<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "<beans>
聽聽 <!-- ======================== FILTER CHAIN ======================= -->
聽<!--聽 if you wish to use channel security, add "channelProcessingFilter," in front
聽聽聽聽聽聽 of "httpSessionContextIntegrationFilter" in the list below -->
聽聽聽聽聽聽
聽<!-- 棣栧厛鏄0鏄庤繃婊ゅ櫒搴忓垪 -->
聽<bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy">
聽聽聽聽聽 <property name="filterInvocationDefinitionSource">
聽聽聽聽聽聽聽聽 <value>
聽聽聽聽聽 CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
聽聽聽聽聽 PATTERN_TYPE_APACHE_ANT
聽聽聽聽聽聽聽聽聽聽聽聽聽 /**=httpSessionContextIntegrationFilter,authenticationProcessingFilter,anonymousProcessingFilter,securityEnforcementFilter
聽聽聽聽聽聽聽聽 </value>
聽聽聽聽聽 </property>
聽聽聽 </bean>
<!-- 鏍規嵁session涓瓨鏀劇殑淇℃伅緇勮ContextHolder銆侰ontextHolder涓昏鐢ㄤ簬瀛樻斁SecureContext錛屽寘鎷敤鎴風殑鏉冮檺淇℃伅 -->
聽 <bean id="httpSessionContextIntegrationFilter" class="net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter">
聽 <!-- 璇存槑錛?context灞炴ф寚瀹歝ontext鐨勫疄鐜扮被銆?-->
聽聽聽聽 <property name="context"><value>net.sf.acegisecurity.context.security.SecureContextImpl</value></property>
聽 </bean>
聽聽 <!-- ======================== AUTHENTICATION ======================= -->
聽聽 <!--
聽聽 錛堣璇佺鐞嗗櫒錛夌敤浜庣鐞咥uthenticationProvider錛堣璇佹彁渚涜咃級銆傚畠鐨勪綔鐢ㄦ槸浣夸綘鑳藉閫氳繃澶氫釜涓嶅悓鐨勮璇佺鐞嗘簮鏉ュ鐢ㄦ埛榪涜璁よ瘉銆?br />聽聽 璁よ瘉綆$悊鍣ㄥ皢渚濇璋冪敤璁よ瘉鎻愪緵鑰呯殑璁よ瘉鏂規硶錛岀洿鍒拌璇侀氳繃銆傛湰紼嬪簭浣跨敤涓ょ璁よ瘉鎻愪緵鑰呫?br />聽聽聽 -->
聽聽 <bean id="authenticationManager" class="net.sf.acegisecurity.providers.ProviderManager">
聽聽聽聽聽 <property name="providers">
聽聽聽聽聽聽聽聽 <list>
聽聽聽聽聽聽聽聽聽聽聽 <ref local="daoAuthenticationProvider"/> <!-- 鍩轟簬鏁版嵁搴撶殑璁よ瘉鎻愪緵鑰呫?-->
聽聽聽聽聽聽聽聽聽聽 <ref local="anonymousAuthenticationProvider"/> <!-- 鐢ㄤ簬璁よ瘉鍖垮悕鐢ㄦ埛銆?-->
聽聽聽聽聽聽聽聽 </list>
聽聽聽聽聽 </property>
聽聽 </bean>
<!--
鏄璇佹暟鎹闂璞★紝瀹冭兘澶熶粠榛樿鐨勬暟鎹簱緇撴瀯涓幏鍙栫敤鎴蜂俊鎭紝鐢變簬Acegi榛樿鐨勬暟鎹簱緇撴瀯鍜屾湰紼嬪簭鐨勪笉鍚岋紝
鍥犳闇瑕佷慨鏀筳dbcDaoImpl鐨勯粯璁ql銆?br />娉ㄦ剰錛岄噰鐢ㄨ繖縐嶆柟寮忚兘澶熶嬌Acegi寰堝ソ鐨勫吋瀹規棫鐨勫簲鐢ㄧ▼搴忥紝鍥犱負瀹冨搴曞眰鐨勬暟鎹粨鏋勫茍娌℃湁寮哄埗瑕佹眰銆?br />聽-->
聽聽 <bean id="jdbcDaoImpl" class="net.sf.acegisecurity.providers.dao.jdbc.JdbcDaoImpl">
聽聽聽聽 <property name="dataSource"><ref bean="dataSource"/></property> <!-- 鏁版嵁婧恇ean -->
聽聽聽聽 <property name="usersByUsernameQuery"> <!-- 鐢ㄦ埛淇℃伅鏌ヨsql -->
聽聽聽聽聽聽 <value>SELECT USERNAME, PASSWORD,ENABLED FROM USERINFO WHERE USERNAME=?</value>
聽聽聽聽 </property>
聽聽聽聽 <property name="authoritiesByUsernameQuery"> <!-- 鐢ㄦ埛鏉冮檺鏌ヨsql -->
聽聽聽聽聽聽 <value>
聽聽聽聽聽聽聽聽 SELECT username,authority FROM `userinfo` u, `authorities` a,`user_auth` ua
聽聽聽聽聽聽聽聽 WHERE u.user_id=ua.user_id
聽聽聽聽聽聽聽聽 and a.auth_id=ua.auth_id
聽聽聽聽聽聽聽聽 and u.username = ?
聽聽聽聽聽聽 </value>
聽聽聽聽 </property>
聽聽 </bean>
聽 <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"/>
聽 <bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
聽聽聽聽 <property name="cacheManager"> <ref local="cacheManager"/> </property>
聽聽聽聽 <property name="cacheName"> <value>userCache</value> </property>
聽 </bean>
<!-- 鐢ㄤ簬瀹氫箟鐢ㄦ埛淇℃伅cache鍔熻兘鐨勬彁渚涜?-->
<!-- 鏈▼搴忛噰鐢╡hcache浣滀負cache瀹炵幇銆傜敱浜庤璇佺鐞嗗櫒鍦ㄦ瘡嬈″http璇鋒眰榪涜璁よ瘉涔嬪墠閮戒細鏌ユ壘鐢ㄦ埛淇℃伅錛?br />閫氳繃浣跨敤cache灝卞彲浠ラ伩鍏嶆瘡嬈¢兘閲嶅璁塊棶鏁版嵁搴撱?-->
聽 <bean id="userCache" class="net.sf.acegisecurity.providers.dao.cache.EhCacheBasedUserCache">
聽聽聽聽 <property name="cache"><ref local="userCacheBackend"/></property> <!-- 瀹氫箟ehcache宸ュ巶bean -->
聽 </bean>
<!--
涓昏鍔熻兘鏄粠鏁版嵁搴撳彇鍑虹敤鎴峰悕鍜屽瘑鐮侊紝鍒ゆ柇鐧誨綍淇℃伅鏄惁姝g‘錛屽鏋滄槸錛屽垯鍙栧嚭鐢ㄦ埛鏉冮檺絳夌敤鎴蜂俊鎭紝
騫朵笖瀛樻斁鍒癱ache涓紝浠ヤ究浠ュ悗鍐嶆浣跨敤銆傚叿浣撴祦紼嬪彲浠ュ弬鑰冿細DaoAuthenticationProvider鐨刟uthenticate鏂規硶銆?br />聽-->
聽聽 <bean id="daoAuthenticationProvider" class="net.sf.acegisecurity.providers.dao.DaoAuthenticationProvider">
聽聽聽聽聽 <property name="authenticationDao"><ref local="jdbcDaoImpl"/></property> <!-- 璁よ瘉鏁版嵁璁塊棶瀵硅薄錛岀敤浜庤幏鍙栫敤鎴蜂俊鎭紝鍖呮嫭錛氱敤鎴峰悕錛岀敤鎴峰瘑鐮侊紝鐢ㄦ埛鐘舵佸拰鐢ㄦ埛鏉冮檺銆?-->
聽聽聽聽聽 <property name="userCache"><ref local="userCache"/></property> <!-- 鐢ㄦ埛淇℃伅cache瀹炵幇bean -->
聽聽 </bean>
聽聽 <!-- Automatically receives AuthenticationEvent messages from DaoAuthenticationProvider -->
聽聽 <bean id="loggerListener" class="net.sf.acegisecurity.providers.dao.event.LoggerListener"/>
<!-- 鍖垮悕鐢ㄦ埛澶勭悊銆傚鏋滅敤鎴峰皻鏈櫥褰曪紝灝嗙敓鎴愪竴涓尶鍚嶇敤鎴風殑Authentication瀛樻斁鍒?ContextHolder涓?-->
<!-- anonymousProcessingFilter鐨勪綔鐢ㄦ槸鍒ゆ柇ContextHolder涓槸鍚︽湁Authentication瀵硅薄錛屽鏋滄病鏈夊氨鍒涘緩涓涓狝uthentication瀵硅薄錛?br />鍏朵腑鍖呭惈鐨勭敤鎴峰悕鏄痑nonymousUser錛岀敤鎴鋒潈闄愭槸AUTH_ANONYMOUS銆傝繖浣垮緱娌℃湁鐧誨綍鐨勫尶鍚嶇敤鎴瘋兘澶熻嚜鍔ㄧ殑鑾峰緱鍖垮悕鐨勭敤鎴峰悕鍜屾潈闄愩?-->
聽 <bean id="anonymousProcessingFilter" class="net.sf.acegisecurity.providers.anonymous.AnonymousProcessingFilter">
聽聽聽聽 <property name="key"><value>foobar</value></property>
聽聽聽聽 <property name="userAttribute"><value>anonymousUser,AUTH_ANONYMOUS</value></property>
聽 </bean>
聽 <bean id="anonymousAuthenticationProvider" class="net.sf.acegisecurity.providers.anonymous.AnonymousAuthenticationProvider">
聽聽聽聽 <property name="key"><value>foobar</value></property>
聽 </bean>
聽聽 <!-- ===================== HTTP REQUEST SECURITY ==================== -->
聽聽 <!-- 澶勭悊璁よ瘉璇鋒眰錛堥氬父鏄竴涓櫥褰曢〉闈㈢殑琛ㄥ崟璇鋒眰錛?-->
聽聽 <bean id="authenticationProcessingFilter" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
聽聽聽聽聽 <property name="authenticationManager"><ref bean="authenticationManager"/></property> <!-- 璁よ瘉綆$悊鍣?-->
聽聽聽聽聽 <property name="authenticationFailureUrl"><value>/login.jsp?login_error=1</value></property> <!-- 璁よ瘉澶辮觸鍚庯紝閲嶅畾鍚戠殑url -->
聽聽聽聽聽 <property name="defaultTargetUrl"><value>/index.jsp</value></property> <!-- 璁よ瘉鎴愬姛鍚庯紝閲嶅畾鍚戠殑url -->
聽聽聽聽聽 <property name="filterProcessesUrl"><value>/j_acegi_security_check</value></property>
聽聽聽聽聽 <!-- 璇ヨ繃婊ゅ櫒鎷︽埅鐨剈rl錛岄氬父鏄?j_acegi_security_check錛屽拰鐧誨綍欏甸潰錛坙ogin.jsp錛夌殑鐧誨綍琛ㄥ崟鐨刟ction鐩稿悓 -->
聽聽 </bean>
<!-- 寮哄埗瀹夊叏楠岃瘉榪囨護鍣ㄣ傞獙璇佹墍璇鋒眰鐨剈rl鏄惁鍦ㄧ敤鎴風殑鏉冮檺鑼冨洿鍐呫?-->
聽 <bean id="securityEnforcementFilter" class="net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter">
聽聽聽聽 <property name="filterSecurityInterceptor"><ref local="filterInvocationInterceptor"/></property> <!-- 瀹炵幇瀵筓RL璧勬簮榪涜鎺堟潈璁塊棶銆?-->
聽聽聽聽 <property name="authenticationEntryPoint"><ref local="authenticationProcessingFilterEntryPoint"/></property>
聽聽聽聽 <!-- 閰嶇疆鐧誨綍鐣岄潰淇℃伅銆?-->
聽 </bean>
聽聽 <bean id="authenticationProcessingFilterEntryPoint" class="net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
聽聽聽聽聽 <property name="loginFormUrl"><value>/login.jsp</value></property>
聽聽聽聽聽 <property name="forceHttps"><value>false</value></property>
聽聽 </bean>
聽聽
聽聽 <bean id="filterInvocationInterceptor" class="net.sf.acegisecurity.intercept.web.FilterSecurityInterceptor">
聽聽聽聽聽 <property name="authenticationManager"><ref bean="authenticationManager"/></property> <!-- 璁よ瘉綆$悊鍣?-->
聽聽聽聽聽 <property name="accessDecisionManager"><ref local="httpRequestAccessDecisionManager"/></property> <!-- 鎶曠エ閫氳繃絳栫暐綆$悊鍣?-->
聽聽聽聽聽 <!-- accessDecisionManager錛堣闂喅絳栫鐞嗗櫒錛夐鍏堥氳繃authenticationManager鍒ゆ柇鐢ㄦ埛鏄惁閫氳繃璁よ瘉錛堝嵆鏄惁宸茬粡鐧誨綍錛夛紝
聽聽聽聽聽 鐒跺悗鏍規嵁objectDefinitionSource鐨勯厤緗俊鎭皟鐢╝ccessDecisionManager瀵圭敤鎴鋒潈闄愯繘琛屾姇紲ㄣ?-->
聽聽聽聽聽 <property name="objectDefinitionSource"> <!-- URL鐨勬潈闄愰厤緗俊鎭傜敤浜庢寚瀹氫笉鍚岀殑URL璧勬簮瀵瑰簲鐨勬潈闄愩?-->
聽聽聽聽聽聽聽聽 <value>
聽聽聽聽聽聽 CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
聽聽聽聽聽聽 PATTERN_TYPE_APACHE_ANT
聽聽聽聽聽聽 /**/*.jpg=AUTH_ANONYMOUS,AUTH_USER
聽聽聽聽聽聽 /**/*.gif=AUTH_ANONYMOUS,AUTH_USER
聽聽聽聽聽聽 /**/*.png=AUTH_ANONYMOUS,AUTH_USER
聽聽聽聽聽聽 /login.jsp*=AUTH_ANONYMOUS,AUTH_USER
聽 聽聽聽聽/**=AUTH_USER
聽聽聽聽聽聽聽聽 </value>
聽聽聽聽聽聽聽聽 <!-- 浠ヤ笂閰嶇疆鎸囧畾AUTH_ANONYMOUS鏉冮檺鐨勭敤鎴鳳紙鍗沖尶鍚嶇敤鎴鳳級鍙彲浠ヨ闂浘鐗囪祫婧愬拰鐧誨綍欏甸潰錛孉UTH_USER鏉冮檺鐨勭敤鎴峰彲浠ヨ闂叏閮╓EB璧勬簮銆?-->
聽聽聽聽聽 </property>
聽聽 </bean>
<!-- httpRequestAccessDecisionManager錛堟姇紲ㄩ氳繃絳栫暐綆$悊鍣級鐢ㄤ簬綆$悊鎶曠エ閫氳繃絳栫暐銆侫cegi鎻愪緵涓夌鎶曠エ閫氳繃絳栫暐鐨勫疄鐜幫細
AffirmativeBased錛堣嚦灝戜竴涓姇紲ㄨ呭悓鎰忔柟鍙氳繃錛夛紝ConsensusBased錛堝鏁版姇紲ㄨ呭悓鎰忔柟鍙氳繃錛夛紝UnanimousBased錛堟墍鏈夋姇紲ㄨ呭悓鎰忔柟鍙氳繃錛夈?br />鏈▼搴忛噰鐢ˋffirmativeBased絳栫暐錛屽茍涓旂姝⑩滄病浜哄弽瀵瑰氨閫氳繃鈥濈殑鎶曠エ絳栫暐銆?-->
聽 <bean id="httpRequestAccessDecisionManager" class="net.sf.acegisecurity.vote.AffirmativeBased">
聽聽聽聽 <property name="allowIfAllAbstainDecisions"><value>false</value></property> <!-- 璁懼畾鏄惁鍏佽錛氣滄病浜哄弽瀵瑰氨閫氳繃鈥濈殑鎶曠エ絳栫暐 -->
聽聽聽聽 <property name="decisionVoters"> <!-- 鎶曠エ鑰?-->
聽聽聽聽聽聽聽 <list>
聽聽聽聽聽聽聽聽聽聽 <ref bean="roleVoter"/>
聽聽聽聽聽聽聽 </list>
聽聽聽聽 </property>
聽 </bean>
聽 <!-- 閫氳繃璁懼畾rolePrefix鍙互鎸囧畾roleVoter鎵鏀寔鐨勬潈闄愯寖鍥?-->
聽 <bean id="roleVoter" class="net.sf.acegisecurity.vote.RoleVoter">
聽聽<!-- 璇ユ姇紲ㄨ呮敮鎸佺殑鏉冮檺鍓嶇紑錛岄粯璁ゆ槸鈥淩OLE_鈥濓紝鏈▼搴忔墍鏈夌殑鏉冮檺瀛楃涓插潎浠モ淎UTH_鈥濆紑澶達紝鏁呰涓衡淎UTH_鈥?-->
聽聽聽 <property name="rolePrefix"><value>AUTH_</value></property>
聽 </bean>
</beans>
]]>