Spring Security学习笔记-自定义Spring Security过滤链
Spring Security使用一系列过滤器处理用户请求,下面是spring-security.xml配置文件。
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd"> <!-- 自定义Spring Security过滤链 -->
<beans:bean id="springSecurityFilterChain"
class="org.springframework.security.web.FilterChainProxy">
<beans:constructor-arg>
<beans:list>
<filter-chain pattern="/resources/**" filters="channelProcessingFilter" />
<filter-chain pattern="/login" filters="channelProcessingFilter" />
<filter-chain pattern="/" filters="channelProcessingFilter" />
<filter-chain pattern="/error" filters="channelProcessingFilter" />
<filter-chain pattern="/**"
filters="channelProcessingFilter,securityContextPersistenceFilter,concurrentSessionFilter,usernamePasswordAuthenticationFilter,
rememberMeAuthenticationFilter,logoutFilter,exceptionTranslationFilter,felicityFilterSecurityInterceptor" />
</beans:list>
</beans:constructor-arg>
</beans:bean> <beans:bean id="authenticationManager"
class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref bean="authenticationProvider" />
<beans:ref bean="rememberMeAuthenticationProvider" />
</beans:list>
</beans:property>
<beans:property name="eraseCredentialsAfterAuthentication" value="false"></beans:property>
</beans:bean>
<beans:bean id="authenticationProvider"
class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="felicityUserDetailService" />
<beans:property name="passwordEncoder" ref="passwordEncoder"></beans:property>
</beans:bean> <beans:bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" /> <beans:bean id="felicityUserDetailService"
class="com.sds.eci.security.FelicityUserDetailsService">
<beans:property name="dataSource" ref="dataSource"></beans:property>
<beans:property name="usersByUsernameQuery" value="select singleid as username, password, realname, userid, empno, ssoid, enabled from felicity_user where singleid = ?"></beans:property>
<beans:property name="authoritiesByUsernameQuery" value="select u.singleid as username,ro.name as authority
from felicity_user u
right join felicity_userrole ur on u.userid=ur.userid
right join felicity_role ro on ur.roleid=ro.roleid
where u.singleid=?"></beans:property>
</beans:bean> <!-- 信道拦截 -->
<beans:bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter">
<beans:property name="channelDecisionManager" ref="channelDecisionManager"/>
<beans:property name="securityMetadataSource">
<filter-security-metadata-source>
<intercept-url pattern="/**" access="REQUIRES_SECURE_CHANNEL"/>
<!-- <intercept-url pattern="/**" access="REQUIRES_INSECURE_CHANNEL"/>-->
</filter-security-metadata-source>
</beans:property>
</beans:bean>
<beans:bean id="channelDecisionManager" class="org.springframework.security.web.access.channel.ChannelDecisionManagerImpl">
<beans:property name="channelProcessors">
<beans:list>
<beans:ref bean="secureChannelProcessor"/>
<beans:ref bean="insecureChannelProcessor"/>
</beans:list>
</beans:property>
</beans:bean>
<beans:bean id="secureChannelProcessor" class="org.springframework.security.web.access.channel.SecureChannelProcessor">
<beans:property name="entryPoint">
<beans:bean class="org.springframework.security.web.access.channel.RetryWithHttpsEntryPoint">
<beans:property name="portMapper" ref="portMapper"></beans:property>
<beans:property name="portResolver" ref="portResolver"></beans:property>
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="insecureChannelProcessor" class="org.springframework.security.web.access.channel.InsecureChannelProcessor">
<beans:property name="entryPoint">
<beans:bean class="org.springframework.security.web.access.channel.RetryWithHttpEntryPoint">
<beans:property name="portMapper" ref="portMapper"></beans:property>
<beans:property name="portResolver" ref="portResolver"></beans:property>
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="portMapper" class="org.springframework.security.web.PortMapperImpl">
<beans:property name="portMappings">
<beans:map>
<beans:entry key="8080" value="443"></beans:entry>
<beans:entry key="80" value="443"></beans:entry>
<beans:entry key="9090" value="9443"></beans:entry>
</beans:map>
</beans:property>
</beans:bean>
<beans:bean id="portResolver" class="org.springframework.security.web.PortResolverImpl">
<beans:property name="portMapper" ref="portMapper"></beans:property>
</beans:bean> <!-- securityContext拦截 -->
<beans:bean id="securityContextPersistenceFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter">
<beans:property name="securityContextRepository" ref="securityContextRepository" />
</beans:bean>
<beans:bean id="securityContextRepository" class="org.springframework.security.web.context.HttpSessionSecurityContextRepository">
<beans:property name="allowSessionCreation" value="true" />
<beans:property name="disableUrlRewriting" value="false" />
</beans:bean> <!-- usernamePassword授权拦截 -->
<beans:bean id="usernamePasswordAuthenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="usernameParameter" value="username"></beans:property>
<beans:property name="passwordParameter" value="password"></beans:property>
<beans:property name="authenticationManager" ref="authenticationManager"></beans:property>
<beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"></beans:property>
<beans:property name="authenticationFailureHandler">
<beans:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login?para=loginfailure"></beans:property>
</beans:bean>
</beans:property>
<beans:property name="sessionAuthenticationStrategy" ref="sessionAuthenticationStrategy" />
<beans:property name="rememberMeServices" ref="rememberMeServices" />
</beans:bean>
<beans:bean id="authenticationSuccessHandler" class="com.sds.eci.security.FelicityAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/questions"></beans:property>
<beans:property name="securityMetadataSource" ref="felicitysecurityMetadataSource" />
</beans:bean> <!-- 2注销过滤器 -->
<beans:bean id="logoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg value="/login" /><!-- 退出成功后处理URL -->
<beans:constructor-arg>
<beans:array>
<beans:ref bean="logoutHandler" />
<beans:ref bean="rememberMeServices" />
</beans:array>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/j_spring_security_logout" /><!-- 退出处理URL -->
</beans:bean>
<!-- 注销监听器 -->
<beans:bean id="logoutHandler"
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler">
</beans:bean> <!-- 7记住密码功能(COOKIE方式) -->
<beans:bean id="rememberMeAuthenticationFilter"
class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
<beans:property name="rememberMeServices" ref="rememberMeServices" />
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"></beans:property>
</beans:bean>
<!-- rememberMe -->
<beans:bean id="rememberMeServices"
class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
<beans:constructor-arg name="key" value="springRocks"></beans:constructor-arg>
<beans:constructor-arg name="userDetailsService" ref="felicityUserDetailService"></beans:constructor-arg>
<!-- 默认时间604800秒(一个星期) -->
<beans:property name="tokenValiditySeconds" value="604800" />
</beans:bean>
<beans:bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
<beans:property name="key" value="springRocks" />
</beans:bean> <!-- 用户的权限控制过滤器 -->
<beans:bean id="felicityFilterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<beans:property name="rejectPublicInvocations" value="true"></beans:property>
<beans:property name="authenticationManager"
ref="authenticationManager" />
<beans:property name="accessDecisionManager"
ref="felicityAccessDecisionManagerBean" />
<beans:property name="securityMetadataSource"
ref="felicitysecurityMetadataSource" />
</beans:bean> <!-- 访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源 -->
<beans:bean id="felicityAccessDecisionManagerBean"
class="com.sds.eci.security.FelicityAccessDecisionManager">
</beans:bean> <!-- 资源源数据定义,即定义某一资源可以被哪些角色访问 -->
<beans:bean id="felicitysecurityMetadataSource"
class="com.sds.eci.security.FelicitySecurityMetadataSource">
<beans:constructor-arg ref="dataSource"></beans:constructor-arg>
<beans:constructor-arg type="java.lang.String" value="select rce.url, r.name, rce.pid from felicity_role r inner join felicity_roleresource rrce on r.roleid = rrce.roleid inner join felicity_resource rce on rrce.resourceid = rce.resourceid order by pid, sort"></beans:constructor-arg>
</beans:bean> <!-- 页面标签权限功能依赖 -->
<beans:bean id="webInvocationFilter"
class="org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator">
<beans:constructor-arg ref="felicityFilterSecurityInterceptor" />
</beans:bean> <!-- 9异常处理过滤器 -->
<beans:bean id="exceptionTranslationFilter"
class="org.springframework.security.web.access.ExceptionTranslationFilter">
<beans:property name="authenticationEntryPoint" ref="authenticationEntryPoint" />
<beans:property name="accessDeniedHandler">
<!-- 拒绝未授权访问跳转 -->
<beans:bean
class="com.sds.eci.security.FelicityAccessDeniedHandler">
<beans:property name="errorPage" value="/403" />
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="authenticationEntryPoint"
class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login?para=errorauth"></beans:property>
</beans:bean> <!-- sessionManagementFilter -->
<beans:bean id="concurrentSessionFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/login?para=multi" />
</beans:bean>
<beans:bean id="sessionAuthenticationStrategy"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> </beans:beans>
Spring Security学习笔记-自定义Spring Security过滤链的更多相关文章
- spring揭密学习笔记(1) --spring的由来
1.spring起源于在EJB暴露出各种严重问题的情况应运而生. Spring是于2003年兴起的一个轻量级的Java开发框架, Spring倡导一切从实际出发,以实用的态度来选择适合当前开发场景的解 ...
- Spring Boot 学习笔记 - 认识Spring Boot框架
因各种原因,.NET前端工程师重新接触JAVA,真是向全栈的路上又迈出了无奈的一步. 下面正文: Spring Boot是由Pivotal团队提供的全新框架,其设计目的是用来简化新Spring应用的初 ...
- spring揭密学习笔记(3)-spring ioc容器:Spring的IoC容器之BeanFactory
1. Spring的IoC容器和IoC Service Provider的关系 Spring的IoC容器和IoC Service Provider所提供的服务之间存在一定的交集,二者的关系如图4-1所 ...
- spring揭密学习笔记(3)-spring ioc容器:掌管大局的IoC Service Provider
1.IOC service Provider的概念.IoC Service Provider在这里是一个抽象出来的概念,它可以指代任何将IoC场景中的业务对象绑定到一起的实现方式.它可以是一段代码,也 ...
- spring揭密学习笔记(2)-spring ioc容器:IOC的基本概念
1. IoC的理念就是,让别人为你服务!2. 其实IoC就这么简单!原来是需要什么东西自己去拿,现在是需要什么东西就让别人送过来.一个生动的示例 3.三种依赖注入的方式 IoC模式最权威的总结和解释, ...
- spring揭密学习笔记
spring揭密学习笔记 spring揭密学习笔记(1) --spring的由来 spring揭密学习笔记(2)-spring ioc容器:IOC的基本概念
- SpringBoot + Spring Security 学习笔记(五)实现短信验证码+登录功能
在 Spring Security 中基于表单的认证模式,默认就是密码帐号登录认证,那么对于短信验证码+登录的方式,Spring Security 没有现成的接口可以使用,所以需要自己的封装一个类似的 ...
- SpringBoot + Spring Security 学习笔记(三)实现图片验证码认证
整体实现逻辑 前端在登录页面时,自动从后台获取最新的验证码图片 服务器接收获取生成验证码请求,生成验证码和对应的图片,图片响应回前端,验证码保存一份到服务器的 session 中 前端用户登录时携带当 ...
- Spring Security 学习笔记-securityContext过滤器
位于过滤器顶端,第一个起作用的过滤器.SecurityContextPersistenceFilter 在执行其他过滤器之前,率先判断用户的session中是否已经存在一个SecurityContex ...
随机推荐
- Nginx教程(三) Nginx日志管理 (转)
Nginx教程(三) Nginx日志管理 1 日志管理 1.1 Nginx日志描述 通过访问日志,你可以得到用户地域来源.跳转来源.使用终端.某个URL访问量等相关信息:通过错误日志,你可以得到系统某 ...
- jmeter的运行原理和测试计划要素
jmeter运行原理 1.jmeter运行在JVM虚拟机上,jmeter是以线程的方式运行的. 2.jmeter通过线程组来驱动多个线程,运行测试脚本对被测试服务器发起负载,每一个负载机上够可以运行多 ...
- 2019-8-31-asp-dotnet-core-支持客户端上传文件
title author date CreateTime categories asp dotnet core 支持客户端上传文件 lindexi 2019-08-31 16:55:58 +0800 ...
- SDUT-2107_图的深度遍历
数据结构实验之图论二:图的深度遍历 Time Limit: 1000 ms Memory Limit: 65536 KiB Problem Description 请定一个无向图,顶点编号从0到n-1 ...
- Spring中配置DataSource数据源的几种选择
从JNDI获得DataSource. 从第三方的连接池获得DataSource. 使用DriverManagerDataSource获得DataSource. 一.从JNDI获得DataSource ...
- oralce CUBE
select id,area,stu_type,sum(score) score from students group by cube(id,area,stu_type) order by id,a ...
- 模板—v-dcc缩点
int dfn[MAXN],low[MAXN],num,root; int stack[MAXN],top,cnt; bool iscut[MAXN]; int new_id[MAXN],c[MAXN ...
- Android Listview中Button按钮点击事件冲突解决办法
今天做项目时,ListView中含有了Button组件,心里一早就知道肯定会有冲突,因为以前就遇到过,并解决过,可惜当时没有记录下来. 今天在做的时候,继续被这个问题郁闷了一把,后来解决后,赶紧来记录 ...
- 【CSS3】纯CSS3制作页面切换效果
此前写的那个太复杂了,来点简单的核心 <html> <head> <title></title> <style type="text/c ...
- java什么是跨平台性?原理是什么?
所谓跨平台性,是指java语言编写的程序,一次编译后,可以在多个系统平台上运行. 实现原理:Java程序是通过java虚拟机在系统平台上运行的,只要该系统可以安装相应的java虚拟机,该系统就可以运行 ...