spring security2.0+hibernate3.2札记之配置文件
spring security2.0+hibernate3.2笔记之配置文件
目录结构:src/applicationContext.xml;WebRoot/WEB-INF/security.xml;WebRoot/WEB-INF/web.xml;
配置文件:
- web.xml
<?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <context-param> <param-name>contextConfigLocation</param-name> <param-value> classpath:applicationContext.xml /WEB-INF/security.xml </param-value> </context-param> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <!-- 延迟加载 开始--> <filter> <filter-name>lazy</filter-name> <filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class> </filter> <filter-mapping> <filter-name>lazy</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- 延迟加载 结束--> <!-- Spring 开始--> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- Spring 结束--> <!-- Spring Security 开始--> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- Spring Security 结束--> <!-- Spring Security 会话管理 开始--> <listener> <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class> </listener> <!-- Spring Security 会话管理 结束--> </web-app>
- applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd" default-autowire="byType"> <!-- 启动注解 --> <context:annotation-config /> <!-- 指定使用了注解的类所在包 --> <context:component-scan base-package="com.ss3" /> <!-- 启用注解事务 --> <bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager"></bean> <tx:annotation-driven /> <!-- 配置文件读取 --> <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer" autowire="no"> <property name="locations"> <list> <value>classpath:jdbc.properties</value> </list> </property> </bean> <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName" value="${jdbc.driverClassName}"> </property> <property name="url" value="${jdbc.url}"> </property> <property name="username" value="${jdbc.userName}"></property> <property name="password" value="${jdbc.pwd}"></property> </bean> <bean id="sessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean" autowire="byName"> <property name="dataSource" ref="dataSource"></property> <property name="configLocation" value="classpath:hibernate.cfg.xml"> </property> </bean> </beans>
- security.xml
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd" default-autowire="byType"> <http auto-config="true" access-denied-page="/deny.html"> <intercept-url pattern="/index.jsp" filters="none" /> <!-- 控制多用户登陆 --> <session-management> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/> </session-management> <!-- 增加一个filter位于FILTER_SECURITY_INTERCEPTOR之前 --> <custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" /> </http> <!-- 一个自定义的filter,必须包含authenticationManager,accessDecisionManager,securityMetadataSource三个属性 --> <beans:bean id="myFilter" class="com.ss3.filter.MyFilterSecurityInterceptor" autowire="no"> <beans:property name="authenticationManager" ref="myAuthenticationManager" /> <!-- 访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源 注解--> <beans:property name="accessDecisionManager" ref="myAccessDecisionManager" /> <!-- 资源源数据定义,将所有的资源和权限对应关系建立起来,即定义某一资源被允许访问的角色 --> <beans:property name="securityMetadataSource" ref="myInvocationSecurityMetadataSourceService" /> </beans:bean> <!-- 验证配置 , 认证管理器,实现用户认证的入口,实现UserDetailsService接口即可 --> <authentication-manager alias="myAuthenticationManager"> <authentication-provider user-service-ref="myUserDetailsService"> <password-encoder hash="md5"> <salt-source user-property="username" /> </password-encoder> </authentication-provider> </authentication-manager> </beans:beans>