security:http是整个spring security框架的入口,把filter按顺序组装成一个链条
auto-config="true"相当于配置了基本的一些组件:form-login、anonymous、http-basic、logout、remember-me
<security:http auto-config="true"
entry-point-ref="formAuthenticationEntryPoint" 指定登录的入口点,可以切换成CAS
session-fixation-protection="none"
access-decision-manager-ref="accessDecisionManager">
<security:intercept-url pattern="/*/.jpg" filters="none" />为了性能,忽略图片、js等无需保护的资源
<security:intercept-url pattern="/*/.gif" filters="none" />
<security:intercept-url pattern="/*/.js" filters="none" />
<security:intercept-url pattern="/*/.css" filters="none" />
<security:intercept-url pattern="/*/.png" filters="none" />
<security:intercept-url pattern="/j_spring_security_check*" requires-channel="https" />登录url和页面强制采用https协议
<security:intercept-url pattern="/login.jsp*" requires-channel="https" />
<security:intercept-url pattern="/loginError.jsp*" requires-channel="https" />
<security:intercept-url pattern="/**" requires-channel="http" />非敏感资源采用http协议即可,以免影响性能
<security:port-mappings>
<security:port-mapping http="8080" https="8443" />指定https和http协议如何切换端口
<security:port-mapping http="80" https="443" />
</security:port-mappings>
<security:form-login login-processing-url="${acegi.login_url}"
default-target-url="${acegi.login_success_url}" authentication-failure-url="${acegi.login_failure_url}" />
<security:remember-me key="e37f4b31-0c45-11dd-bd0b-0800200c9a66" />
<security:logout logout-success-url="/index.bms" />
</security:http>
<bean id="formAuthenticationEntryPoint" 表单登录的入口
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="${acegi.login_page}" />
<property name="forceHttps" value="true" />
</bean>
<security:authentication-manager alias="authenticationManager" />把authentication-manager声明为一个bean,供后面复用
<security:authentication-provider user-service-ref="userDetailsService">
<security:password-encoder hash="md5" />
</security:authentication-provider>
<bean id="roleVoter" class="org.springframework.security.vote.RoleVoter">
<property name="rolePrefix" value="ROLE_" />角色需要加前缀
</bean>
<!- =================CAS CAS================== ->
<bean id="serviceProperties" class="org.springframework.security.ui.cas.ServiceProperties">
<property name="service" value="${cas.securityContext.serviceProperties.service}" />从cas返回后验证serviceTicket的URL
<property name="sendRenew" value="false" />
</bean>
<bean id="casProcessingFilter" class="org.springframework.security.ui.cas.CasProcessingFilter">CAS serviceTicket 处理器
<!-- Uncomment to integrate CAS
<security:custom-filter position="CAS_PROCESSING_FILTER" />将其加入处理器链
-->
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureUrl" value="${acegi.login_failure_url}" />
<property name="alwaysUseDefaultTargetUrl" value="false" />
<property name="defaultTargetUrl" value="${acegi.login_success_url}" />
<property name="filterProcessesUrl" value="${acegi.login_url}" />
</bean>
<bean id="casProcessingFilterEntryPoint" class="org.springframework.security.ui.cas.CasProcessingFilterEntryPoint">CAS登录的入口
<property name="loginUrl" value="${cas.securityContext.casProcessingFilterEntryPoint.loginUrl}" />
<property name="serviceProperties" ref="serviceProperties" />
</bean>
CAS认证提供者:通过HTTPS与CAS通信,认证serviceTicket
<bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider">
<security:custom-authentication-provider />只有这样声明才能使casAuthenticationProvider注册到authenticationManager并生效
<property name="userDetailsService" ref="userDetailsService" />
<property name="serviceProperties" ref="serviceProperties" />
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0"
value="${cas.securityContext.casProxyTicketValidator.casValidate}"/> CAS认证入口------https://ingrid:8443/cas
</bean>
</property>
<property name="key" value="an_id_for_this_auth_provider_only" />
</bean>
<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
<property name="decisionVoters">
<list>
<ref bean="roleVoter" />
<bean class="org.springframework.security.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
<!- ================= UAAS Extends ================== ->
<bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">拦截、保护URL资源
<security:custom-filter before="FILTER_SECURITY_INTERCEPTOR" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager" ref="accessDecisionManager" />
<property name="objectDefinitionSource" ref="filterDefinitionSource" />
</bean>
<bean id="filterDefinitionSource"
class="com.ema.uaas.springsecurity.resource.UrlDefinitionSourceHbmImpl">从数据库获取URL资源及其相关角色
<property name="convertUrlToLowercaseBeforeComparison" value="true" />
<property name="useAntPath" value="true" />
<property name="protectAllResource" value="false" />
<property name="userDetailsService" ref="userDetailsService" />
</bean>
<!-- 从数据库获取method资源及其相关角色 -->
<bean id="objectDefinitionSource" class="com.ema.uaas.springsecurity.resource.MethodDefinitionSourceHbmImpl">
<property name="userDetailsService" ref="userDetailsService" />
<property name="protectAllResource" value="false" />
</bean>
<bean id="authenticationUtil"
class="com.ema.uaas.springsecurity.util.AuthenticationUtil">鉴权工具类:getCurrentUser()、isAccessableTo(String accessPattern)
<property name="accessDecisionVoter" ref="roleVoter" />
<property name="filterInvocationDefinitionSource" ref="filterDefinitionSource" />
</bean>
<bean id="userDetailsService" parent="baseTransactionProxy">
<property name="proxyTargetClass" value="true" />
<property name="target">
<bean class="com.ema.uaas.springsecurity.service.UserDetailsServiceHbmImpl">
<property name="subSystemKey" value="${acegi.uaas.subSystemKey}" />子系统的标识
<property name="orgManager" ref="orgManagerImpl" />
<property name="privilegeManager" ref="privilegeManagerImpl" />
</bean>
</property>
</bean>
<bean id="orgManagerImpl" class="com.ema.uaas.manager.OrgManager">
<property name="dao" ref="dao" />
</bean>
<bean id="privilegeManagerImpl" class="com.ema.uaas.manager.PrivilegeManager">
<property name="dao" ref="dao" />
</bean>
<?xml version="1.0" encoding="UTF-8"?>
<beans
xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener" />
<security:http auto-config='true' access-denied-page="/access.jsp">
<!--
ROLE_SUPERVISOR: 超级管理员<超级用户,拥有所有权限>
ROLE_USER: 普通管理员<只能浏览的用户>
-->
<security:intercept-url pattern="/*/.jpg" filters="none"/><!--为了性能,忽略图片,js等无需保护的资源 -->
<security:intercept-url pattern="/*/.gif" filters="none"/>
<security:intercept-url pattern="/*/.png" filters="none"/>
<security:intercept-url pattern="/*/.wmv" filters="none"/>
<security:intercept-url pattern="/*/.css" filters="none"/>
<security:intercept-url pattern="/*/.js" filters="none"/>
<security:intercept-url pattern="/layout/*" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/manage/*" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/source/*" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/generalmanage/*" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/supermanage/*" access="ROLE_SUPERADMIN"/>
<security:port-mappings>
<security:port-mapping http="8080" https="8443"/>
<security:port-mapping http="80" https="443"/>
</security:port-mappings>
<security:form-login
login-page="/index.jsp"
authentication-failure-url="/index.jsp?flag=error"
default-target-url="/generalmanage/login.do?method=login"
login-processing-url="/j_spring_security_check" />
<security:concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="false" expired-url="/expired.jsp"/>
<security:logout logout-success-url="/login.do?method=exit" invalidate-session="true" logout-url="/j_spring_security_logout"/>
<security:http-basic />
</security:http>
<security:authentication-manager alias="authenticationManager" />
<security:authentication-provider user-service-ref="authManager" >
<security:password-encoder hash="md5">
<security:salt-source user-property="username"/>
</security:password-encoder>
</security:authentication-provider>
<bean id="authManager" class="cn.com.sohocat.security.AdminLogin" />
<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<bean class="org.springframework.security.vote.RoleVoter" />
<bean class="org.springframework.security.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="accessDeniedHandler" ref="accessDeniedHandler"/>
<property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
</bean>
<bean id="accessDeniedHandler" class="org.springframework.security.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/access.jsp"/>
</bean>
<bean id="authenticationEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/index.jsp"/>
</bean>
</beans>
/**
* @此方法描述的是:
* @Dec 8, 2009
*/
package cn.com.sohocat.security;
import org.springframework.dao.DataAccessException;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;
import cn.com.sohocat.api.IHoAdmin;
import cn.com.sohocat.pojo.HoAdministrator;
import cn.com.sohocat.util.BeanHelp;
import cn.com.sohocat.util.LogClass;
public class AdminLogin extends LogClass implements UserDetailsService {
public UserDetails loadUserByUsername(String userName)
throws UsernameNotFoundException, DataAccessException {
HoAdministrator admin = ScurityUserHolder.getCurrentUser();
if(null==admin){
IHoAdmin iHoAdmin = (IHoAdmin) BeanHelp.getBean("iHoAdmin");
admin = iHoAdmin.queryHoAdministratorByAdminName(userName);
}
if(null==admin){
this.log.debug("***"+userName+"*** 用户名不从在或是用户名密码不匹配");
throw new UsernameNotFoundException("User " + userName + " has no GrantedAuthority");
} else {
this.log.debug("新用户登陆:***"+userName+"***");
String auth = "";
for(GrantedAuthority authority : admin.getAuthorities()) {
auth = auth + ","+ authority.getAuthority().toString();
}
this.log.debug("***"+userName+"***拥有权限:"+auth);
return admin;
}
}
}
<%@ page language="java" contentType="text/html; charset=UTF-8"%>
<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
<sec:authorize ifAllGranted="ROLE_ADMIN"><div class='unit'><h5>Admin管理</h5><ul><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/linkAdmin.jsp'>账户管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/linkGroup.jsp'>组管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/linkRole.jsp'>角色管理</a></li></sec:authorize></ul></div></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><div class='unit'><h5>User管理</h5><ul><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>账户管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>组管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>角色管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>积分管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>货币管理</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>群发功能</a></li></sec:authorize></ul></div></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><div class='unit'><h5>基础数据管理</h5><ul><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/importcorpus.jsp'>语料批量导入</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/importterminology.jsp'>术语批量导入</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/corpus.jsp'>语料单条操作</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/terminology.jsp'>术语单条操作</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/category.jsp'>术语类别操作</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='*'>CAT统计</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../generalmanage/menu.jsp'>菜单管理</a></li></sec:authorize></ul></div></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><div class='unit'><h5>系统参数管理</h5><ul><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/fault_tolerance.jsp'>语料插入容错</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='/supermanage/corpora_host_map.do?method=query'>语料数据映射</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/glossary_fault_tolerance.jsp'>术语插入容错</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/glossary_host_map.jsp'>术语数据映射</a></li></sec:authorize><sec:authorize ifAllGranted="ROLE_ADMIN"><li><a href='../supermanage/host_data.jsp'>主机档案</a></li></sec:authorize></ul></div></sec:authorize>
分享到:
相关推荐
狂神springboot学习---spring Security静态资源笔记
spring-security学习笔记和课件,欢迎学习爱好者下载资源,共同学习。。
三更springsecurity学习笔记
Spring Security OAuth2.0学习笔记 什么是认证、授权、会话。 Java Servlet为支持http会话做了哪些事儿。 基于session认证机制的运作流程。 基于token认证机制的运作流程。 理解Spring Security的工作原理,Spring ...
文件内附有学习源码及“四万多字的学习笔记”,本学习笔记中涵盖了,Spring中所学的全部知识点,以及还有一些小的知识点。(笔记很详细,笔记很详细。属于本人舍得删系列)。
spring security方面的学习资料,包含:Spring+Security+3+与+CAS单点登录配置;Spring+Security3中文教程;Spring-Security安全权限管理手册;Spring+Security文库;还有一个学习笔记!
Spring Security学习笔记
Spring_Security权限管理_学习笔记.doc
spring security3 学习笔记和项目源码 供大家分享
Spring Security学习总结二
springboot学习笔记 spring基础 Spring概述 Spring的简史 xml配置 注解配置 java配置 Spring概述 Spring的模块 核心容器CoreContainer Spring-Core Spring-Beans ...
NULL 博文链接:https://liu-weiaa.iteye.com/blog/656990
spring-parentmaven父pom和子pom的版本号批量修改1 设置新的版本号./mvnw versions:set -DnewVersion=2.4.12 撤销设置./mvnw versions:revert3 提交设置./mvnw versions:commit4.项目打包(同时处理项目所依赖的包)...
主要介绍了Spring Security的相关资料,帮助大家开始学习Spring Security框架,感兴趣的朋友可以了解下
标签专案安全Spring安全了解Spring安全性目录本指南是Spring Security的入门,它提供了对该框架的设计和基本构建块的见解。... 笔记所有这些原则同样适用于不使用Spring Boot的应用程序。身份验证和访问控制
IDEA+MAVEN的入门程序,里面有详细的注解,可以通过此入门程序入门学习springSecurity。 包含还有笔记+文档pdf以及几个网页的学习资料
内容: Spring资源管理 Spring表达式语言 定时调度 AOP切面编程-代理功能的加强 Spring与JMS消息组件 Spring与WebService Spring与Redis数据库 JDBC操作模板 Spring事务管理 SpringDataJPA ...SpringSecurity
这个项目是基于SpringBoot + SpringSecurity + SpringSocial + JWT方式的第三方登录和安全认证框架 包括APP +浏览器端的实现 学习的笔记和引导都在我的csdn博客更新中,有任何问题都可以问博主。 CSDN地址: :
springboot3.x springsecurity6.x 实战教程,可用于生产项目工程 本地账号、手机号、邮箱多账号登录,账号与用户信息分离表结构设计,区别于常见表设计方法
Spring Cloud学习笔记觉得整理的不错的朋友,star一下哟,(*  ̄︶ ̄)欢迎大家提问题交流CSDN博客地址: //blog.csdn.net/qq_18547653/article/details/88934787博客能看到图片,效果比较好一,工程环境建设春云...