您的位置: 首页  >  IT文章  >  spring security2.0+hibernate3.2札记之配置文件

spring security2.0+hibernate3.2札记之配置文件

分类: IT文章 2024-04-01 21:13:12
spring security2.0+hibernate3.2笔记之配置文件

目录结构:src/applicationContext.xml;WebRoot/WEB-INF/security.xml;WebRoot/WEB-INF/web.xml;

配置文件:

  1. web.xml 
    <?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
	http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
	
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			classpath:applicationContext.xml
			/WEB-INF/security.xml
		</param-value>
	</context-param>
	
	<welcome-file-list>
		<welcome-file>index.jsp</welcome-file>
	</welcome-file-list>
	<!-- 延迟加载  开始-->
	<filter>
		<filter-name>lazy</filter-name>
		<filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>lazy</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<!-- 延迟加载  结束-->

	<!-- Spring 开始-->
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	<!-- Spring 结束-->

	<!-- Spring Security 开始-->
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>
	<!-- Spring Security 结束-->
	
	<!-- Spring Security 会话管理  开始-->
	<listener>
		<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
	</listener>
	<!-- Spring Security 会话管理  结束-->
</web-app>
     
  2. applicationContext.xml 
    <?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:tx="http://www.springframework.org/schema/tx"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
         http://www.springframework.org/schema/tx
		 http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
         http://www.springframework.org/schema/context
         http://www.springframework.org/schema/context/spring-context-3.0.xsd
         http://www.springframework.org/schema/aop
         http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"
	default-autowire="byType">
	
	<!-- 启动注解 -->
	<context:annotation-config />
	<!-- 指定使用了注解的类所在包  -->
	<context:component-scan base-package="com.ss3" />
	<!-- 启用注解事务 -->
	<bean id="transactionManager"
		class="org.springframework.orm.hibernate3.HibernateTransactionManager"></bean>
	<tx:annotation-driven />

	<!-- 配置文件读取 -->
	<bean
		class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
		autowire="no">
		<property name="locations">
			<list>
				<value>classpath:jdbc.properties</value>
			</list>
		</property>
	</bean>

	<bean id="dataSource"
		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
		<property name="driverClassName" value="${jdbc.driverClassName}">
		</property>
		<property name="url" value="${jdbc.url}">
		</property>
		<property name="username" value="${jdbc.userName}"></property>
		<property name="password" value="${jdbc.pwd}"></property>
	</bean>

	<bean id="sessionFactory"
		class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean" autowire="byName">
		<property name="dataSource" ref="dataSource"></property>
		<property name="configLocation" value="classpath:hibernate.cfg.xml">
		</property>
	</bean>
	
</beans>
     
  3. security.xml
    <?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
         http://www.springframework.org/schema/security
		 http://www.springframework.org/schema/security/spring-security-3.0.xsd"
	default-autowire="byType">


	<http auto-config="true" access-denied-page="/deny.html">
		<intercept-url pattern="/index.jsp" filters="none" />
		<!-- 控制多用户登陆 -->
		<session-management>
			<concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
		</session-management>
		<!--
			增加一个filter位于FILTER_SECURITY_INTERCEPTOR之前
		-->
		<custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" />
	</http>
	<!--
		一个自定义的filter,必须包含authenticationManager,accessDecisionManager,securityMetadataSource三个属性
	-->
	<beans:bean id="myFilter" class="com.ss3.filter.MyFilterSecurityInterceptor"
		autowire="no">
		<beans:property name="authenticationManager" ref="myAuthenticationManager" />
		<!-- 访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源     注解-->
		<beans:property name="accessDecisionManager" ref="myAccessDecisionManager" />
		<!-- 资源源数据定义,将所有的资源和权限对应关系建立起来,即定义某一资源被允许访问的角色 	-->
		<beans:property name="securityMetadataSource" ref="myInvocationSecurityMetadataSourceService" />
	</beans:bean>
	
	<!-- 验证配置 , 认证管理器,实现用户认证的入口,实现UserDetailsService接口即可 -->
	<authentication-manager alias="myAuthenticationManager">
		<authentication-provider user-service-ref="myUserDetailsService">
			<password-encoder hash="md5">
				<salt-source user-property="username" />
			</password-encoder>
		</authentication-provider>
	</authentication-manager>

</beans:beans>
     

相关推荐