test.test1.delete*=ROLE_SUPERVISOR,ROLE_TELLER<!--控制 net.sf.acegisecurity.context.BankManager類的方法權(quán)限-->
       test.test1.getBalance=ROLE_TELLER
    </value>
  </property>
</bean>
<!--##########類控制結(jié)束##########-->

<!--
#################################################################################
###################http__authentication開始######################################
##################AuthenticationProcessingFilter#################################
#################################################################################
-->
<!--

 -->

<bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
  <property name="authenticationManager"><ref bean="authenticationManager"/></property>
  <property name="authenticationFailureUrl"><value>/login.jsp?login_error=1</value></property>
  <property name="defaultTargetUrl"><value>/success.jsp</value></property>
  <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
</bean>
<!--
#################################################################################
##################http__authentication結(jié)束########################################
##################AuthenticationProcessingFilter#################################
#################################################################################
-->

<!--filter控制  要在web.xml中配置相應(yīng)的filter  HTTP REQUEST SECURITY-->
  <!--
     <filter>
     <filter-name>Acegi HTTP Request Security Filter</filter-name>
     <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
     <init-param>
     <param-name>targetClass</param-name>
     <param-value>net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter</param-value>
     </init-param>
     </filter>
     <filter-mapping>
     <filter-name>Acegi HTTP Request Security Filter</filter-name>
     <url-pattern>/*</url-pattern>
     </filter-mapping>
   -->

<!--#################################################################################
-->
<bean id="securityEnforcementFilter"  class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
  <property name="filterSecurityInterceptor"><ref bean="filterInvocationInterceptor"/></property>
  <property name="authenticationEntryPoint"><ref bean="authenticationEntryPoint"/></property>
</bean>

<!--如果用戶沒有授權(quán) 則提醒用戶注冊  注冊頁面acegilogin.jsp-->
<bean id="authenticationEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
  <property name="loginFormUrl"><value>/login.jsp</value></property>
  <property name="forceHttps"><value>false</value></property>
</bean>

<bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
  <property name="authenticationManager"><ref bean="authenticationManager"/></property>
  <property name="accessDecisionManager"><ref bean="accessDecisionManager"/></property>
  <property name="runAsManager"><ref bean="runAsManager"/></property>
  <property name="objectDefinitionSource">
   <value>
    CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
    \A/secure/super/.*\Z=ROLE_TELLER
    \A/secure/.*\Z=ROLE_SUPERVISOR,ROLE_TELLER
   </value>
  </property>
</bean>
<!--#################################################################################
-->

<bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
   <property name="providers">
      <list>
         <ref bean="daoAuthenticationProvider"/>
      </list>
   </property>
   <property name="sessionController"><ref bean="concurrentSessionController"/></property><!--禁止同一帳號重復(fù)登陸系統(tǒng)（可選）-->
</bean>

<bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
   <property name="authenticationDao"><ref bean="authenticationDao"/></property><!--若屬性為inMemoryDaoImpl 則是存在內(nèi)存當(dāng)中的權(quán)限-->
   <property name="userCache"><ref local="userCache"/></property>
   <property name="passwordEncoder"><ref bean="passwordEncoder"/></property><!--密碼加密-->
</bean>

<bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
  <property name="cache"><ref local="userCacheBackend"/></property>
</bean>

<bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
   <property name="cacheManager">
  <ref local="cacheManager"/>
   </property>
   <property name="cacheName">
  <value>userCache</value>
   </property>
</bean>  
<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/> 

<bean id="concurrentSessionController" class="net.sf.acegisecurity.providers.ConcurrentSessionControllerImpl">
   <property name="maxSessions"><value>1</value></property>
</bean>

 <!--定義一個驗(yàn)證方法-->
 <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter"/>
   <!--具體的授權(quán)-->
 <bean id="accessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
     <property name="allowIfAllAbstainDecisions"><value>false</value></property>
  <property name="decisionVoters">
    <list>
      <ref bean="roleVoter"/>
    </list>
  </property>
 </bean>
 
<bean id="passwordEncoder" class="net.sf.acegisecurity.providers.encoding.Md5PasswordEncoder"/><!--MD5法加密-->

<!--頁面安全通道-->
<bean id="channelProcessingFilter" class="net.sf.acegisecurity.securechannel.ChannelProcessingFilter">
  <property name="channelDecisionManager">
    <ref bean="channelDecisionManager"/>
  </property>
  <property name="filterInvocationDefinitionSource">
    <value>
      CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
      \A/sec/administrator.*\Z=REQUIRES_SECURE_CHANNEL
      \A/acegilogin.jsp.*\Z=REQUIRES_SECURE_CHANNEL
      \A/j_acegi_security_check.*\Z=REQUIRES_SECURE_CHANNEL
      \A.*\Z=REQUIRES_INSECURE_CHANNEL
    </value>
  </property>
</bean>

<bean id="channelDecisionManager" class="net.sf.acegisecurity.securechannel.ChannelDecisionManagerImpl">
  <property name="channelProcessors">
    <list>
      <ref bean="secureChannelProcessor"/>
      <ref bean="insecureChannelProcessor"/>
    </list>
  </property>
</bean>
<bean id="secureChannelProcessor" class="net.sf.acegisecurity.securechannel.SecureChannelProcessor"/>
<bean id="insecureChannelProcessor" class="net.sf.acegisecurity.securechannel.InsecureChannelProcessor"/>
<bean id="runAsManager" class="net.sf.acegisecurity.runas.RunAsManagerImpl">
   <property name="key"><value>my_run_as_password</value></property>
</bean>
</beans>