spring security2.0+hibernate3.2札记之配置文件

spring security2.0+hibernate3.2笔记之配置文件

目录结构:src/applicationContext.xml;WebRoot/WEB-INF/security.xml;WebRoot/WEB-INF/web.xml;

配置文件:

  1. web.xml
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
    	http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
    	
    	<context-param>
    		<param-name>contextConfigLocation</param-name>
    		<param-value>
    			classpath:applicationContext.xml
    			/WEB-INF/security.xml
    		</param-value>
    	</context-param>
    	
    	<welcome-file-list>
    		<welcome-file>index.jsp</welcome-file>
    	</welcome-file-list>
    	<!-- 延迟加载  开始-->
    	<filter>
    		<filter-name>lazy</filter-name>
    		<filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
    	</filter>
    	<filter-mapping>
    		<filter-name>lazy</filter-name>
    		<url-pattern>/*</url-pattern>
    	</filter-mapping>
    	<!-- 延迟加载  结束-->
    
    	<!-- Spring 开始-->
    	<listener>
    		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    	</listener>
    	<!-- Spring 结束-->
    
    	<!-- Spring Security 开始-->
    	<filter>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    	</filter>
    	<filter-mapping>
    		<filter-name>springSecurityFilterChain</filter-name>
    		<url-pattern>/*</url-pattern>
    	</filter-mapping>
    	<!-- Spring Security 结束-->
    	
    	<!-- Spring Security 会话管理  开始-->
    	<listener>
    		<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
    	</listener>
    	<!-- Spring Security 会话管理  结束-->
    </web-app>
    
     
  2. applicationContext.xml
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:context="http://www.springframework.org/schema/context"
    	xmlns:tx="http://www.springframework.org/schema/tx"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans
             http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
             http://www.springframework.org/schema/tx
    		 http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
             http://www.springframework.org/schema/context
             http://www.springframework.org/schema/context/spring-context-3.0.xsd
             http://www.springframework.org/schema/aop
             http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"
    	default-autowire="byType">
    	
    	<!-- 启动注解 -->
    	<context:annotation-config />
    	<!-- 指定使用了注解的类所在包  -->
    	<context:component-scan base-package="com.ss3" />
    	<!-- 启用注解事务 -->
    	<bean id="transactionManager"
    		class="org.springframework.orm.hibernate3.HibernateTransactionManager"></bean>
    	<tx:annotation-driven />
    
    	<!-- 配置文件读取 -->
    	<bean
    		class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"
    		autowire="no">
    		<property name="locations">
    			<list>
    				<value>classpath:jdbc.properties</value>
    			</list>
    		</property>
    	</bean>
    
    	<bean id="dataSource"
    		class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    		<property name="driverClassName" value="${jdbc.driverClassName}">
    		</property>
    		<property name="url" value="${jdbc.url}">
    		</property>
    		<property name="username" value="${jdbc.userName}"></property>
    		<property name="password" value="${jdbc.pwd}"></property>
    	</bean>
    
    	<bean id="sessionFactory"
    		class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean" autowire="byName">
    		<property name="dataSource" ref="dataSource"></property>
    		<property name="configLocation" value="classpath:hibernate.cfg.xml">
    		</property>
    	</bean>
    	
    </beans>
    
     
  3. security.xml
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans
             http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
             http://www.springframework.org/schema/security
    		 http://www.springframework.org/schema/security/spring-security-3.0.xsd"
    	default-autowire="byType">
    
    
    	<http auto-config="true" access-denied-page="/deny.html">
    		<intercept-url pattern="/index.jsp" filters="none" />
    		<!-- 控制多用户登陆 -->
    		<session-management>
    			<concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
    		</session-management>
    		<!--
    			增加一个filter位于FILTER_SECURITY_INTERCEPTOR之前
    		-->
    		<custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" />
    	</http>
    	<!--
    		一个自定义的filter,必须包含authenticationManager,accessDecisionManager,securityMetadataSource三个属性
    	-->
    	<beans:bean id="myFilter" class="com.ss3.filter.MyFilterSecurityInterceptor"
    		autowire="no">
    		<beans:property name="authenticationManager" ref="myAuthenticationManager" />
    		<!-- 访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源     注解-->
    		<beans:property name="accessDecisionManager" ref="myAccessDecisionManager" />
    		<!-- 资源源数据定义,将所有的资源和权限对应关系建立起来,即定义某一资源被允许访问的角色 	-->
    		<beans:property name="securityMetadataSource" ref="myInvocationSecurityMetadataSourceService" />
    	</beans:bean>
    	
    	<!-- 验证配置 , 认证管理器,实现用户认证的入口,实现UserDetailsService接口即可 -->
    	<authentication-manager alias="myAuthenticationManager">
    		<authentication-provider user-service-ref="myUserDetailsService">
    			<password-encoder hash="md5">
    				<salt-source user-property="username" />
    			</password-encoder>
    		</authentication-provider>
    	</authentication-manager>
    
    </beans:beans>