我的spring security配置demo文件
<?xml version="1.0" encoding="UTF-8"?>
?
<beans xmlns="http://www.springframework.org/schema/beans"
? ? xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
? ? xmlns:security="http://www.springframework.org/schema/security"
? ? xmlns:p="http://www.springframework.org/schema/p"
? ? xsi:schemaLocation="http://www.springframework.org/schema/beans?
? ? ? ? ? ? ? ? ? ? ? ? http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
? ? ? ? ? ? ? ? ? ? ? ? http://www.springframework.org/schema/security?
? ? ? ? ? ? ? ? ? ? ? ? http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
<import resource="datasourceSetting.xml"/>
<!--
? ? ? ? FilterChainProxy会按顺序来调用这些filter,使这些filter能享用Spring Ioc的功能,
? ? ? ? CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON 定义url比较前先转为小写
? ? ? ? PATTERN_TYPE_APACHE_ANT 定义使用Apache ant的匹配模式
? ? ?-->
<bean id="filterChainProxy"
value="getUsername" /> ??
? ? </bean> ??
<!-- 自定义UserDetailsService实现 -->
<bean id="userDetailsService"
ref="sessionRegistry"/> ?
? ? ? ? <property name="expiredUrl" value="/login.jsp?messcode=-2"/> ?
? ? </bean> ?
<bean id="messageSource"
class="security.resource.ResourceLoader">
<property name="syscode">
? ?<value>00000001</value>
</property>
<property name="cache">
<bean class="security.cache.EHCacheImpl">
<constructor-arg>
<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean"
?p:cacheManager-ref="cacheManager"
?p:cacheName="security.resourceCache"/>
</constructor-arg>
</bean>
</property>
</bean>
<!--
访问决策管理器
? 验证用户是否有权限访问相应的资源(filterSecurityInterceptor中objectDefinitionSource属性定义的访问URL需要的属性信息)
-->
<bean id="accessDecisionManager"
class="org.springframework.security.vote.AffirmativeBased"
p:allowIfAllAbstainDecisions="false">
<property name="decisionVoters">
<list>
<bean class="security.voter.RoleVoterEx"/>
<bean class="org.springframework.security.vote.AuthenticatedVoter"/>
</list>
</property>
</bean>
?
<bean id="rememberMeServices"
class="org.springframework.security.ui.rememberme.TokenBasedRememberMeServices"
p:key="springsecurity"
p:userDetailsService-ref="userDetailsService"/>
<!-- 缓存配置 -->
<bean id="userCache"
class="org.springframework.security.providers.dao.cache.EhCacheBasedUserCache">
<property name="cache">
<bean class="org.springframework.cache.ehcache.EhCacheFactoryBean"
p:cacheManager-ref="cacheManager"
p:cacheName="security.userCache"/>
</property>
</bean>
<bean id="cacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"
p:configLocation="classpath:bean/ehcache.xml">
</bean>
?
<!-- ========== 保护方法 ========== -->
<bean id="myInterceper"
class="org.springframework.aop.framework.autoproxy.BeanNameAutoProxyCreator">
<property name="interceptorNames">
<list>
<value>methodInvocationIntercept</value>
</list>
</property>
<property name="beanNames">
<list>
<value>newsService</value>
</list>
</property>
</bean>
<bean id="methodInvocationIntercept"
class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor"
p:authenticationManager-ref="authenticationManager"
p:accessDecisionManager-ref="accessDecisionManager"
p:objectDefinitionSource-ref="methodDefinitionSource">
<!--
<property name="objectDefinitionSource">
<value>
com.test.service.NewsService.get*=ROLE_SUPERVISOR
</value>
</property>
-->
</bean>
<bean id="methodDefinitionSource"
class="security.resource.DataBaseMethodInvocationDefinitionSource"
p:resourceLoader-ref="resourceLoader"/>
<!-- ========== 保护方法 ========== -->
?
<bean id="loggerListener"
?class="org.springframework.security.event.authentication.LoggerListener"/>
?
</beans>