建议配置之前看看Acegi思想【http://www.cnblogs.com/kuyijie/archive/2011/09/28/2194020.html】
Acegi的Filter有十多个,这里列出一些常用的Filter配置
<!-- Session管理Filter -->
<bean id="httpSessionContextIntegrationFilter" class="org.acegisecurity.context.HttpSessionContextIntegrationFilter" />
作用是在其它Fitler之前取得SecurityContextHolder.getContext(),在其它Filter之后再将SecurityContext放入Session中,同时清理本线程SecrurityContext
<!-- 表单认证处理filter -->
<bean id="authenticationProcessingFilter"
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureUrl" value="/acegilogin.jsp?login_error=1" />
<property name="defaultTargetUrl" value="/userinfo.jsp" />
<property name="filterProcessesUrl" value="/indexAction.action" />
</bean>
分别对应:错误页面、登陆成功页面、提交Action
<!-- 认证管理器 -->
<bean id="authenticationManager" class="org.acegisecurity.providers.ProviderManager">
<property name="providers"><!-- 可有多个认证提供器,其中一个证通过就可以了 -->
<list>
<ref local="daoAuthenticationProvider" />
<ref local="daoAuthenticationProviderFile" />
<!--<ref local="rememberMeAuthenticationProvider" />-->
</list>
</property>
</bean>
设置Providers,Providers可以是多个认证提供者
<bean id="daoAuthenticationProvider"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="inMemoryDaoImpl" />
</bean>
</bean>
<bean id="daoAuthenticationProviderFile"
class="org.acegisecurity.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="inMemoryDaoImpl" />
</bean>
根据验证类型确定Provider
<!-- 用户资料-->
<bean id="inMemoryDaoImpl" class="org.acegisecurity.userdetails.memory.InMemoryDaoImpl">
<property name="userMap">
<value>
lxp=123,ROLE_SUPERVISOR
Roger=Roger,ROLE_USER
luo=user2,disabled,ROLE_USER
</value>
</property>
</bean>
<bean id="jdbcDaoImpl" class="org.acegisecurity.userdetails.jdbc.JdbcDaoImpl">
<property name="usersByUsernameQuery">
<value>select username,password,enabled from userss where username=?</value>
</property>
<property name="authoritiesByUsernameQuery">
<value>select username,authority from authoritiess where username=?</value>
</property>
<property name="dataSource">
<ref bean="dataSource" />
</property>
</bean>
其中usersByUsernameQuery为查询用户登陆名、密码、可用否,如不设置则为默认值:select username,password,enabled from users where username=?
authoritiesByUsernameQuery为查询用户登陆名、角色,如不设置默认值:select username,authority from authorities where username=?
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName">
<!-- 请自行修改为对应你的数据库的驱动类 -->
<value>net.sourceforge.jtds.jdbc.Driver</value>
</property>
<property name="url">
<!-- 请自行修改为对应你的数据库URL -->
<value>jdbc:jtds:sqlserver://192.168.76.206:1433/Acegitest</value>
</property>
<property name="username">
<value>sa</value>
</property>
<property name="password">
<value>sa</value>
</property>
</bean>
设置数据来源方式,即用户Userdetails的数据来源
<!-- 异常处理filter -->
<bean id="exceptionTranslationFilter" class="org.acegisecurity.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint">
<bean
class="org.acegisecurity.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/acegilogin.jsp" />
<!-- 得到表单的信息 -->
<property name="forceHttps" value="false" />
<!-- 不用https -->
</bean>
</property>
<property name="accessDeniedHandler">
<!-- 发生异常转向的网页 -->
<bean class="org.acegisecurity.ui.AccessDeniedHandlerImpl">
<property name="errorPage" value="/accessDenied.jsp" />
</bean>
</property>
</bean>
<!-- 注销处理filter -->
<bean id="logoutFilter" class="org.acegisecurity.ui.logout.LogoutFilter">
<constructor-arg value="/acegilogin.jsp" /> <!-- URL redirected to after logout -->
<constructor-arg>
<list>
<!--<ref bean="rememberMeServices" />-->
<bean class="org.acegisecurity.ui.logout.SecurityContextLogoutHandler" />
</list>
</constructor-arg>
</bean>
<!-- 利用cookie自动登陆filter -->
<bean id="rememberMeProcessingFilter"
class="org.acegisecurity.ui.rememberme.RememberMeProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
<property name="rememberMeServices" ref="rememberMeServices" />
</bean>
<bean id="rememberMeServices"
class="org.acegisecurity.ui.rememberme.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="inMemoryDaoImpl" />
<property name="key" value="javargb" />
</bean>
<bean id="rememberMeAuthenticationProvider"
class="org.acegisecurity.providers.rememberme.RememberMeAuthenticationProvider">
<property name="key" value="javargb" />
</bean>
设置好cookie登陆后,在拦截链中加入该Filter,然后在认证管理器中加入对应的Provider即rememberMeAuthenticationProvider,这样在登陆时就可以取得cookie中的内容进行登陆,并且在注销的Filter中加入rememberMeServices。【此部分由于Spring2.5以上的包有所不同,找不到包】
<!-- 拦截器 -->
<bean id="filterInvocationInterceptor"
class="org.acegisecurity.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager"
ref="authenticationManager" />
<property name="accessDecisionManager">
<bean class="org.acegisecurity.vote.AffirmativeBased">
<property name="allowIfAllAbstainDecisions"
value="false" />
<property name="decisionVoters">
<list>
<bean class="org.acegisecurity.vote.RoleVoter" />
<bean
class="org.acegisecurity.vote.AuthenticatedVoter" />
</list>
</property>
</bean>
</property>
<property name="objectDefinitionSource"
ref="filterDefinitionSource" />
</bean>
<bean id="filterDefinitionSource"
class="org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap">
<property name="convertUrlToLowercaseBeforeComparison" value="true" />
</bean>
在拦截器中设置投票策略accessDecisionManager,同时在投票策略中加入真正的投票者,同时配置objectDefinitionSource它主要用来取得资源对应的角色信息用于在拦截器中进行匹配
Acegi一步步 配置【http://www.iteye.com/topic/52975】【http://datuo.iteye.com/blog/203356】
